@sphereon/ssi-sdk-ext.kms-local 0.28.1-feature.jose.vcdm.52 → 0.28.1-feature.oyd.cmsm.improv.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/{index.d.cts → SphereonKeyManagementSystem.d.ts} +3 -22
  2. package/dist/SphereonKeyManagementSystem.d.ts.map +1 -0
  3. package/dist/SphereonKeyManagementSystem.js +290 -0
  4. package/dist/SphereonKeyManagementSystem.js.map +1 -0
  5. package/dist/index.d.ts +6 -39
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +22 -267
  8. package/dist/index.js.map +1 -1
  9. package/dist/ssi-sdk-ext.kms-local.d.ts +2 -1
  10. package/package.json +12 -26
  11. package/src/SphereonKeyManagementSystem.ts +12 -17
  12. package/src/__tests__/key-management-system.test.ts +2 -3
  13. package/src/__tests__/rsa.test.ts +5 -6
  14. package/src/index.ts +2 -2
  15. package/dist/index.cjs +0 -302
  16. package/dist/index.cjs.map +0 -1
package/dist/{index.d.cts → SphereonKeyManagementSystem.d.ts} RENAMED
@@ -1,10 +1,7 @@
1
- import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils';
2
- import { MinimalImportableKey, ManagedKeyInfo, TKeyType, IKey, KeyMetadata } from '@veramo/core';
1
+ import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
3
2
  import { AbstractPrivateKeyStore } from '@veramo/key-manager';
4
3
  import { KeyManagementSystem } from '@veramo/kms-local';
5
- export * from '@veramo/kms-local';
6
-
7
- declare class SphereonKeyManagementSystem extends KeyManagementSystem {
4
+ export declare class SphereonKeyManagementSystem extends KeyManagementSystem {
8
5
  private readonly privateKeyStore;
9
6
  constructor(keyStore: AbstractPrivateKeyStore);
10
7
  importKey(args: Omit<MinimalImportableKey, 'kms'> & {
@@ -33,20 +30,4 @@ declare class SphereonKeyManagementSystem extends KeyManagementSystem {
33
30
  private verifyRSA;
34
31
  listKeys(): Promise<Array<ManagedKeyInfo>>;
35
32
  }
36
-
37
- interface ManagedKeyInfoArgs {
38
- alias?: string;
39
- type: TKeyType;
40
- privateKeyHex: string;
41
- publicKeyHex?: string;
42
- meta?: ManageKeyInfoMeta | undefined | null;
43
- }
44
- interface ManageKeyInfoMeta extends KeyMetadata {
45
- x509?: X509Opts;
46
- [x: string]: any;
47
- }
48
- declare enum KeyType {
49
- Bls12381G2 = "Bls12381G2"
50
- }
51
-
52
- export { KeyType, type ManageKeyInfoMeta, type ManagedKeyInfoArgs, SphereonKeyManagementSystem };
33
+ //# sourceMappingURL=SphereonKeyManagementSystem.d.ts.map
package/dist/SphereonKeyManagementSystem.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SphereonKeyManagementSystem.d.ts","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACnF,OAAO,EAAE,uBAAuB,EAAqB,MAAM,qBAAqB,CAAA;AAChF,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAiBvD,qBAAa,2BAA4B,SAAQ,mBAAmB;IAClE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;gBAE7C,QAAQ,EAAE,uBAAuB;IAKvC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAkCxG,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAuChE,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE;QAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAsCvH,MAAM,CAAC,EACX,YAAY,EACZ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,SAAS,GACV,EAAE;QACD,YAAY,EAAE,MAAM,CAAA;QACpB,IAAI,EAAE,QAAQ,CAAA;QACd,SAAS,CAAC,EAAE,MAAM,CAAA;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,SAAS,EAAE,MAAM,CAAA;KAClB,GAAG,OAAO,CAAC,OAAO,CAAC;IAOpB,OAAO,CAAC,wBAAwB;IAuGhC;;OAEG;YACW,OAAO;YAOP,SAAS;IAMV,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;CAGxD"}
package/dist/SphereonKeyManagementSystem.js ADDED
@@ -0,0 +1,290 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || function (mod) {
19
+ if (mod && mod.__esModule) return mod;
20
+ var result = {};
21
+ if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22
+ __setModuleDefault(result, mod);
23
+ return result;
24
+ };
25
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
26
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
27
+ return new (P || (P = Promise))(function (resolve, reject) {
28
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
29
