@sphereon/ssi-sdk-ext.kms-local 0.28.1-feature.esm.cjs.11 → 0.28.1-feature.esm.cjs.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.cjs +72 -40
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/tsdoc-metadata.json +1 -1
  4. package/package.json +6 -6
package/dist/index.cjs CHANGED
@@ -1,20 +1,56 @@
1
- "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { newObj[key] = obj[key]; } } } newObj.default = obj; return newObj; } } function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _createStarExport(obj) { Object.keys(obj) .filter((key) => key !== "default" && key !== "__esModule") .forEach((key) => { if (exports.hasOwnProperty(key)) { return; } Object.defineProperty(exports, key, {enumerable: true, configurable: true, get: () => obj[key]}); }); } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }var __defProp = Object.defineProperty;
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
2
8
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
+ var __export = (target, all) => {
10
+ for (var name in all)
11
+ __defProp(target, name, { get: all[name], enumerable: true });
12
+ };
13
+ var __copyProps = (to, from, except, desc) => {
14
+ if (from && typeof from === "object" || typeof from === "function") {
15
+ for (let key of __getOwnPropNames(from))
16
+ if (!__hasOwnProp.call(to, key) && key !== except)
17
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
18
+ }
19
+ return to;
20
+ };
21
+ var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
22
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
23
+ // If the importer is in node compatibility mode or this is not an ESM
24
+ // file that has been converted to a CommonJS file using a Babel-
25
+ // compatible transform (i.e. "__esModule" has not been set), then set
26
+ // "default" to the CommonJS "module.exports" for node compatibility.
27
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
28
+ mod
29
+ ));
30
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
31
+
32
+ // src/index.ts
33
+ var index_exports = {};
34
+ __export(index_exports, {
35
+ KeyType: () => KeyType,
36
+ SphereonKeyManagementSystem: () => SphereonKeyManagementSystem
37
+ });
38
+ module.exports = __toCommonJS(index_exports);
3
39
 
4
40
  // src/SphereonKeyManagementSystem.ts
5
- var _ssisdkextkeyutils = require('@sphereon/ssi-sdk-ext.key-utils');
6
- var _kmslocal = require('@veramo/kms-local'); _createStarExport(_kmslocal);
7
- var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
8
- var _elliptic = require('elliptic'); var _elliptic2 = _interopRequireDefault(_elliptic);
9
- var _uint8arrays = require('uint8arrays'); var u8a = _interopRequireWildcard(_uint8arrays);
10
- var _ssisdkextx509utils = require('@sphereon/ssi-sdk-ext.x509-utils');
41
+ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.key-utils");
42
+ var import_kms_local = require("@veramo/kms-local");
43
+ var import_debug = __toESM(require("debug"), 1);
44
+ var import_elliptic = __toESM(require("elliptic"), 1);
45
+ var u8a = __toESM(require("uint8arrays"), 1);
46
+ var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.x509-utils");
11
47
  var { fromString } = u8a;
