@sphereon/ssi-sdk-ext.key-manager 0.37.1-next.5 → 0.37.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +51 -9
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +51 -9
  4. package/dist/index.js.map +1 -1
  5. package/package.json +5 -5
  6. package/plugin.schema.json +52 -10
package/dist/index.cjs CHANGED
@@ -59,13 +59,23 @@ var require_plugin_schema = __commonJS({
59
59
  description: "Optional. Key meta data"
60
60
  }
61
61
  },
62
- required: ["type"],
62
+ required: [
63
+ "type"
64
+ ],
63
65
  additionalProperties: false,
64
66
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
65
67
  },
66
68
  TKeyType: {
67
69
  type: "string",
68
- enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
70
+ enum: [
71
+ "Ed25519",
72
+ "Secp256k1",
73
+ "Secp256r1",
74
+ "X25519",
75
+ "Bls12381G1",
76
+ "Bls12381G2",
77
+ "RSA"
78
+ ],
69
79
  description: "Cryptographic key type."
70
80
  },
71
81
  IkeyOptions: {
@@ -140,7 +150,13 @@ var require_plugin_schema = __commonJS({
140
150
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
141
151
  }
142
152
  },
143
- required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
153
+ required: [
154
+ "kid",
155
+ "kms",
156
+ "privateKeyHex",
157
+ "publicKeyHex",
158
+ "type"
159
+ ]
144
160
  },
145
161
  ISphereonKeyManagerHandleExpirationsArgs: {
146
162
  type: "object",
@@ -189,7 +205,12 @@ var require_plugin_schema = __commonJS({
189
205
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
190
206
  }
191
207
  },
192
- required: ["kid", "kms", "type", "publicKeyHex"],
208
+ required: [
209
+ "kid",
210
+ "kms",
211
+ "type",
212
+ "publicKeyHex"
213
+ ],
193
214
  additionalProperties: false
194
215
  },
195
216
  MinimalImportableKey: {
@@ -258,11 +279,19 @@ var require_plugin_schema = __commonJS({
258
279
  },
259
280
  encoding: {
260
281
  type: "string",
261
- enum: ["utf-8", "base16", "base64", "hex"],
282
+ enum: [
283
+ "utf-8",
284
+ "base16",
285
+ "base64",
286
+ "hex"
287
+ ],
262
288
  description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
263
289
  }
264
290
  },
265
- required: ["data", "keyRef"],
291
+ required: [
292
+ "data",
293
+ "keyRef"
294
+ ],
266
295
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
267
296
  },
268
297
  Uint8Array: {
@@ -284,7 +313,13 @@ var require_plugin_schema = __commonJS({
284
313
  type: "number"
285
314
  }
286
315
  },
287
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
316
+ required: [
317
+ "BYTES_PER_ELEMENT",
318
+ "buffer",
319
+ "byteLength",
320
+ "byteOffset",
321
+ "length"
322
+ ],
288
323
  additionalProperties: {
289
324
  type: "number"
290
325
  }
@@ -299,7 +334,9 @@ var require_plugin_schema = __commonJS({
299
334
  type: "number"
300
335
  }
301
336
  },
302
- required: ["byteLength"],
337
+ required: [
338
+ "byteLength"
339
+ ],
303
340
  additionalProperties: false
304
341
  },
305
342
  ISphereonKeyManagerVerifyArgs: {
@@ -324,7 +361,12 @@ var require_plugin_schema = __commonJS({
324
361
  type: "string"
325
362
  }
326
363
  },
327
- required: ["publicKeyHex", "type", "data", "signature"],
364
+ required: [
365
+ "publicKeyHex",
366
+ "type",
367
+ "data",
368
+ "signature"
369
+ ],
328
370
  additionalProperties: false
329
371
  }
330
372
  },
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAMsB,uCAAmB;MAC9BX,SAAKY,0BAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;ADlOA,0BAAc,gCAJd;IAAMgF,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/index.ts","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\n \"type\"\n ],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\n \"Ed25519\",\n \"Secp256k1\",\n \"Secp256r1\",\n \"X25519\",\n \"Bls12381G1\",\n \"Bls12381G2\",\n \"RSA\"\n ],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"privateKeyHex\",\n \"publicKeyHex\",\n \"type\"\n ]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"type\",\n \"publicKeyHex\"\n ],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\n \"utf-8\",\n \"base16\",\n \"base64\",\n \"hex\"\n ],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\n \"data\",\n \"keyRef\"\n ],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"BYTES_PER_ELEMENT\",\n \"buffer\",\n \"byteLength\",\n \"byteOffset\",\n \"length\"\n ],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"byteLength\"\n ],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"publicKeyHex\",\n \"type\",\n \"data\",\n \"signature\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA,gCAAAA,SAAA;AAAA,IAAAA,QAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ;AAAA,oBACN;AAAA,oBACA;AAAA,oBACA;AAAA,oBACA;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxZA;;;;;;;;;;;ACAA,yBAAwE;AAExE,yBAA8F;AAE9F,UAAqB;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,mBAAAA,WAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,qBAAiBC,iDAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,UAAMsB,uCAAmB;MAC9BX,SAAKY,0BAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,YAAQC,iDAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;ADlOA,0BAAc,gCAJd;IAAMgF,SAASC;","names":["module","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/dist/index.js CHANGED
@@ -32,13 +32,23 @@ var require_plugin_schema = __commonJS({
32
32
  description: "Optional. Key meta data"
33
33
  }
34
34
  },
35
- required: ["type"],
35
+ required: [
36
+ "type"
37
+ ],
36
38
  additionalProperties: false,
37
39
  description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
38
40
  },
39
41
  TKeyType: {
40
42
  type: "string",
41
- enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
43
+ enum: [
44
+ "Ed25519",
45
+ "Secp256k1",
46
+ "Secp256r1",
47
+ "X25519",
48
+ "Bls12381G1",
49
+ "Bls12381G2",
50
+ "RSA"
51
+ ],
42
52
  description: "Cryptographic key type."
