@sphereon/ssi-sdk-ext.key-manager 0.34.1-feature.SSISDK.82.linkedVP.328 → 0.34.1-feature.SSISDK.82.linkedVP.341

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +9 -51
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +9 -51
  4. package/dist/index.js.map +1 -1
  5. package/package.json +5 -5
  6. package/plugin.schema.json +10 -52
package/dist/index.cjs CHANGED
@@ -59,23 +59,13 @@ var require_plugin_schema = __commonJS({
59
59
  description: "Optional. Key meta data"
60
60
  }
61
61
  },
62
- required: [
63
- "type"
64
- ],
62
+ required: ["type"],
65
63
  additionalProperties: false,
66
64
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
67
65
  },
68
66
  TKeyType: {
69
67
  type: "string",
70
- enum: [
71
- "Ed25519",
72
- "Secp256k1",
73
- "Secp256r1",
74
- "X25519",
75
- "Bls12381G1",
76
- "Bls12381G2",
77
- "RSA"
78
- ],
68
+ enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
79
69
  description: "Cryptographic key type."
80
70
  },
81
71
  IkeyOptions: {
@@ -150,13 +140,7 @@ var require_plugin_schema = __commonJS({
150
140
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
151
141
  }
152
142
  },
153
- required: [
154
- "kid",
155
- "kms",
156
- "privateKeyHex",
157
- "publicKeyHex",
158
- "type"
159
- ]
143
+ required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
160
144
  },
161
145
  ISphereonKeyManagerHandleExpirationsArgs: {
162
146
  type: "object",
@@ -205,12 +189,7 @@ var require_plugin_schema = __commonJS({
205
189
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
206
190
  }
207
191
  },
208
- required: [
209
- "kid",
210
- "kms",
211
- "type",
212
- "publicKeyHex"
213
- ],
192
+ required: ["kid", "kms", "type", "publicKeyHex"],
214
193
  additionalProperties: false
215
194
  },
216
195
  MinimalImportableKey: {
@@ -279,19 +258,11 @@ var require_plugin_schema = __commonJS({
279
258
  },
280
259
  encoding: {
281
260
  type: "string",
282
- enum: [
283
- "utf-8",
284
- "base16",
285
- "base64",
286
- "hex"
287
- ],
261
+ enum: ["utf-8", "base16", "base64", "hex"],
288
262
  description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
289
263
  }
290
264
  },
291
- required: [
292
- "data",
293
- "keyRef"
294
- ],
265
+ required: ["data", "keyRef"],
295
266
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
296
267
  },
297
268
  Uint8Array: {
@@ -313,13 +284,7 @@ var require_plugin_schema = __commonJS({
313
284
  type: "number"
314
285
  }
315
286
  },
316
- required: [
317
- "BYTES_PER_ELEMENT",
318
- "buffer",
319
- "byteLength",
320
- "byteOffset",
321
- "length"
322
- ],
287
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
323
288
  additionalProperties: {
324
289
  type: "number"
325
290
  }
@@ -334,9 +299,7 @@ var require_plugin_schema = __commonJS({
334
299
  type: "number"
335
300
  }
336
301
  },
337
- required: [
338
- "byteLength"
339
- ],
302
+ required: ["byteLength"],
340
303
  additionalProperties: false
341
304
  },
342
305
  ISphereonKeyManagerVerifyArgs: {
@@ -361,12 +324,7 @@ var require_plugin_schema = __commonJS({
361
324
  type: "string"
362
325
  }
363
326
  },
364
- required: [
365
- "publicKeyHex",
366
- "type",
367
- "data",
368
- "signature"
369
- ],
327
+ required: ["publicKeyHex", "type", "data", "signature"],
370
328
  additionalProperties: false
371
329
  }
372
330
  },
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\n \"type\"\n ],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\n \"Ed25519\",\n \"Secp256k1\",\n \"Secp256r1\",\n \"X25519\",\n \"Bls12381G1\",\n \"Bls12381G2\",\n \"RSA\"\n ],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"privateKeyHex\",\n \"publicKeyHex\",\n \"type\"\n ]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"type\",\n \"publicKeyHex\"\n ],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\n \"utf-8\",\n \"base16\",\n \"base64\",\n \"hex\"\n ],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\n \"data\",\n \"keyRef\"\n ],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"BYTES_PER_ELEMENT\",\n \"buffer\",\n \"byteLength\",\n \"byteOffset\",\n \"length\"\n ],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"byteLength\"\n ],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"publicKeyHex\",\n \"type\",\n \"data\",\n \"signature\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ;AAAA,oBACN;AAAA,oBACA;AAAA,oBACA;AAAA,oBACA;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxZA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAMsB,uCAAmB;MAC9BX,SAAKY,0BAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;ADlOA,0BAAc,gCAJd;IAAMgF,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAMsB,uCAAmB;MAC9BX,SAAKY,0BAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;ADlOA,0BAAc,gCAJd;IAAMgF,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/dist/index.js CHANGED
@@ -32,23 +32,13 @@ var require_plugin_schema = __commonJS({
32
32
  description: "Optional. Key meta data"
33
33
  }
34
34
  },
35
- required: [
36
- "type"
37
- ],
35
+ required: ["type"],
38
36
  additionalProperties: false,
39
37
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
40
38
  },
41
39
  TKeyType: {
42
40
  type: "string",
43
- enum: [
44
- "Ed25519",
45
- "Secp256k1",
46
- "Secp256r1",
47
- "X25519",
48
- "Bls12381G1",
49
- "Bls12381G2",
50
- "RSA"
51
- ],
41
+ enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
52
42
  description: "Cryptographic key type."