12
- var debug = _debug2.default.call(void 0, "sphereon:kms:local");
13
- var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
48
+ var debug = (0, import_debug.default)("sphereon:kms:local");
49
+ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSystem {
14
50
  static {
15
51
  __name(this, "SphereonKeyManagementSystem");
16
52
  }
17
-
53
+ privateKeyStore;
18
54
  constructor(keyStore) {
19
55
  super(keyStore);
20
56
  this.privateKeyStore = keyStore;
@@ -68,7 +104,7 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
68
104
  }
69
105
  // @ts-ignore
70
106
  case "RSA": {
71
- const privateKeyHex = await _ssisdkextkeyutils.generatePrivateKeyHex.call(void 0, type);
107
+ const privateKeyHex = await (0, import_ssi_sdk_ext.generatePrivateKeyHex)(type);
72
108
  key = await this.importKey({
73
109
  type,
74
110
  privateKeyHex
@@ -98,7 +134,7 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
98
134
  // @ts-ignore
99
135
  privateKey.type === "RSA" && (typeof algorithm === "undefined" || algorithm === "RS256" || algorithm === "RS512" || algorithm === "PS256" || algorithm === "PS512")
100
136
  ) {
101
- return await this.signRSA(privateKey, data, _nullishCoalesce(algorithm, () => ( "PS256")));
137
+ return await this.signRSA(privateKey, data, algorithm ?? "PS256");
102
138
  } else {
103
139
  return await super.sign({
104
140
  keyRef,
@@ -110,7 +146,7 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
110
146
  }
111
147
  async verify({ publicKeyHex, type, algorithm, data, signature }) {
112
148
  if (type === "RSA") {
113
- return await this.verifyRSA(publicKeyHex, data, _nullishCoalesce(algorithm, () => ( "PS256")), signature);
149
+ return await this.verifyRSA(publicKeyHex, data, algorithm ?? "PS256", signature);
114
150
  }
115
151
  throw Error(`KMS verify is not implemented yet for ${type}`);
116
152
  }
@@ -120,7 +156,7 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
120
156
  case KeyType.Bls12381G2:
121
157
  key = {
122
158
  type: args.type,
123
- kid: _nullishCoalesce(args.alias, () => ( args.publicKeyHex)),
159
+ kid: args.alias ?? args.publicKeyHex,
124
160
  publicKeyHex: args.publicKeyHex,
125
161
  meta: {
126
162
  algorithms: [
@@ -131,16 +167,16 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
131
167
  break;
132
168
  case "Secp256k1": {
133
169
  const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
134
- const secp256k1 = new _elliptic2.default.ec("secp256k1");
170
+ const secp256k1 = new import_elliptic.default.ec("secp256k1");
135
171
  const keyPair = secp256k1.keyFromPrivate(privateBytes, "hex");
136
172
  const publicKeyHex = keyPair.getPublic(true, "hex");
137
173
  key = {
138
174
  type: args.type,
139
- kid: _nullishCoalesce(args.alias, () => ( publicKeyHex)),
175
+ kid: args.alias ?? publicKeyHex,
140
176
  publicKeyHex,
141
177
  meta: {
142
- jwkThumbprint: _ssisdkextkeyutils.calculateJwkThumbprint.call(void 0, {
143
- jwk: _ssisdkextkeyutils.toJwk.call(void 0, publicKeyHex, "Secp256k1")
178
+ jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
179
+ jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256k1")