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
30
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
31
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
32
+ });
33
+ };
34
+ var __importDefault = (this && this.__importDefault) || function (mod) {
35
+ return (mod && mod.__esModule) ? mod : { "default": mod };
36
+ };
37
+ Object.defineProperty(exports, "__esModule", { value: true });
38
+ exports.SphereonKeyManagementSystem = void 0;
39
+ const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
40
+ const kms_local_1 = require("@veramo/kms-local");
41
+ const debug_1 = __importDefault(require("debug"));
42
+ const elliptic_1 = __importDefault(require("elliptic"));
43
+ const u8a = __importStar(require("uint8arrays"));
44
+ const index_1 = require("./index");
45
+ const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
46
+ const debug = (0, debug_1.default)('sphereon:kms:local');
47
+ class SphereonKeyManagementSystem extends kms_local_1.KeyManagementSystem {
48
+ constructor(keyStore) {
49
+ super(keyStore);
50
+ this.privateKeyStore = keyStore;
51
+ }
52
+ importKey(args) {
53
+ const _super = Object.create(null, {
54
+ importKey: { get: () => super.importKey }
55
+ });
56
+ return __awaiter(this, void 0, void 0, function* () {
57
+ switch (args.type) {
58
+ case index_1.KeyType.Bls12381G2.toString():
59
+ if (!args.privateKeyHex || !args.publicKeyHex) {
60
+ throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key');
61
+ }
62
+ const managedKey = this.asSphereonManagedKeyInfo(Object.assign(Object.assign({}, args), { alias: args.kid, privateKeyHex: args.privateKeyHex, publicKeyHex: args.publicKeyHex, type: args.type }));
63
+ yield this.privateKeyStore.import(Object.assign({ alias: managedKey.kid }, args));
64
+ debug('imported key', managedKey.type, managedKey.publicKeyHex);
65
+ return managedKey;
66
+ case 'Secp256k1':
67
+ case 'Secp256r1':
68
+ // @ts-ignore
69
+ case 'RSA': {
70
+ if (!args.privateKeyHex && !args.privateKeyPEM) {
71
+ throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key');
72
+ }
73
+ const managedKey = this.asSphereonManagedKeyInfo(Object.assign({ alias: args.kid }, args));
74
+ yield this.privateKeyStore.import(Object.assign({ alias: managedKey.kid }, args));
75
+ debug('imported key', managedKey.type, managedKey.publicKeyHex);
76
+ return managedKey;
77
+ }
78
+ default:
79
+ return yield _super.importKey.call(this, args);
80
+ }
81
+ });
82
+ }
83
+ createKey(_a) {
84
+ const _super = Object.create(null, {
85
+ createKey: { get: () => super.createKey }
86
+ });
87
+ return __awaiter(this, arguments, void 0, function* ({ type }) {
88
+ let key;
89
+ switch (type) {
90
+ case index_1.KeyType.Bls12381G2: {
91
+ throw Error('BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures');
92
+ /*// @ts-ignore
93
+ const bbs = await import('@digitalbazaar/bbs-signatures')
94
+ const keyPairBls12381G2 = await bbs.generateKeyPair({
95
+ ciphersuite: 'BLS12-381-SHA-256'
96
+ })
97
+ key = await this.importKey({
98
+ type,
99
+ privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),
100
+ publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),
101
+ })
102
+ break*/
103
+ }
104
+ // @ts-ignore
105
+ case 'RSA': {
106
+ const privateKeyHex = yield (0, ssi_sdk_ext_key_utils_1.generatePrivateKeyHex)(type);
107
+ key = yield this.importKey({
108
+ type,
109
+ privateKeyHex,
110
+ });
111
+ break;
112
+ }
113
+ default:
114
+ key = yield _super.createKey.call(this, { type });
115
+ }
116
+ debug('Created key', type, key.publicKeyHex);
117
+ return key;
118
+ });
119
+ }
120
+ sign(_a) {
121
+ const _super = Object.create(null, {
122
+ sign: { get: () => super.sign }
123
+ });
124
+ return __awaiter(this, arguments, void 0, function* ({ keyRef, algorithm, data }) {
125
+ let privateKey;
126
+ try {
127
+ privateKey = yield this.privateKeyStore.get({ alias: keyRef.kid });
128
+ }
129
+ catch (e) {
130
+ throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`);
131
+ }
132
+ if (privateKey.type === index_1.KeyType.Bls12381G2) {
