@sphereon/ssi-sdk-ext.kms-local 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.esm.cjs.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.cjs +42 -74
  2. package/dist/index.cjs.map +1 -1
  3. package/package.json +5 -5
package/dist/index.cjs CHANGED
@@ -1,55 +1,19 @@
1
- "use strict";
2
- var __create = Object.create;
3
- var __defProp = Object.defineProperty;
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
- var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
- var __hasOwnProp = Object.prototype.hasOwnProperty;
1
+ "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _createStarExport(obj) { Object.keys(obj) .filter((key) => key !== "default" && key !== "__esModule") .forEach((key) => { if (exports.hasOwnProperty(key)) { return; } Object.defineProperty(exports, key, {enumerable: true, configurable: true, get: () => obj[key]}); }); } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }var __defProp = Object.defineProperty;
8
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
- var __export = (target, all) => {
10
- for (var name in all)
11
- __defProp(target, name, { get: all[name], enumerable: true });
12
- };
13
- var __copyProps = (to, from, except, desc) => {
14
- if (from && typeof from === "object" || typeof from === "function") {
15
- for (let key of __getOwnPropNames(from))
16
- if (!__hasOwnProp.call(to, key) && key !== except)
17
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
18
- }
19
- return to;
20
- };
21
- var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
22
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
23
- // If the importer is in node compatibility mode or this is not an ESM
24
- // file that has been converted to a CommonJS file using a Babel-
25
- // compatible transform (i.e. "__esModule" has not been set), then set
26
- // "default" to the CommonJS "module.exports" for node compatibility.
27
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
28
- mod
29
- ));
30
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
31
-
32
- // src/index.ts
33
- var index_exports = {};
34
- __export(index_exports, {
35
- KeyType: () => KeyType,
36
- SphereonKeyManagementSystem: () => SphereonKeyManagementSystem
37
- });
38
- module.exports = __toCommonJS(index_exports);
39
3
 
40
4
  // src/SphereonKeyManagementSystem.ts
41
- var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.key-utils");
42
- var import_kms_local = require("@veramo/kms-local");
43
- var import_debug = __toESM(require("debug"), 1);
44
- var import_elliptic = __toESM(require("elliptic"), 1);
45
- var import_from_string = require("uint8arrays/from-string");
46
- var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.x509-utils");
47
- var debug = (0, import_debug.default)("sphereon:kms:local");
48
- var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSystem {
5
+ var _ssisdkextkeyutils = require('@sphereon/ssi-sdk-ext.key-utils');
6
+ var _kmslocal = require('@veramo/kms-local'); _createStarExport(_kmslocal);
7
+ var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
8
+ var _elliptic = require('elliptic'); var _elliptic2 = _interopRequireDefault(_elliptic);