43
53
  },
44
54
  IkeyOptions: {
@@ -113,7 +123,13 @@ var require_plugin_schema = __commonJS({
113
123
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
114
124
  }
115
125
  },
116
- required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
126
+ required: [
127
+ "kid",
128
+ "kms",
129
+ "privateKeyHex",
130
+ "publicKeyHex",
131
+ "type"
132
+ ]
117
133
  },
118
134
  ISphereonKeyManagerHandleExpirationsArgs: {
119
135
  type: "object",
@@ -162,7 +178,12 @@ var require_plugin_schema = __commonJS({
162
178
  description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
163
179
  }
164
180
  },
165
- required: ["kid", "kms", "type", "publicKeyHex"],
181
+ required: [
182
+ "kid",
183
+ "kms",
184
+ "type",
185
+ "publicKeyHex"
186
+ ],
166
187
  additionalProperties: false
167
188
  },
168
189
  MinimalImportableKey: {
@@ -231,11 +252,19 @@ var require_plugin_schema = __commonJS({
231
252
  },
232
253
  encoding: {
233
254
  type: "string",
234
- enum: ["utf-8", "base16", "base64", "hex"],
255
+ enum: [
256
+ "utf-8",
257
+ "base16",
258
+ "base64",
259
+ "hex"
260
+ ],
235
261
  description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
236
262
  }
237
263
  },
238
- required: ["data", "keyRef"],
264
+ required: [
265
+ "data",
266
+ "keyRef"
267
+ ],
239
268
  description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
240
269
  },
241
270
  Uint8Array: {
@@ -257,7 +286,13 @@ var require_plugin_schema = __commonJS({
257
286
  type: "number"
258
287
  }
259
288
  },
260
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
289
+ required: [
290
+ "BYTES_PER_ELEMENT",
291
+ "buffer",
292
+ "byteLength",
293
+ "byteOffset",
294
+ "length"
295
+ ],
261
296
  additionalProperties: {
262
297
  type: "number"
263
298
  }
@@ -272,7 +307,9 @@ var require_plugin_schema = __commonJS({
272
307
  type: "number"
273
308
  }
274
309
  },
275
- required: ["byteLength"],
310
+ required: [
311
+ "byteLength"
312
+ ],
276
313
  additionalProperties: false
277
314
  },
278
315
  ISphereonKeyManagerVerifyArgs: {
@@ -297,7 +334,12 @@ var require_plugin_schema = __commonJS({
297
334
  type: "string"
298
335
  }
299
336
  },
300
- required: ["publicKeyHex", "type", "data", "signature"],
337
+ required: [
338
+ "publicKeyHex",
339
+ "type",
340
+ "data",
341
+ "signature"
342
+ ],
301
343
  additionalProperties: false
302
344
  }
303
345
  },
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\"type\"],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\"Ed25519\", \"Secp256k1\", \"Secp256r1\", \"X25519\", \"Bls12381G1\", \"Bls12381G2\", \"RSA\"],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"privateKeyHex\", \"publicKeyHex\", \"type\"]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\"kid\", \"kms\", \"type\", \"publicKeyHex\"],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\"utf-8\", \"base16\", \"base64\", \"hex\"],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\"data\", \"keyRef\"],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"BYTES_PER_ELEMENT\", \"buffer\", \"byteLength\", \"byteOffset\", \"length\"],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\"byteLength\"],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"publicKeyHex\", \"type\", \"data\", \"signature\"],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}\n","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,MAAM;AAAA,cACnB,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ,CAAC,WAAW,aAAa,aAAa,UAAU,cAAc,cAAc,KAAK;AAAA,cACzF,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,iBAAiB,gBAAgB,MAAM;AAAA,YACpE;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,OAAO,OAAO,QAAQ,cAAc;AAAA,cACjD,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ,CAAC,SAAS,UAAU,UAAU,KAAK;AAAA,kBAC3C,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY,CAAC,QAAQ,QAAQ;AAAA,cAC7B,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,qBAAqB,UAAU,cAAc,cAAc,QAAQ;AAAA,cAChF,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,YAAY;AAAA,cACzB,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY,CAAC,gBAAgB,QAAQ,QAAQ,WAAW;AAAA,cACxD,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC9WA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAMsB,mBAAmB;MAC9BX,KAAKY,MAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;AElOA,cAAc;AAJd,IAAMgF,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
1