133
+ throw Error('BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures');
134
+ /*// @ts-ignore
135
+ const bbs = await import('@digitalbazaar/bbs-signatures')
136
+ if (!data || Array.isArray(data)) {
137
+ throw new Error('Data must be defined and cannot be an array')
138
+ }
139
+ const keyPair = {
140
+ keyPair: {
141
+ secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),
142
+ publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),
143
+ },
144
+ messages: [data],
145
+ }
146
+ const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});
147
+ return signature*/
148
+ }
149
+ else if (
150
+ // @ts-ignore
151
+ privateKey.type === 'RSA' &&
152
+ (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')) {
153
+ return yield this.signRSA(privateKey, data, algorithm !== null && algorithm !== void 0 ? algorithm : 'PS256');
154
+ }
155
+ else {
156
+ return yield _super.sign.call(this, { keyRef, algorithm, data });
157
+ }
158
+ throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`);
159
+ });
160
+ }
161
+ verify(_a) {
162
+ return __awaiter(this, arguments, void 0, function* ({ publicKeyHex, type, algorithm, data, signature, }) {
163
+ if (type === 'RSA') {
164
+ return yield this.verifyRSA(publicKeyHex, data, algorithm !== null && algorithm !== void 0 ? algorithm : 'PS256', signature);
165
+ }
166
+ throw Error(`KMS verify is not implemented yet for ${type}`);
167
+ });
168
+ }
169
+ asSphereonManagedKeyInfo(args) {
170
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
171
+ let key;
172
+ switch (args.type) {
173
+ case index_1.KeyType.Bls12381G2:
174
+ key = {
175
+ type: args.type,
176
+ kid: (_a = args.alias) !== null && _a !== void 0 ? _a : args.publicKeyHex,
177
+ publicKeyHex: args.publicKeyHex,
178
+ meta: {
179
+ algorithms: ['BLS'],
180
+ },
181
+ };
182
+ break;
183
+ case 'Secp256k1': {
184
+ const privateBytes = u8a.fromString(args.privateKeyHex.toLowerCase(), 'base16');
185
+ const secp256k1 = new elliptic_1.default.ec('secp256k1');
186
+ const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex');
187
+ const publicKeyHex = keyPair.getPublic(true, 'hex');
188
+ key = {
189
+ type: args.type,
190
+ kid: (_b = args.alias) !== null && _b !== void 0 ? _b : publicKeyHex,
191
+ publicKeyHex,
192
+ meta: {
193
+ jwkThumbprint: (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprint)({ jwk: (0, ssi_sdk_ext_key_utils_1.toJwk)(publicKeyHex, 'Secp256k1') }),
194
+ algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],
195
+ },
196
+ };
197
+ break;
198
+ }
199
+ case 'Secp256r1': {
200
+ const privateBytes = u8a.fromString(args.privateKeyHex.toLowerCase(), 'base16');
201
+ const secp256r1 = new elliptic_1.default.ec('p256');
202
+ const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex');
203
+ const publicKeyHex = keyPair.getPublic(true, 'hex');
204
+ key = {
205
+ type: args.type,
206
+ kid: (_c = args.alias) !== null && _c !== void 0 ? _c : publicKeyHex,
207
+ publicKeyHex,
208
+ meta: {
209
+ jwkThumbprint: (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprint)({ jwk: (0, ssi_sdk_ext_key_utils_1.toJwk)(publicKeyHex, 'Secp256r1') }),
210
+ algorithms: ['ES256'],
211
+ },
212
+ };
213
+ break;
214
+ }
215
+ // @ts-ignore
216
+ case 'RSA': {
217
+ const x509 = (_d = args.meta) === null || _d === void 0 ? void 0 : _d.x509;
218
+ const privateKeyPEM = (_e = x509 === null || x509 === void 0 ? void 0 : x509.privateKeyPEM) !== null && _e !== void 0 ? _e : (args.privateKeyHex.includes('---') ? args.privateKeyHex : (0, ssi_sdk_ext_x509_utils_1.hexToPEM)(args.privateKeyHex, 'private')); // In case we have x509 opts, the private key hex really was a PEM already (yuck)
219
+ const publicKeyJwk = (0, ssi_sdk_ext_x509_utils_1.PEMToJwk)(privateKeyPEM, 'public');
220
+ const publicKeyPEM = (0, ssi_sdk_ext_x509_utils_1.jwkToPEM)(publicKeyJwk, 'public');
221
+ const publicKeyHex = (0, ssi_sdk_ext_x509_utils_1.PEMToHex)(publicKeyPEM);
222
+ const meta = {};
223
+ if (x509) {
224
+ meta.x509 = {
225