9
+ var _fromstring = require('uint8arrays/from-string');
10
+ var _ssisdkextx509utils = require('@sphereon/ssi-sdk-ext.x509-utils');
11
+ var debug = _debug2.default.call(void 0, "sphereon:kms:local");
12
+ var SphereonKeyManagementSystem = class extends _kmslocal.KeyManagementSystem {
49
13
  static {
50
14
  __name(this, "SphereonKeyManagementSystem");
51
15
  }
52
- privateKeyStore;
16
+
53
17
  constructor(keyStore) {
54
18
  super(keyStore);
55
19
  this.privateKeyStore = keyStore;
@@ -103,7 +67,7 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
103
67
  }
104
68
  // @ts-ignore
105
69
  case "RSA": {
106
- const privateKeyHex = await (0, import_ssi_sdk_ext.generatePrivateKeyHex)(type);
70
+ const privateKeyHex = await _ssisdkextkeyutils.generatePrivateKeyHex.call(void 0, type);
107
71
  key = await this.importKey({
108
72
  type,
109
73
  privateKeyHex
@@ -133,7 +97,7 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
133
97
  // @ts-ignore
134
98
  privateKey.type === "RSA" && (typeof algorithm === "undefined" || algorithm === "RS256" || algorithm === "RS512" || algorithm === "PS256" || algorithm === "PS512")
135
99
  ) {
136
- return await this.signRSA(privateKey, data, algorithm ?? "PS256");
100
+ return await this.signRSA(privateKey, data, _nullishCoalesce(algorithm, () => ( "PS256")));
137
101
  } else {
138
102
  return await super.sign({
139
103
  keyRef,
@@ -145,7 +109,7 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
145
109
  }
146
110
  async verify({ publicKeyHex, type, algorithm, data, signature }) {
147
111
  if (type === "RSA") {
148
- return await this.verifyRSA(publicKeyHex, data, algorithm ?? "PS256", signature);
112
+ return await this.verifyRSA(publicKeyHex, data, _nullishCoalesce(algorithm, () => ( "PS256")), signature);
149
113
  }
150
114
  throw Error(`KMS verify is not implemented yet for ${type}`);
151
115
  }
@@ -155,7 +119,7 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
155
119
  case KeyType.Bls12381G2:
156
120
  key = {
157
121
  type: args.type,
158
- kid: args.alias ?? args.publicKeyHex,
122
+ kid: _nullishCoalesce(args.alias, () => ( args.publicKeyHex)),
159
123
  publicKeyHex: args.publicKeyHex,
160
124
  meta: {
161
125
  algorithms: [
@@ -165,17 +129,17 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
165
129
  };
166
130
  break;
167
131
  case "Secp256k1": {
168
- const privateBytes = (0, import_from_string.fromString)(args.privateKeyHex.toLowerCase(), "base16");
169
- const secp256k1 = new import_elliptic.default.ec("secp256k1");
132
+ const privateBytes = _fromstring.fromString.call(void 0, args.privateKeyHex.toLowerCase(), "base16");
133
+ const secp256k1 = new _elliptic2.default.ec("secp256k1");
170
134
  const keyPair = secp256k1.keyFromPrivate(privateBytes, "hex");
171
135
  const publicKeyHex = keyPair.getPublic(true, "hex");
172
136
  key = {
173
137
  type: args.type,
174
- kid: args.alias ?? publicKeyHex,
138
+ kid: _nullishCoalesce(args.alias, () => ( publicKeyHex)),
175
139
  publicKeyHex,
176
140
  meta: {
177
- jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
178
- jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256k1")
141
+ jwkThumbprint: _ssisdkextkeyutils.calculateJwkThumbprint.call(void 0, {
142
+ jwk: _ssisdkextkeyutils.toJwk.call(void 0, publicKeyHex, "Secp256k1")
179
143
  }),
180
144
  algorithms: [
181
145
  "ES256K",
@@ -190,17 +154,17 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
190
154
  break;
191
155
  }
192
156
  case "Secp256r1": {
193
- const privateBytes = (0, import_from_string.fromString)(args.privateKeyHex.toLowerCase(), "base16");
194
- const secp256r1 = new import_elliptic.default.ec("p256");
157
+ const privateBytes = _fromstring.fromString.call(void 0, args.privateKeyHex.toLowerCase(), "base16");
158
+ const secp256r1 = new _elliptic2.default.ec("p256");
195
159
  const keyPair = secp256r1.keyFromPrivate(privateBytes, "hex");
196
160
  const publicKeyHex = keyPair.getPublic(true, "hex");
197
161
  key = {
198
162
  type: args.type,
199
- kid: args.alias ?? publicKeyHex,
163
+ kid: _nullishCoalesce(args.alias, () => ( publicKeyHex)),
200
164
  publicKeyHex,
201
165
  meta: {
202
- jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
203
- jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256r1")
166
+ jwkThumbprint: _ssisdkextkeyutils.calculateJwkThumbprint.call(void 0, {
167
+ jwk: _ssisdkextkeyutils.toJwk.call(void 0, publicKeyHex, "Secp256r1")
204
168
  }),
205
169
  algorithms: [
206
170
  "ES256"
@@ -211,17 +175,17 @@ var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSy
211
175
  }
212
176
  // @ts-ignore
213
177
  case "RSA": {
214
- const x509 = args.meta?.x509;
215
- const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes("---") ? args.privateKeyHex : (0, import_ssi_sdk_ext2.hexToPEM)(args.privateKeyHex, "private"));
216
- const publicKeyJwk = (0, import_ssi_sdk_ext2.PEMToJwk)(privateKeyPEM, "public");
217
- const publicKeyPEM = (0, import_ssi_sdk_ext2.jwkToPEM)(publicKeyJwk, "public");
218
- const publicKeyHex = (0, import_ssi_sdk_ext2.PEMToHex)(publicKeyPEM);
178
+ const x509 = _optionalChain([args, 'access', _ => _.meta, 'optionalAccess', _2 => _2.x509]);
179
+ const privateKeyPEM = _nullishCoalesce(_optionalChain([x509, 'optionalAccess', _3 => _3.privateKeyPEM]), () => ( (args.privateKeyHex.includes("---") ? args.privateKeyHex : _ssisdkextx509utils.hexToPEM.call(void 0, args.privateKeyHex, "private"))));
180
+ const publicKeyJwk = _ssisdkextx509utils.PEMToJwk.call(void 0, privateKeyPEM, "public");
181
+ const publicKeyPEM = _ssisdkextx509utils.jwkToPEM.call(void 0, publicKeyJwk, "public");
182
+ const publicKeyHex = _ssisdkextx509utils.PEMToHex.call(void 0, publicKeyPEM);
219
183
  const meta = {};
220
184
  if (x509) {
221
185
  meta.x509 = {
222
- cn: x509.cn ?? args.alias ?? publicKeyHex
186
+ cn: _nullishCoalesce(_nullishCoalesce(x509.cn, () => ( args.alias)), () => ( publicKeyHex))
223
187
  };
224
- let certChain = x509.certificateChainPEM ?? "";
188
+ let certChain = _nullishCoalesce(x509.certificateChainPEM, () => ( ""));
225
189
  if (x509.certificatePEM) {
226
190
  if (!certChain.includes(x509.certificatePEM)) {
