@sphereon/ssi-sdk-ext.kms-local 0.12.1 → 0.12.2-next.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/SphereonKeyManagementSystem.d.ts +3 -1
- package/dist/SphereonKeyManagementSystem.d.ts.map +1 -1
- package/dist/SphereonKeyManagementSystem.js +17 -25
- package/dist/SphereonKeyManagementSystem.js.map +1 -1
- package/dist/index.d.ts +9 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/ssi-sdk-ext.kms-local.d.ts +13 -3
- package/package.json +4 -4
- package/src/SphereonKeyManagementSystem.ts +28 -18
- package/src/__tests__/rsa.test.ts +1 -1
- package/src/index.ts +16 -2
- package/dist/x509/rsa-key.d.ts +0 -10
- package/dist/x509/rsa-key.d.ts.map +0 -1
- package/dist/x509/rsa-key.js +0 -83
- package/dist/x509/rsa-key.js.map +0 -1
- package/dist/x509/rsa-signer.d.ts +0 -23
- package/dist/x509/rsa-signer.d.ts.map +0 -1
- package/dist/x509/rsa-signer.js +0 -102
- package/dist/x509/rsa-signer.js.map +0 -1
- package/src/x509/rsa-key.ts +0 -60
- package/src/x509/rsa-signer.ts +0 -69
|
@@ -4,7 +4,9 @@ import { KeyManagementSystem } from '@veramo/kms-local';
|
|
|
4
4
|
export declare class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
5
5
|
private readonly privateKeyStore;
|
|
6
6
|
constructor(keyStore: AbstractPrivateKeyStore);
|
|
7
|
-
importKey(args: Omit<MinimalImportableKey, 'kms'>
|
|
7
|
+
importKey(args: Omit<MinimalImportableKey, 'kms'> & {
|
|
8
|
+
privateKeyPEM?: string;
|
|
9
|
+
}): Promise<ManagedKeyInfo>;
|
|
8
10
|
createKey({ type }: {
|
|
9
11
|
type: TKeyType;
|
|
10
12
|
}): Promise<ManagedKeyInfo>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManagementSystem.d.ts","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"SphereonKeyManagementSystem.d.ts","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACnF,OAAO,EAAE,uBAAuB,EAAqB,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAQvD,qBAAa,2BAA4B,SAAQ,mBAAmB;IAClE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;gBAE7C,QAAQ,EAAE,uBAAuB;IAKvC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAiCxG,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAgChE,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE;QAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAgC7H,OAAO,CAAC,wBAAwB;IAsFhC;;OAEG;YACW,OAAO;CAMtB"}
|
|
@@ -36,15 +36,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
36
36
|
};
|
|
37
37
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
38
|
exports.SphereonKeyManagementSystem = void 0;
|
|
39
|
-
const debug_1 = __importDefault(require("debug"));
|
|
40
|
-
const kms_local_1 = require("@veramo/kms-local");
|
|
41
|
-
const index_1 = require("./index");
|
|
42
39
|
const bbs_signatures_1 = require("@mattrglobal/bbs-signatures");
|
|
43
|
-
const rsa_signer_1 = require("./x509/rsa-signer");
|
|
44
|
-
const rsa_key_1 = require("./x509/rsa-key");
|
|
45
40
|
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
46
|
-
const
|
|
41
|
+
const kms_local_1 = require("@veramo/kms-local");
|
|
42
|
+
const debug_1 = __importDefault(require("debug"));
|
|
47
43
|
const elliptic_1 = __importDefault(require("elliptic"));
|
|
44
|
+
const u8a = __importStar(require("uint8arrays"));
|
|
45
|
+
const index_1 = require("./index");
|
|
48
46
|
const debug = (0, debug_1.default)('sphereon:kms:bls:local');
|
|
49
47
|
class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
50
48
|
constructor(keyStore) {
|
|
@@ -61,20 +59,15 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
61
59
|
if (!args.privateKeyHex || !args.publicKeyHex) {
|
|
62
60
|
throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key');
|
|
63
61
|
}
|
|
64
|
-
const managedKey = this.asSphereonManagedKeyInfo({
|
|
65
|
-
alias: args.kid,
|
|
66
|
-
privateKeyHex: args.privateKeyHex,
|
|
67
|
-
publicKeyHex: args.publicKeyHex,
|
|
68
|
-
type: args.type,
|
|
69
|
-
});
|
|
62
|
+
const managedKey = this.asSphereonManagedKeyInfo(Object.assign(Object.assign({}, args), { alias: args.kid, privateKeyHex: args.privateKeyHex, publicKeyHex: args.publicKeyHex, type: args.type }));
|
|
70
63
|
yield this.privateKeyStore.import(Object.assign({ alias: managedKey.kid }, args));
|
|
71
64
|
debug('imported key', managedKey.type, managedKey.publicKeyHex);
|
|
72
65
|
return managedKey;
|
|
73
66
|
case 'Secp256r1':
|
|
74
67
|
// @ts-ignore
|
|
75
68
|
case 'RSA': {
|
|
76
|
-
if (!args.privateKeyHex) {
|
|
77
|
-
throw new Error('invalid_argument: type and privateKeyHex are required to import a key');
|
|
69
|
+
if (!args.privateKeyHex && !args.privateKeyPEM) {
|
|
70
|
+
throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key');
|
|
78
71
|
}
|
|
79
72
|
const managedKey = this.asSphereonManagedKeyInfo(Object.assign({ alias: args.kid }, args));
|
|
80
73
|
yield this.privateKeyStore.import(Object.assign({ alias: managedKey.kid }, args));
|
|
@@ -104,10 +97,10 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
104
97
|
}
|
|
105
98
|
// @ts-ignore
|
|
106
99
|
case 'RSA': {
|
|
107
|
-
const
|
|
100
|
+
const privateKeyHex = yield (0, ssi_sdk_ext_key_utils_1.generatePrivateKeyHex)(type);
|
|
108
101
|
key = yield this.importKey({
|
|
109
102
|
type,
|
|
110
|
-
privateKeyHex
|
|
103
|
+
privateKeyHex,
|
|
111
104
|
});
|
|
112
105
|
break;
|
|
113
106
|
}
|
|
@@ -147,7 +140,7 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
147
140
|
// @ts-ignore
|
|
148
141
|
privateKey.type === 'RSA' &&
|
|
149
142
|
(typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')) {
|
|
150
|
-
return yield this.signRSA(privateKey.privateKeyHex, data, algorithm ? algorithm : 'PS256');
|
|
143
|
+