+ cn: (_g = (_f = x509.cn) !== null && _f !== void 0 ? _f : args.alias) !== null && _g !== void 0 ? _g : publicKeyHex,
226
+ };
227
+ let certChain = (_h = x509.certificateChainPEM) !== null && _h !== void 0 ? _h : '';
228
+ if (x509.certificatePEM) {
229
+ if (!certChain.includes(x509.certificatePEM)) {
230
+ certChain = `${x509.certificatePEM}\n${certChain}`;
231
+ }
232
+ }
233
+ if (certChain.length > 0) {
234
+ meta.x509.certificateChainPEM = certChain;
235
+ const x5c = (0, ssi_sdk_ext_x509_utils_1.pemCertChainTox5c)(certChain);
236
+ if (!x509.certificateChainURL) {
237
+ // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata
238
+ // @ts-ignore
239
+ publicKeyJwk.x5c = x5c;
240
+ }
241
+ meta.x509.x5c = x5c;
242
+ }
243
+ if (x509.certificateChainURL) {
244
+ // @ts-ignore
245
+ publicKeyJwk.x5u = x509.certificateChainURL;
246
+ meta.x509.x5u = x509.certificateChainURL;
247
+ }
248
+ }
249
+ key = {
250
+ type: args.type,
251
+ kid: (_l = (_j = args.alias) !== null && _j !== void 0 ? _j : (_k = meta === null || meta === void 0 ? void 0 : meta.x509) === null || _k === void 0 ? void 0 : _k.cn) !== null && _l !== void 0 ? _l : publicKeyHex,
252
+ publicKeyHex,
253
+ meta: Object.assign(Object.assign({}, meta), {
254
+ // todo: could als be DSA etc
255
+ algorithms: ['RS256', 'RS512', 'PS256', 'PS512'], publicKeyJwk,
256
+ publicKeyPEM }),
257
+ };
258
+ break;
259
+ }
260
+ default:
261
+ throw Error('not_supported: Key type not supported: ' + args.type);
262
+ }
263
+ return key;
264
+ }
265
+ /**
266
+ * @returns a base64url encoded signature for the `RS256` alg
267
+ */
268
+ signRSA(privateKey, data, signingAlgorithm) {
269
+ return __awaiter(this, void 0, void 0, function* () {
270
+ const { hashAlgorithm, scheme } = (0, ssi_sdk_ext_x509_utils_1.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
271
+ const signer = new ssi_sdk_ext_x509_utils_1.RSASigner((0, ssi_sdk_ext_x509_utils_1.PEMToJwk)((0, ssi_sdk_ext_x509_utils_1.hexToPEM)(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme });
272
+ const signature = yield signer.sign(data);
273
+ return signature;
274
+ });
275
+ }
276
+ verifyRSA(publicKeyHex, data, signingAlgorithm, signature) {
277
+ return __awaiter(this, void 0, void 0, function* () {
278
+ const { hashAlgorithm, scheme } = (0, ssi_sdk_ext_x509_utils_1.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
279
+ const signer = new ssi_sdk_ext_x509_utils_1.RSASigner((0, ssi_sdk_ext_x509_utils_1.PEMToJwk)((0, ssi_sdk_ext_x509_utils_1.hexToPEM)(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme });
280
+ return yield signer.verify(data, signature);
281
+ });
282
+ }
283
+ listKeys() {
284
+ return __awaiter(this, void 0, void 0, function* () {
285
+ return (yield this.privateKeyStore.list({})).map((privateKey) => this.asSphereonManagedKeyInfo(privateKey));
286
+ });
287
+ }
288
+ }
289
+ exports.SphereonKeyManagementSystem = SphereonKeyManagementSystem;
290
+ //# sourceMappingURL=SphereonKeyManagementSystem.js.map
package/dist/SphereonKeyManagementSystem.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"SphereonKeyManagementSystem.js","sourceRoot":"","sources":["../src/SphereonKeyManagementSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2EAAgH;AAIhH,iDAAuD;AACvD,kDAAyB;AACzB,wDAA+B;AAC/B,iDAAkC;AAClC,mCAAqD;AACrD,6EAQyC;AAEzC,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,oBAAoB,CAAC,CAAA;AAEzC,MAAa,2BAA4B,SAAQ,+BAAmB;IAGlE,YAAY,QAAiC;QAC3C,KAAK,CAAC,QAAQ,CAAC,CAAA;QACf,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAA;IACjC,CAAC;IAEK,SAAS,CAAC,IAAoE;;;;;YAClF,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;gBAClB,KAAK,eAAO,CAAC,UAAU,CAAC,QAAQ,EAAE;oBAChC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;wBAC9C,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;oBACxG,CAAC;oBACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,iCAC3C,IAAI,KACP,KAAK,EAAE,IAAI,CAAC,GAAG,EACf,aAAa,EAAE,IAAI,CAAC,aAAa,EACjC,YAAY,EAAE,IAAI,CAAC,YAAY,EAC/B,IAAI,EAAE,IAAI,CAAC,IAAI,IACf,CAAA;oBACF,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