227
191
  certChain = `${x509.certificatePEM}
@@ -230,7 +194,7 @@ ${certChain}`;
230
194
  }
231
195
  if (certChain.length > 0) {
232
196
  meta.x509.certificateChainPEM = certChain;
233
- const x5c = (0, import_ssi_sdk_ext2.pemCertChainTox5c)(certChain);
197
+ const x5c = _ssisdkextx509utils.pemCertChainTox5c.call(void 0, certChain);
234
198
  if (!x509.certificateChainURL) {
235
199
  publicKeyJwk.x5c = x5c;
236
200
  }
@@ -243,7 +207,7 @@ ${certChain}`;
243
207
  }
244
208
  key = {
245
209
  type: args.type,
246
- kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,
210
+ kid: _nullishCoalesce(_nullishCoalesce(args.alias, () => ( _optionalChain([meta, 'optionalAccess', _4 => _4.x509, 'optionalAccess', _5 => _5.cn]))), () => ( publicKeyHex)),
247
211
  publicKeyHex,
248
212
  meta: {
249
213
  ...meta,
@@ -269,8 +233,8 @@ ${certChain}`;
269
233
  * @returns a base64url encoded signature for the `RS256` alg
270
234
  */
271
235
  async signRSA(privateKey, data, signingAlgorithm) {
272
- const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
273
- const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(privateKey.privateKeyHex, "private"), "private"), {
236
+ const { hashAlgorithm, scheme } = _ssisdkextx509utils.signAlgorithmToSchemeAndHashAlg.call(void 0, signingAlgorithm);
237
+ const signer = new (0, _ssisdkextx509utils.RSASigner)(_ssisdkextx509utils.PEMToJwk.call(void 0, _ssisdkextx509utils.hexToPEM.call(void 0, privateKey.privateKeyHex, "private"), "private"), {
274
238
  hashAlgorithm,
275
239
  scheme
276
240
  });
@@ -278,8 +242,8 @@ ${certChain}`;
278
242
  return signature;
279
243
  }
280
244
  async verifyRSA(publicKeyHex, data, signingAlgorithm, signature) {
281
- const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
282
- const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(publicKeyHex, "public"), "public"), {
245
+ const { hashAlgorithm, scheme } = _ssisdkextx509utils.signAlgorithmToSchemeAndHashAlg.call(void 0, signingAlgorithm);
246
+ const signer = new (0, _ssisdkextx509utils.RSASigner)(_ssisdkextx509utils.PEMToJwk.call(void 0, _ssisdkextx509utils.hexToPEM.call(void 0, publicKeyHex, "public"), "public"), {
283
247
  hashAlgorithm,
284
248
  scheme
285
249
  });
@@ -291,9 +255,13 @@ ${certChain}`;
291
255
  };
292
256
 
293
257
  // src/index.ts
294
- __reExport(index_exports, require("@veramo/kms-local"), module.exports);
258
+
295
259
  var KeyType = /* @__PURE__ */ function(KeyType2) {
296
260
  KeyType2["Bls12381G2"] = "Bls12381G2";
297
261
  return KeyType2;
298
262
  }({});
263
+
264
+
265
+
266
+ exports.KeyType = KeyType; exports.SphereonKeyManagementSystem = SphereonKeyManagementSystem;
299
267