return yield this.signRSA(privateKey.privateKeyHex, data, algorithm !== null && algorithm !== void 0 ? algorithm : 'PS256');
|
|
151
144
|
}
|
|
152
145
|
else {
|
|
153
146
|
return yield _super.sign.call(this, { keyRef, algorithm, data });
|
|
@@ -156,7 +149,7 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
156
149
|
});
|
|
157
150
|
}
|
|
158
151
|
asSphereonManagedKeyInfo(args) {
|
|
159
|
-
var _a, _b;
|
|
152
|
+
var _a, _b, _c, _d, _e, _f, _g, _h;
|
|
160
153
|
let key;
|
|
161
154
|
switch (args.type) {
|
|
162
155
|
case index_1.KeyType.Bls12381G2:
|
|
@@ -186,18 +179,17 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
186
179
|
}
|
|
187
180
|
// @ts-ignore
|
|
188
181
|
case 'RSA': {
|
|
189
|
-
// @ts-ignore // We need this as the interface on the args, does not allow for any metadata on managed key imports
|
|
190
182
|
const x509 = (_a = args.meta) === null || _a === void 0 ? void 0 : _a.x509;
|
|
191
|
-
const privateKeyPEM = args.privateKeyHex.includes('---') ? args.privateKeyHex : (0, ssi_sdk_ext_key_utils_1.hexToPEM)(args.privateKeyHex, 'private'); // In case we have x509 opts, the private key hex really was a PEM already (yuck)
|
|
183
|
+
const privateKeyPEM = (_b = x509 === null || x509 === void 0 ? void 0 : x509.privateKeyPEM) !== null && _b !== void 0 ? _b : (args.privateKeyHex.includes('---') ? args.privateKeyHex : (0, ssi_sdk_ext_key_utils_1.hexToPEM)(args.privateKeyHex, 'private')); // In case we have x509 opts, the private key hex really was a PEM already (yuck)
|
|
192
184
|
const publicKeyJwk = (0, ssi_sdk_ext_key_utils_1.PEMToJwk)(privateKeyPEM, 'public');
|
|
193
185
|
const publicKeyPEM = (0, ssi_sdk_ext_key_utils_1.jwkToPEM)(publicKeyJwk, 'public');
|
|
194
186
|
const publicKeyHex = (0, ssi_sdk_ext_key_utils_1.PEMToHex)(publicKeyPEM);
|
|
195
187
|
const meta = {};
|
|
196
188
|
if (x509) {
|
|
197
189
|
meta.x509 = {
|
|
198
|
-
cn: x509.cn
|
|
190
|
+
cn: (_d = (_c = x509.cn) !== null && _c !== void 0 ? _c : args.alias) !== null && _d !== void 0 ? _d : publicKeyHex,
|
|
199
191
|
};
|
|
200
|
-
let certChain = x509.certificateChainPEM
|
|
192
|
+
let certChain = (_e = x509.certificateChainPEM) !== null && _e !== void 0 ? _e : '';
|
|
201
193
|
if (x509.certificatePEM) {
|
|
202
194
|
if (!certChain.includes(x509.certificatePEM)) {
|
|
203
195
|
certChain = `${x509.certificatePEM}\n${certChain}`;
|
|
@@ -221,7 +213,7 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
221
213
|
}
|
|
222
214
|
key = {
|
|
223
215
|
type: args.type,
|
|
224
|
-
kid: args.alias
|
|
216
|
+
kid: (_h = (_f = args.alias) !== null && _f !== void 0 ? _f : (_g = meta === null || meta === void 0 ? void 0 : meta.x509) === null || _g === void 0 ? void 0 : _g.cn) !== null && _h !== void 0 ? _h : publicKeyHex,
|
|
225
217
|
publicKeyHex,
|
|
226
218
|
meta: Object.assign(Object.assign({}, meta), {
|
|
227
219
|
// todo: could als be DSA etc
|
|
@@ -240,8 +232,8 @@ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
|
|
|
240
232
|
*/
|
|
241
233
|
signRSA(privateKeyHex, data, signingAlgorithm) {
|
|
242
234
|
return __awaiter(this, void 0, void 0, function* () {
|
|
243
|
-
const { hashAlgorithm, scheme } = (0,
|
|
244
|
-
const signer = new
|
|
235
|
+
const { hashAlgorithm, scheme } = (0, ssi_sdk_ext_key_utils_1.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
|
|
236
|
+
const signer = new ssi_sdk_ext_key_utils_1.RSASigner((0, ssi_sdk_ext_key_utils_1.PEMToJwk)((0, ssi_sdk_ext_key_utils_1.hexToPEM)(privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme });
|
|
245
237
|
const signature = yield signer.sign(data);
|
|
246
238
|
return signature;
|
|
247
239
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManagementSystem.js","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"SphereonKeyManagementSystem.js","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gEAAgF;AAChF,2EAUwC;AAIxC,iDAAuD;AACvD,kDAAyB;AACzB,wDAA+B;AAC/B,iDAAkC;AAClC,mCAAqD;AAErD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,wBAAwB,CAAC,CAAA;AAE7C,MAAa,2BAA4B,SAAQ,+BAAmB;IAGlE,YAAY,QAAiC;QAC3C,KAAK,CAAC,QAAQ,CAAC,CAAA;QACf,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAA;IACjC,CAAC;IAEK,SAAS,CAAC,IAAoE;;;;;YAClF,QAAQ,IAAI,CAAC,IAAI,EAAE;gBACjB,KAAK,eAAO,CAAC,UAAU,CAAC,QAAQ,EAAE;oBAChC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;wBAC7C,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;qBACvG;oBACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,iCAC3C,IAAI,KACP,KAAK,EAAE,IAAI,CAAC,GAAG,EACf,aAAa,EAAE,IAAI,CAAC,aAAa,EACjC,YAAY,EAAE,IAAI,CAAC,YAAY,EAC/B,IAAI,EAAE,IAAI,CAAC,IAAI,IACf,CAAA;oBACF,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,iBAAG,KAAK,EAAE,UAAU,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBACrE,KAAK,CAAC,cAAc,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,CAAA;oBAC/D,OAAO,UAAU,CAAA;gBAEnB,KAAK,WAAW,CAAC;gBACjB,aAAa;gBACb,KAAK,KAAK,CAAC,CAAC;oBACV,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;wBAC9C,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAA;qBACpH;oBACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,iBAAG,KAAK,EAAE,IAAI,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBAC9E,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,iBAAG,KAAK,EAAE,UAAU,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBACrE,KAAK,CAAC,cAAc,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,CAAA;oBAC/D,OAAO,UAAU,CAAA;iBAClB;gBACD;oBACE,OAAO,MAAM,OAAM,SAAS,YAAC,IAAI,CAAC,CAAA;aACrC;QACH,CAAC;KAAA;IAEK,SAAS,CAAC,EAAE,IAAI,EAAsB;;;;;YAC1C,IAAI,GAAmB,CAAA;YAEvB,QAAQ,IAAI,EAAE;gBACZ,KAAK,eAAO,CAAC,UAAU,CAAC,CAAC;oBACvB,