144
180
  }),
145
181
  algorithms: [
146
182
  "ES256K",
@@ -156,16 +192,16 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
156
192
  }
157
193
  case "Secp256r1": {
158
194
  const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
159
- const secp256r1 = new _elliptic2.default.ec("p256");
195
+ const secp256r1 = new import_elliptic.default.ec("p256");
160
196
  const keyPair = secp256r1.keyFromPrivate(privateBytes, "hex");
161
197
  const publicKeyHex = keyPair.getPublic(true, "hex");
162
198
  key = {
163
199
  type: args.type,
164
- kid: _nullishCoalesce(args.alias, () => ( publicKeyHex)),
200
+ kid: args.alias ?? publicKeyHex,
165
201
  publicKeyHex,
166
202
  meta: {
167
- jwkThumbprint: _ssisdkextkeyutils.calculateJwkThumbprint.call(void 0, {
168
- jwk: _ssisdkextkeyutils.toJwk.call(void 0, publicKeyHex, "Secp256r1")
203
+ jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
204
+ jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256r1")
169
205
  }),
170
206
  algorithms: [
171
207
  "ES256"
@@ -176,17 +212,17 @@ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
176
212
  }
177
213
  // @ts-ignore
178
214
  case "RSA": {
179
- const x509 = _optionalChain([args, 'access', _ => _.meta, 'optionalAccess', _2 => _2.x509]);
180
- const privateKeyPEM = _nullishCoalesce(_optionalChain([x509, 'optionalAccess', _3 => _3.privateKeyPEM]), () => ( (args.privateKeyHex.includes("---") ? args.privateKeyHex : _ssisdkextx509utils.hexToPEM.call(void 0, args.privateKeyHex, "private"))));
181
- const publicKeyJwk = _ssisdkextx509utils.PEMToJwk.call(void 0, privateKeyPEM, "public");
182
- const publicKeyPEM = _ssisdkextx509utils.jwkToPEM.call(void 0, publicKeyJwk, "public");
183
- const publicKeyHex = _ssisdkextx509utils.PEMToHex.call(void 0, publicKeyPEM);
215
+ const x509 = args.meta?.x509;
216
+ const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes("---") ? args.privateKeyHex : (0, import_ssi_sdk_ext2.hexToPEM)(args.privateKeyHex, "private"));
217
+ const publicKeyJwk = (0, import_ssi_sdk_ext2.PEMToJwk)(privateKeyPEM, "public");
218
+ const publicKeyPEM = (0, import_ssi_sdk_ext2.jwkToPEM)(publicKeyJwk, "public");
219
+ const publicKeyHex = (0, import_ssi_sdk_ext2.PEMToHex)(publicKeyPEM);
184
220
  const meta = {};
185
221
  if (x509) {
186
222
  meta.x509 = {
187
- cn: _nullishCoalesce(_nullishCoalesce(x509.cn, () => ( args.alias)), () => ( publicKeyHex))
223
+ cn: x509.cn ?? args.alias ?? publicKeyHex
188
224
  };
189
- let certChain = _nullishCoalesce(x509.certificateChainPEM, () => ( ""));
225
+ let certChain = x509.certificateChainPEM ?? "";
190
226
  if (x509.certificatePEM) {
191
227
  if (!certChain.includes(x509.certificatePEM)) {
192
228
  certChain = `${x509.certificatePEM}
@@ -195,7 +231,7 @@ ${certChain}`;
195
231
  }
196
232
  if (certChain.length > 0) {
197
233
  meta.x509.certificateChainPEM = certChain;
198
- const x5c = _ssisdkextx509utils.pemCertChainTox5c.call(void 0, certChain);
234
+ const x5c = (0, import_ssi_sdk_ext2.pemCertChainTox5c)(certChain);
199
235
  if (!x509.certificateChainURL) {
200
236
  publicKeyJwk.x5c = x5c;
201
237
  }