,iBAAG,KAAK,EAAE,UAAU,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBACrE,KAAK,CAAC,cAAc,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,CAAA;oBAC/D,OAAO,UAAU,CAAA;gBAEnB,KAAK,WAAW,CAAC;gBACjB,KAAK,WAAW,CAAC;gBACjB,aAAa;gBACb,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;wBAC/C,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAA;oBACrH,CAAC;oBACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,iBAAG,KAAK,EAAE,IAAI,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBAC9E,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,iBAAG,KAAK,EAAE,UAAU,CAAC,GAAG,IAAK,IAAI,EAAG,CAAA;oBACrE,KAAK,CAAC,cAAc,EAAE,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,CAAA;oBAC/D,OAAO,UAAU,CAAA;gBACnB,CAAC;gBACD;oBACE,OAAO,MAAM,OAAM,SAAS,YAAC,IAAI,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;KAAA;IAEK,SAAS;;;;6DAAC,EAAE,IAAI,EAAsB;YAC1C,IAAI,GAAmB,CAAA;YAEvB,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,eAAO,CAAC,UAAU,CAAC,CAAC,CAAC;oBACxB,MAAM,KAAK,CACT,mLAAmL,CACpL,CAAA;oBACD;;;;;;;;;;2BAUO;gBACT,CAAC;gBAED,aAAa;gBACb,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,MAAM,aAAa,GAAG,MAAM,IAAA,6CAAqB,EAAC,IAAI,CAAC,CAAA;oBACvD,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC;wBACzB,IAAI;wBACJ,aAAa;qBACd,CAAC,CAAA;oBACF,MAAK;gBACP,CAAC;gBACD;oBACE,GAAG,GAAG,MAAM,OAAM,SAAS,YAAC,EAAE,IAAI,EAAE,CAAC,CAAA;YACzC,CAAC;YAED,KAAK,CAAC,aAAa,EAAE,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;YAE5C,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAEK,IAAI;;;;6DAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAuE;YACzG,IAAI,UAA6B,CAAA;YACjC,IAAI,CAAC;gBACH,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;YACpE,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,6CAA6C,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;YAC5E,CAAC;YAED,IAAI,UAAU,CAAC,IAAI,KAAK,eAAO,CAAC,UAAU,EAAE,CAAC;gBAC3C,MAAM,KAAK,CACT,mLAAmL,CACpL,CAAA;gBACD;;;;;;;;;;;;;kCAakB;YACpB,CAAC;iBAAM;YACL,aAAa;YACb,UAAU,CAAC,IAAI,KAAK,KAAK;gBACzB,CAAC,OAAO,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,OAAO,CAAC,EACtI,CAAC;gBACD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,OAAO,CAAC,CAAA;YACnE,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,OAAM,IAAI,YAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;YACtD,CAAC;YACD,MAAM,KAAK,CAAC,gDAAgD,UAAU,CAAC,IAAI,EAAE,CAAC,CAAA;QAChF,CAAC;KAAA;IAEK,MAAM;6DAAC,EACX,YAAY,EACZ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,SAAS,GAOV;YACC,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;gBACnB,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,OAAO,EAAE,SAAS,CAAC,CAAA;YAClF,CAAC;YACD,MAAM,KAAK,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAA;QAC9D,CAAC;KAAA;IAEO,wBAAwB,CAAC,IAAwB;;QACvD,IAAI,GAA4B,CAAA;QAChC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,eAAO,CAAC,UAAU;gBACrB,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,MAAA,IAAI,CAAC,KAAK,mCAAI,IAAI,CAAC,YAAY;oBACpC,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,IAAI,EAAE;wBACJ,UAAU,EAAE,CAAC,KAAK,CAAC;qBACpB;iBACF,CAAA;gBACD,MAAK;YACP,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,EAAE,QAAQ,CAAC,CAAA;gBAC/E,MAAM,SAAS,GAAG,IAAI,kBAAQ,CAAC,EAAE,CAAC,WAAW,CAAC,CAAA;gBAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,cAAc,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;gBAC7D,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;gBACnD,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,MAAA,IAAI,CAAC,KAAK,mCAAI,YAAY;oBAC/B,YAAY;oBACZ,IAAI,EAAE;wBACJ,aAAa,EAAE,IAAA,8CAAsB,EAAC,EAAE,GAAG,EAAE,IAAA,6BAAK,EAAC,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;wBAChF,UAAU,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,aAAa,CAAC;qBACjH;iBACF,CAAA;gBACD,MAAK;YACP,CAAC;YACD,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,MAAM,YAAY,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,EAAE,QAAQ,CAAC,CAAA;gBAC/E,MAAM,SAAS,GAAG,IAAI,kBAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,CAAA;gBACzC,MAAM,OAAO,GAAG,SAAS,CAAC,cAAc,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