53
43
  },
54
44
  IkeyOptions: {
@@ -123,13 +113,7 @@ var require_plugin_schema = __commonJS({
123
113
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
124
114
  }
125
115
  },
126
- required: [
127
- "kid",
128
- "kms",
129
- "privateKeyHex",
130
- "publicKeyHex",
131
- "type"
132
- ]
116
+ required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
133
117
  },
134
118
  ISphereonKeyManagerHandleExpirationsArgs: {
135
119
  type: "object",
@@ -178,12 +162,7 @@ var require_plugin_schema = __commonJS({
178
162
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
179
163
  }
180
164
  },
181
- required: [
182
- "kid",
183
- "kms",
184
- "type",
185
- "publicKeyHex"
186
- ],
165
+ required: ["kid", "kms", "type", "publicKeyHex"],
187
166
  additionalProperties: false
188
167
  },
189
168
  MinimalImportableKey: {
@@ -252,19 +231,11 @@ var require_plugin_schema = __commonJS({
252
231
  },
253
232
  encoding: {
254
233
  type: "string",
255
- enum: [
256
- "utf-8",
257
- "base16",
258
- "base64",
259
- "hex"
260
- ],
234
+ enum: ["utf-8", "base16", "base64", "hex"],
261
235
  description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
262
236
  }
263
237
  },
264
- required: [
265
- "data",
266
- "keyRef"
267
- ],
238
+ required: ["data", "keyRef"],
268
239
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
269
240
  },
270
241
  Uint8Array: {
@@ -286,13 +257,7 @@ var require_plugin_schema = __commonJS({
286
257
  type: "number"
287
258
  }
288
259
  },
289
- required: [
290
- "BYTES_PER_ELEMENT",
291
- "buffer",
292
- "byteLength",
293
- "byteOffset",
294
- "length"
295
- ],
260
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
296
261
  additionalProperties: {
297
262
  type: "number"
298
263
  }
@@ -307,9 +272,7 @@ var require_plugin_schema = __commonJS({
307
272
  type: "number"
308
273
  }
309
274
  },
310
- required: [
311
- "byteLength"
312
- ],
275
+ required: ["byteLength"],
313
276
  additionalProperties: false
314
277
  },
315
278
  ISphereonKeyManagerVerifyArgs: {
@@ -334,12 +297,7 @@ var require_plugin_schema = __commonJS({
334
297
  type: "string"
335
298
  }
336
299
  },
337
- required: [
338
- "publicKeyHex",
339
- "type",
340
- "data",
341
- "signature"
342
- ],
300
+ required: ["publicKeyHex", "type", "data", "signature"],
343
301
  additionalProperties: false
344
302
  }
345
303
  },
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\n \"type\"\n ],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\n \"Ed25519\",\n \"Secp256k1\",\n \"Secp256r1\",\n \"X25519\",\n \"Bls12381G1\",\n \"Bls12381G2\",\n \"RSA\"\n ],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"privateKeyHex\",\n \"publicKeyHex\",\n \"type\"\n ]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"type\",\n \"publicKeyHex\"\n ],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\n \"utf-8\",\n \"base16\",\n \"base64\",\n \"hex\"\n ],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\n \"data\",\n \"keyRef\"\n ],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"BYTES_PER_ELEMENT\",\n \"buffer\",\n \"byteLength\",\n \"byteOffset\",\n \"length\"\n ],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"byteLength\"\n ],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"publicKeyHex\",\n \"type\",\n \"data\",\n \"signature\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ;AAAA,oBACN;AAAA,oBACA;AAAA,oBACA;AAAA,oBACA;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxZA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAMsB,mBAAmB;MAC9BX,KAAKY,MAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;AElOA,cAAc;AAJd,IAAMgF,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAMsB,mBAAmB;MAC9BX,KAAKY,MAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;AElOA,cAAc;AAJd,IAAMgF,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.key-manager",
3
3
  "description": "Sphereon Key Manager plugin with BLS support",
4
- "version": "0.34.1-feature.SSISDK.82.linkedVP.328+20af9c29",
4