MAAM,iBAAiB,GAAG,MAAM,IAAA,0CAAyB,GAAE,CAAA;oBAC3D,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC;wBACzB,IAAI;wBACJ,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;wBACvE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;qBACvE,CAAC,CAAA;oBACF,MAAK;iBACN;gBAED,aAAa;gBACb,KAAK,KAAK,CAAC,CAAC;oBACV,MAAM,aAAa,GAAG,MAAM,IAAA,6CAAqB,EAAC,IAAI,CAAC,CAAA;oBACvD,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC;wBACzB,IAAI;wBACJ,aAAa;qBACd,CAAC,CAAA;oBACF,MAAK;iBACN;gBACD;oBACE,GAAG,GAAG,MAAM,OAAM,SAAS,YAAC,EAAE,IAAI,EAAE,CAAC,CAAA;aACxC;YAED,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;YAE5C,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAuE;;;;;YACzG,IAAI,UAA6B,CAAA;YACjC,IAAI;gBACF,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;aACnE;YAAC,OAAO,CAAC,EAAE;gBACV,MAAM,IAAI,KAAK,CAAC,6CAA6C,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;aAC3E;YAED,IAAI,UAAU,CAAC,IAAI,KAAK,eAAO,CAAC,UAAU,EAAE;gBAC1C,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;oBAChC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;iBAC/D;gBACD,MAAM,OAAO,GAAG;oBACd,OAAO,EAAE;wBACP,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;wBACxE,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;qBAC3D;oBACD,QAAQ,EAAE,CAAC,IAAI,CAAC;iBACjB,CAAA;gBACD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,IAAA,wBAAO,EAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;aAC3D;iBAAM;YACL,aAAa;YACb,UAAU,CAAC,IAAI,KAAK,KAAK;gBACzB,CAAC,OAAO,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,CAAC,EACtI;gBACA,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,aAAa,EAAE,IAAI,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,OAAO,CAAC,CAAA;aAChF;iBAAM;gBACL,OAAO,MAAM,OAAM,IAAI,YAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;aACrD;YACD,MAAM,KAAK,CAAC,gDAAgD,UAAU,CAAC,IAAI,EAAE,CAAC,CAAA;QAChF,CAAC;KAAA;IAEO,wBAAwB,CAAC,IAAwB;;QACvD,IAAI,GAA4B,CAAA;QAChC,QAAQ,IAAI,CAAC,IAAI,EAAE;YACjB,KAAK,eAAO,CAAC,UAAU;gBACrB,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,YAAY;oBACpC,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,IAAI,EAAE;wBACJ,UAAU,EAAE,CAAC,KAAK,CAAC;qBACpB;iBACF,CAAA;gBACD,MAAK;YACP,KAAK,WAAW,CAAC,CAAC;gBAChB,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,EAAE,QAAQ,CAAC,CAAA;gBAC/E,MAAM,SAAS,GAAG,IAAI,kBAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,CAAA;gBACzC,MAAM,OAAO,GAAG,SAAS,CAAC,cAAc,CAAC,YAAY,CAAC,CAAA;gBACtD,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;gBACnD,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,IAAI,CAAC,KAAK,IAAI,YAAY;oBAC/B,YAAY;oBACZ,IAAI,EAAE;wBACJ,UAAU,EAAE,CAAC,OAAO,CAAC;qBACtB;iBACF,CAAA;gBACD,MAAK;aACN;YACD,aAAa;YACb,KAAK,KAAK,CAAC,CAAC;gBACV,MAAM,IAAI,GAAG,MAAA,IAAI,CAAC,IAAI,0CAAE,IAAgB,CAAA;gBACxC,MAAM,aAAa,GACjB,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAA,gCAAQ,EAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,CAAA,CAAC,iFAAiF;gBAC9M,MAAM,YAAY,GAAG,IAAA,gCAAQ,EAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;gBACtD,MAAM,YAAY,GAAG,IAAA,gCAAQ,EAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;gBACrD,MAAM,YAAY,GAAG,IAAA,gCAAQ,EAAC,YAAY,CAAC,CAAA;gBAE3C,MAAM,IAAI,GAAG,EAAS,CAAA;gBACtB,IAAI,IAAI,EAAE;oBACR,IAAI,CAAC,IAAI,GAAG;wBACV,EAAE,EAAE,MAAA,MAAA,IAAI,CAAC,EAAE,mCAAI,IAAI,CAAC,KAAK,mCAAI,YAAY;qBAC1C,CAAA;oBACD,IAAI,SAAS,GAAW,MAAA,IAAI,CAAC,mBAAmB,mCAAI,EAAE,CAAA;oBACtD,IAAI,IAAI,CAAC,cAAc,EAAE;wBACvB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE;4BAC5C,SAAS,GAAG,GAAG,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAA;yBACnD;qBACF;oBACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE;wBACxB,IAAI,CAAC,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAA;wBACzC,MAAM,GAAG,GAAG,IAAA,yCAAiB,EAAC,SAAS,CAAC,CAAA;wBACxC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE;4BAC7B,8FAA8F;4BAC9F,aAAa;4BACb,YAAY,CAAC,GAAG,GAAG,GAAG,CAAA;yBACvB;wBACD,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;qBACpB;oBACD,IAAI,IAAI,CAAC,mBAAmB,EAAE;wBAC5B,aAAa;wBACb,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAA;wBAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAA;qBACzC;iBACF;gBAED,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,MAAA,MAAA,IAAI,CAAC,KAAK,mCAAI,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,0CAAE,EAAE,mCAAI,YAAY;oBACjD,YAAY;oBACZ,IAAI,kCACC,IAAI;wBACP,6BAA6B;wBAC7B,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAChD,YAAY;wBACZ,YAAY,GACb;iBACF,CAAA;gBACD,MAAK;aACN;YAED;gBACE,MAAM,KAAK,CAAC,yCAAyC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;SACrE;QACD,OAAO,GAAqB,CAAA;IAC9B,CAAC;IAED;;OAEG;IACW,OAAO,CAAC,aAAqB,EAAE,IAAgB,EAAE,gBAAwB;;YACrF,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,IAAA,uDAA+B,EAAC,gBAAgB,CAAC,CAAA;YACnF,MAAM,MAAM,GAAG,IAAI,iCAAS,CAAC,IAAA,gCAAQ,EAAC,IAAA,gCAAQ,EAAC,aAAa,EAAE,SAAS,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAA;YAChH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACzC,OAAO,SAAmB,CAAA;QAC5B,CAAC;KAAA;CACF;AAxMD,kEAwMC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,11 +1,17 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils';
|
|
2
|
+
import { KeyMetadata, TKeyType } from '@veramo/core';
|
|
2
3
|
export { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem';
|
|
3
|
-
export
|
|
4
|
+
export interface ManagedKeyInfoArgs {
|
|
4
5
|
alias?: string;
|
|
5
6
|
type: TKeyType;
|
|
6
7
|
privateKeyHex: string;
|
|
7
8
|
publicKeyHex?: string;
|
|
8
|
-
|
|
9
|
+
meta?: ManageKeyInfoMeta | undefined | null;
|
|
10
|
+
}
|
|
11
|
+
export interface ManageKeyInfoMeta extends KeyMetadata {
|
|
12
|
+
x509?: X509Opts;
|
|
13