+ {"version":3,"sources":["../plugin.schema.json","../src/agent/SphereonKeyManager.ts","../src/types/ISphereonKeyManager.ts","../src/index.ts"],"sourcesContent":["{\n \"ISphereonKeyManager\": {\n \"components\": {\n \"schemas\": {\n \"ISphereonKeyManagerCreateArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"opts\": {\n \"$ref\": \"#/components/schemas/IkeyOptions\",\n \"description\": \"Key options\"\n },\n \"meta\": {\n \"$ref\": \"#/components/schemas/KeyMetadata\",\n \"description\": \"Optional. Key meta data\"\n }\n },\n \"required\": [\n \"type\"\n ],\n \"additionalProperties\": false,\n \"description\": \"Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }\"\n },\n \"TKeyType\": {\n \"type\": \"string\",\n \"enum\": [\n \"Ed25519\",\n \"Secp256k1\",\n \"Secp256r1\",\n \"X25519\",\n \"Bls12381G1\",\n \"Bls12381G2\",\n \"RSA\"\n ],\n \"description\": \"Cryptographic key type.\"\n },\n \"IkeyOptions\": {\n \"type\": \"object\",\n \"properties\": {\n \"ephemeral\": {\n \"type\": \"boolean\",\n \"description\": \"Is this a temporary key?\"\n },\n \"expiration\": {\n \"type\": \"object\",\n \"properties\": {\n \"expiryDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n },\n \"removalDate\": {\n \"type\": \"string\",\n \"format\": \"date-time\"\n }\n },\n \"additionalProperties\": false,\n \"description\": \"Expiration and remove the key\"\n }\n },\n \"additionalProperties\": false\n },\n \"KeyMetadata\": {\n \"type\": \"object\",\n \"properties\": {\n \"algorithms\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"string\"\n }\n }\n },\n \"description\": \"This encapsulates data about a key.\\n\\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\\n\\nThis can also be used to add various tags to the keys under management.\"\n },\n \"PartialKey\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"privateKeyHex\": {\n \"type\": \"string\"\n },\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"privateKeyHex\",\n \"publicKeyHex\",\n \"type\"\n ]\n },\n \"ISphereonKeyManagerHandleExpirationsArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"skipRemovals\": {\n \"type\": \"boolean\"\n }\n },\n \"additionalProperties\": false\n },\n \"ManagedKeyInfo\": {\n \"$ref\": \"#/components/schemas/Omit<IKey,\\\"privateKeyHex\\\">\",\n \"description\": \"Represents information about a managed key. Private or secret key material is NOT present.\"\n },\n \"Omit<IKey,\\\"privateKeyHex\\\">\": {\n \"$ref\": \"#/components/schemas/Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\"\n },\n \"Pick<IKey,Exclude<(\\\"kid\\\"|\\\"kms\\\"|\\\"type\\\"|\\\"publicKeyHex\\\"|\\\"privateKeyHex\\\"|\\\"meta\\\"),\\\"privateKeyHex\\\">>\": {\n \"type\": \"object\",\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"required\": [\n \"kid\",\n \"kms\",\n \"type\",\n \"publicKeyHex\"\n ],\n \"additionalProperties\": false\n },\n \"MinimalImportableKey\": {\n \"$ref\": \"#/components/schemas/RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\",\n \"description\": \"Represents the properties required to import a key.\"\n },\n \"RequireOnly<IKey,(\\\"privateKeyHex\\\"|\\\"type\\\"|\\\"kms\\\")>\": {\n \"type\": \"object\",\n \"additionalProperties\": false,\n \"properties\": {\n \"kid\": {\n \"type\": \"string\",\n \"description\": \"Key ID\"\n },\n \"kms\": {\n \"type\": \"string\",\n \"description\": \"Key Management System\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\",\n \"description\": \"Key type\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Public key\"\n },\n \"privateKeyHex\": {\n \"type\": \"string\",\n \"description\": \"Optional. Private key\"\n },\n \"meta\": {\n \"anyOf\": [\n {\n \"$ref\": \"#/components/schemas/KeyMetadata\"\n },\n {\n \"type\": \"null\"\n }\n ],\n \"description\": \"Optional. Key metadata. This should be used to determine which algorithms are supported.\"\n }\n },\n \"description\": \"Represents an object type where a subset of keys are required and everything else is optional.\"\n },\n \"ISphereonKeyManagerSignArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"keyRef\": {\n \"type\": \"string\",\n \"description\": \"The key handle, as returned during `keyManagerCreateKey`\"\n },\n \"algorithm\": {\n \"type\": \"string\",\n \"description\": \"The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\\n\\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`\"\n },\n \"data\": {\n \"anyOf\": [\n {\n \"type\": \"string\"\n },\n {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n }\n ],\n \"description\": \"Data to sign\"\n },\n \"encoding\": {\n \"type\": \"string\",\n \"enum\": [\n \"utf-8\",\n \"base16\",\n \"base64\",\n \"hex\"\n ],\n \"description\": \"If the data is a \\\"string\\\" then you can specify which encoding is used. Default is \\\"utf-8\\\"\"\n }\n },\n \"required\": [\n \"data\",\n \"keyRef\"\n ],\n \"description\": \"Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }\"\n },\n \"Uint8Array\": {\n \"type\": \"object\",\n \"properties\": {\n \"BYTES_PER_ELEMENT\": {\n \"type\": \"number\"\n },\n \"buffer\": {\n \"$ref\": \"#/components/schemas/ArrayBufferLike\"\n },\n \"byteLength\": {\n \"type\": \"number\"\n },\n \"byteOffset\": {\n \"type\": \"number\"\n },\n \"length\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"BYTES_PER_ELEMENT\",\n \"buffer\",\n \"byteLength\",\n \"byteOffset\",\n \"length\"\n ],\n \"additionalProperties\": {\n \"type\": \"number\"\n }\n },\n \"ArrayBufferLike\": {\n \"$ref\": \"#/components/schemas/ArrayBuffer\"\n },\n \"ArrayBuffer\": {\n \"type\": \"object\",\n \"properties\": {\n \"byteLength\": {\n \"type\": \"number\"\n }\n },\n \"required\": [\n \"byteLength\"\n ],\n \"additionalProperties\": false\n },\n \"ISphereonKeyManagerVerifyArgs\": {\n \"type\": \"object\",\n \"properties\": {\n \"kms\": {\n \"type\": \"string\"\n },\n \"publicKeyHex\": {\n \"type\": \"string\"\n },\n \"type\": {\n \"$ref\": \"#/components/schemas/TKeyType\"\n },\n \"algorithm\": {\n \"type\": \"string\"\n },\n \"data\": {\n \"$ref\": \"#/components/schemas/Uint8Array\"\n },\n \"signature\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"publicKeyHex\",\n \"type\",\n \"data\",\n \"signature\"\n ],\n \"additionalProperties\": false\n }\n },\n \"methods\": {\n \"keyManagerCreate\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerCreateArgs\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerGetDefaultKeyManagementSystem\": {\n \"description\": \"Get the KMS registered as default. Handy when no explicit KMS is provided for a function\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerHandleExpirations\": {\n \"description\": \"Set keys to expired and remove keys eligible for deletion.\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerImport\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/MinimalImportableKey\"\n },\n \"returnType\": {\n \"$ref\": \"#/components/schemas/PartialKey\"\n }\n },\n \"keyManagerListKeys\": {\n \"description\": \"\",\n \"arguments\": {\n \"type\": \"object\"\n },\n \"returnType\": {\n \"type\": \"array\",\n \"items\": {\n \"$ref\": \"#/components/schemas/ManagedKeyInfo\"\n }\n }\n },\n \"keyManagerSign\": {\n \"description\": \"\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerSignArgs\"\n },\n \"returnType\": {\n \"type\": \"string\"\n }\n },\n \"keyManagerVerify\": {\n \"description\": \"Verifies a signature using the key\",\n \"arguments\": {\n \"$ref\": \"#/components/schemas/ISphereonKeyManagerVerifyArgs\"\n },\n \"returnType\": {\n \"type\": \"boolean\"\n }\n }\n }\n }\n }\n}","import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'\nimport { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport {\n hasKeyOptions,\n type IKeyManagerGetArgs,\n type ISphereonKeyManager,\n type ISphereonKeyManagerCreateArgs,\n type ISphereonKeyManagerHandleExpirationsArgs,\n type ISphereonKeyManagerSignArgs,\n type ISphereonKeyManagerVerifyArgs,\n} from '../types/ISphereonKeyManager'\n\nconst { fromString } = u8a\n\nexport const sphereonKeyManagerMethods: Array<string> = [\n 'keyManagerCreate',\n 'keyManagerGet',\n 'keyManagerImport',\n 'keyManagerSign',\n 'keyManagerVerify',\n 'keyManagerListKeys',\n 'keyManagerGetDefaultKeyManagementSystem',\n 'keyManagerHandleExpirations',\n]\n\nexport class SphereonKeyManager extends VeramoKeyManager {\n // local store reference, given the superclass store is private, and we need additional functions/calls\n private kmsStore: AbstractKeyStore\n private readonly availableKmses: Record<string, AbstractKeyManagementSystem>\n public _defaultKms: string\n readonly kmsMethods: ISphereonKeyManager\n\n constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {\n super({ store: options.store, kms: options.kms })\n this.kmsStore = options.store\n this.availableKmses = options.kms\n this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]\n if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n const methods = this.methods\n methods.keyManagerVerify = this.keyManagerVerify.bind(this)\n methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)\n methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)\n this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)\n\n this.syncPreProvisionedKeys()\n }\n\n private syncPreProvisionedKeys() {\n Object.keys(this.availableKmses).forEach((kmsId) => {\n const kms = this.availableKmses[kmsId]\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(kmsId, kms)\n }\n })\n }\n\n private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {\n kms\n .listKeys()\n .then(async (remoteKeys: ManagedKeyInfo[]) => {\n try {\n const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n\n await Promise.all(\n remoteKeys.map(async (remoteKey) => {\n const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)\n\n const needsUpdate =\n !storedKey ||\n storedKey.publicKeyHex !== remoteKey.publicKeyHex ||\n storedKey.type !== remoteKey.type ||\n storedKey.kms !