;gBAC7D,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;gBACnD,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,MAAA,IAAI,CAAC,KAAK,mCAAI,YAAY;oBAC/B,YAAY;oBACZ,IAAI,EAAE;wBACJ,aAAa,EAAE,IAAA,8CAAsB,EAAC,EAAE,GAAG,EAAE,IAAA,6BAAK,EAAC,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;wBAChF,UAAU,EAAE,CAAC,OAAO,CAAC;qBACtB;iBACF,CAAA;gBACD,MAAK;YACP,CAAC;YACD,aAAa;YACb,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,MAAM,IAAI,GAAG,MAAA,IAAI,CAAC,IAAI,0CAAE,IAAgB,CAAA;gBACxC,MAAM,aAAa,GACjB,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAA,iCAAQ,EAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,CAAA,CAAC,iFAAiF;gBAC9M,MAAM,YAAY,GAAG,IAAA,iCAAQ,EAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;gBACtD,MAAM,YAAY,GAAG,IAAA,iCAAQ,EAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;gBACrD,MAAM,YAAY,GAAG,IAAA,iCAAQ,EAAC,YAAY,CAAC,CAAA;gBAE3C,MAAM,IAAI,GAAG,EAAS,CAAA;gBACtB,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG;wBACV,EAAE,EAAE,MAAA,MAAA,IAAI,CAAC,EAAE,mCAAI,IAAI,CAAC,KAAK,mCAAI,YAAY;qBAC1C,CAAA;oBACD,IAAI,SAAS,GAAW,MAAA,IAAI,CAAC,mBAAmB,mCAAI,EAAE,CAAA;oBACtD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;wBACxB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;4BAC7C,SAAS,GAAG,GAAG,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAA;wBACpD,CAAC;oBACH,CAAC;oBACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACzB,IAAI,CAAC,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAA;wBACzC,MAAM,GAAG,GAAG,IAAA,0CAAiB,EAAC,SAAS,CAAC,CAAA;wBACxC,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;4BAC9B,8FAA8F;4BAC9F,aAAa;4BACb,YAAY,CAAC,GAAG,GAAG,GAAG,CAAA;wBACxB,CAAC;wBACD,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;oBACrB,CAAC;oBACD,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;wBAC7B,aAAa;wBACb,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAA;wBAC3C,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,mBAAmB,CAAA;oBAC1C,CAAC;gBACH,CAAC;gBAED,GAAG,GAAG;oBACJ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,GAAG,EAAE,MAAA,MAAA,IAAI,CAAC,KAAK,mCAAI,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,0CAAE,EAAE,mCAAI,YAAY;oBACjD,YAAY;oBACZ,IAAI,kCACC,IAAI;wBACP,6BAA6B;wBAC7B,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAChD,YAAY;wBACZ,YAAY,GACb;iBACF,CAAA;gBACD,MAAK;YACP,CAAC;YAED;gBACE,MAAM,KAAK,CAAC,yCAAyC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;QACtE,CAAC;QACD,OAAO,GAAqB,CAAA;IAC9B,CAAC;IAED;;OAEG;IACW,OAAO,CAAC,UAA6B,EAAE,IAAgB,EAAE,gBAAwB;;YAC7F,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,IAAA,wDAA+B,EAAC,gBAAgB,CAAC,CAAA;YACnF,MAAM,MAAM,GAAG,IAAI,kCAAS,CAAC,IAAA,iCAAQ,EAAC,IAAA,iCAAQ,EAAC,UAAU,CAAC,aAAa,EAAE,SAAS,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAA;YAC3H,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACzC,OAAO,SAAmB,CAAA;QAC5B,CAAC;KAAA;IAEa,SAAS,CAAC,YAAoB,EAAE,IAAgB,EAAE,gBAAwB,EAAE,SAAiB;;YACzG,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,IAAA,wDAA+B,EAAC,gBAAgB,CAAC,CAAA;YACnF,MAAM,MAAM,GAAG,IAAI,kCAAS,CAAC,IAAA,iCAAQ,EAAC,IAAA,iCAAQ,EAAC,YAAY,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAA;YAC7G,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;QAC7C,CAAC;KAAA;IAEY,QAAQ;;YACnB,OAAO,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAA6B,EAAE,EAAE,CAAC,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC,CAAA;QAChI,CAAC;KAAA;CACF;AApQD,kEAoQC"}
package/dist/index.d.ts CHANGED
@@ -1,52 +1,19 @@
1
1
  import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils';
2
- import { MinimalImportableKey, ManagedKeyInfo, TKeyType, IKey, KeyMetadata } from '@veramo/core';
3
- import { AbstractPrivateKeyStore } from '@veramo/key-manager';
4
- import { KeyManagementSystem } from '@veramo/kms-local';
2
+ import { KeyMetadata, TKeyType } from '@veramo/core';
3
+ export { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem';
5
4
  export * from '@veramo/kms-local';
6
-
7
- declare class SphereonKeyManagementSystem extends KeyManagementSystem {
8
- private readonly privateKeyStore;