|
+
[x: string]: any;
|
|
14
|
+
}
|
|
9
15
|
export declare enum KeyType {
|
|
10
16
|
Bls12381G2 = "Bls12381G2"
|
|
11
17
|
}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAA;AAC1D,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAEpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAA;AAE3E,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,QAAQ,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,iBAAiB,GAAG,SAAS,GAAG,IAAI,CAAA;CAC5C;AAED,MAAM,WAAW,iBAAkB,SAAQ,WAAW;IACpD,IAAI,CAAC,EAAE,QAAQ,CAAA;IACf,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CACjB;AACD,oBAAY,OAAO;IACjB,UAAU,eAAe;CAC1B"}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAGA,6EAA2E;AAAlE,0IAAA,2BAA2B,OAAA;AAcpC,IAAY,OAEX;AAFD,WAAY,OAAO;IACjB,oCAAyB,CAAA;AAC3B,CAAC,EAFW,OAAO,GAAP,eAAO,KAAP,eAAO,QAElB"}
|
|
@@ -1,26 +1,36 @@
|
|
|
1
1
|
import { AbstractPrivateKeyStore } from '@veramo/key-manager';
|
|
2
2
|
import { IKey } from '@veramo/core';
|
|
3
3
|
import { KeyManagementSystem } from '@veramo/kms-local';
|
|
4
|
+
import { KeyMetadata } from '@veramo/core';
|
|
4
5
|
import { ManagedKeyInfo } from '@veramo/core';
|
|
5
6
|
import { MinimalImportableKey } from '@veramo/core';
|
|
6
7
|
import { TKeyType } from '@veramo/core';
|
|
8
|
+
import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils';
|
|
7
9
|
|
|
8
10
|
declare enum KeyType_2 {
|
|
9
11
|
Bls12381G2 = "Bls12381G2"
|
|
10
12
|
}
|
|
11
13
|
export { KeyType_2 as KeyType }
|
|
12
14
|
|
|
13
|
-
export declare
|
|
15
|
+
export declare interface ManagedKeyInfoArgs {
|
|
14
16
|
alias?: string;
|
|
15
17
|
type: TKeyType;
|
|
16
18
|
privateKeyHex: string;
|
|
17
19
|
publicKeyHex?: string;
|
|
18
|
-
|
|
20
|
+
meta?: ManageKeyInfoMeta | undefined | null;
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export declare interface ManageKeyInfoMeta extends KeyMetadata {
|
|
24
|
+
x509?: X509Opts;
|
|
25
|
+
[x: string]: any;
|
|
26
|
+
}
|
|
19
27
|
|
|
20
28
|
export declare class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
21
29
|
private readonly privateKeyStore;
|
|
22
30
|
constructor(keyStore: AbstractPrivateKeyStore);
|
|
23
|
-
importKey(args: Omit<MinimalImportableKey, 'kms'>
|
|
31
|
+
importKey(args: Omit<MinimalImportableKey, 'kms'> & {
|
|
32
|
+
privateKeyPEM?: string;
|
|
33
|
+
}): Promise<ManagedKeyInfo>;
|
|
24
34
|
createKey({ type }: {
|
|
25
35
|
type: TKeyType;
|
|
26
36
|
}): Promise<ManagedKeyInfo>;
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.kms-local",
|
|
3
3
|
"description": "Sphereon Local Key Management System with support for BLS/BBS+, RSA keys",
|
|
4
|
-
"version": "0.12.
|
|
4
|
+
"version": "0.12.2-next.13+276840f",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -12,8 +12,8 @@
|
|
|
12
12
|
"dependencies": {
|
|
13
13
|
"@mattrglobal/bbs-signatures": "^1.1.0",
|
|
14
14
|
"@sphereon/isomorphic-webcrypto": "^2.4.0-unstable.4",
|
|
15
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.12.
|
|
16
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.12.
|
|
15
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.13+276840f",
|
|
16
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.12.2-next.13+276840f",
|
|
17
17
|
"@trust/keyto": "^2.0.0-alpha1",
|
|
18
18
|
"@veramo/core": "4.2.0",
|
|
19
19
|
"@veramo/key-manager": "4.2.0",
|
|
@@ -47,5 +47,5 @@
|
|
|
47
47
|
"kms",
|
|
48
48
|
"Veramo"
|
|
49
49
|
],
|
|
50
|
-
"gitHead": "
|
|
50
|
+
"gitHead": "276840f14edaea7d5c98a556a1c7393c0d8bbcd3"
|
|
51
51
|
}
|
|
@@ -1,15 +1,24 @@
|
|
|
1
|
-
import
|
|
1
|
+
import { blsSign, generateBls12381G2KeyPair } from '@mattrglobal/bbs-signatures'
|
|
2
|
+
import {
|
|
3
|
+
generatePrivateKeyHex,
|
|
4
|
+
hexToPEM,
|
|
5
|
+
jwkToPEM,
|
|
6
|
+
pemCertChainTox5c,
|
|
7
|
+
PEMToHex,
|
|
8
|
+
PEMToJwk,
|
|
9
|
+
RSASigner,
|
|
10
|
+
signAlgorithmToSchemeAndHashAlg,
|
|
11
|
+
X509Opts,
|
|
12
|
+
} from '@sphereon/ssi-sdk-ext.key-utils'
|
|
2
13
|
|
|
3
14
|
import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
|
|
4
15
|
import { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'
|
|
5
16
|
import { KeyManagementSystem } from '@veramo/kms-local'
|
|
6
|
-
import
|
|
7
|
-
import { blsSign, generateBls12381G2KeyPair } from '@mattrglobal/bbs-signatures'
|
|
8
|
-
import { RSASigner } from './x509/rsa-signer'
|
|
9
|
-
import { generateRSAKeyAsPEM, signAlgorithmToSchemeAndHashAlg } from './x509/rsa-key'
|
|
10
|
-
import { hexToPEM, jwkToPEM, pemCertChainTox5c, PEMToHex, PEMToJwk, privateKeyHexFromPEM } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
11
|
-
import * as u8a from 'uint8arrays'
|
|
17
|
+
import Debug from 'debug'
|
|
12
18
|
import elliptic from 'elliptic'
|
|
19
|
+
import * as u8a from 'uint8arrays'
|
|
20
|
+
import { KeyType, ManagedKeyInfoArgs } from './index'
|
|
21
|
+
|
|
13
22
|
const debug = Debug('sphereon:kms:bls:local')
|
|
14
23
|
|
|
15
24
|
export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
@@ -20,13 +29,14 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
20
29
|
this.privateKeyStore = keyStore
|
|
21
30
|
}
|
|
22
31
|
|
|
23
|
-
async importKey(args: Omit<MinimalImportableKey, 'kms'>): Promise<ManagedKeyInfo> {
|
|
32
|
+
async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {
|
|
24
33
|
switch (args.type) {
|
|
25
34
|
case KeyType.Bls12381G2.toString():
|
|
26
35
|
if (!args.privateKeyHex || !args.publicKeyHex) {
|
|
27
36
|
throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')
|
|
28
37
|
}
|
|
29
38
|
const managedKey = this.asSphereonManagedKeyInfo({
|
|
39
|
+
...args,
|
|
30
40
|