+ "version": "0.34.1-feature.SSISDK.82.linkedVP.341+483672e1",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -34,9 +34,9 @@
34
34
  },
35
35
  "devDependencies": {
36
36
  "@mattrglobal/bbs-signatures": "^1.3.1",
37
- "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.SSISDK.82.linkedVP.328+20af9c29",
38
- "@sphereon/ssi-sdk-ext.kms-local": "0.34.1-feature.SSISDK.82.linkedVP.328+20af9c29",
39
- "@sphereon/ssi-sdk.dev": "0.34.1-feature.SSISDK.82.linkedVP.328+20af9c29"
37
+ "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-feature.SSISDK.82.linkedVP.341+483672e1",
38
+ "@sphereon/ssi-sdk-ext.kms-local": "0.34.1-feature.SSISDK.82.linkedVP.341+483672e1",
39
+ "@sphereon/ssi-sdk.dev": "0.34.1-feature.SSISDK.82.linkedVP.341+483672e1"
40
40
  },
41
41
  "resolutions": {
42
42
  "jsonld": "npm:@digitalcredentials/jsonld@^5.2.1",
@@ -60,5 +60,5 @@
60
60
  "kms",
61
61
  "Veramo"
62
62
  ],
63
- "gitHead": "20af9c298b5d6764da6c804d1c6d8a758b710513"
63
+ "gitHead": "483672e1d9b2891a346216a0ebea64745561d6ed"
64
64
  }
package/plugin.schema.json CHANGED
@@ -22,23 +22,13 @@
22
22
  "description": "Optional. Key meta data"
23
23
  }
24
24
  },
25
- "required": [
26
- "type"
27
- ],
25
+ "required": ["type"],
28
26
  "additionalProperties": false,
29
27
  "description": "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
30
28
  },
31
29
  "TKeyType": {
32
30
  "type": "string",
33
- "enum": [
34
- "Ed25519",
35
- "Secp256k1",
36
- "Secp256r1",
37
- "X25519",
38
- "Bls12381G1",
39
- "Bls12381G2",
40
- "RSA"
41
- ],
31
+ "enum": ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
42
32
  "description": "Cryptographic key type."
43
33
  },
44
34
  "IkeyOptions": {
@@ -113,13 +103,7 @@
113
103
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
114
104
  }
115
105
  },
116
- "required": [
117
- "kid",
118
- "kms",
119
- "privateKeyHex",
120
- "publicKeyHex",
121
- "type"
122
- ]
106
+ "required": ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
123
107
  },
124
108
  "ISphereonKeyManagerHandleExpirationsArgs": {
125
109
  "type": "object",
@@ -168,12 +152,7 @@
168
152
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
169
153
  }
170
154
  },
171
- "required": [
172
- "kid",
173
- "kms",
174
- "type",
175
- "publicKeyHex"
176
- ],
155
+ "required": ["kid", "kms", "type", "publicKeyHex"],
177
156
  "additionalProperties": false
178
157
  },
179
158
  "MinimalImportableKey": {
@@ -242,19 +221,11 @@
242
221
  },
243
222
  "encoding": {
244
223
  "type": "string",
245
- "enum": [
246
- "utf-8",
247
- "base16",
248
- "base64",
249
- "hex"
250
- ],
224
+ "enum": ["utf-8", "base16", "base64", "hex"],
251
225
  "description": "If the data is a \"string\" then you can specify which encoding is used. Default is \"utf-8\""
252
226
  }
253
227
  },
254
- "required": [
255
- "data",
256
- "keyRef"
257
- ],
228
+ "required": ["data", "keyRef"],
258
229
  "description": "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
259
230
  },
260
231
  "Uint8Array": {
@@ -276,13 +247,7 @@
276
247
  "type": "number"
277
248
  }
278
249
  },
279
- "required": [
280
- "BYTES_PER_ELEMENT",
281
- "buffer",
282
- "byteLength",
283
- "byteOffset",
284
- "length"
285
- ],
250
+ "required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
286
251
  "additionalProperties": {
287
252
  "type": "number"
288
253
  }
@@ -297,9 +262,7 @@
297
262
  "type": "number"
298
263
  }
299
264
  },
300
- "required": [
301
- "byteLength"
302
- ],
265
+ "required": ["byteLength"],
303
266
  "additionalProperties": false
304
267
  },
305
268
  "ISphereonKeyManagerVerifyArgs": {
@@ -324,12 +287,7 @@
324
287
  "type": "string"
325
288
  }
326
289
  },
327
- "required": [
328
- "publicKeyHex",
329
- "type",
330
- "data",
331
- "signature"
332
- ],
290
+ "required": ["publicKeyHex", "type", "data", "signature"],
333
291
  "additionalProperties": false
334
292
  }
335
293
  },
@@ -406,4 +364,4 @@
406
364
  }
407
365
  }
408
366
  }
409
- }
367
+ }