9
- constructor(keyStore: AbstractPrivateKeyStore);
10
- importKey(args: Omit<MinimalImportableKey, 'kms'> & {
11
- privateKeyPEM?: string;
12
- }): Promise<ManagedKeyInfo>;
13
- createKey({ type }: {
14
- type: TKeyType;
15
- }): Promise<ManagedKeyInfo>;
16
- sign({ keyRef, algorithm, data }: {
17
- keyRef: Pick<IKey, 'kid'>;
18
- algorithm?: string;
19
- data: Uint8Array;
20
- }): Promise<string>;
21
- verify({ publicKeyHex, type, algorithm, data, signature, }: {
22
- publicKeyHex: string;
23
- type: TKeyType;
24
- algorithm?: string;
25
- data: Uint8Array;
26
- signature: string;
27
- }): Promise<boolean>;
28
- private asSphereonManagedKeyInfo;
29
- /**
30
- * @returns a base64url encoded signature for the `RS256` alg
31
- */
32
- private signRSA;
33
- private verifyRSA;
34
- listKeys(): Promise<Array<ManagedKeyInfo>>;
35
- }
36
-
37
- interface ManagedKeyInfoArgs {
5
+ export interface ManagedKeyInfoArgs {
38
6
  alias?: string;
39
7
  type: TKeyType;
40
8
  privateKeyHex: string;
41
9
  publicKeyHex?: string;
42
10
  meta?: ManageKeyInfoMeta | undefined | null;
43
11
  }
44
- interface ManageKeyInfoMeta extends KeyMetadata {
12
+ export interface ManageKeyInfoMeta extends KeyMetadata {
45
13
  x509?: X509Opts;
46
14
  [x: string]: any;
47
15
  }
48
- declare enum KeyType {
16
+ export declare enum KeyType {
49
17
  Bls12381G2 = "Bls12381G2"
50
18
  }
51
-
52
- export { KeyType, type ManageKeyInfoMeta, type ManagedKeyInfoArgs, SphereonKeyManagementSystem };
19
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAA;AAC1D,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAEpD,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAA;AAE3E,cAAc,mBAAmB,CAAA;AAEjC,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,QAAQ,CAAA;IACd,aAAa,EAAE,MAAM,CAAA;IACrB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,iBAAiB,GAAG,SAAS,GAAG,IAAI,CAAA;CAC5C;AAED,MAAM,WAAW,iBAAkB,SAAQ,WAAW;IACpD,IAAI,CAAC,EAAE,QAAQ,CAAA;IACf,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CACjB;AACD,oBAAY,OAAO;IACjB,UAAU,eAAe;CAC1B"}
package/dist/index.js CHANGED
@@ -1,270 +1,25 @@
1
- var __defProp = Object.defineProperty;
2
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
-
4
- // src/SphereonKeyManagementSystem.ts
5
- import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk } from "@sphereon/ssi-sdk-ext.key-utils";
6
- import { KeyManagementSystem } from "@veramo/kms-local";
7
- import Debug from "debug";
8
- import elliptic from "elliptic";
9
- import * as u8a from "uint8arrays";
10
- import { hexToPEM, jwkToPEM, pemCertChainTox5c, PEMToHex, PEMToJwk, RSASigner, signAlgorithmToSchemeAndHashAlg } from "@sphereon/ssi-sdk-ext.x509-utils";
11
- var { fromString } = u8a;
12
- var debug = Debug("sphereon:kms:local");
13
- var SphereonKeyManagementSystem = class extends KeyManagementSystem {
14
- static {
15
- __name(this, "SphereonKeyManagementSystem");
16
- }
17
- privateKeyStore;
18
- constructor(keyStore) {
19
- super(keyStore);
20
- this.privateKeyStore = keyStore;
21
- }
22
- async importKey(args) {
23
- switch (args.type) {
24
- case KeyType.Bls12381G2.toString():
25
- if (!args.privateKeyHex || !args.publicKeyHex) {
26
- throw new Error("invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key");
27
- }
28
- const managedKey = this.asSphereonManagedKeyInfo({
29
- ...args,
30
- alias: args.kid,
31
- privateKeyHex: args.privateKeyHex,
32
- publicKeyHex: args.publicKeyHex,
33
- type: args.type
34
- });
35
- await this.privateKeyStore.import({
36
- alias: managedKey.kid,
37
- ...args
38
- });
39
- debug("imported key", managedKey.type, managedKey.publicKeyHex);
40
- return managedKey;
41
- case "Secp256k1":
42
- case "Secp256r1":
43
- // @ts-ignore
44
- case "RSA": {
45
- if (!args.privateKeyHex && !args.privateKeyPEM) {
46
- throw new Error("invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key");
47
- }
48
- const managedKey2 = this.asSphereonManagedKeyInfo({
49
- alias: args.kid,
50
- ...args
51
- });
52
- await this.privateKeyStore.import({
53