alias: args.kid,
|
|
31
41
|
privateKeyHex: args.privateKeyHex,
|
|
32
42
|
publicKeyHex: args.publicKeyHex,
|
|
@@ -39,8 +49,8 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
39
49
|
case 'Secp256r1':
|
|
40
50
|
// @ts-ignore
|
|
41
51
|
case 'RSA': {
|
|
42
|
-
if (!args.privateKeyHex) {
|
|
43
|
-
throw new Error('invalid_argument: type and privateKeyHex are required to import a key')
|
|
52
|
+
if (!args.privateKeyHex && !args.privateKeyPEM) {
|
|
53
|
+
throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')
|
|
44
54
|
}
|
|
45
55
|
const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })
|
|
46
56
|
await this.privateKeyStore.import({ alias: managedKey.kid, ...args })
|
|
@@ -68,10 +78,10 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
68
78
|
|
|
69
79
|
// @ts-ignore
|
|
70
80
|
case 'RSA': {
|
|
71
|
-
const
|
|
81
|
+
const privateKeyHex = await generatePrivateKeyHex(type)
|
|
72
82
|
key = await this.importKey({
|
|
73
83
|
type,
|
|
74
|
-
privateKeyHex
|
|
84
|
+
privateKeyHex,
|
|
75
85
|
})
|
|
76
86
|
break
|
|
77
87
|
}
|
|
@@ -109,7 +119,7 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
109
119
|
privateKey.type === 'RSA' &&
|
|
110
120
|
(typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')
|
|
111
121
|
) {
|
|
112
|
-
return await this.signRSA(privateKey.privateKeyHex, data, algorithm
|
|
122
|
+
return await this.signRSA(privateKey.privateKeyHex, data, algorithm ?? 'PS256')
|
|
113
123
|
} else {
|
|
114
124
|
return await super.sign({ keyRef, algorithm, data })
|
|
115
125
|
}
|
|
@@ -146,9 +156,9 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
146
156
|
}
|
|
147
157
|
// @ts-ignore
|
|
148
158
|
case 'RSA': {
|
|
149
|
-
// @ts-ignore // We need this as the interface on the args, does not allow for any metadata on managed key imports
|
|
150
159
|
const x509 = args.meta?.x509 as X509Opts
|
|
151
|
-
const privateKeyPEM =
|
|
160
|
+
const privateKeyPEM =
|
|
161
|
+
x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)
|
|
152
162
|
const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')
|
|
153
163
|
const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')
|
|
154
164
|
const publicKeyHex = PEMToHex(publicKeyPEM)
|
|
@@ -156,9 +166,9 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
156
166
|
const meta = {} as any
|
|
157
167
|
if (x509) {
|
|
158
168
|
meta.x509 = {
|
|
159
|
-
cn: x509.cn
|
|
169
|
+
cn: x509.cn ?? args.alias ?? publicKeyHex,
|
|
160
170
|
}
|
|
161
|
-
let certChain: string = x509.certificateChainPEM
|
|
171
|
+
let certChain: string = x509.certificateChainPEM ?? ''
|
|
162
172
|
if (x509.certificatePEM) {
|
|
163
173
|
if (!certChain.includes(x509.certificatePEM)) {
|
|
164
174
|
certChain = `${x509.certificatePEM}\n${certChain}`
|
|
@@ -183,7 +193,7 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
|
|
|
183
193
|
|
|
184
194
|
key = {
|
|
185
195
|
type: args.type,
|
|
186
|
-
kid: args.alias
|
|
196
|
+
kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,
|
|
187
197
|
publicKeyHex,
|
|
188
198
|
meta: {
|
|
189
199
|
...meta,
|
|
@@ -3,13 +3,13 @@ import { PEM_CERT, PEM_CHAIN, PEM_FULL_CHAIN, PEM_PRIV_KEY } from './certs'
|
|
|
3
3
|
import { SphereonKeyManagementSystem } from '../SphereonKeyManagementSystem'
|
|
4
4
|
import { MemoryPrivateKeyStore } from '@veramo/key-manager'
|
|
5
5
|
import * as u8a from 'uint8arrays'
|
|
6
|
-
import { RSASigner } from '../x509/rsa-signer'
|
|
7
6
|
import {
|
|
8
7
|
digestMethodParams,
|
|
9
8
|
pemCertChainTox5c,
|
|
10
9
|
PEMToJwk,
|
|
11
10
|
privateKeyHexFromPEM,
|
|
12
11
|
publicKeyHexFromPEM,
|
|
12
|
+
RSASigner,
|
|
13
13
|
toKeyObject,
|
|
14
14
|
X509Opts,
|
|
15
15
|
x5cToPemCertChain,
|
package/src/index.ts
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
2
|
+
import { KeyMetadata, TKeyType } from '@veramo/core'
|
|
3
|
+
|
|
2
4
|
export { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'
|
|
3
|
-
|
|
5
|
+
|
|
6
|
+
export interface ManagedKeyInfoArgs {
|
|
7
|
+
alias?: string
|
|
8
|
+
type: TKeyType
|
|
9
|
+
privateKeyHex: string
|
|
10
|
+
publicKeyHex?: string
|
|
11
|
+
meta?: ManageKeyInfoMeta | undefined | null
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
export interface ManageKeyInfoMeta extends KeyMetadata {
|
|
15
|
+
x509?: X509Opts
|
|
16
|
+
[x: string]: any
|
|
17
|
+
}
|
|
4
18
|
export enum KeyType {
|
|
5
19
|
Bls12381G2 = 'Bls12381G2',
|
|
6
20
|
}
|
package/dist/x509/rsa-key.d.ts
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import { HashAlgorithm, JWK } from '@sphereon/ssi-sdk-ext.key-utils';
|
|
2
|
-
export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS';
|
|
3
|
-
export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP';
|
|
4
|
-
export declare const signAlgorithmToSchemeAndHashAlg: (signingAlg: string) => {
|
|
5
|
-
scheme: "RSASSA-PKCS1-V1_5" | "RSA-PSS";
|
|
6
|
-
hashAlgorithm: HashAlgorithm;
|
|
7
|
-
};
|
|
8
|
-
export declare const importRSAKey: (jwk: JWK, scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm) => Promise<CryptoKey>;
|
|
9
|
-
export declare const generateRSAKeyAsPEM: (scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm, modulusLength?: number) => Promise<string>;
|
|
10
|
-
//# sourceMappingURL=rsa-key.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rsa-key.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":"AAEA,OAAO,EAAe,aAAa,EAAE,GAAG,EAAE,MAAM,iCAAiC,CAAA;AAEjF,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,GAAG,SAAS,CAAA;AAEjE,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,GAAG,YAAY,CAAA;AAOpE,eAAO,MAAM,+BAA+B,eAAgB,MAAM;;;CAajE,CAAA;AAED,eAAO,MAAM,YAAY,QAClB,GAAG,UACA,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,KAC5B,QAAQ,SAAS,CAKnB,CAAA;AAED,eAAO,MAAM,mBAAmB,WACtB,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,kBACb,MAAM,KACrB,QAAQ,MAAM,CAgBhB,CAAA"}