  //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/SphereonKeyManagementSystem.ts"],"sourcesContent":["import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n","import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\nimport { KeyType, ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA' &&\n (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')\n ) {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`)\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be DSA etc\n algorithms: ['RS256', 'RS512', 'PS256', 'PS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA;;;;;;;;ACHA,yBAA+E;AAI/E,uBAAoC;AACpC,mBAAkB;AAClB,sBAAqB;AAErB,yBAA2B;AAE3B,IAAAA,sBAQO;AAEP,IAAMC,YAAQC,aAAAA,SAAM,oBAAA;AAEb,IAAMC,8BAAN,cAA0CC,qCAAAA;EAtBjD,OAsBiDA;;;EAC9BC;EAEjBC,YAAYC,UAAmC;AAC7C,UAAMA,QAAAA;AACN,SAAKF,kBAAkBE;EACzB;EAEA,MAAMC,UAAUC,MAA+F;AAC7G,YAAQA,KAAKC,MAAI;MACf,KAAKC,QAAQC,WAAWC,SAAQ;AAC9B,YAAI,CAACJ,KAAKK,iBAAiB,CAACL,KAAKM,cAAc;AAC7C,gBAAM,IAAIC,MAAM,qFAAA;QAClB;AACA,cAAMC,aAAa,KAAKC,yBAAyB;UAC/C,GAAGT;UACHU,OAAOV,KAAKW;UACZN,eAAeL,KAAKK;UACpBC,cAAcN,KAAKM;UACnBL,MAAMD,KAAKC;QACb,CAAA;AACA,cAAM,KAAKL,gBAAgBgB,OAAO;UAAEF,OAAOF,WAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,WAAWP,MAAMO,WAAWF,YAAY;AAC9D,eAAOE;MAET,KAAK;MACL,KAAK;;MAEL,KAAK,OAAO;AACV,YAAI,CAACR,KAAKK,iBAAiB,CAACL,KAAKa,eAAe;AAC9C,gBAAM,IAAIN,MAAM,kGAAA;QAClB;AACA,cAAMC,cAAa,KAAKC,yBAAyB;UAAEC,OAAOV,KAAKW;UAAK,GAAGX;QAAK,CAAA;AAC5E,cAAM,KAAKJ,gBAAgBgB,OAAO;UAAEF,OAAOF,YAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,YAAWP,MAAMO,YAAWF,YAAY;AAC9D,eAAOE;MACT;MACA;AACE,eAAO,MAAM,MAAMT,UAAUC,IAAAA;IACjC;EACF;EAEA,MAAMc,UAAU,EAAEb,KAAI,GAAiD;AACrE,QAAIc;AAEJ,YAAQd,MAAAA;MACN,KAAKC,QAAQC,YAAY;AACvB,cAAMI,MACJ,mLAAA;MAaJ;;MAGA,KAAK,OAAO;AACV,cAAMF,gBAAgB,UAAMW,0CAAsBf,IAAAA;AAClDc,cAAM,MAAM,KAAKhB,UAAU;UACzBE;UACAI;QACF,CAAA;AACA;MACF;MACA;AACEU,cAAM,MAAM,MAAMD,UAAU;UAAEb;QAAK,CAAA;IACvC;AAEAT,UAAM,eAAeS,MAAMc,IAAIT,YAAY;AAE3C,WAAOS;EACT;EAEA,MAAME,KAAK,EAAEC,QAAQC,WAAWC,KAAI,GAA0F;AAC5H,QAAIC;AACJ,QAAI;AACFA,mBAAa,MAAM,KAAKzB,gBAAgB0B,IAAI;QAAEZ,OAAOQ,OAAOP;MAAI,CAAA;IAClE,SAASY,GAAG;AACV,YAAM,IAAIhB,MAAM,6CAA6CW,OAAOP,GAAG,EAAE;IAC3E;AAEA,QAAIU,WAAWpB,SAASC,QAAQC,YAAY;AAC1C,YAAMI,MACJ,mLAAA;IAgBJ;;MAEEc,WAAWpB,SAAS,UACnB,OAAOkB,cAAc,eAAeA,cAAc,WAAWA,cAAc,WAAWA,cAAc,WAAWA,cAAc;MAC9H;AACA,aAAO,MAAM,KAAKK,QAAQH,YAAYD,MAAMD,aAAa,OAAA;IAC3D,OAAO;AACL,aAAO,MAAM,MAAMF,KAAK;QAAEC;QAAQC;QAAWC;MAAK,CAAA;IACpD;AACA,UAAMb,MAAM,gDAAgDc,WAAWpB,IAAI,EAAE;EAC/E;EAEA,MAAMwB,OAAO,EACXnB,cACAL,MACAkB,WACAC,MACAM,UAAS,GAOU;AACnB,QAAIzB,SAAS,OAAO;AAClB,aAAO,MAAM,KAAK0B,UAAUrB,cAAcc,MAAMD,aAAa,SAASO,SAAAA;IACxE;AACA,UAAMnB,MAAM,yCAAyCN,IAAAA,EAAM;EAC7D;EAEQQ,yBAAyBT,MAA0C;AACzE,QAAIe;AACJ,YAAQf,KAAKC,MAAI;MACf,KAAKC,QAAQC;AACXY,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASV,KAAKM;UACxBA,cAAcN,KAAKM;UACnBsB,MAAM;YACJC,YAAY;cAAC;;UACf;QACF;AACA;MACF,KAAK,aAAa;AAChB,cAAMC,mBAAeC,+BAAW/B,KAAKK,cAAc2B,YAAW,GAAI,QAAA;AAClE,cAAMC,YAAY,IAAIC,gBAAAA,QAASC,GAAG,WAAA;AAClC,cAAMC,UAAUH,UAAUI,eAAeP,cAAc,KAAA;AACvD,cAAMxB,eAAe8B,QAAQE,UAAU,MAAM,KAAA;AAC7CvB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAsB,MAAM;YACJW,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMpC,cAAc,WAAA;YAAa,CAAA;YAC9EuB,YAAY;cAAC;cAAU;cAAY;cAAuB;cAAqB;cAAmB;;UACpG;QACF;AACA;MACF;MACA,KAAK,aAAa;AAChB,cAAMC,mBAAeC,+BAAW/B,KAAKK,cAAc2B,YAAW,GAAI,QAAA;AAClE,cAAMW,YAAY,IAAIT,gBAAAA,QAASC,GAAG,MAAA;AAClC,cAAMC,UAAUO,UAAUN,eAAeP,cAAc,KAAA;AACvD,cAAMxB,eAAe8B,QAAQE,UAAU,MAAM,KAAA;AAC7CvB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAsB,MAAM;YACJW,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMpC,cAAc,WAAA;YAAa,CAAA;YAC9EuB,YAAY;cAAC;;UACf;QACF;AACA;MACF;;MAEA,KAAK,OAAO;AACV,cAAMe,OAAO5C,KAAK4B,MAAMgB;AACxB,cAAM/B,gBACJ+B,MAAM/B,kBAAkBb,KAAKK,cAAcwC,SAAS,KAAA,IAAS7C,KAAKK,oBAAgByC,8BAAS9C,KAAKK,eAAe,SAAA;AACjH,cAAM0C,mBAAeC,8BAASnC,eAAe,QAAA;AAC7C,cAAMoC,mBAAeC,8BAASH,cAAc,QAAA;AAC5C,cAAMzC,mBAAe6C,8BAASF,YAAAA;AAE9B,cAAMrB,OAAO,CAAC;AACd,YAAIgB,MAAM;AACRhB,eAAKgB,OAAO;YACVQ,IAAIR,KAAKQ,MAAMpD,KAAKU,SAASJ;UAC/B;AACA,cAAI+C,YAAoBT,KAAKU,uBAAuB;AACpD,cAAIV,KAAKW,gBAAgB;AACvB,gBAAI,CAACF,UAAUR,SAASD,KAAKW,cAAc,GAAG;AAC5CF,0BAAY,GAAGT,KAAKW,cAAc;EAAKF,SAAAA;YACzC;UACF;AACA,cAAIA,UAAUG,SAAS,GAAG;AACxB5B,iBAAKgB,KAAKU,sBAAsBD;AAChC,kBAAMI,UAAMC,uCAAkBL,SAAAA;AAC9B,gBAAI,CAACT,KAAKe,qBAAqB;AAG7BZ,2BAAaU,MAAMA;YACrB;AACA7B,iBAAKgB,KAAKa,MAAMA;UAClB;AACA,cAAIb,KAAKe,qBAAqB;AAE5BZ,yBAAaa,MAAMhB,KAAKe;AACxB/B,iBAAKgB,KAAKgB,MAAMhB,KAAKe;UACvB;QACF;AAEA5C,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASkB,MAAMgB,MAAMQ,MAAM9C;UACrCA;UACAsB,MAAM;YACJ,GAAGA;;YAEHC,YAAY;cAAC;cAAS;cAAS;cAAS;;YACxCkB;YACAE;UACF;QACF;AACA;MACF;MAEA;AACE,cAAM1C,MAAM,4CAA4CP,KAAKC,IAAI;IACrE;AACA,WAAOc;EACT;;;;EAKA,MAAcS,QAAQH,YAA+BD,MAAkByC,kBAA2C;AAChH,UAAM,EAAEC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAASzB,WAAWhB,eAAe,SAAA,GAAY,SAAA,GAAY;MAAEyD;MAAeC;IAAO,CAAA;AACzH,UAAMrC,YAAY,MAAMuC,OAAOhD,KAAKG,IAAAA;AACpC,WAAOM;EACT;EAEA,MAAcC,UAAUrB,cAAsBc,MAAkByC,kBAA0BnC,WAAmB;AAC3G,UAAM,EAAEoC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAASxC,cAAc,QAAA,GAAW,QAAA,GAAW;MAAEwD;MAAeC;IAAO,CAAA;AAC3G,WAAO,MAAME,OAAOxC,OAAOL,MAAMM,SAAAA;EACnC;EAEA,MAAayC,WAA2C;AACtD,YAAQ,MAAM,KAAKvE,gBAAgBwE,KAAK,CAAC,CAAA,GAAIC,IAAI,CAAChD,eAAkC,KAAKZ,yBAAyBY,UAAAA,CAAAA;EACpH;AACF;;;ADrRA,0BAAc,8BAFd;AAgBO,IAAKiD,UAAAA,yBAAAA,UAAAA;;SAAAA;;","names":["import_ssi_sdk_ext","debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signRSA","verify","signature","verifyRSA","meta","algorithms","privateBytes","fromString","toLowerCase","secp256k1","elliptic","ec","keyPair","keyFromPrivate","getPublic","jwkThumbprint","calculateJwkThumbprint","jwk","toJwk","secp256r1","x509","includes","hexToPEM","publicKeyJwk","PEMToJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","x5c","pemCertChainTox5c","certificateChainURL","x5u","signingAlgorithm","hashAlgorithm","scheme","signAlgorithmToSchemeAndHashAlg","signer","RSASigner","listKeys","list","map","KeyType"]}
1
+ {"version":3,"sources":["/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-local/dist/index.cjs","../src/SphereonKeyManagementSystem.ts","../src/index.ts"],"names":["debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signature","x509","includes","publicKeyPEM","certChain","x5c","certificateChainURL","meta","publicKeyJwk","signingAlgorithm","hashAlgorithm","scheme"],"mappings":"AAAA,6iCAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;AACxF;AACA;ACHA,oEAA+E;AAI/E,2EAAoC;AACpC,4EAAkB;AAClB,wFAAqB;AAErB,qDAA2B;AAE3B,sEAQO;AAEP,IAAMA,MAAAA,EAAQC,6BAAAA,oBAAM,CAAA;AAEb,IAAMC,4BAAAA,EAAN,MAAA,QAA0CC,8BAAAA;ADVjD,ECZA,OAsBiDA;ADTjD,IAAI,MAAM,CAAC