== remoteKey.kms ||\n (remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)\n if (needsUpdate) {\n try {\n if (storedKey) {\n await this.kmsStore.delete({ kid: remoteKey.kid })\n }\n const keyToImport: IKey = {\n ...remoteKey,\n meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,\n } as IKey\n\n if (keyToImport.meta && 'alias' in keyToImport.meta) {\n delete keyToImport.meta.alias\n }\n\n await this.kmsStore.import(keyToImport)\n } catch (error) {\n console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)\n }\n }\n }),\n )\n } catch (error) {\n console.error(`Failed to sync keys for kms ${kmsId}:`, error)\n }\n })\n .catch((error) => {\n console.error(`Failed to list remote keys for kms ${kmsId}:`, error)\n })\n }\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string> {\n return Promise.resolve(this._defaultKms)\n }\n\n override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {\n const kms = this.getKmsByName(args.kms ?? this._defaultKms)\n const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }\n if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {\n // Make sure we set a delete date on an ephemeral key\n meta.opts = {\n ...meta.opts,\n expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },\n }\n }\n const partialKey = await kms.createKey({ type: args.type, meta })\n const key: IKey = { ...partialKey, kms: args.kms ?? this._defaultKms }\n key.meta = { ...meta, ...key.meta }\n key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })\n\n await this.kmsStore.import(key)\n if (key.privateKeyHex) {\n // Make sure to not export the private key\n delete key.privateKeyHex\n }\n return key\n }\n\n //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings\n\n async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {\n const keyInfo = await this.keyManagerGet({ kid: args.keyRef })\n const kms = this.getKmsByName(keyInfo.kms)\n if (keyInfo.type === 'Bls12381G2') {\n return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? fromString(args.data) : args.data })\n }\n // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types\n return await super.keyManagerSign({ ...args, keyRef: keyInfo.kid })\n }\n\n async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {\n if (args.kms) {\n const kms = this.getKmsByName(args.kms)\n if (kms && 'verify' in kms && typeof kms.verify === 'function') {\n // @ts-ignore\n return await kms.verify(args)\n }\n }\n return await verifyRawSignature({\n key: toJwk(args.publicKeyHex, args.type),\n data: args.data,\n signature: fromString(args.signature, 'utf-8'),\n })\n }\n\n async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {\n return this.kmsStore.list({})\n }\n\n async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {\n const keys = await this.keyManagerListKeys()\n const expiredKeys = keys\n .filter((key) => hasKeyOptions(key.meta))\n .filter((key) => {\n if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {\n const expiration = key.meta.opts.expiration\n return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())\n }\n return false\n })\n if (args.skipRemovals !== true) {\n await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))\n }\n return keys\n }\n\n private getKmsByName(name: string): AbstractKeyManagementSystem {\n const kms = this.availableKmses[name]\n if (!kms) {\n throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)\n }\n return kms\n }\n\n //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager\n async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {\n try {\n const key = await this.kmsStore.get({ kid })\n return key\n } catch (e) {\n const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()\n const foundKey = keys.find(\n (key) =>\n key.publicKeyHex === kid ||\n key.meta?.jwkThumbprint === kid ||\n (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),\n )\n if (foundKey) {\n return foundKey as IKey\n } else {\n throw new Error(`Key with kid ${kid} not found`)\n }\n }\n }\n\n get defaultKms(): string {\n return this._defaultKms\n }\n\n set defaultKms(kms: string) {\n if (!Object.keys(this.availableKmses).includes(kms)) {\n throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)\n }\n this._defaultKms = kms\n }\n\n setKms(name: string, kms: AbstractKeyManagementSystem): void {\n this.availableKmses[name] = kms\n\n if (kms.constructor.name === 'RestKeyManagementSystem') {\n this.syncPreProvisionedKeysForKms(name, kms)\n }\n }\n}\n","import type { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\n\nexport type PartialKey = ManagedKeyInfo & { privateKeyHex: string }\n\nexport interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {\n keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>\n\n keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>\n\n keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>\n\n /**\n * Verifies a signature using the key\n *\n * Does not exist in IKeyManager\n * @param args\n */\n keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>\n\n keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>\n\n /**\n * Get the KMS registered as default. Handy when no explicit KMS is provided for a function\n */\n\n keyManagerGetDefaultKeyManagementSystem(): Promise<string>\n\n /**\n * Set keys to expired and remove keys eligible for deletion.\n * @param args\n */\n keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>\n}\n\nexport interface IkeyOptions {\n /**\n * Is this a temporary key?