|
package/dist/x509/rsa-key.js
DELETED
|
@@ -1,83 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
-
});
|
|
33
|
-
};
|
|
34
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
35
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
|
-
};
|
|
37
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
-
exports.generateRSAKeyAsPEM = exports.importRSAKey = exports.signAlgorithmToSchemeAndHashAlg = void 0;
|
|
39
|
-
const isomorphic_webcrypto_1 = __importDefault(require("@sphereon/isomorphic-webcrypto"));
|
|
40
|
-
const u8a = __importStar(require("uint8arrays"));
|
|
41
|
-
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
42
|
-
const usage = (jwk) => {
|
|
43
|
-
// "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
|
|
44
|
-
return jwk.d ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify', 'encrypt'];
|
|
45
|
-
};
|
|
46
|
-
const signAlgorithmToSchemeAndHashAlg = (signingAlg) => {
|
|
47
|
-
const alg = signingAlg.toUpperCase();
|
|
48
|
-
let scheme;
|
|
49
|
-
if (alg.startsWith('RS')) {
|
|
50
|
-
scheme = 'RSASSA-PKCS1-V1_5';
|
|
51
|
-
}
|
|
52
|
-
else if (alg.startsWith('PS')) {
|
|
53
|
-
scheme = 'RSA-PSS';
|
|
54
|
-
}
|
|
55
|
-
else {
|
|
56
|
-
throw Error(`Invalid signing algorithm supplied ${signingAlg}`);
|
|
57
|
-
}
|
|
58
|
-
const hashAlgorithm = `SHA-${alg.substring(2)}`;
|
|
59
|
-
return { scheme, hashAlgorithm };
|
|
60
|
-
};
|
|
61
|
-
exports.signAlgorithmToSchemeAndHashAlg = signAlgorithmToSchemeAndHashAlg;
|
|
62
|
-
const importRSAKey = (jwk, scheme, hashAlgorithm) => __awaiter(void 0, void 0, void 0, function* () {
|
|
63
|
-
const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256';
|
|
64
|
-
const importParams = { name: scheme, hash: hashName };
|
|
65
|
-
return yield isomorphic_webcrypto_1.default.subtle.importKey('jwk', jwk, importParams, false, usage(jwk));
|
|
66
|
-
});
|
|
67
|
-
exports.importRSAKey = importRSAKey;
|
|
68
|
-
const generateRSAKeyAsPEM = (scheme, hashAlgorithm, modulusLength) => __awaiter(void 0, void 0, void 0, function* () {
|
|
69
|
-
const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256';
|
|
70
|
-
const params = {
|
|
71
|
-
name: scheme,
|
|
72
|
-
hash: hashName,
|
|
73
|
-
modulusLength: modulusLength ? modulusLength : 2048,
|
|
74
|
-
publicExponent: new Uint8Array([1, 0, 1]),
|
|
75
|
-
};
|
|
76
|
-
const keyUsage = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
|
|
77
|
-
const keypair = yield isomorphic_webcrypto_1.default.subtle.generateKey(params, true, keyUsage);
|
|
78
|
-
const pkcs8 = yield isomorphic_webcrypto_1.default.subtle.exportKey('pkcs8', keypair.privateKey);
|
|
79
|
-
const uint8Array = new Uint8Array(pkcs8);
|
|
80
|
-
return (0, ssi_sdk_ext_key_utils_1.base64ToPEM)(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY');
|
|
81
|
-
});
|
|
82
|
-
exports.generateRSAKeyAsPEM = generateRSAKeyAsPEM;
|
|
83
|
-
//# sourceMappingURL=rsa-key.js.map
|
package/dist/x509/rsa-key.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rsa-key.js","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0FAAmD;AACnD,iDAAkC;AAClC,2EAAiF;AAMjF,MAAM,KAAK,GAAG,CAAC,GAAQ,EAAc,EAAE;IACrC,oGAAoG;IACpG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;AACjF,CAAC,CAAA;AAEM,MAAM,+BAA+B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACpE,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;IACpC,IAAI,MAAkD,CAAA;IACtD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QACxB,MAAM,GAAG,mBAAmB,CAAA;KAC7B;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC/B,MAAM,GAAG,SAAS,CAAA;KACnB;SAAM;QACL,MAAM,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAA;KAChE;IAED,MAAM,aAAa,GAAG,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAmB,CAAA;IAChE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAA;AAClC,CAAC,CAAA;AAbY,QAAA,+BAA+B,mCAa3C;AAEM,MAAM,YAAY,GAAG,CAC1B,GAAQ,EACR,MAAkD,EAClD,aAA6B,EACT,EAAE;IACtB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;IAEpG,MAAM,YAAY,GAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC5E,OAAO,MAAM,8BAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;AACjG,CAAC,CAAA,CAAA;AATY,QAAA,YAAY,gBASxB;AAEM,MAAM,mBAAmB,GAAG,CACjC,MAAkD,EAClD,aAA6B,EAC7B,aAAsB,EACL,EAAE;IACnB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;IAE1D,MAAM,MAAM,GAA0B;QACpC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI;QACnD,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;KAC1C,CAAA;IACD,MAAM,QAAQ,GAAe,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;IAEjI,MAAM,OAAO,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvE,MAAM,KAAK,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAExE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,IAAA,mCAAW,EAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,iBAAiB,CAAC,CAAA;AAC9E,CAAC,CAAA,CAAA;AApBY,QAAA,mBAAmB,uBAoB/B"}
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
import { RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key';
|
|
2
|
-
import { HashAlgorithm, JWK } from '@sphereon/ssi-sdk-ext.key-utils';
|
|
3
|
-
export declare class RSASigner {
|
|
4
|
-
private readonly hashAlgorithm;
|
|
5
|
-
private readonly jwk;
|
|
6
|
-
private key;
|
|
7
|
-
private readonly scheme;
|
|
8
|
-
/**
|
|
9
|
-
*
|
|
10
|
-
* @param key Either in PEM or JWK format (no raw hex keys here!)