@@ -208,7 +244,7 @@ ${certChain}`;
208
244
  }
209
245
  key = {
210
246
  type: args.type,
211
- kid: _nullishCoalesce(_nullishCoalesce(args.alias, () => ( _optionalChain([meta, 'optionalAccess', _4 => _4.x509, 'optionalAccess', _5 => _5.cn]))), () => ( publicKeyHex)),
247
+ kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,
212
248
  publicKeyHex,
213
249
  meta: {
214
250
  ...meta,
@@ -234,8 +270,8 @@ ${certChain}`;
234
270
  * @returns a base64url encoded signature for the `RS256` alg
235
271
  */
236
272
  async signRSA(privateKey, data, signingAlgorithm) {
237
- const { hashAlgorithm, scheme } = _ssisdkextx509utils.signAlgorithmToSchemeAndHashAlg.call(void 0, signingAlgorithm);
238
- const signer = new (0, _ssisdkextx509utils.RSASigner)(_ssisdkextx509utils.PEMToJwk.call(void 0, _ssisdkextx509utils.hexToPEM.call(void 0, privateKey.privateKeyHex, "private"), "private"), {
273
+ const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
274
+ const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(privateKey.privateKeyHex, "private"), "private"), {
239
275
  hashAlgorithm,
240
276
  scheme
241
277
  });
@@ -243,8 +279,8 @@ ${certChain}`;
243
279
  return signature;
244
280
  }
245
281
  async verifyRSA(publicKeyHex, data, signingAlgorithm, signature) {
246
- const { hashAlgorithm, scheme } = _ssisdkextx509utils.signAlgorithmToSchemeAndHashAlg.call(void 0, signingAlgorithm);
247
- const signer = new (0, _ssisdkextx509utils.RSASigner)(_ssisdkextx509utils.PEMToJwk.call(void 0, _ssisdkextx509utils.hexToPEM.call(void 0, publicKeyHex, "public"), "public"), {
282
+ const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
283
+ const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(publicKeyHex, "public"), "public"), {
248
284
  hashAlgorithm,
249
285
  scheme
250
286
  });
@@ -256,13 +292,9 @@ ${certChain}`;
256
292
  };
257
293
 
258
294
  // src/index.ts
259
-
295
+ __reExport(index_exports, require("@veramo/kms-local"), module.exports);
260
296
  var KeyType = /* @__PURE__ */ function(KeyType2) {
261
297
  KeyType2["Bls12381G2"] = "Bls12381G2";
262
298
  return KeyType2;
263
299
  }({});
264
-
265
-
266
-
267
- exports.KeyType = KeyType; exports.SphereonKeyManagementSystem = SphereonKeyManagementSystem;
268
300
  //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-local/dist/index.cjs","../src/SphereonKeyManagementSystem.ts","../src/index.ts"],"names":["fromString","u8a","debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signature","x509","includes","publicKeyPEM","certChain","x5c","certificateChainURL","meta","publicKeyJwk","signingAlgorithm","hashAlgorithm","scheme"],"mappings":"AAAA,+zCAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;AACxF;AACA;ACHA,oEAA+E;AAI/E,2EAAoC;AACpC,4EAAkB;AAClB,wFAAqB;AAErB,2FAAqB;AAGrB,sEAQO;AAVP,IAAM,EAAEA,WAAU,EAAA,EAAKC,GAAAA;AAYvB,IAAMC,MAAAA,EAAQC,6BAAAA,oBAAM,CAAA;AAEb,IAAMC,4BAAAA,EAAN,MAAA,QAA0CC,8BAAAA;ADVjD,ECbA,OAuBiDA;ADTjD,IAAI,MAAM,CAAC,IAAI,EAAE,6BAA6B,CAAC;AAC/C,EAAE;AACF,ECQmBC;ADPnB,ECSEC,WAAAA,CAAYC,QAAAA,EAAmC;AAC7C,IAAA,KAAA,CAAMA,QAAAA,CAAAA;AACN,IAAA,IAAA,CAAKF,gBAAAA,EAAkBE,QAAAA;ADR3B,ECSE;ADRF,ECUE,MAAMC,SAAAA,CAAUC,IAAAA,EAA+F;AAC7G,IAAA,OAAA,CAAQA,IAAAA,CAAKC,IAAAA,EAAI;ADTrB,MCUM,KAAKC,OAAAA,CAAQC,UAAAA,CAAWC,QAAAA,CAAQ,CAAA;AAC9B,QAAA,GAAA,CAAI,CAACJ,IAAAA,CAAKK,cAAAA,GAAiB,CAACL,IAAAA,CAAKM,YAAAA,EAAc;AAC7C,UAAA,MAAM,IAAIC,KAAAA,CAAM,qFAAA,CAAA;ADT1B,QCUQ;AACA,QAAA,MAAMC,WAAAA,EAAa,IAAA,CAAKC,wBAAAA,CAAyB;ADTzD,UCUU,GAAGT,IAAAA;ADTb,UCUUU,KAAAA,EAAOV,IAAAA,CAAKW,GAAAA;ADTtB,UCUUN,aAAAA,EAAeL,IAAAA,CAAKK,aAAAA;ADT9B,UCUUC,YAAAA,EAAcN,IAAAA,CAAKM,YAAAA;ADT7B,UCUUL,IAAAA,EAAMD,IAAAA,CAAKC;ADTrB,QCUQ,CAAA,CAAA;AACA,QAAA,MAAM,IAAA,CAAKL,eAAAA,CAAgBgB,MAAAA,CAAO;ADT1C,UCS4CF,KAAAA,EAAOF,UAAAA,CAAWG,GAAAA;ADR9D,UCQmE,GAAGX;ADPtE,QCO2E,CAAA,CAAA;AACnER,QAAAA,KAAAA,CAAM,cAAA,EAAgBgB,UAAAA,CAAWP,IAAAA,EAAMO,UAAAA,CAAWF,YAAY,CAAA;AAC9D,QAAA,OAAOE,UAAAA;ADNf,MCQM,KAAK,WAAA;ADPX,MCQM,KAAK,WAAA;ADPX;AACA,MCQM,KAAK,KAAA,EAAO;AACV,QAAA,GAAA,CAAI,CAACR,IAAAA,CAAKK,cAAAA,GAAiB,CAACL,IAAAA,CAAKa,aAAAA,EAAe;AAC9C,UAAA,MAAM,IAAIN,KAAAA,CAAM,kGAAA,CAAA;ADP1B,QCQQ;AACA,QAAA,MAAMC,YAAAA,EAAa,IAAA,CAAKC,wBAAAA,CAAyB;ADPzD,UCO2DC,KAAAA,EAAOV,IAAAA,CAAKW,GAAAA;ADNvE,UCM4E,GAAGX;ADL/E,QCKoF,CAAA,CAAA;AAC5E,QAAA,MAAM,IAAA,CAAKJ,eAAAA,CAAgBgB,MAAAA,CAAO;ADJ1C,UCI4CF,KAAAA,EAAOF,WAAAA,CAAWG,GAAAA;ADH9D,UCGmE,GAAGX;ADFtE,QCE2E,CAAA,CAAA;AACnER,QAAAA,KAAAA,CAAM,cAAA,EAAgBgB,WAAAA,CAAWP,IAAAA,EAAMO,WAAAA,CAAWF,YAAY,CAAA;AAC9D,QAAA,OAAOE,WAAAA;ADDf,MCEM;ADDN,MCEM,OAAA;AACE,QAAA,OAAO,MAAM,KAAA,CAAMT,SAAAA,CAAUC,IAAAA,CAAAA;ADDrC,ICEI;ADDJ,ECEE;ADDF,ECGE,MAAMc,SAAAA,CAAU,EAAEb,KAAI,CAAA,EAAiD;AACrE,IAAA,IAAIc,GAAAA;AAEJ,IAAA,OAAA,CAAQd,IAAAA,EAAAA;ADHZ,MCIM,KAAKC,OAAAA,CAAQC,UAAAA,EAAY;AACvB,QAAA,MAAMI,KAAAA,CACJ,mLAAA,CAAA;ADJV,MCiBM;ADhBN;AACA,MCkBM,KAAK,KAAA,EAAO;AACV,QAAA,MAAMF,cAAAA,EAAgB,MAAMW,sDAAAA,IAAsBf,CAAAA;AAClDc,QAAAA,IAAAA,EAAM,MAAM,IAAA,CAAKhB,SAAAA,CAAU;ADjBnC,UCkBUE,IAAAA;ADjBV,UCkBUI;ADjBV,QCkBQ,CAAA,CAAA;AACA,QAAA,KAAA;ADjBR,MCkBM;ADjBN,MCkBM,OAAA;AACEU,QAAAA,IAAAA,EAAM,MAAM,KAAA,CAAMD,SAAAA,CAAU;ADjBpC,UCiBsCb;ADhBtC,QCgB2C,CAAA,CAAA;ADf3C,ICgBI;AAEAT,IAAAA,KAAAA,CAAM,aAAA,EAAeS,IAAAA,EAAMc,GAAAA,CAAIT,YAAY,CAAA;AAE3C,IAAA,OAAOS,GAAAA;ADjBX,ECkBE;ADjBF,ECmBE,MAAME,IAAAA,CAAK,EAAEC,MAAAA,EAAQC,SAAAA,EAAWC,KAAI,CAAA,EAA0F;AAC5H,IAAA,IAAIC,UAAAA;AACJ,IAAA,IAAI;AACFA,MAAAA,WAAAA,EAAa,MAAM,IAAA,CAAKzB,eAAAA,CAAgB0B,GAAAA,CAAI;ADlBlD,QCkBoDZ,KAAAA,EAAOQ,MAAAA,CAAOP;ADjBlE,MCiBsE,CAAA,CAAA;ADhBtE,ICiBI,EAAA,MAAA,CAASY,CAAAA,EAAG;AACV,MAAA,MAAM,IAAIhB,KAAAA,CAAM,CAAA,0CAAA,EAA6CW,MAAAA,CAAOP,GAAG,CAAA,CAAA;AACzE,IAAA;AAE4C,IAAA;AAExC,MAAA;AAgBJ,IAAA;ADjC0E;ACoCnCQ,MAAAA;AACrC,IAAA;AACyD,MAAA;AACpD,IAAA;AACmB,MAAA;AAAED,QAAAA;AAAQC,QAAAA;AAAWC,QAAAA;AAAK,MAAA;AACpD,IAAA;AACuEnB,IAAAA;AACzE,EAAA;AAcqB,EAAA;AACC,IAAA;AACoDuB,MAAAA;AACxE,IAAA;AAC2D,IAAA;AAC7D,EAAA;AAE2E,EAAA;AACrET,IAAAA;AACa,IAAA;AACFZ,MAAAA;AACL,QAAA;AACOF,UAAAA;AACaK,UAAAA;AACLA,UAAAA;AACb,UAAA;AACQ,YAAA;AAAC,cAAA;AD3CqD,YAAA;AC4CpE,UAAA;AACF,QAAA;AACA,QAAA;AACgB,MAAA;AACkD,QAAA;AAChC,QAAA;AACqB,QAAA;AACV,QAAA;AACvC,QAAA;AACOL,UAAAA;AACQK,UAAAA;AACnBA,UAAAA;AACM,UAAA;AACkC,YAAA;AAA2B,cAAA;AAAa,YAAA;AAClE,YAAA;AAAC,cAAA;AAAU,cAAA;AAAY,cAAA;AAAuB,cAAA;AAAqB,cAAA;AAAmB,cAAA;ADlChC,YAAA;ACmCpE,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AACkB,MAAA;AACkD,