@sphereon/ssi-sdk-ext.key-manager 0.34.1-next.91 → 0.36.1-feat.SSISDK.83.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +106 -70
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +2 -0
  4. package/dist/index.d.ts +2 -0
  5. package/dist/index.js +106 -70
  6. package/dist/index.js.map +1 -1
  7. package/package.json +5 -5
  8. package/plugin.schema.json +57 -70
  9. package/src/agent/SphereonKeyManager.ts +63 -1
package/dist/index.cjs CHANGED
@@ -60,6 +60,7 @@ var require_plugin_schema = __commonJS({
60
60
  }
61
61
  },
62
62
  required: ["type"],
63
+ additionalProperties: false,
63
64
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
64
65
  },
65
66
  TKeyType: {
@@ -86,9 +87,11 @@ var require_plugin_schema = __commonJS({
86
87
  format: "date-time"
87
88
  }
88
89
  },
90
+ additionalProperties: false,
89
91
  description: "Expiration and remove the key"
90
92
  }
91
- }
93
+ },
94
+ additionalProperties: false
92
95
  },
93
96
  KeyMetadata: {
94
97
  type: "object",
@@ -104,6 +107,7 @@ var require_plugin_schema = __commonJS({
104
107
  },
105
108
  PartialKey: {
106
109
  type: "object",
110
+ additionalProperties: false,
107
111
  properties: {
108
112
  privateKeyHex: {
109
113
  type: "string"
@@ -144,9 +148,17 @@ var require_plugin_schema = __commonJS({
144
148
  skipRemovals: {
145
149
  type: "boolean"
146
150
  }
147
- }
151
+ },
152
+ additionalProperties: false
148
153
  },
149
154
  ManagedKeyInfo: {
155
+ $ref: '#/components/schemas/Omit<IKey,"privateKeyHex">',
156
+ description: "Represents information about a managed key. Private or secret key material is NOT present."
157
+ },
158
+ 'Omit<IKey,"privateKeyHex">': {
159
+ $ref: '#/components/schemas/Pick<IKey,Exclude<("kid"|"kms"|"type"|"publicKeyHex"|"privateKeyHex"|"meta"),"privateKeyHex">>'
160
+ },
161
+ 'Pick<IKey,Exclude<("kid"|"kms"|"type"|"publicKeyHex"|"privateKeyHex"|"meta"),"privateKeyHex">>': {
150
162
  type: "object",
151
163
  properties: {
152
164
  kid: {
@@ -178,7 +190,7 @@ var require_plugin_schema = __commonJS({
178
190
  }
179
191
  },
180
192
  required: ["kid", "kms", "type", "publicKeyHex"],
181
- description: "Represents information about a managed key. Private or secret key material is NOT present."
193
+ additionalProperties: false
182
194
  },
183
195
  MinimalImportableKey: {
184
196
  $ref: '#/components/schemas/RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>',
@@ -186,6 +198,7 @@ var require_plugin_schema = __commonJS({
186
198
  },
187
199
  'RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>': {
188
200
  type: "object",
201
+ additionalProperties: false,
189
202
  properties: {
190
203
  kid: {
191
204
  type: "string",
@@ -238,39 +251,7 @@ var require_plugin_schema = __commonJS({
238
251
  type: "string"
239
252
  },
240
253
  {
241
- type: "object",
242
- properties: {
243
- BYTES_PER_ELEMENT: {
244
- type: "number"
245
- },
246
- buffer: {
247
- anyOf: [
248
- {
249
- type: "object",
250
- properties: {
251
- byteLength: {
252
- type: "number"
253
- }
254
- },
255
- required: ["byteLength"]
256
- },
257
- {}
258
- ]
259
- },
260
- byteLength: {
261
- type: "number"
262
- },
263
- byteOffset: {
264
- type: "number"
265
- },
266
- length: {
267
- type: "number"
268
- }
269
- },
270
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
271
- additionalProperties: {
272
- type: "number"
273
- }
254
+ $ref: "#/components/schemas/Uint8Array"
274
255
  }
275
256
  ],
276
257
  description: "Data to sign"
@@ -284,6 +265,43 @@ var require_plugin_schema = __commonJS({
284
265
  required: ["data", "keyRef"],
285
266
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
286
267
  },
268
+ Uint8Array: {
269
+ type: "object",
270
+ properties: {
271
+ BYTES_PER_ELEMENT: {
272
+ type: "number"
273
+ },
274
+ buffer: {
275
+ $ref: "#/components/schemas/ArrayBufferLike"
276
+ },
277
+ byteLength: {
278
+ type: "number"
279
+ },
280
+ byteOffset: {
281
+ type: "number"
282
+ },
283
+ length: {
284
+ type: "number"
285
+ }
286
+ },
287
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
288
+ additionalProperties: {
289
+ type: "number"
290
+ }
291
+ },
292
+ ArrayBufferLike: {
293
+ $ref: "#/components/schemas/ArrayBuffer"
294
+ },
295
+ ArrayBuffer: {
296
+ type: "object",
297