|
|
11
|
-
* @param opts The algorithm and signature/encryption schemes
|
|
12
|
-
*/
|
|
13
|
-
constructor(key: string | JWK, opts?: {
|
|
14
|
-
hashAlgorithm?: HashAlgorithm;
|
|
15
|
-
scheme?: RSAEncryptionSchemes | RSASignatureSchemes;
|
|
16
|
-
});
|
|
17
|
-
private getImportParams;
|
|
18
|
-
private getKey;
|
|
19
|
-
private bufferToString;
|
|
20
|
-
sign(data: string | Uint8Array): Promise<string>;
|
|
21
|
-
verify(data: string | Uint8Array, signature: string | Uint8Array): Promise<boolean>;
|
|
22
|
-
}
|
|
23
|
-
//# sourceMappingURL=rsa-signer.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rsa-signer.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":"AAEA,OAAO,EAAgB,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AACnF,OAAO,EAAE,aAAa,EAAE,GAAG,EAAY,MAAM,iCAAiC,CAAA;AAE9E,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IAEzB,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;IAEnE;;;;OAIG;gBACS,GAAG,EAAE,MAAM,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,aAAa,CAAC;QAAC,MAAM,CAAC,EAAE,oBAAoB,GAAG,mBAAmB,CAAA;KAAE;IAW5H,OAAO,CAAC,eAAe;YAQT,MAAM;IAOpB,OAAO,CAAC,cAAc;IAKT,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAYhD,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;CAQjG"}
|
package/dist/x509/rsa-signer.js
DELETED
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
-
});
|
|
33
|
-
};
|
|
34
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
35
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
36
|
-
};
|
|
37
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
-
exports.RSASigner = void 0;
|
|
39
|
-
const u8a = __importStar(require("uint8arrays"));
|
|
40
|
-
const isomorphic_webcrypto_1 = __importDefault(require("@sphereon/isomorphic-webcrypto"));
|
|
41
|
-
const rsa_key_1 = require("./rsa-key");
|
|
42
|
-
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
43
|
-
class RSASigner {
|
|
44
|
-
/**
|
|
45
|
-
*
|
|
46
|
-
* @param key Either in PEM or JWK format (no raw hex keys here!)
|
|
47
|
-
* @param opts The algorithm and signature/encryption schemes
|
|
48
|
-
*/
|
|
49
|
-
constructor(key, opts) {
|
|
50
|
-
var _a, _b;
|
|
51
|
-
if (typeof key === 'string') {
|
|
52
|
-
this.jwk = (0, ssi_sdk_ext_key_utils_1.PEMToJwk)(key);
|
|
53
|
-
}
|
|
54
|
-
else {
|
|
55
|
-
this.jwk = key;
|
|
56
|
-
}
|
|
57
|
-
this.hashAlgorithm = (_a = opts === null || opts === void 0 ? void 0 : opts.hashAlgorithm) !== null && _a !== void 0 ? _a : 'SHA-256';
|
|
58
|
-
this.scheme = (_b = opts === null || opts === void 0 ? void 0 : opts.scheme) !== null && _b !== void 0 ? _b : 'RSA-PSS';
|
|
59
|
-
}
|
|
60
|
-
getImportParams() {
|
|
61
|
-
if (this.scheme === 'RSA-PSS') {
|
|
62
|
-
return { name: this.scheme, saltLength: 32 };
|
|
63
|
-
}
|
|
64
|
-
// console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
|
|
65
|
-
return { name: this.scheme /*, hash: this.hashAlgorithm*/ };
|
|
66
|
-
}
|
|
67
|
-
getKey() {
|
|
68
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
69
|
-
if (!this.key) {
|
|
70
|
-
this.key = yield (0, rsa_key_1.importRSAKey)(this.jwk, this.scheme, this.hashAlgorithm);
|
|
71
|
-
}
|
|
72
|
-
return this.key;
|
|
73
|
-
});
|
|
74
|
-
}
|
|
75
|
-
bufferToString(buf) {
|
|
76
|
-
const uint8Array = new Uint8Array(buf);
|
|
77
|
-
return u8a.toString(uint8Array, 'base64url'); // Needs to be base64url for JsonWebSignature2020. Don't change!
|
|
78
|
-
}
|
|
79
|
-
sign(data) {
|
|
80
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
81
|
-
const input = typeof data === 'string' ? u8a.fromString(data, 'utf-8') : data;
|
|
82
|
-
const key = yield this.getKey();
|
|
83
|
-
const signature = this.bufferToString(yield isomorphic_webcrypto_1.default.subtle.sign(this.getImportParams(), key, input));
|
|
84
|
-
if (!signature) {
|
|
85
|
-
throw Error('Could not sign input data');
|
|
86
|
-
}
|
|
87
|
-
// base64url signature
|
|
88
|
-
return signature;
|
|
89
|
-
});
|
|
90
|
-
}
|
|
91
|
-
verify(data, signature) {
|
|
92
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
93
|
-
const sig = typeof signature === 'string' ? signature : u8a.toString(signature, 'base64url');
|
|
94
|
-
const jws = sig.includes('.') ? sig.split('.')[2] : sig;
|
|
95
|
-
const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data;
|
|
96
|
-
const verificationResult = yield isomorphic_webcrypto_1.default.subtle.verify(this.getImportParams(), yield this.getKey(), u8a.fromString(jws, 'base64url'), input);
|
|
97
|
-
return verificationResult;
|
|
98
|
-
});
|
|
99
|
-
}
|
|
100
|
-
}
|
|
101
|
-
exports.RSASigner = RSASigner;
|
|
102
|
-
//# sourceMappingURL=rsa-signer.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"rsa-signer.js","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAClC,0FAAmD;AACnD,uCAAmF;AACnF,2EAA8E;AAE9E,MAAa,SAAS;IAOpB;;;;OAIG;IACH,YAAY,GAAiB,EAAE,IAA6F;;QAC1H,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,IAAI,CAAC,GAAG,GAAG,IAAA,gCAAQ,EAAC,GAAG,CAAC,CAAA;SACzB;aAAM;YACL,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;SACf;QAED,IAAI,CAAC,aAAa,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,SAAS,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,SAAS,CAAA;IACzC,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE;YAC7B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;SAC7C;QACD,oEAAoE;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAA;IAC7D,CAAC;IAEa,MAAM;;YAClB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACb,IAAI,CAAC,GAAG,GAAG,MAAM,IAAA,sBAAY,EAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;aACzE;YACD,OAAO,IAAI,CAAC,GAAG,CAAA;QACjB,CAAC;KAAA;IAEO,cAAc,CAAC,GAAgB;QACrC,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;QACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA,CAAC,gEAAgE;IAC/G,CAAC;IAEY,IAAI,CAAC,IAAyB;;YACzC,MAAM,KAAK,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC7E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,8BAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,SAAS,EAAE;gBACd,MAAM,KAAK,CAAC,2BAA2B,CAAC,CAAA;aACzC;YAED,uBAAuB;YACvB,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAEY,MAAM,CAAC,IAAyB,EAAE,SAA8B;;YAC3E,MAAM,GAAG,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC,CAAA;YAC5F,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;YAEvD,MAAM,KAAK,GAAG,OAAO,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,MAAM,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAA;YAC3I,OAAO,kBAAkB,CAAA;QAC3B,CAAC;KAAA;CACF;AA/DD,8BA+DC"}