,IAAI,EAAE,6BAA6B,CAAC;AAC/C,EAAE;AACF,ECQmBC;ADPnB,ECSEC,WAAAA,CAAYC,QAAAA,EAAmC;AAC7C,IAAA,KAAA,CAAMA,QAAAA,CAAAA;AACN,IAAA,IAAA,CAAKF,gBAAAA,EAAkBE,QAAAA;ADR3B,ECSE;ADRF,ECUE,MAAMC,SAAAA,CAAUC,IAAAA,EAA+F;AAC7G,IAAA,OAAA,CAAQA,IAAAA,CAAKC,IAAAA,EAAI;ADTrB,MCUM,KAAKC,OAAAA,CAAQC,UAAAA,CAAWC,QAAAA,CAAQ,CAAA;AAC9B,QAAA,GAAA,CAAI,CAACJ,IAAAA,CAAKK,cAAAA,GAAiB,CAACL,IAAAA,CAAKM,YAAAA,EAAc;AAC7C,UAAA,MAAM,IAAIC,KAAAA,CAAM,qFAAA,CAAA;ADT1B,QCUQ;AACA,QAAA,MAAMC,WAAAA,EAAa,IAAA,CAAKC,wBAAAA,CAAyB;ADTzD,UCUU,GAAGT,IAAAA;ADTb,UCUUU,KAAAA,EAAOV,IAAAA,CAAKW,GAAAA;ADTtB,UCUUN,aAAAA,EAAeL,IAAAA,CAAKK,aAAAA;ADT9B,UCUUC,YAAAA,EAAcN,IAAAA,CAAKM,YAAAA;ADT7B,UCUUL,IAAAA,EAAMD,IAAAA,CAAKC;ADTrB,QCUQ,CAAA,CAAA;AACA,QAAA,MAAM,IAAA,CAAKL,eAAAA,CAAgBgB,MAAAA,CAAO;ADT1C,UCS4CF,KAAAA,EAAOF,UAAAA,CAAWG,GAAAA;ADR9D,UCQmE,GAAGX;ADPtE,QCO2E,CAAA,CAAA;AACnER,QAAAA,KAAAA,CAAM,cAAA,EAAgBgB,UAAAA,CAAWP,IAAAA,EAAMO,UAAAA,CAAWF,YAAY,CAAA;AAC9D,QAAA,OAAOE,UAAAA;ADNf,MCQM,KAAK,WAAA;ADPX,MCQM,KAAK,WAAA;ADPX;AACA,MCQM,KAAK,KAAA,EAAO;AACV,QAAA,GAAA,CAAI,CAACR,IAAAA,CAAKK,cAAAA,GAAiB,CAACL,IAAAA,CAAKa,aAAAA,EAAe;AAC9C,UAAA,MAAM,IAAIN,KAAAA,CAAM,kGAAA,CAAA;ADP1B,QCQQ;AACA,QAAA,MAAMC,YAAAA,EAAa,IAAA,CAAKC,wBAAAA,CAAyB;ADPzD,UCO2DC,KAAAA,EAAOV,IAAAA,CAAKW,GAAAA;ADNvE,UCM4E,GAAGX;ADL/E,QCKoF,CAAA,CAAA;AAC5E,QAAA,MAAM,IAAA,CAAKJ,eAAAA,CAAgBgB,MAAAA,CAAO;ADJ1C,UCI4CF,KAAAA,EAAOF,WAAAA,CAAWG,GAAAA;ADH9D,UCGmE,GAAGX;ADFtE,QCE2E,CAAA,CAAA;AACnER,QAAAA,KAAAA,CAAM,cAAA,EAAgBgB,WAAAA,CAAWP,IAAAA,EAAMO,WAAAA,CAAWF,YAAY,CAAA;AAC9D,QAAA,OAAOE,WAAAA;ADDf,MCEM;ADDN,MCEM,OAAA;AACE,QAAA,OAAO,MAAM,KAAA,CAAMT,SAAAA,CAAUC,IAAAA,CAAAA;ADDrC,ICEI;ADDJ,ECEE;ADDF,ECGE,MAAMc,SAAAA,CAAU,EAAEb,KAAI,CAAA,EAAiD;AACrE,IAAA,IAAIc,GAAAA;AAEJ,IAAA,OAAA,CAAQd,IAAAA,EAAAA;ADHZ,MCIM,KAAKC,OAAAA,CAAQC,UAAAA,EAAY;AACvB,QAAA,MAAMI,KAAAA,CACJ,mLAAA,CAAA;ADJV,MCiBM;ADhBN;AACA,MCkBM,KAAK,KAAA,EAAO;AACV,QAAA,MAAMF,cAAAA,EAAgB,MAAMW,sDAAAA,IAAsBf,CAAAA;AAClDc,QAAAA,IAAAA,EAAM,MAAM,IAAA,CAAKhB,SAAAA,CAAU;ADjBnC,UCkBUE,IAAAA;ADjBV,UCkBUI;ADjBV,QCkBQ,CAAA,CAAA;AACA,QAAA,KAAA;ADjBR,MCkBM;ADjBN,MCkBM,OAAA;AACEU,QAAAA,IAAAA,EAAM,MAAM,KAAA,CAAMD,SAAAA,CAAU;ADjBpC,UCiBsCb;ADhBtC,QCgB2C,CAAA,CAAA;ADf3C,ICgBI;AAEAT,IAAAA,KAAAA,CAAM,aAAA,EAAeS,IAAAA,EAAMc,GAAAA,CAAIT,YAAY,CAAA;AAE3C,IAAA,OAAOS,GAAAA;ADjBX,ECkBE;ADjBF,ECmBE,MAAME,IAAAA,CAAK,EAAEC,MAAAA,EAAQC,SAAAA,EAAWC,KAAI,CAAA,EAA0F;AAC5H,IAAA,IAAIC,UAAAA;AACJ,IAAA,IAAI;AACFA,MAAAA,WAAAA,EAAa,MAAM,IAAA,CAAKzB,eAAAA,CAAgB0B,GAAAA,CAAI;ADlBlD,QCkBoDZ,KAAAA,EAAOQ,MAAAA,CAAOP;ADjBlE,MCiBsE,CAAA,CAAA;ADhBtE,ICiBI,EAAA,MAAA,CAASY,CAAAA,EAAG;AACV,MAAA,MAAM,IAAIhB,KAAAA,CAAM,CAAA,0CAAA,EAA6CW,MAAAA,CAAOP,GAAG,CAAA,CAAA;AACzE,IAAA;AAE4C,IAAA;AAExC,MAAA;AAgBJ,IAAA;ADjC0E;ACoCnCQ,MAAAA;AACrC,IAAA;AACyD,MAAA;AACpD,IAAA;AACmB,MAAA;AAAED,QAAAA;AAAQC,QAAAA;AAAWC,QAAAA;AAAK,MAAA;AACpD,IAAA;AACuEnB,IAAAA;AACzE,EAAA;AAcqB,EAAA;AACC,IAAA;AACoDuB,MAAAA;AACxE,IAAA;AAC2D,IAAA;AAC7D,EAAA;AAE2E,EAAA;AACrET,IAAAA;AACa,IAAA;AACFZ,MAAAA;AACL,QAAA;AACOF,UAAAA;AACaK,UAAAA;AACLA,UAAAA;AACb,UAAA;AACQ,YAAA;AAAC,cAAA;AD3CqD,YAAA;AC4CpE,UAAA;AACF,QAAA;AACA,QAAA;AACgB,MAAA;AACkD,QAAA;AAChC,QAAA;AACqB,QAAA;AACV,QAAA;AACvC,QAAA;AACOL,UAAAA;AACQK,UAAAA;AACnBA,UAAAA;AACM,UAAA;AACkC,YAAA;AAA2B,cAAA;AAAa,YAAA;AAClE,YAAA;AAAC,cAAA;AAAU,cAAA;AAAY,cAAA;AAAuB,cAAA;AAAqB,cAAA;AAAmB,cAAA;ADlChC,YAAA;ACmCpE,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AACkB,MAAA;AACkD,QAAA;AAChC,QAAA;AACqB,QAAA;AACV,QAAA;AACvC,QAAA;AACOL,UAAAA;AACQK,UAAAA;AACnBA,UAAAA;AACM,UAAA;AACkC,YAAA;AAA2B,cAAA;AAAa,YAAA;AAClE,YAAA;AAAC,cAAA;AD9BqD,YAAA;AC+BpE,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AD7BwE;AC+B5D,MAAA;AACcmB,QAAAA;AAEqBC,QAAAA;AACA,QAAA;AACD,QAAA;AACdC,QAAAA;AAEhB,QAAA;AACJ,QAAA;AACI,UAAA;AACmBrB,YAAAA;AAC/B,UAAA;AACoD,UAAA;AAC3B,UAAA;AACuB,YAAA;AACV,cAAA;AAAKsB;AACzC,YAAA;AACF,UAAA;AAC0B,UAAA;AACQA,YAAAA;AACFA,YAAAA;AACC,YAAA;AAGVC,cAAAA;AACrB,YAAA;AACgBA,YAAAA;AAClB,UAAA;AAC8B,UAAA;AAEJC,YAAAA;AACHA,YAAAA;AACvB,UAAA;AACF,QAAA;AAEM,QAAA;AACO7B,UAAAA;AAC0BK,UAAAA;AACrCA,UAAAA;AACM,UAAA;AACDyB,YAAAA;ADlC+D;ACoCtD,YAAA;AAAC,cAAA;AAAS,cAAA;AAAS,cAAA;AAAS,cAAA;AD9B0B,YAAA;AC+BlEC,YAAAA;AACAL,YAAAA;AACF,UAAA;AACF,QAAA;AACA,QAAA;AACF,MAAA;AAEA,MAAA;AACmE,QAAA;AACrE,IAAA;AACOZ,IAAAA;AACT,EAAA;AD9B4E;AACA;AACA;ACiCsC,EAAA;AAC9CkB,IAAAA;AACO,IAAA;AAA0BC,MAAAA;AAAeC,MAAAA;AAAO,IAAA;AACrFf,IAAAA;AAC7BI,IAAAA;AACT,EAAA;AAE6G,EAAA;AACzCS,IAAAA;AACM,IAAA;AAAaC,MAAAA;AAAeC,MAAAA;AAAO,IAAA;AAC1EX,IAAAA;AACnC,EAAA;AAEwD,EAAA;AACmCf,IAAAA;AAC3F,EAAA;AACF;AD3B8E;AACA;AE3PhE;AAcFP;AFgPkE,EAAA;AEhPlEA,EAAAA;AFkPkE;AACA;AACA;AACA;AACA","file":"/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-local/dist/index.cjs","sourcesContent":[null,"import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\nimport { KeyType, ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA' &&\n (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')\n ) {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`)\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be DSA etc\n algorithms: ['RS256', 'RS512', 'PS256', 'PS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n","import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.kms-local",
3
3
  "description": "Sphereon Local Key Management System with support for BLS/BBS+, RSA keys",
4
- "version": "0.28.1-feature.esm.cjs.8+4c162d1",
4
+ "version": "0.28.1-feature.esm.cjs.9+71682ea",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -22,9 +22,9 @@
22
22
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
23
23
  },
24
24
  "dependencies": {
25
- "@sphereon/ssi-sdk-ext.did-utils": "^0.28.1-feature.esm.cjs.8+4c162d1",
26
- "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.8+4c162d1",
27
- "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.8+4c162d1",
25
+ "@sphereon/ssi-sdk-ext.did-utils": "^0.28.1-feature.esm.cjs.9+71682ea",
26
+ "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.9+71682ea",
27
+ "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.9+71682ea",
28
28
  "@trust/keyto": "2.0.0-alpha1",
29
29
  "@veramo/core": "4.2.0",
30
30
  "@veramo/key-manager": "4.2.0",
@@ -57,5 +57,5 @@
57
57
  "kms",
58
58
  "Veramo"
59
59
  ],
60
- "gitHead": "4c162d14577f462070adeea3e7ec5a443c324ee7"
60
+ "gitHead": "71682ea0c528f5b32c421245c253b3bc9d6296a0"
61
61
  }