+ properties: {
298
+ byteLength: {
299
+ type: "number"
300
+ }
301
+ },
302
+ required: ["byteLength"],
303
+ additionalProperties: false
304
+ },
287
305
  ISphereonKeyManagerVerifyArgs: {
288
306
  type: "object",
289
307
  properties: {
@@ -300,45 +318,14 @@ var require_plugin_schema = __commonJS({
300
318
  type: "string"
301
319
  },
302
320
  data: {
303
- type: "object",
304
- properties: {
305
- BYTES_PER_ELEMENT: {
306
- type: "number"
307
- },
308
- buffer: {
309
- anyOf: [
310
- {
311
- type: "object",
312
- properties: {
313
- byteLength: {
314
- type: "number"
315
- }
316
- },
317
- required: ["byteLength"]
318
- },
319
- {}
320
- ]
321
- },
322
- byteLength: {
323
- type: "number"
324
- },
325
- byteOffset: {
326
- type: "number"
327
- },
328
- length: {
329
- type: "number"
330
- }
331
- },
332
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
333
- additionalProperties: {
334
- type: "number"
335
- }
321
+ $ref: "#/components/schemas/Uint8Array"
336
322
  },
337
323
  signature: {
338
324
  type: "string"
339
325
  }
340
326
  },
341
- required: ["publicKeyHex", "type", "data", "signature"]
327
+ required: ["publicKeyHex", "type", "data", "signature"],
328
+ additionalProperties: false
342
329
  }
343
330
  },
344
331
  methods: {
@@ -478,6 +465,52 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
478
465
  methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
479
466
  methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
480
467
  this.kmsMethods = methods;
468
+ this.syncPreProvisionedKeys();
469
+ }
470
+ syncPreProvisionedKeys() {
471
+ Object.keys(this.availableKmses).forEach((kmsId) => {
472
+ const kms = this.availableKmses[kmsId];
473
+ if (kms.constructor.name === "RestKeyManagementSystem") {
474
+ this.syncPreProvisionedKeysForKms(kmsId, kms);
475
+ }
476
+ });
477
+ }
478
+ syncPreProvisionedKeysForKms(kmsId, kms) {
479
+ kms.listKeys().then(async (remoteKeys) => {
480
+ try {
481
+ const storedKeys = await this.keyManagerListKeys();
482
+ await Promise.all(remoteKeys.map(async (remoteKey) => {
483
+ const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid);
484
+ const needsUpdate = !storedKey || storedKey.publicKeyHex !== remoteKey.publicKeyHex || storedKey.type !== remoteKey.type || storedKey.kms !== remoteKey.kms || remoteKey.meta && "alias" in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias;
485
+ if (needsUpdate) {
486
+ try {
487
+ if (storedKey) {
488
+ await this.kmsStore.delete({
489
+ kid: remoteKey.kid
490
+ });
491
+ }
492
+ const keyToImport = {
493
+ ...remoteKey,
494
+ meta: remoteKey.meta && "alias" in remoteKey.meta ? {
495
+ ...remoteKey.meta,
496
+ keyAlias: remoteKey.meta.alias
497
+ } : remoteKey.meta
498
+ };
499
+ if (keyToImport.meta && "alias" in keyToImport.meta) {
500
+ delete keyToImport.meta.alias;
501
+ }
502
+ await this.kmsStore.import(keyToImport);
503
+ } catch (error) {
504
+ console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error);
505
+ }
506
+ }
507
+ }));
508
+ } catch (error) {
509
+ console.error(`Failed to sync keys for kms ${kmsId}:`, error);
510
+ }
511
+ }).catch((error) => {
512
+ console.error(`Failed to list remote keys for kms ${kmsId}:`, error);
513
+ });
481
514
  }
482
515
  keyManagerGetDefaultKeyManagementSystem() {
483
516
  return Promise.resolve(this._defaultKms);
@@ -606,6 +639,9 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
606
639
  }
607
640
  setKms(name, kms) {
608
641
  this.availableKmses[name] = kms;
642
+ if (kms.constructor.name === "RestKeyManagementSystem") {
643
+ this.syncPreProvisionedKeysForKms(name, kms);
644
+ }
609
645
  }
610
646
  };
611
647
 