QAAA;AAChC,QAAA;AACqB,QAAA;AACV,QAAA;AACvC,QAAA;AACOL,UAAAA;AACQK,UAAAA;AACnBA,UAAAA;AACM,UAAA;AACkC,YAAA;AAA2B,cAAA;AAAa,YAAA;AAClE,YAAA;AAAC,cAAA;AD9BqD,YAAA;AC+BpE,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AD7BwE;AC+B5D,MAAA;AACcmB,QAAAA;AAEqBC,QAAAA;AACA,QAAA;AACD,QAAA;AACdC,QAAAA;AAEhB,QAAA;AACJ,QAAA;AACI,UAAA;AACmBrB,YAAAA;AAC/B,UAAA;AACoD,UAAA;AAC3B,UAAA;AACuB,YAAA;AACV,cAAA;AAAKsB;AACzC,YAAA;AACF,UAAA;AAC0B,UAAA;AACQA,YAAAA;AACFA,YAAAA;AACC,YAAA;AAGVC,cAAAA;AACrB,YAAA;AACgBA,YAAAA;AAClB,UAAA;AAC8B,UAAA;AAEJC,YAAAA;AACHA,YAAAA;AACvB,UAAA;AACF,QAAA;AAEM,QAAA;AACO7B,UAAAA;AAC0BK,UAAAA;AACrCA,UAAAA;AACM,UAAA;AACDyB,YAAAA;ADlC+D;ACoCtD,YAAA;AAAC,cAAA;AAAS,cAAA;AAAS,cAAA;AAAS,cAAA;AD9B0B,YAAA;AC+BlEC,YAAAA;AACAL,YAAAA;AACF,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AAEA,MAAA;AACmE,QAAA;AACrE,IAAA;AACOZ,IAAAA;AACT,EAAA;AD9B4E;AACA;AACA;ACiCsC,EAAA;AAC9CkB,IAAAA;AACO,IAAA;AAA0BC,MAAAA;AAAeC,MAAAA;AAAO,IAAA;AACrFf,IAAAA;AAC7BI,IAAAA;AACT,EAAA;AAE6G,EAAA;AACzCS,IAAAA;AACM,IAAA;AAAaC,MAAAA;AAAeC,MAAAA;AAAO,IAAA;AAC1EX,IAAAA;AACnC,EAAA;AAEwD,EAAA;AACmCf,IAAAA;AAC3F,EAAA;AACF;AD3B8E;AACA;AE5PhE;AAcFP;AFiPkE,EAAA;AEjPlEA,EAAAA;AFmPkE;AACA;AACA;AACA;AACA","file":"/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-local/dist/index.cjs","sourcesContent":[null,"import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString } = u8a\nimport { KeyType, ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA' &&\n (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')\n ) {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`)\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be DSA etc\n algorithms: ['RS256', 'RS512', 'PS256', 'PS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n","import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/SphereonKeyManagementSystem.ts"],"sourcesContent":["import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n","import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString } = u8a\nimport { KeyType, ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA' &&\n (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')\n ) {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`)\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be DSA etc\n algorithms: ['RS256', 'RS512', 'PS256', 'PS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA;;;;;;;;ACHA,yBAA+E;AAI/E,uBAAoC;AACpC,mBAAkB;AAClB,sBAAqB;AAErB,UAAqB;AAGrB,IAAAA,sBAQO;AAVP,IAAM,EAAEC,WAAU,IAAKC;AAYvB,IAAMC,YAAQC,aAAAA,SAAM,oBAAA;AAEb,IAAMC,8BAAN,cAA0CC,qCAAAA;EAvBjD,OAuBiDA;;;EAC9BC;EAEjBC,YAAYC,UAAmC;AAC7C,UAAMA,QAAAA;AACN,SAAKF,kBAAkBE;EACzB;EAEA,MAAMC,UAAUC,MAA+F;AAC7G,YAAQA,KAAKC,MAAI;MACf,KAAKC,QAAQC,WAAWC,SAAQ;AAC9B,YAAI,CAACJ,KAAKK,iBAAiB,CAACL,KAAKM,cAAc;AAC7C,gBAAM,IAAIC,MAAM,qFAAA;QAClB;AACA,cAAMC,aAAa,KAAKC,yBAAyB;UAC/C,GAAGT;UACHU,OAAOV,KAAKW;UACZN,eAAeL,KAAKK;UACpBC,cAAcN,KAAKM;UACnBL,MAAMD,KAAKC;QACb,CAAA;AACA,cAAM,KAAKL,gBAAgBgB,OAAO;UAAEF,OAAOF,WAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,WAAWP,MAAMO,WAAWF,YAAY;AAC9D,eAAOE;MAET,KAAK;MACL,KAAK;;MAEL,KAAK,OAAO;AACV,YAAI,CAACR,KAAKK,iBAAiB,CAACL,KAAKa,eAAe;AAC9C,gBAAM,IAAIN,MAAM,kGAAA;QAClB;AACA,