\n */\n ephemeral?: boolean\n\n /**\n * Expiration and remove the key\n */\n expiration?: {\n expiryDate?: Date\n removalDate?: Date\n }\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}\n * @public\n */\nexport interface ISphereonKeyManagerCreateArgs {\n /**\n * Key type\n */\n type: TKeyType\n\n /**\n * Key Management System\n */\n kms?: string\n\n /**\n * Key options\n */\n opts?: IkeyOptions\n\n /**\n * Optional. Key meta data\n */\n meta?: KeyMetadata\n}\n\nexport function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {\n return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}\n * @public\n */\nexport interface IKeyManagerGetArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}\n * @public\n */\nexport interface IKeyManagerDeleteArgs {\n /**\n * Key ID\n */\n kid: string\n}\n\n/**\n * Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign}\n * @public\n */\n// @ts-ignore\nexport interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {\n /**\n * Data to sign\n */\n data: string | Uint8Array\n}\n\nexport interface ISphereonKeyManagerHandleExpirationsArgs {\n skipRemovals?: boolean\n}\n\nexport interface ISphereonKeyManagerVerifyArgs {\n kms?: string\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n}\n\nexport const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined\n","const schema = require('../plugin.schema.json')\nexport { schema }\nexport { SphereonKeyManager, sphereonKeyManagerMethods } from './agent/SphereonKeyManager'\nexport * from './types/ISphereonKeyManager'\nexport * from '@veramo/key-manager'\n"],"mappings":";;;;;;;;AAAA;AAAA;AAAA;AAAA,MACE,qBAAuB;AAAA,QACrB,YAAc;AAAA,UACZ,SAAW;AAAA,YACT,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,cACxB,aAAe;AAAA,YACjB;AAAA,YACA,UAAY;AAAA,cACV,MAAQ;AAAA,cACR,MAAQ;AAAA,gBACN;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,YAAc;AAAA,oBACZ,YAAc;AAAA,sBACZ,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,oBACA,aAAe;AAAA,sBACb,MAAQ;AAAA,sBACR,QAAU;AAAA,oBACZ;AAAA,kBACF;AAAA,kBACA,sBAAwB;AAAA,kBACxB,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,kBACR,OAAS;AAAA,oBACP,MAAQ;AAAA,kBACV;AAAA,gBACF;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,eAAiB;AAAA,kBACf,MAAQ;AAAA,gBACV;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,YACF;AAAA,YACA,0CAA4C;AAAA,cAC1C,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,gBAAkB;AAAA,cAChB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,8BAAgC;AAAA,cAC9B,MAAQ;AAAA,YACV;AAAA,YACA,kGAAgH;AAAA,cAC9G,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,sBAAwB;AAAA,cACtB,MAAQ;AAAA,cACR,aAAe;AAAA,YACjB;AAAA,YACA,oDAA0D;AAAA,cACxD,MAAQ;AAAA,cACR,sBAAwB;AAAA,cACxB,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,KAAO;AAAA,kBACL,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,eAAiB;AAAA,kBACf,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,6BAA+B;AAAA,cAC7B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,QAAU;AAAA,kBACR,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,kBACR,aAAe;AAAA,gBACjB;AAAA,gBACA,MAAQ;AAAA,kBACN,OAAS;AAAA,oBACP;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,oBACA;AAAA,sBACE,MAAQ;AAAA,oBACV;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,gBACA,UAAY;AAAA,kBACV,MAAQ;AAAA,kBACR,MAAQ;AAAA,oBACN;AAAA,oBACA;AAAA,oBACA;AAAA,oBACA;AAAA,kBACF;AAAA,kBACA,aAAe;AAAA,gBACjB;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,cACF;AAAA,cACA,aAAe;AAAA,YACjB;AAAA,YACA,YAAc;AAAA,cACZ,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,mBAAqB;AAAA,kBACnB,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,gBACA,QAAU;AAAA,kBACR,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,gBACtB,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,iBAAmB;AAAA,cACjB,MAAQ;AAAA,YACV;AAAA,YACA,aAAe;AAAA,cACb,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,YAAc;AAAA,kBACZ,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,YACA,+BAAiC;AAAA,cAC/B,MAAQ;AAAA,cACR,YAAc;AAAA,gBACZ,KAAO;AAAA,kBACL,MAAQ;AAAA,gBACV;AAAA,gBACA,cAAgB;AAAA,kBACd,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,gBACA,MAAQ;AAAA,kBACN,MAAQ;AAAA,gBACV;AAAA,gBACA,WAAa;AAAA,kBACX,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,cACA,UAAY;AAAA,gBACV;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA;AAAA,cACF;AAAA,cACA,sBAAwB;AAAA,YAC1B;AAAA,UACF;AAAA,UACA,SAAW;AAAA,YACT,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,yCAA2C;AAAA,cACzC,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,6BAA+B;AAAA,cAC7B,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,oBAAsB;AAAA,cACpB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,gBACR,OAAS;AAAA,kBACP,MAAQ;AAAA,gBACV;AAAA,cACF;AAAA,YACF;AAAA,YACA,gBAAkB;AAAA,cAChB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,YACA,kBAAoB;AAAA,cAClB,aAAe;AAAA,cACf,WAAa;AAAA,gBACX,MAAQ;AAAA,cACV;AAAA,cACA,YAAc;AAAA,gBACZ,MAAQ;AAAA,cACV;AAAA,YACF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACxZA,SAASA,8BAA8BC,OAAOC,0BAA0B;AAExE,SAAwDC,cAAcC,wBAAwB;AAE9F,YAAYC,SAAS;;;ACuEd,SAASC,cAAcC,QAAW;AACvC,SAAOA,UAAY,UAAUA,WAAW,eAAeA,OAAOC,QAAQ,gBAAgBD,OAAOC;AAC/F;AAFgBF;AAmDT,IAAMG,YAAY,wBAAoBF,WAAuCA,WAAWG,QAAtE;;;AD/GzB,IAAM,EAAEC,WAAU,IAAKC;AAEhB,IAAMC,4BAA2C;EACtD;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGK,IAAMC,qBAAN,cAAiCC,iBAAAA;EA5BxC,OA4BwCA;;;;EAE9BC;EACSC;EACVC;EACEC;EAET,YAAYC,SAA6G;AACvH,UAAM;MAAEC,OAAOD,QAAQC;MAAOC,KAAKF,QAAQE;IAAI,CAAA;AAC/C,SAAKN,WAAWI,QAAQC;AACxB,SAAKJ,iBAAiBG,QAAQE;AAC9B,SAAKJ,cAAcE,QAAQG,cAAcC,OAAOC,KAAK,KAAKR,cAAc,EAAE,CAAA;AAC1E,QAAI,CAACO,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAAS,KAAKR,WAAW,GAAG;AAChE,YAAMS,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,UAAMC,UAAU,KAAKA;AACrBA,YAAQC,mBAAmB,KAAKA,iBAAiBC,KAAK,IAAI;AAC1DF,YAAQG,qBAAqB,KAAKA,mBAAmBD,KAAK,IAAI;AAC9DF,YAAQI,0CAA0C,KAAKA,wCAAwCF,KAAK,IAAI;AACxG,SAAKZ,aAA4CU;AAEjD,SAAKK,uBAAsB;EAC7B;EAEQA,yBAAyB;AAC/BV,WAAOC,KAAK,KAAKR,cAAc,EAAEkB,QAAQ,CAACC,UAAAA;AACxC,YAAMd,MAAM,KAAKL,eAAemB,KAAAA;AAChC,UAAId,IAAI,YAAYe,SAAS,2BAA2B;AACtD,aAAKC,6BAA6BF,OAAOd,GAAAA;MAC3C;IACF,CAAA;EACF;EAEQgB,6BAA6BF,OAAed,KAAkC;AACpFA,QACGiB,SAAQ,EACRC,KAAK,OAAOC,eAAAA;AACX,UAAI;AACF,cAAMC,aAA+B,MAAM,KAAKV,mBAAkB;AAElE,cAAMW,QAAQC,IACZH,WAAWI,IAAI,OAAOC,cAAAA;AACpB,gBAAMC,YAAYL,WAAWM,KAAK,CAACC,MAAMA,EAAEC,QAAQJ,UAAUI,GAAG;AAEhE,gBAAMC,cACJ,CAACJ,aACDA,UAAUK,iBAAiBN,UAAUM,gBACrCL,UAAUM,SAASP,UAAUO,QAC7BN,UAAUzB,QAAQwB,UAAUxB,OAC3BwB,UAAUQ,QAAQ,WAAWR,UAAUQ,QAAQP,UAAUO,QAAQP,UAAUO,KAAKC,aAAaT,UAAUQ,KAAKE;AAC/G,cAAIL,aAAa;AACf,gBAAI;AACF,kBAAIJ,WAAW;AACb,sBAAM,KAAK/B,SAASyC,OAAO;kBAAEP,KAAKJ,UAAUI;gBAAI,CAAA;cAClD;AACA,oBAAMQ,cAAoB;gBACxB,GAAGZ;gBACHQ,MAAMR,UAAUQ,QAAQ,WAAWR,UAAUQ,OAAO;kBAAE,GAAGR,UAAUQ;kBAAMC,UAAUT,UAAUQ,KAAKE;gBAAM,IAAIV,UAAUQ;cACxH;AAEA,kBAAII,YAAYJ,QAAQ,WAAWI,YAAYJ,MAAM;AACnD,uBAAOI,YAAYJ,KAAKE;cAC1B;AAEA,oBAAM,KAAKxC,SAAS2C,OAAOD,WAAAA;YAC7B,SAASE,OAAO;AACdC,sBAAQD,MAAM,sBAAsBd,UAAUI,GAAG,aAAad,KAAAA,KAAUwB,KAAAA;YAC1E;UACF;QACF,CAAA,CAAA;MAEJ,SAASA,OAAO;AACdC,gBAAQD,MAAM,+BAA+BxB,KAAAA,KAAUwB,KAAAA;MACzD;IACF,CAAA,EACCE,MAAM,CAACF,UAAAA;AACNC,cAAQD,MAAM,sCAAsCxB,KAAAA,KAAUwB,KAAAA;IAChE,CAAA;EACJ;EAEA3B,0CAA2D;AACzD,WAAOU,QAAQoB,QAAQ,KAAK7C,WAAW;EACzC;EAEA,MAAe8C,iBAAiBC,MAA8D;AAC5F,UAAM3C,MAAM,KAAK4C,aAAaD,KAAK3C,OAAO,KAAKJ,WAAW;AAC1D,UAAMoC,OAAoB;MAAE,GAAGW,KAAKX;MAAM,GAAIW,KAAKE,QAAQ;QAAEA,MAAMF,KAAKE;MAAK;IAAG;AAChF,QAAIC,cAAcd,IAAAA,KAASA,KAAKa,MAAME,aAAa,CAACf,KAAKa,KAAKG,YAAYC,aAAa;AAErFjB,WAAKa,OAAO;QACV,GAAGb,KAAKa;QACRG,YAAY;UAAE,GAAGhB,KAAKa,MAAMG;UAAYC,aAAa,IAAIC,KAAKA,KAAKC,IAAG,IAAK,IAAI,KAAK,GAAA;QAAM;MAC5F;IACF;AACA,UAAMC,aAAa,MAAMpD,IAAIqD,UAAU;MAAEtB,MAAMY,KAAKZ;MAAMC;IAAK,CAAA;AAC/D,UAAMsB,MAAY;MAAE,GAAGF;MAAYpD,KAAK2C,KAAK3C,OAAO,KAAKJ;IAAY;AACrE0D,QAAItB,OAAO;MAAE,GAAGA;MAAM,GAAGsB,IAAItB;IAAK;AAClCsB,QAAItB,KAAKuB,gBAAgBD,IAAItB,KAAKuB,iBAAiBC,6BAA6B;MAAEF;IAAI,CAAA;AAEtF,UAAM,KAAK5D,SAAS2C,OAAOiB,GAAAA;AAC3B,QAAIA,IAAIG,eAAe;AAErB,aAAOH,IAAIG;IACb;AACA,WAAOH;EACT;;EAIA,MAAMI,eAAef,MAAoD;AACvE,UAAMgB,UAAU,MAAM,KAAKC,cAAc;MAAEhC,KAAKe,KAAKkB;IAAO,CAAA;AAC5D,UAAM7D,MAAM,KAAK4C,aAAae,QAAQ3D,GAAG;AACzC,QAAI2D,QAAQ5B,SAAS,cAAc;AACjC,aAAO,MAAM/B,IAAI8D,KAAK;QAAED,QAAQF;QAASI,MAAM,OAAOpB,KAAKoB,SAAS,WAAW1E,WAAWsD,KAAKoB,IAAI,IAAIpB,KAAKoB;MAAK,CAAA;IACnH;AAEA,WAAO,MAAM,MAAML,eAAe;MAAE,GAAGf;MAAMkB,QAAQF,QAAQ/B;IAAI,CAAA;EACnE;EAEA,MAAMpB,iBAAiBmC,MAAuD;AAC5E,QAAIA,KAAK3C,KAAK;AACZ,YAAMA,MAAM,KAAK4C,aAAaD,KAAK3C,GAAG;AACtC,UAAIA,OAAO,YAAYA,OAAO,OAAOA,IAAIgE,WAAW,YAAY;AAE9D,eAAO,MAAMhE,IAAIgE,OAAOrB,IAAAA;MAC1B;IACF;AACA,WAAO,MAAMsB,mBAAmB;MAC9BX,KAAKY,MAAMvB,KAAKb,cAAca,KAAKZ,IAAI;MACvCgC,MAAMpB,KAAKoB;MACXI,WAAW9E,WAAWsD,KAAKwB,WAAW,OAAA;IACxC,CAAA;EACF;EAEA,MAAMzD,qBAAgD;AACpD,WAAO,KAAKhB,SAAS0E,KAAK,CAAC,CAAA;EAC7B;EAEA,MAAMC,4BAA4B1B,MAAgF;AAChH,UAAMxC,OAAO,MAAM,KAAKO,mBAAkB;AAC1C,UAAM4D,cAAcnE,KACjBoE,OAAO,CAACjB,QAAQR,cAAcQ,IAAItB,IAAI,CAAA,EACtCuC,OAAO,CAACjB,QAAAA;AACP,UAAIR,cAAcQ,IAAItB,IAAI,KAAKsB,IAAItB,MAAMa,MAAMG,YAAY;AACzD,cAAMA,aAAaM,IAAItB,KAAKa,KAAKG;AACjC,eAAO,EAAEA,WAAWwB,cAAcxB,WAAWwB,WAAWC,gBAAe,IAAKvB,KAAKC,IAAG;MACtF;AACA,aAAO;IACT,CAAA;AACF,QAAIR,KAAK+B,iBAAiB,MAAM;AAC9B,YAAMrD,QAAQC,IAAIgD,YAAY/C,IAAI,CAAC+B,QAAQ,KAAKqB,iBAAiB;QAAE/C,KAAK0B,IAAI1B;MAAI,CAAA,CAAA,CAAA;IAClF;AACA,WAAOzB;EACT;EAEQyC,aAAa7B,MAA2C;AAC9D,UAAMf,MAAM,KAAKL,eAAeoB,IAAAA;AAChC,QAAI,CAACf,KAAK;AACR,YAAMK,MAAM,iFAAiFU,IAAAA,GAAO;IACtG;AACA,WAAOf;EACT;;EAGA,MAAM4D,cAAc,EAAEhC,IAAG,GAAuC;AAC9D,QAAI;AACF,YAAM0B,MAAM,MAAM,KAAK5D,SAASkF,IAAI;QAAEhD;MAAI,CAAA;AAC1C,aAAO0B;IACT,SAASuB,GAAG;AACV,YAAM1E,OAAyB,MAAM,KAAKO,mBAAkB;AAC5D,YAAMoE,WAAW3E,KAAKuB,KACpB,CAAC4B,QACCA,IAAIxB,iBAAiBF,OACrB0B,IAAItB,MAAMuB,kBAAkB3B,OAC3B0B,IAAItB,MAAMuB,iBAAiB,QAAQC,6BAA6B;QAAEF;MAAI,CAAA,MAAO1B,GAAAA;AAElF,UAAIkD,UAAU;AACZ,eAAOA;MACT,OAAO;AACL,cAAM,IAAIzE,MAAM,gBAAgBuB,GAAAA,YAAe;MACjD;IACF;EACF;EAEA,IAAI3B,aAAqB;AACvB,WAAO,KAAKL;EACd;EAEA,IAAIK,WAAWD,KAAa;AAC1B,QAAI,CAACE,OAAOC,KAAK,KAAKR,cAAc,EAAES,SAASJ,GAAAA,GAAM;AACnD,YAAMK,MAAM,2EAA2EH,OAAOC,KAAK,KAAKR,cAAc,EAAEW,KAAK,GAAA,CAAA,EAAM;IACrI;AACA,SAAKV,cAAcI;EACrB;EAEA+E,OAAOhE,MAAcf,KAAwC;AAC3D,SAAKL,eAAeoB,IAAAA,IAAQf;AAE5B,QAAIA,IAAI,YAAYe,SAAS,2BAA2B;AACtD,WAAKC,6BAA6BD,MAAMf,GAAAA;IAC1C;EACF;AACF;;;AElOA,cAAc;AAJd,IAAMgF,SAASC;","names":["calculateJwkThumbprintForKey","toJwk","verifyRawSignature","KeyManager","VeramoKeyManager","u8a","hasKeyOptions","object","opts","isDefined","undefined","fromString","u8a","sphereonKeyManagerMethods","SphereonKeyManager","VeramoKeyManager","kmsStore","availableKmses","_defaultKms","kmsMethods","options","store","kms","defaultKms","Object","keys","includes","Error","join","methods","keyManagerVerify","bind","keyManagerListKeys","keyManagerGetDefaultKeyManagementSystem","syncPreProvisionedKeys","forEach","kmsId","name","syncPreProvisionedKeysForKms","listKeys","then","remoteKeys","storedKeys","Promise","all","map","remoteKey","storedKey","find","k","kid","needsUpdate","publicKeyHex","type","meta","keyAlias","alias","delete","keyToImport","import","error","console","catch","resolve","keyManagerCreate","args","getKmsByName","opts","hasKeyOptions","ephemeral","expiration","removalDate","Date","now","partialKey","createKey","key","jwkThumbprint","calculateJwkThumbprintForKey","privateKeyHex","keyManagerSign","keyInfo","keyManagerGet","keyRef","sign","data","verify","verifyRawSignature","toJwk","signature","list","keyManagerHandleExpirations","expiredKeys","filter","expiryDate","getMilliseconds","skipRemovals","keyManagerDelete","get","e","foundKey","setKms","schema","require"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.key-manager",
3
3
  "description": "Sphereon Key Manager plugin with BLS support",
4
- "version": "0.37.1-next.5+14e4bec8",
4
+ "version": "0.37.1",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -34,9 +34,9 @@
34
34
  },
35
35
  "devDependencies": {
36
36
  "@mattrglobal/bbs-signatures": "^1.3.1",
37
- "@sphereon/ssi-sdk-ext.key-utils": "0.37.1-next.5+14e4bec8",
38
- "@sphereon/ssi-sdk-ext.kms-local": "0.37.1-next.5+14e4bec8",
39
- "@sphereon/ssi-sdk.dev": "0.37.1-next.5+14e4bec8"
37
+ "@sphereon/ssi-sdk-ext.key-utils": "0.37.1",
38
+ "@sphereon/ssi-sdk-ext.kms-local": "0.37.1",
39
+ "@sphereon/ssi-sdk.dev": "0.37.1"
40
40
  },
41
41
  "resolutions": {
42
42
  "jsonld": "npm:@digitalcredentials/jsonld@^5.2.1",
@@ -60,5 +60,5 @@
60
60
  "kms",
61
61
  "Veramo"
62
62
  ],
63
- "gitHead": "14e4bec846cf7534ab57d0f51bf480427933c132"
63
+ "gitHead": "f77778193dc9235727d306be0449c5bf05b63cbe"
64
64
  }
package/plugin.schema.json CHANGED
@@ -22,13 +22,23 @@
22
22
  "description": "Optional. Key meta data"
23
23
  }
24
24
  },
25
- "required": ["type"],
25
+ "required": [
26
+ "type"
27
+ ],
26
28
  "additionalProperties": false,
27
29
  "description": "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
28
30
  },
29
31
  "TKeyType": {
30
32
  "type": "string",
31
- "enum": ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
33
+ "enum": [
34
+ "Ed25519",
35
+ "Secp256k1",
36
+ "Secp256r1",
37
+ "X25519",
38
+ "Bls12381G1",
39
+ "Bls12381G2",
40
+ "RSA"
41
+ ],
32
42
  "description": "Cryptographic key type."
33
43
  },
34
44
  "IkeyOptions": {
@@ -103,7 +113,13 @@
103
113
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
104
114
  }
105
115
  },
106
- "required": ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
116
+ "required": [
117
+ "kid",
118
+ "kms",
119
+ "privateKeyHex",
120
+ "publicKeyHex",
121
+ "type"
122
+ ]
107
123
  },
108
124
  "ISphereonKeyManagerHandleExpirationsArgs": {
109
125
  "type": "object",
@@ -152,7 +168,12 @@
152
168
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
153
169
  }
154
170
  },
155
- "required": ["kid", "kms", "type", "publicKeyHex"],
171
+ "required": [
172
+ "kid",
173
+ "kms",
174
+ "type",
175
+ "publicKeyHex"
176
+ ],
156
177
  "additionalProperties": false
157
178
  },
158
179
  "MinimalImportableKey": {
@@ -221,11 +242,19 @@
221
242
  },
222
243
  "encoding": {
223
244
  "type": "string",
224
- "enum": ["utf-8", "base16", "base64", "hex"],
245
+ "enum": [
246
+ "utf-8",
247
+ "base16",
248
+ "base64",
249
+ "hex"
250
+ ],
225
251
  "description": "If the data is a \"string\" then you can specify which encoding is used. Default is \"utf-8\""
226
252
  }
227
253
  },
228
- "required": ["data", "keyRef"],
254
+ "required": [
255
+ "data",
256
+ "keyRef"
257
+ ],
229
258
  "description": "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
230
259
  },
231
260
  "Uint8Array": {
@@ -247,7 +276,13 @@
247
276
  "type": "number"
248
277
  }
249
278
  },
250
- "required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
279
+ "required": [
280
+ "BYTES_PER_ELEMENT",
281
+ "buffer",
282
+ "byteLength",
283
+ "byteOffset",
284
+ "length"
285
+ ],
251
286
  "additionalProperties": {
252
287
  "type": "number"
253
288
  }
@@ -262,7 +297,9 @@
262
297
  "type": "number"
263
298
  }
264
299
  },
265
- "required": ["byteLength"],
300
+ "required": [
301
+ "byteLength"
302
+ ],
266
303
  "additionalProperties": false
267
304
  },
268
305
  "ISphereonKeyManagerVerifyArgs": {
@@ -287,7 +324,12 @@
287
324
  "type": "string"
288
325
  }
289
326
  },
290
- "required": ["publicKeyHex", "type", "data", "signature"],
327
+ "required": [
328
+ "publicKeyHex",
329
+ "type",
330
+ "data",
331
+ "signature"
332
+ ],
291
333
  "additionalProperties": false
292
334
  }
293
335
  },
@@ -364,4 +406,4 @@
364
406
  }
365
407
  }
366
408
  }
367
- }
409
+ }