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"description\": \"Expiration and remove the key\"\n }\n }\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ManagedKeyInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"]\n },\n {}\n ]\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"]\n },\n {}\n ]\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"]\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid)\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,aAAe;AAAA,YACjB;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,sBACR,YAAc;AAAA,wBACZ,mBAAqB;AAAA,0BACnB,MAAQ;AAAA,wBACV;AAAA,wBACA,QAAU;AAAA,0BACR,OAAS;AAAA,4BACP;AAAA,8BACE,MAAQ;AAAA,8BACR,YAAc;AAAA,gCACZ,YAAc;AAAA,kCACZ,MAAQ;AAAA,gCACV;AAAA,8BACF;AAAA,8BACA,UAAY,CAAC,YAAY;AAAA,4BAC3B;AAAA,4BACA,CAAC;AAAA,0BACH;AAAA,wBACF;AAAA,wBACA,YAAc;AAAA,0BACZ,MAAQ;AAAA,wBACV;AAAA,wBACA,YAAc;AAAA,0BACZ,MAAQ;AAAA,wBACV;AAAA,wBACA,QAAU;AAAA,0BACR,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,sBAChF,sBAAwB;AAAA,wBACtB,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,YAAc;AAAA,4BACZ,YAAc;AAAA,8BACZ,MAAQ;AAAA,4BACV;AAAA,0BACF;AAAA,0BACA,UAAY,CAAC,YAAY;AAAA,wBAC3B;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,oBACF;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,QAAU;AAAA,sBACR,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,kBAChF,sBAAwB;AAAA,oBACtB,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,YAC1D;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC3XA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;EACnD;EAEAI,0CAA2D;AACzD,WAAOC,QAAQC,QAAQ,KAAKjB,WAAW;EACzC;EAEA,MAAekB,iBAAiBC,MAA8D;AAC5F,UAAMf,MAAM,KAAKgB,aAAaD,KAAKf,OAAO,KAAKJ,WAAW;AAC1D,UAAMqB,OAAoB;MAAE,GAAGF,KAAKE;MAAM,GAAIF,KAAKG,QAAQ;QAAEA,MAAMH,KAAKG;MAAK;IAAG;AAChF,QAAIC,cAAcF,IAAAA,KAASA,KAAKC,MAAME,aAAa,CAACH,KAAKC,KAAKG,YAAYC,aAAa;AAErFL,WAAKC,OAAO;QACV,GAAGD,KAAKC;QACRG,YAAY;UAAE,GAAGJ,KAAKC,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMzB,IAAI0B,UAAU;MAAEC,MAAMZ,KAAKY;MAAMV;IAAK,CAAA;AAC/D,UAAMW,MAAY;MAAE,GAAGH;MAAYzB,KAAKe,KAAKf,OAAO,KAAKJ;IAAY;AACrEgC,QAAIX,OAAO;MAAE,GAAGA;MAAM,GAAGW,IAAIX;IAAK;AAClCW,QAAIX,KAAKY,gBAAgBD,IAAIX,KAAKY,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAKlC,SAASqC,OAAOH,GAAAA;AAC3B,QAAIA,IAAII,eAAe;AAErB,aAAOJ,IAAII;IACb;AACA,WAAOJ;EACT;;EAIA,MAAMK,eAAelB,MAAoD;AACvE,UAAMmB,UAAU,MAAM,KAAKC,cAAc;MAAEC,KAAKrB,KAAKsB;IAAO,CAAA;AAC5D,UAAMrC,MAAM,KAAKgB,aAAakB,QAAQlC,GAAG;AACzC,QAAIkC,QAAQP,SAAS,cAAc;AACjC,aAAO,MAAM3B,IAAIsC,KAAK;QAAED,QAAQH;QAASK,MAAM,OAAOxB,KAAKwB,SAAS,WAAWlD,WAAW0B,KAAKwB,IAAI,IAAIxB,KAAKwB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAMN,eAAe;MAAE,GAAGlB;MAAMsB,QAAQH,QAAQE;IAAI,CAAA;EACnE;EAEA,MAAM5B,iBAAiBO,MAAuD;AAC5E,QAAIA,KAAKf,KAAK;AACZ,YAAMA,MAAM,KAAKgB,aAAaD,KAAKf,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIwC,WAAW,YAAY;AAE9D,eAAO,MAAMxC,IAAIwC,OAAOzB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAM0B,uCAAmB;MAC9Bb,SAAKc,0BAAM3B,KAAK4B,cAAc5B,KAAKY,IAAI;MACvCY,MAAMxB,KAAKwB;MACXK,WAAWvD,WAAW0B,KAAK6B,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMlC,qBAAgD;AACpD,WAAO,KAAKhB,SAASmD,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B/B,MAAgF;AAChH,UAAMZ,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAMqC,cAAc5C,KACjB6C,OAAO,CAACpB,QAAQT,cAAcS,IAAIX,IAAI,CAAA,EACtC+B,OAAO,CAACpB,QAAAA;AACP,UAAIT,cAAcS,IAAIX,IAAI,KAAKW,IAAIX,MAAMC,MAAMG,YAAY;AACzD,cAAMA,aAAaO,IAAIX,KAAKC,KAAKG;AACjC,eAAO,EAAEA,WAAW4B,cAAc5B,WAAW4B,WAAWC,gBAAe,IAAK3B,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIT,KAAKoC,iBAAiB,MAAM;AAC9B,YAAMvC,QAAQwC,IAAIL,YAAYM,IAAI,CAACzB,QAAQ,KAAK0B,iBAAiB;QAAElB,KAAKR,IAAIQ;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOjC;EACT;EAEQa,aAAauC,MAA2C;AAC9D,UAAMvD,MAAM,KAAKL,eAAe4D,IAAAA;AAChC,QAAI,CAACvD,KAAK;AACR,YAAMK,MAAM,iFAAiFkD,IAAAA,GAAO;IACtG;AACA,WAAOvD;EACT;;EAGA,MAAMmC,cAAc,EAAEC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAMR,MAAM,MAAM,KAAKlC,SAAS8D,IAAI;QAAEpB;MAAI,CAAA;AAC1C,aAAOR;IACT,SAAS6B,GAAG;AACV,YAAMtD,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMgD,WAAWvD,KAAKwD,KACpB,CAAC/B,QACCA,IAAIe,iBAAiBP,OACrBR,IAAIX,MAAMY,kBAAkBO,OAC3BR,IAAIX,MAAMY,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAOQ,GAAAA;AAElF,UAAIsB,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIrD,MAAM,gBAAgB+B,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAInC,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA4D,OAAOL,MAAcvD,KAAwC;AAC3D,SAAKL,eAAe4D,IAAAA,IAAQvD;EAC9B;AACF;;;ADpKA,0BAAc,gCAJd;IAAM6D,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","Promise","resolve","keyManagerCreate","args","getKmsByName","meta","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","type","key","jwkThumbprint","calculateJwkThumbprintForKey","import","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","kid","keyRef","sign","data","verify","verifyRawSignature","toJwk","publicKeyHex","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","all","map","keyManagerDelete","name","get","e","foundKey","find","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAMsB,uCAAmB;MAC9BX,SAAKY,0BAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;ADlOA,0BAAc,gCAJd;IAAMgF,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/dist/index.d.cts CHANGED