|
package/src/x509/rsa-key.ts
DELETED
|
@@ -1,60 +0,0 @@
|
|
|
1
|
-
import crypto from '@sphereon/isomorphic-webcrypto'
|
|
2
|
-
import * as u8a from 'uint8arrays'
|
|
3
|
-
import { base64ToPEM, HashAlgorithm, JWK } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
4
|
-
|
|
5
|
-
export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS'
|
|
6
|
-
|
|
7
|
-
export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP'
|
|
8
|
-
|
|
9
|
-
const usage = (jwk: JWK): KeyUsage[] => {
|
|
10
|
-
// "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
|
|
11
|
-
return jwk.d ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify', 'encrypt']
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
export const signAlgorithmToSchemeAndHashAlg = (signingAlg: string) => {
|
|
15
|
-
const alg = signingAlg.toUpperCase()
|
|
16
|
-
let scheme: RSAEncryptionSchemes | RSASignatureSchemes
|
|
17
|
-
if (alg.startsWith('RS')) {
|
|
18
|
-
scheme = 'RSASSA-PKCS1-V1_5'
|
|
19
|
-
} else if (alg.startsWith('PS')) {
|
|
20
|
-
scheme = 'RSA-PSS'
|
|
21
|
-
} else {
|
|
22
|
-
throw Error(`Invalid signing algorithm supplied ${signingAlg}`)
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
const hashAlgorithm = `SHA-${alg.substring(2)}` as HashAlgorithm
|
|
26
|
-
return { scheme, hashAlgorithm }
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
export const importRSAKey = async (
|
|
30
|
-
jwk: JWK,
|
|
31
|
-
scheme: RSAEncryptionSchemes | RSASignatureSchemes,
|
|
32
|
-
hashAlgorithm?: HashAlgorithm
|
|
33
|
-
): Promise<CryptoKey> => {
|
|
34
|
-
const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256'
|
|
35
|
-
|
|
36
|
-
const importParams: RsaHashedImportParams = { name: scheme, hash: hashName }
|
|
37
|
-
return await crypto.subtle.importKey('jwk', jwk as JsonWebKey, importParams, false, usage(jwk))
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
export const generateRSAKeyAsPEM = async (
|
|
41
|
-
scheme: RSAEncryptionSchemes | RSASignatureSchemes,
|
|
42
|
-
hashAlgorithm?: HashAlgorithm,
|
|
43
|
-
modulusLength?: number
|
|
44
|
-
): Promise<string> => {
|
|
45
|
-
const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256'
|
|
46
|
-
|
|
47
|
-
const params: RsaHashedKeyGenParams = {
|
|
48
|
-
name: scheme,
|
|
49
|
-
hash: hashName,
|
|
50
|
-
modulusLength: modulusLength ? modulusLength : 2048,
|
|
51
|
-
publicExponent: new Uint8Array([1, 0, 1]),
|
|
52
|
-
}
|
|
53
|
-
const keyUsage: KeyUsage[] = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt']
|
|
54
|
-
|
|
55
|
-
const keypair = await crypto.subtle.generateKey(params, true, keyUsage)
|
|
56
|
-
const pkcs8 = await crypto.subtle.exportKey('pkcs8', keypair.privateKey)
|
|
57
|
-
|
|
58
|
-
const uint8Array = new Uint8Array(pkcs8)
|
|
59
|
-
return base64ToPEM(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY')
|
|
60
|
-
}
|
package/src/x509/rsa-signer.ts
DELETED
|
@@ -1,69 +0,0 @@
|
|
|
1
|
-
import * as u8a from 'uint8arrays'
|
|
2
|
-
import crypto from '@sphereon/isomorphic-webcrypto'
|
|
3
|
-
import { importRSAKey, RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key'
|
|
4
|
-
import { HashAlgorithm, JWK, PEMToJwk } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
5
|
-
|
|
6
|
-
export class RSASigner {
|
|
7
|
-
private readonly hashAlgorithm: HashAlgorithm
|
|
8
|
-
private readonly jwk: JWK
|
|
9
|
-
|
|
10
|
-
private key: CryptoKey | undefined
|
|
11
|
-
private readonly scheme: RSAEncryptionSchemes | RSASignatureSchemes
|
|
12
|
-
|
|
13
|
-
/**
|
|
14
|
-
*
|
|
15
|
-
* @param key Either in PEM or JWK format (no raw hex keys here!)
|
|
16
|
-
* @param opts The algorithm and signature/encryption schemes
|
|
17
|
-
*/
|
|
18
|
-
constructor(key: string | JWK, opts?: { hashAlgorithm?: HashAlgorithm; scheme?: RSAEncryptionSchemes | RSASignatureSchemes }) {
|
|
19
|
-
if (typeof key === 'string') {
|
|
20
|
-
this.jwk = PEMToJwk(key)
|
|
21
|
-
} else {
|
|
22
|
-
this.jwk = key
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
this.hashAlgorithm = opts?.hashAlgorithm ?? 'SHA-256'
|
|
26
|
-
this.scheme = opts?.scheme ?? 'RSA-PSS'
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
private getImportParams(): AlgorithmIdentifier | RsaPssParams {
|
|
30
|
-
if (this.scheme === 'RSA-PSS') {
|
|
31
|
-
return { name: this.scheme, saltLength: 32 }
|
|
32
|
-
}
|
|
33
|
-
// console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
|
|
34
|
-
return { name: this.scheme /*, hash: this.hashAlgorithm*/ }
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
private async getKey(): Promise<CryptoKey> {
|
|
38
|
-
if (!this.key) {
|
|
39
|
-
this.key = await importRSAKey(this.jwk, this.scheme, this.hashAlgorithm)
|
|
40
|
-
}
|
|
41
|
-
return this.key
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
private bufferToString(buf: ArrayBuffer) {
|
|
45
|
-
const uint8Array = new Uint8Array(buf)
|
|
46
|
-
return u8a.toString(uint8Array, 'base64url') // Needs to be base64url for JsonWebSignature2020. Don't change!
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
public async sign(data: string | Uint8Array): Promise<string> {
|
|
50
|
-
const input = typeof data === 'string' ? u8a.fromString(data, 'utf-8') : data
|
|
51
|
-
const key = await this.getKey()
|
|
52
|
-
const signature = this.bufferToString(await crypto.subtle.sign(this.getImportParams(), key, input))
|
|
53
|
-
if (!signature) {
|
|
54
|
-
throw Error('Could not sign input data')
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
// base64url signature
|
|
58
|
-
return signature
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
public async verify(data: string | Uint8Array, signature: string | Uint8Array): Promise<boolean> {
|
|
62
|
-
const sig = typeof signature === 'string' ? signature : u8a.toString(signature, 'base64url')
|
|
63
|
-
const jws = sig.includes('.') ? sig.split('.')[2] : sig
|
|
64
|
-
|
|
65
|
-
const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data
|
|
66
|
-
const verificationResult = await crypto.subtle.verify(this.getImportParams(), await this.getKey(), u8a.fromString(jws, 'base64url'), input)
|
|
67
|
-
return verificationResult
|
|
68
|
-
}
|
|
69
|
-
}
|