cAAMC,cAAa,KAAKC,yBAAyB;UAAEC,OAAOV,KAAKW;UAAK,GAAGX;QAAK,CAAA;AAC5E,cAAM,KAAKJ,gBAAgBgB,OAAO;UAAEF,OAAOF,YAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,YAAWP,MAAMO,YAAWF,YAAY;AAC9D,eAAOE;MACT;MACA;AACE,eAAO,MAAM,MAAMT,UAAUC,IAAAA;IACjC;EACF;EAEA,MAAMc,UAAU,EAAEb,KAAI,GAAiD;AACrE,QAAIc;AAEJ,YAAQd,MAAAA;MACN,KAAKC,QAAQC,YAAY;AACvB,cAAMI,MACJ,mLAAA;MAaJ;;MAGA,KAAK,OAAO;AACV,cAAMF,gBAAgB,UAAMW,0CAAsBf,IAAAA;AAClDc,cAAM,MAAM,KAAKhB,UAAU;UACzBE;UACAI;QACF,CAAA;AACA;MACF;MACA;AACEU,cAAM,MAAM,MAAMD,UAAU;UAAEb;QAAK,CAAA;IACvC;AAEAT,UAAM,eAAeS,MAAMc,IAAIT,YAAY;AAE3C,WAAOS;EACT;EAEA,MAAME,KAAK,EAAEC,QAAQC,WAAWC,KAAI,GAA0F;AAC5H,QAAIC;AACJ,QAAI;AACFA,mBAAa,MAAM,KAAKzB,gBAAgB0B,IAAI;QAAEZ,OAAOQ,OAAOP;MAAI,CAAA;IAClE,SAASY,GAAG;AACV,YAAM,IAAIhB,MAAM,6CAA6CW,OAAOP,GAAG,EAAE;IAC3E;AAEA,QAAIU,WAAWpB,SAASC,QAAQC,YAAY;AAC1C,YAAMI,MACJ,mLAAA;IAgBJ;;MAEEc,WAAWpB,SAAS,UACnB,OAAOkB,cAAc,eAAeA,cAAc,WAAWA,cAAc,WAAWA,cAAc,WAAWA,cAAc;MAC9H;AACA,aAAO,MAAM,KAAKK,QAAQH,YAAYD,MAAMD,aAAa,OAAA;IAC3D,OAAO;AACL,aAAO,MAAM,MAAMF,KAAK;QAAEC;QAAQC;QAAWC;MAAK,CAAA;IACpD;AACA,UAAMb,MAAM,gDAAgDc,WAAWpB,IAAI,EAAE;EAC/E;EAEA,MAAMwB,OAAO,EACXnB,cACAL,MACAkB,WACAC,MACAM,UAAS,GAOU;AACnB,QAAIzB,SAAS,OAAO;AAClB,aAAO,MAAM,KAAK0B,UAAUrB,cAAcc,MAAMD,aAAa,SAASO,SAAAA;IACxE;AACA,UAAMnB,MAAM,yCAAyCN,IAAAA,EAAM;EAC7D;EAEQQ,yBAAyBT,MAA0C;AACzE,QAAIe;AACJ,YAAQf,KAAKC,MAAI;MACf,KAAKC,QAAQC;AACXY,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASV,KAAKM;UACxBA,cAAcN,KAAKM;UACnBsB,MAAM;YACJC,YAAY;cAAC;;UACf;QACF;AACA;MACF,KAAK,aAAa;AAChB,cAAMC,eAAexC,WAAWU,KAAKK,cAAc0B,YAAW,GAAI,QAAA;AAClE,cAAMC,YAAY,IAAIC,gBAAAA,QAASC,GAAG,WAAA;AAClC,cAAMC,UAAUH,UAAUI,eAAeN,cAAc,KAAA;AACvD,cAAMxB,eAAe6B,QAAQE,UAAU,MAAM,KAAA;AAC7CtB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAsB,MAAM;YACJU,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMnC,cAAc,WAAA;YAAa,CAAA;YAC9EuB,YAAY;cAAC;cAAU;cAAY;cAAuB;cAAqB;cAAmB;;UACpG;QACF;AACA;MACF;MACA,KAAK,aAAa;AAChB,cAAMC,eAAexC,WAAWU,KAAKK,cAAc0B,YAAW,GAAI,QAAA;AAClE,cAAMW,YAAY,IAAIT,gBAAAA,QAASC,GAAG,MAAA;AAClC,cAAMC,UAAUO,UAAUN,eAAeN,cAAc,KAAA;AACvD,cAAMxB,eAAe6B,QAAQE,UAAU,MAAM,KAAA;AAC7CtB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAsB,MAAM;YACJU,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMnC,cAAc,WAAA;YAAa,CAAA;YAC9EuB,YAAY;cAAC;;UACf;QACF;AACA;MACF;;MAEA,KAAK,OAAO;AACV,cAAMc,OAAO3C,KAAK4B,MAAMe;AACxB,cAAM9B,gBACJ8B,MAAM9B,kBAAkBb,KAAKK,cAAcuC,SAAS,KAAA,IAAS5C,KAAKK,oBAAgBwC,8BAAS7C,KAAKK,eAAe,SAAA;AACjH,cAAMyC,mBAAeC,8BAASlC,eAAe,QAAA;AAC7C,cAAMmC,mBAAeC,8BAASH,cAAc,QAAA;AAC5C,cAAMxC,mBAAe4C,8BAASF,YAAAA;AAE9B,cAAMpB,OAAO,CAAC;AACd,YAAIe,MAAM;AACRf,eAAKe,OAAO;YACVQ,IAAIR,KAAKQ,MAAMnD,KAAKU,SAASJ;UAC/B;AACA,cAAI8C,YAAoBT,KAAKU,uBAAuB;AACpD,cAAIV,KAAKW,gBAAgB;AACvB,gBAAI,CAACF,UAAUR,SAASD,KAAKW,cAAc,GAAG;AAC5CF,0BAAY,GAAGT,KAAKW,cAAc;EAAKF,SAAAA;YACzC;UACF;AACA,cAAIA,UAAUG,SAAS,GAAG;AACxB3B,iBAAKe,KAAKU,sBAAsBD;AAChC,kBAAMI,UAAMC,uCAAkBL,SAAAA;AAC9B,gBAAI,CAACT,KAAKe,qBAAqB;AAG7BZ,2BAAaU,MAAMA;YACrB;AACA5B,iBAAKe,KAAKa,MAAMA;UAClB;AACA,cAAIb,KAAKe,qBAAqB;AAE5BZ,yBAAaa,MAAMhB,KAAKe;AACxB9B,iBAAKe,KAAKgB,MAAMhB,KAAKe;UACvB;QACF;AAEA3C,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASkB,MAAMe,MAAMQ,MAAM7C;UACrCA;UACAsB,MAAM;YACJ,GAAGA;;YAEHC,YAAY;cAAC;cAAS;cAAS;cAAS;;YACxCiB;YACAE;UACF;QACF;AACA;MACF;MAEA;AACE,cAAMzC,MAAM,4CAA4CP,KAAKC,IAAI;IACrE;AACA,WAAOc;EACT;;;;EAKA,MAAcS,QAAQH,YAA+BD,MAAkBwC,kBAA2C;AAChH,UAAM,EAAEC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAASxB,WAAWhB,eAAe,SAAA,GAAY,SAAA,GAAY;MAAEwD;MAAeC;IAAO,CAAA;AACzH,UAAMpC,YAAY,MAAMsC,OAAO/C,KAAKG,IAAAA;AACpC,WAAOM;EACT;EAEA,MAAcC,UAAUrB,cAAsBc,MAAkBwC,kBAA0BlC,WAAmB;AAC3G,UAAM,EAAEmC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAASvC,cAAc,QAAA,GAAW,QAAA,GAAW;MAAEuD;MAAeC;IAAO,CAAA;AAC3G,WAAO,MAAME,OAAOvC,OAAOL,MAAMM,SAAAA;EACnC;EAEA,MAAawC,WAA2C;AACtD,YAAQ,MAAM,KAAKtE,gBAAgBuE,KAAK,CAAC,CAAA,GAAIC,IAAI,CAAC/C,eAAkC,KAAKZ,yBAAyBY,UAAAA,CAAAA;EACpH;AACF;;;ADtRA,0BAAc,8BAFd;AAgBO,IAAKgD,UAAAA,yBAAAA,UAAAA;;SAAAA;;","names":["import_ssi_sdk_ext","fromString","u8a","debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signRSA","verify","signature","verifyRSA","meta","algorithms","privateBytes","toLowerCase","secp256k1","elliptic","ec","keyPair","keyFromPrivate","getPublic","jwkThumbprint","calculateJwkThumbprint","jwk","toJwk","secp256r1","x509","includes","hexToPEM","publicKeyJwk","PEMToJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","x5c","pemCertChainTox5c","certificateChainURL","x5u","signingAlgorithm","hashAlgorithm","scheme","signAlgorithmToSchemeAndHashAlg","signer","RSASigner","listKeys","list","map","KeyType"]}
package/dist/tsdoc-metadata.json CHANGED
@@ -5,7 +5,7 @@
5
5
  "toolPackages": [
6
6
  {
7
7
  "packageName": "@microsoft/api-extractor",
8
- "packageVersion": "7.52.3"
8
+ "packageVersion": "7.52.4"
9
9
  }
10
10
  ]
11
11
  }
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.kms-local",
3
3
  "description": "Sphereon Local Key Management System with support for BLS/BBS+, RSA keys",
4
- "version": "0.28.1-feature.esm.cjs.11+5582cc4",
4
+ "version": "0.28.1-feature.esm.cjs.13+24ca549",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -22,9 +22,9 @@
22
22
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
23
23
  },
24
24
  "dependencies": {
25
- "@sphereon/ssi-sdk-ext.did-utils": "^0.28.1-feature.esm.cjs.11+5582cc4",
26
- "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.11+5582cc4",
27
- "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.11+5582cc4",
25
+ "@sphereon/ssi-sdk-ext.did-utils": "^0.28.1-feature.esm.cjs.13+24ca549",
26
+ "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.13+24ca549",
27
+ "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.13+24ca549",
28
28
  "@trust/keyto": "2.0.0-alpha1",
29
29
  "@veramo/core": "4.2.0",
30
30
  "@veramo/key-manager": "4.2.0",
@@ -35,7 +35,7 @@
35
35
  },
36
36
  "devDependencies": {
37
37
  "@sphereon/jsencrypt": "3.3.2-unstable.0",
38
- "@sphereon/ssi-sdk.dev": " ^0.33",
38
+ "@sphereon/ssi-sdk.dev": "0.33.1-feature.vcdm2.tsup.25",
39
39
  "@types/elliptic": "6.4.14",
40
40
  "@veramo/cli": "4.2.0"
41
41
  },
@@ -57,5 +57,5 @@
57
57
  "kms",
58
58
  "Veramo"
59
59
  ],
60
- "gitHead": "5582cc49ffc25ef9cef9d3b42ff7aad59ca3a480"
60
+ "gitHead": "24ca549841533d8ae29184b42dc92a416bdb246d"
61
61
  }