@@ -119,6 +119,8 @@ declare class SphereonKeyManager extends KeyManager {
119
119
  kms: Record<string, AbstractKeyManagementSystem>;
120
120
  defaultKms?: string;
121
121
  });
122
+ private syncPreProvisionedKeys;
123
+ private syncPreProvisionedKeysForKms;
122
124
  keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
123
125
  keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
124
126
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
package/dist/index.d.ts CHANGED
@@ -119,6 +119,8 @@ declare class SphereonKeyManager extends KeyManager {
119
119
  kms: Record<string, AbstractKeyManagementSystem>;
120
120
  defaultKms?: string;
121
121
  });
122
+ private syncPreProvisionedKeys;
123
+ private syncPreProvisionedKeysForKms;
122
124
  keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
123
125
  keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
124
126
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
package/dist/index.js CHANGED
@@ -33,6 +33,7 @@ var require_plugin_schema = __commonJS({
33
33
  }
34
34
  },
35
35
  required: ["type"],
36
+ additionalProperties: false,
36
37
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
37
38
  },
38
39
  TKeyType: {
@@ -59,9 +60,11 @@ var require_plugin_schema = __commonJS({
59
60
  format: "date-time"
60
61
  }
61
62
  },
63
+ additionalProperties: false,
62
64
  description: "Expiration and remove the key"
63
65
  }
64
- }
66
+ },
67
+ additionalProperties: false
65
68
  },
66
69
  KeyMetadata: {
67
70
  type: "object",
@@ -77,6 +80,7 @@ var require_plugin_schema = __commonJS({
77
80
  },
78
81
  PartialKey: {
79
82
  type: "object",
83
+ additionalProperties: false,
80
84
  properties: {
81
85
  privateKeyHex: {
82
86
  type: "string"
@@ -117,9 +121,17 @@ var require_plugin_schema = __commonJS({
117
121
  skipRemovals: {
118
122
  type: "boolean"
119
123
  }
120
- }
124
+ },
125
+ additionalProperties: false
121
126
  },
122
127
  ManagedKeyInfo: {
128
+ $ref: '#/components/schemas/Omit<IKey,"privateKeyHex">',
129
+ description: "Represents information about a managed key. Private or secret key material is NOT present."
130
+ },
131
+ 'Omit<IKey,"privateKeyHex">': {
132
+ $ref: '#/components/schemas/Pick<IKey,Exclude<("kid"|"kms"|"type"|"publicKeyHex"|"privateKeyHex"|"meta"),"privateKeyHex">>'
133
+ },
134
+ 'Pick<IKey,Exclude<("kid"|"kms"|"type"|"publicKeyHex"|"privateKeyHex"|"meta"),"privateKeyHex">>': {
123
135
  type: "object",
124
136
  properties: {
125
137
  kid: {
@@ -151,7 +163,7 @@ var require_plugin_schema = __commonJS({
151
163
  }
152
164
  },
153
165
  required: ["kid", "kms", "type", "publicKeyHex"],
154
- description: "Represents information about a managed key. Private or secret key material is NOT present."
166
+ additionalProperties: false
155
167
  },
156
168
  MinimalImportableKey: {
157
169
  $ref: '#/components/schemas/RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>',
@@ -159,6 +171,7 @@ var require_plugin_schema = __commonJS({
159
171
  },
160
172
  'RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>': {
161
173
  type: "object",
174
+ additionalProperties: false,
162
175
  properties: {
163
176
  kid: {
164
177
  type: "string",
@@ -211,39 +224,7 @@ var require_plugin_schema = __commonJS({
211
224
  type: "string"
212
225
  },
213
226
  {
214
- type: "object",
215
- properties: {
216
- BYTES_PER_ELEMENT: {
217
- type: "number"
218
- },
219
- buffer: {
220
- anyOf: [
221
- {
222
- type: "object",
223
- properties: {
224
- byteLength: {
225
- type: "number"
226
- }
227
- },
228
- required: ["byteLength"]
229
- },
230
- {}
231
- ]
232
- },
233
- byteLength: {
234
- type: "number"
235
- },
236
- byteOffset: {
237
- type: "number"
238
- },
239
- length: {
240
- type: "number"
241
- }
242
- },
243
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
244
- additionalProperties: {
245
- type: "number"
246
- }
227
+ $ref: "#/components/schemas/Uint8Array"
247
228
  }
248
229
  ],
249
230
  description: "Data to sign"
@@ -257,6 +238,43 @@ var require_plugin_schema = __commonJS({
257
238
  required: ["data", "keyRef"],
258
239
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
259
240
  },
241
+ Uint8Array: {
242
+ type: "object",
243
+ properties: {
244
+ BYTES_PER_ELEMENT: {
245
+ type: "number"
246
+ },
247
+ buffer: {
248
+ $ref: "#/components/schemas/ArrayBufferLike"
249
+ },
250
+ byteLength: {
251
+ type: "number"
252
+ },
253
+ byteOffset: {
254
+ type: "number"
255
+ },
256
+ length: {
257
+ type: "number"
258
+ }
259
+ },
260
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
261
+ additionalProperties: {
262
+ type: "number"
263
+ }
264
+ },
265
+ ArrayBufferLike: {
266
+ $ref: "#/components/schemas/ArrayBuffer"
267
+ },
268
+ ArrayBuffer: {
269
+ type: "object",
270
+ properties: {
271
+ byteLength: {
272
+ type: "number"
273
+ }
274
+ },
275
+ required: ["byteLength"],
276
+ additionalProperties: false
277
+ },
260
278
  ISphereonKeyManagerVerifyArgs: {
261
279
  type: "object",
262
280
  properties: {
@@ -273,45 +291,14 @@ var require_plugin_schema = __commonJS({
273
291
  type: "string"
274
292
  },
275
293
  data: {
276
- type: "object",
277
- properties: {
278
- BYTES_PER_ELEMENT: {
279
- type: "number"
280
- },
281
- buffer: {
282
- anyOf: [
283
- {
284
- type: "object",
285
- properties: {
286
- byteLength: {
287
- type: "number"
288
- }
289
- },
290
- required: ["byteLength"]
291
- },
292
- {}
293
- ]
294
- },
295
- byteLength: {
296
- type: "number"
297
- },
298
- byteOffset: {
299
- type: "number"
300
- },
301
- length: {
302
- type: "number"
303
- }
304
- },
305
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
306
- additionalProperties: {
307
- type: "number"
308
- }
294
+ $ref: "#/components/schemas/Uint8Array"
309
295
  },
310
296
  signature: {
311
297
  type: "string"
312
298
  }
313
299
  },
314
- required: ["publicKeyHex", "type", "data", "signature"]
300
+ required: ["publicKeyHex", "type", "data", "signature"],
301
+ additionalProperties: false
315
302
  }
316
303
  },
317
304
  methods: {
@@ -440,6 +427,52 @@ var SphereonKeyManager = class extends VeramoKeyManager {
440
427
  methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
441
428
  methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
442
429
  this.kmsMethods = methods;
430
+ this.syncPreProvisionedKeys();
431
+ }
432
+ syncPreProvisionedKeys() {
433
+ Object.keys(this.availableKmses).forEach((kmsId) => {
434
+ const kms = this.availableKmses[kmsId];
435
+ if (kms.constructor.name === "RestKeyManagementSystem") {
436
+ this.syncPreProvisionedKeysForKms(kmsId, kms);
437
+ }
438
+ });
439
+ }
440
+ syncPreProvisionedKeysForKms(kmsId, kms) {
441
+ kms.listKeys().then(async (remoteKeys) => {
442
+ try {
443
+ const storedKeys = await this.keyManagerListKeys();
444
+ await Promise.all(remoteKeys.map(async (remoteKey) => {
445
+ const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid);
446
+ const needsUpdate = !storedKey || storedKey.publicKeyHex !== remoteKey.publicKeyHex || storedKey.type !== remoteKey.type || storedKey.kms !== remoteKey.kms || remoteKey.meta && "alias" in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias;
447
+ if (needsUpdate) {
448
+ try {
449
+ if (storedKey) {
450
+ await this.kmsStore.delete({
451
+ kid: remoteKey.kid
452
+ });
453
+ }
454
+ const keyToImport = {
455
+ ...remoteKey,
456
+ meta: remoteKey.meta && "alias" in remoteKey.meta ? {
457
+ ...remoteKey.meta,
458
+ keyAlias: remoteKey.meta.alias
459
+ } : remoteKey.meta
460
+ };
461
+ if (keyToImport.meta && "alias" in keyToImport.meta) {
462
+ delete keyToImport.meta.alias;
463
+ }
464
+ await this.kmsStore.import(keyToImport);
465
+ } catch (error) {
466
+ console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error);
467
+ }
468
+ }
469
+ }));
470
+ } catch (error) {
471
+ console.error(`Failed to sync keys for kms ${kmsId}:`, error);
472
+ }
473
+ }).catch((error) => {
474
+ console.error(`Failed to list remote keys for kms ${kmsId}:`, error);
475
+ });
443
476
  }
444
477
  keyManagerGetDefaultKeyManagementSystem() {
445
478
  return Promise.resolve(this._defaultKms);
@@ -568,6 +601,9 @@ var SphereonKeyManager = class extends VeramoKeyManager {
568
601
  }
569
602
  setKms(name, kms) {
570
603
  this.availableKmses[name] = kms;
604
+ if (kms.constructor.name === "RestKeyManagementSystem") {
605
+ this.syncPreProvisionedKeysForKms(name, kms);
606
+ }
571
607
  }
572
608
  };
573
609
 
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"description\": \"Expiration and remove the key\"\n }\n }\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n }\n },\n \"ManagedKeyInfo\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"]\n },\n {}\n ]\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"anyOf\": [\n {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"]\n },\n {}\n ]\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"]\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid)\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,YACF;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,aAAe;AAAA,YACjB;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,sBACR,YAAc;AAAA,wBACZ,mBAAqB;AAAA,0BACnB,MAAQ;AAAA,wBACV;AAAA,wBACA,QAAU;AAAA,0BACR,OAAS;AAAA,4BACP;AAAA,8BACE,MAAQ;AAAA,8BACR,YAAc;AAAA,gCACZ,YAAc;AAAA,kCACZ,MAAQ;AAAA,gCACV;AAAA,8BACF;AAAA,8BACA,UAAY,CAAC,YAAY;AAAA,4BAC3B;AAAA,4BACA,CAAC;AAAA,0BACH;AAAA,wBACF;AAAA,wBACA,YAAc;AAAA,0BACZ,MAAQ;AAAA,wBACV;AAAA,wBACA,YAAc;AAAA,0BACZ,MAAQ;AAAA,wBACV;AAAA,wBACA,QAAU;AAAA,0BACR,MAAQ;AAAA,wBACV;AAAA,sBACF;AAAA,sBACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,sBAChF,sBAAwB;AAAA,wBACtB,MAAQ;AAAA,sBACV;AAAA,oBACF;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,mBAAqB;AAAA,sBACnB,MAAQ;AAAA,oBACV;AAAA,oBACA,QAAU;AAAA,sBACR,OAAS;AAAA,wBACP;AAAA,0BACE,MAAQ;AAAA,0BACR,YAAc;AAAA,4BACZ,YAAc;AAAA,8BACZ,MAAQ;AAAA,4BACV;AAAA,0BACF;AAAA,0BACA,UAAY,CAAC,YAAY;AAAA,wBAC3B;AAAA,wBACA,CAAC;AAAA,sBACH;AAAA,oBACF;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,YAAc;AAAA,sBACZ,MAAQ;AAAA,oBACV;AAAA,oBACA,QAAU;AAAA,sBACR,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,kBAChF,sBAAwB;AAAA,oBACtB,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,YAC1D;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC3XA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;EACnD;EAEAI,0CAA2D;AACzD,WAAOC,QAAQC,QAAQ,KAAKjB,WAAW;EACzC;EAEA,MAAekB,iBAAiBC,MAA8D;AAC5F,UAAMf,MAAM,KAAKgB,aAAaD,KAAKf,OAAO,KAAKJ,WAAW;AAC1D,UAAMqB,OAAoB;MAAE,GAAGF,KAAKE;MAAM,GAAIF,KAAKG,QAAQ;QAAEA,MAAMH,KAAKG;MAAK;IAAG;AAChF,QAAIC,cAAcF,IAAAA,KAASA,KAAKC,MAAME,aAAa,CAACH,KAAKC,KAAKG,YAAYC,aAAa;AAErFL,WAAKC,OAAO;QACV,GAAGD,KAAKC;QACRG,YAAY;UAAE,GAAGJ,KAAKC,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMzB,IAAI0B,UAAU;MAAEC,MAAMZ,KAAKY;MAAMV;IAAK,CAAA;AAC/D,UAAMW,MAAY;MAAE,GAAGH;MAAYzB,KAAKe,KAAKf,OAAO,KAAKJ;IAAY;AACrEgC,QAAIX,OAAO;MAAE,GAAGA;MAAM,GAAGW,IAAIX;IAAK;AAClCW,QAAIX,KAAKY,gBAAgBD,IAAIX,KAAKY,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAKlC,SAASqC,OAAOH,GAAAA;AAC3B,QAAIA,IAAII,eAAe;AAErB,aAAOJ,IAAII;IACb;AACA,WAAOJ;EACT;;EAIA,MAAMK,eAAelB,MAAoD;AACvE,UAAMmB,UAAU,MAAM,KAAKC,cAAc;MAAEC,KAAKrB,KAAKsB;IAAO,CAAA;AAC5D,UAAMrC,MAAM,KAAKgB,aAAakB,QAAQlC,GAAG;AACzC,QAAIkC,QAAQP,SAAS,cAAc;AACjC,aAAO,MAAM3B,IAAIsC,KAAK;QAAED,QAAQH;QAASK,MAAM,OAAOxB,KAAKwB,SAAS,WAAWlD,WAAW0B,KAAKwB,IAAI,IAAIxB,KAAKwB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAMN,eAAe;MAAE,GAAGlB;MAAMsB,QAAQH,QAAQE;IAAI,CAAA;EACnE;EAEA,MAAM5B,iBAAiBO,MAAuD;AAC5E,QAAIA,KAAKf,KAAK;AACZ,YAAMA,MAAM,KAAKgB,aAAaD,KAAKf,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIwC,WAAW,YAAY;AAE9D,eAAO,MAAMxC,IAAIwC,OAAOzB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAM0B,mBAAmB;MAC9Bb,KAAKc,MAAM3B,KAAK4B,cAAc5B,KAAKY,IAAI;MACvCY,MAAMxB,KAAKwB;MACXK,WAAWvD,WAAW0B,KAAK6B,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMlC,qBAAgD;AACpD,WAAO,KAAKhB,SAASmD,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B/B,MAAgF;AAChH,UAAMZ,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAMqC,cAAc5C,KACjB6C,OAAO,CAACpB,QAAQT,cAAcS,IAAIX,IAAI,CAAA,EACtC+B,OAAO,CAACpB,QAAAA;AACP,UAAIT,cAAcS,IAAIX,IAAI,KAAKW,IAAIX,MAAMC,MAAMG,YAAY;AACzD,cAAMA,aAAaO,IAAIX,KAAKC,KAAKG;AACjC,eAAO,EAAEA,WAAW4B,cAAc5B,WAAW4B,WAAWC,gBAAe,IAAK3B,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIT,KAAKoC,iBAAiB,MAAM;AAC9B,YAAMvC,QAAQwC,IAAIL,YAAYM,IAAI,CAACzB,QAAQ,KAAK0B,iBAAiB;QAAElB,KAAKR,IAAIQ;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOjC;EACT;EAEQa,aAAauC,MAA2C;AAC9D,UAAMvD,MAAM,KAAKL,eAAe4D,IAAAA;AAChC,QAAI,CAACvD,KAAK;AACR,YAAMK,MAAM,iFAAiFkD,IAAAA,GAAO;IACtG;AACA,WAAOvD;EACT;;EAGA,MAAMmC,cAAc,EAAEC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAMR,MAAM,MAAM,KAAKlC,SAAS8D,IAAI;QAAEpB;MAAI,CAAA;AAC1C,aAAOR;IACT,SAAS6B,GAAG;AACV,YAAMtD,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMgD,WAAWvD,KAAKwD,KACpB,CAAC/B,QACCA,IAAIe,iBAAiBP,OACrBR,IAAIX,MAAMY,kBAAkBO,OAC3BR,IAAIX,MAAMY,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAOQ,GAAAA;AAElF,UAAIsB,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIrD,MAAM,gBAAgB+B,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAInC,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA4D,OAAOL,MAAcvD,KAAwC;AAC3D,SAAKL,eAAe4D,IAAAA,IAAQvD;EAC9B;AACF;;;AEpKA,cAAc;AAJd,IAAM6D,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","Promise","resolve","keyManagerCreate","args","getKmsByName","meta","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","type","key","jwkThumbprint","calculateJwkThumbprintForKey","import","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","kid","keyRef","sign","data","verify","verifyRawSignature","toJwk","publicKeyHex","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","all","map","keyManagerDelete","name","get","e","foundKey","find","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAMsB,mBAAmB;MAC9BX,KAAKY,MAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;AElOA,cAAc;AAJd,IAAMgF,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.key-manager",
3
3
  "description": "Sphereon Key Manager plugin with BLS support",
4
- "version": "0.34.1-next.91+3c949810",
4
+ "version": "0.36.1-feat.SSISDK.83.3+08adc8a3",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -34,9 +34,9 @@
34
34
  },
35
35
  "devDependencies": {
36
36
  "@mattrglobal/bbs-signatures": "^1.3.1",
37
- "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-next.91+3c949810",
38
- "@sphereon/ssi-sdk-ext.kms-local": "0.34.1-next.91+3c949810",
39
- "@sphereon/ssi-sdk.dev": "0.34.1-next.91+3c949810"
37
+ "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feat.SSISDK.83.3+08adc8a3",
38
+ "@sphereon/ssi-sdk-ext.kms-local": "0.36.1-feat.SSISDK.83.3+08adc8a3",
39
+ "@sphereon/ssi-sdk.dev": "0.36.1-feat.SSISDK.83.3+08adc8a3"
40
40
  },
41
41
  "resolutions": {
42
42
  "jsonld": "npm:@digitalcredentials/jsonld@^5.2.1",
@@ -60,5 +60,5 @@
60
60
  "kms",
61
61
  "Veramo"
62
62
  ],
63
- "gitHead": "3c9498100ca07dfc2ba7979e7347fb9b19c47d18"
63
+ "gitHead": "08adc8a36bd361bbae337829b04343fd37de5803"
64
64
  }
package/plugin.schema.json CHANGED
@@ -23,6 +23,7 @@
23
23
  }
24
24
  },
25
25
  "required": ["type"],
26
+ "additionalProperties": false,
26
27
  "description": "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
27
28
  },
28
29
  "TKeyType": {
@@ -49,9 +50,11 @@
49
50
  "format": "date-time"
50
51
  }
51
52
  },
53
+ "additionalProperties": false,
52
54
  "description": "Expiration and remove the key"
53
55
  }
54
- }
56
+ },
57
+ "additionalProperties": false
55
58
  },
56
59
  "KeyMetadata": {
57
60
  "type": "object",
@@ -67,6 +70,7 @@
67
70
  },
68
71
  "PartialKey": {
69
72
  "type": "object",
73
+ "additionalProperties": false,
70
74
  "properties": {
71
75
  "privateKeyHex": {
72
76
  "type": "string"
@@ -107,9 +111,17 @@
107
111
  "skipRemovals": {
108
112
  "type": "boolean"
109
113
  }
110
- }
114
+ },
115
+ "additionalProperties": false
111
116
  },
112
117
  "ManagedKeyInfo": {
118
+ "$ref": "#/components/schemas/Omit<IKey,\"privateKeyHex\">",
119
+ "description": "Represents information about a managed key. Private or secret key material is NOT present."
120
+ },
121
+ "Omit<IKey,\"privateKeyHex\">": {
122
+ "$ref": "#/components/schemas/Pick<IKey,Exclude<(\"kid\"|\"kms\"|\"type\"|\"publicKeyHex\"|\"privateKeyHex\"|\"meta\"),\"privateKeyHex\">>"
123
+ },
124
+ "Pick<IKey,Exclude<(\"kid\"|\"kms\"|\"type\"|\"publicKeyHex\"|\"privateKeyHex\"|\"meta\"),\"privateKeyHex\">>": {
113
125
  "type": "object",
114
126
  "properties": {
115
127
  "kid": {
@@ -141,7 +153,7 @@
141
153
  }
142
154
  },
143
155
  "required": ["kid", "kms", "type", "publicKeyHex"],
144
- "description": "Represents information about a managed key. Private or secret key material is NOT present."
156
+ "additionalProperties": false
145
157
  },
146
158
  "MinimalImportableKey": {
147
159
  "$ref": "#/components/schemas/RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>",
@@ -149,6 +161,7 @@
149
161
  },
150
162
  "RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>": {
151
163
  "type": "object",
164
+ "additionalProperties": false,
152
165
  "properties": {
153
166
  "kid": {
154
167
  "type": "string",
@@ -201,39 +214,7 @@
201
214
  "type": "string"
202
215
  },
203
216
  {
204
- "type": "object",
205
- "properties": {
206
- "BYTES_PER_ELEMENT": {
207
- "type": "number"
208
- },
209
- "buffer": {
210
- "anyOf": [
211
- {
212
- "type": "object",
213
- "properties": {
214
- "byteLength": {
215
- "type": "number"
216
- }
217
- },
218
- "required": ["byteLength"]
219
- },
220
- {}
221
- ]
222
- },
223
- "byteLength": {
224
- "type": "number"
225
- },
226
- "byteOffset": {
227
- "type": "number"
228
- },
229
- "length": {
230
- "type": "number"
231
- }
232
- },
233
- "required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
234
- "additionalProperties": {
235
- "type": "number"
236
- }
217
+ "$ref": "#/components/schemas/Uint8Array"
237
218
  }
238
219
  ],
239
220
  "description": "Data to sign"
@@ -247,6 +228,43 @@
247
228
  "required": ["data", "keyRef"],
248
229
  "description": "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
249
230
  },
231
+ "Uint8Array": {
232
+ "type": "object",
233
+ "properties": {
234
+ "BYTES_PER_ELEMENT": {
235
+ "type": "number"
236
+ },
237
+ "buffer": {
238
+ "$ref": "#/components/schemas/ArrayBufferLike"
239
+ },
240
+ "byteLength": {
241
+ "type": "number"
242
+ },
243
+ "byteOffset": {
244
+ "type": "number"
245
+ },
246
+ "length": {
247
+ "type": "number"
248
+ }
249
+ },
250
+ "required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
251
+ "additionalProperties": {
252
+ "type": "number"
253
+ }
254
+ },
255
+ "ArrayBufferLike": {
256
+ "$ref": "#/components/schemas/ArrayBuffer"
257
+ },
258
+ "ArrayBuffer": {
259
+ "type": "object",
260
+ "properties": {
261
+ "byteLength": {
262
+ "type": "number"
263
+ }
264
+ },
265
+ "required": ["byteLength"],
266
+ "additionalProperties": false
267
+ },
250
268
  "ISphereonKeyManagerVerifyArgs": {
251
269
  "type": "object",
252
270
  "properties": {
@@ -263,45 +281,14 @@
263
281
  "type": "string"
264
282
  },
265
283
  "data": {
266
- "type": "object",
267
- "properties": {
268
- "BYTES_PER_ELEMENT": {
269
- "type": "number"
270
- },
271
- "buffer": {
272
- "anyOf": [
273
- {
274
- "type": "object",
275
- "properties": {
276
- "byteLength": {
277
- "type": "number"
278
- }
279
- },
280
- "required": ["byteLength"]
281
- },
282
- {}
283
- ]
284
- },
285
- "byteLength": {
286
- "type": "number"
287
- },
288
- "byteOffset": {
289
- "type": "number"
290
- },
291
- "length": {
292
- "type": "number"
293
- }
294
- },
295
- "required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
296
- "additionalProperties": {
297
- "type": "number"
298
- }
284
+ "$ref": "#/components/schemas/Uint8Array"
299
285
  },
300
286
  "signature": {
301
287
  "type": "string"
302
288
  }
303
289
  },
304
- "required": ["publicKeyHex", "type", "data", "signature"]
290
+ "required": ["publicKeyHex", "type", "data", "signature"],
291
+ "additionalProperties": false
305
292
  }
306
293
  },
307
294
  "methods": {
package/src/agent/SphereonKeyManager.ts CHANGED
@@ -46,6 +46,64 @@ export class SphereonKeyManager extends VeramoKeyManager {
46
46
  methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)
47
47
  methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)
48
48
  this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)
49
+
50
+ this.syncPreProvisionedKeys()
51
+ }
52
+
53
+ private syncPreProvisionedKeys() {
54
+ Object.keys(this.availableKmses).forEach((kmsId) => {
55
+ const kms = this.availableKmses[kmsId]
56
+ if (kms.constructor.name === 'RestKeyManagementSystem') {
57
+ this.syncPreProvisionedKeysForKms(kmsId, kms)
58
+ }
59
+ })
60
+ }
61
+
62
+ private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {
63
+ kms
64
+ .listKeys()
65
+ .then(async (remoteKeys: ManagedKeyInfo[]) => {
66
+ try {
67
+ const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()
68
+
69
+ await Promise.all(
70
+ remoteKeys.map(async (remoteKey) => {
71
+ const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)
72
+
73
+ const needsUpdate =
74
+ !storedKey ||
75
+ storedKey.publicKeyHex !== remoteKey.publicKeyHex ||
76
+ storedKey.type !== remoteKey.type ||
77
+ storedKey.kms !== remoteKey.kms ||
78
+ (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)
79
+ if (needsUpdate) {
80
+ try {
81
+ if (storedKey) {
82
+ await this.kmsStore.delete({ kid: remoteKey.kid })
83
+ }
84
+ const keyToImport: IKey = {
85
+ ...remoteKey,
86
+ meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,
87
+ } as IKey
88
+
89
+ if (keyToImport.meta && 'alias' in keyToImport.meta) {
90
+ delete keyToImport.meta.alias
91
+ }
92
+
93
+ await this.kmsStore.import(keyToImport)
94
+ } catch (error) {
95
+ console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)
96
+ }
97
+ }
98
+ }),
99
+ )
100
+ } catch (error) {
101
+ console.error(`Failed to sync keys for kms ${kmsId}:`, error)
102
+ }
103
+ })
104
+ .catch((error) => {
105
+ console.error(`Failed to list remote keys for kms ${kmsId}:`, error)
106
+ })
49
107
  }
50
108
 
51
109
  keyManagerGetDefaultKeyManagementSystem(): Promise<string> {
@@ -142,7 +200,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
142
200
  (key) =>
143
201
  key.publicKeyHex === kid ||
144
202
  key.meta?.jwkThumbprint === kid ||
145
- (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid)
203
+ (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),
146
204
  )
147
205
  if (foundKey) {
148
206
  return foundKey as IKey
@@ -165,5 +223,9 @@ export class SphereonKeyManager extends VeramoKeyManager {
165
223
 
166
224
  setKms(name: string, kms: AbstractKeyManagementSystem): void {
167
225
  this.availableKmses[name] = kms
226
+
227
+ if (kms.constructor.name === 'RestKeyManagementSystem') {
228
+ this.syncPreProvisionedKeysForKms(name, kms)
229
+ }
168
230
  }
169
231
  }