- alias: managedKey2.kid,
54
- ...args
55
- });
56
- debug("imported key", managedKey2.type, managedKey2.publicKeyHex);
57
- return managedKey2;
58
- }
59
- default:
60
- return await super.importKey(args);
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
61
7
  }
62
- }
63
- async createKey({ type }) {
64
- let key;
65
- switch (type) {
66
- case KeyType.Bls12381G2: {
67
- throw Error("BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures");
68
- }
69
- // @ts-ignore
70
- case "RSA": {
71
- const privateKeyHex = await generatePrivateKeyHex(type);
72
- key = await this.importKey({
73
- type,
74
- privateKeyHex
75
- });
76
- break;
77
- }
78
- default:
79
- key = await super.createKey({
80
- type
81
- });
82
- }
83
- debug("Created key", type, key.publicKeyHex);
84
- return key;
85
- }
86
- async sign({ keyRef, algorithm, data }) {
87
- let privateKey;
88
- try {
89
- privateKey = await this.privateKeyStore.get({
90
- alias: keyRef.kid
91
- });
92
- } catch (e) {
93
- throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`);
94
- }
95
- if (privateKey.type === KeyType.Bls12381G2) {
96
- throw Error("BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures");
97
- } else if (
98
- // @ts-ignore
99
- privateKey.type === "RSA"
100
- ) {
101
- if (typeof algorithm === "undefined" || algorithm === "RS256" || algorithm === "RS512" || algorithm === "PS256" || algorithm === "PS512") {
102
- return await this.signRSA(privateKey, data, algorithm ?? "PS256");
103
- }
104
- return Promise.reject(new Error(`not_supported: Cannot sign using key of type RSA and alg: ${algorithm}. Only RS and PS algorithms are supported.`));
105
- } else {
106
- return await super.sign({
107
- keyRef,
108
- algorithm,
109
- data
110
- });
111
- }
112
- }
113
- async verify({ publicKeyHex, type, algorithm, data, signature }) {
114
- if (type === "RSA") {
115
- return await this.verifyRSA(publicKeyHex, data, algorithm ?? "PS256", signature);
116
- }
117
- throw Error(`KMS verify is not implemented yet for ${type}`);
118
- }
119
- asSphereonManagedKeyInfo(args) {
120
- let key;
121
- switch (args.type) {
122
- case KeyType.Bls12381G2:
123
- key = {
124
- type: args.type,
125
- kid: args.alias ?? args.publicKeyHex,
126
- publicKeyHex: args.publicKeyHex,
127
- meta: {
128
- algorithms: [
129
- "BLS"
130
- ]
131
- }
132
- };
133
- break;
134
- case "Secp256k1": {
135
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
136
- const secp256k1 = new elliptic.ec("secp256k1");
137
- const keyPair = secp256k1.keyFromPrivate(privateBytes, "hex");
138
- const publicKeyHex = keyPair.getPublic(true, "hex");
139
- key = {
140
- type: args.type,
141
- kid: args.alias ?? publicKeyHex,
142
- publicKeyHex,
143
- meta: {
144
- jwkThumbprint: calculateJwkThumbprint({
145
- jwk: toJwk(publicKeyHex, "Secp256k1")
146
- }),
147
- algorithms: [
148
- "ES256K",
149
- "ES256K-R",
150
- "eth_signTransaction",
151
- "eth_signTypedData",
152
- "eth_signMessage",
153
- "eth_rawSign"
154
- ]
155
- }
156
- };
157
- break;
158
- }
159
- case "Secp256r1": {
160
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
161
- const secp256r1 = new elliptic.ec("p256");
162
- const keyPair = secp256r1.keyFromPrivate(privateBytes, "hex");
163
- const publicKeyHex = keyPair.getPublic(true, "hex");
164
- key = {
165
- type: args.type,
166
- kid: args.alias ?? publicKeyHex,
167
- publicKeyHex,
168
- meta: {
169
- jwkThumbprint: calculateJwkThumbprint({
170
- jwk: toJwk(publicKeyHex, "Secp256r1")
171
- }),
172
- algorithms: [
173
- "ES256"
174
- ]
175
- }
176
- };
177
- break;
178
- }
179
- // @ts-ignore
180
- case "RSA": {
181
- const x509 = args.meta?.x509;
182
- const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes("---") ? args.privateKeyHex : hexToPEM(args.privateKeyHex, "private"));
183
- const publicKeyJwk = PEMToJwk(privateKeyPEM, "public");
184
- const publicKeyPEM = jwkToPEM(publicKeyJwk, "public");
185
- const publicKeyHex = PEMToHex(publicKeyPEM);
186
- const meta = {};
187
- if (x509) {
188
- meta.x509 = {
189
- cn: x509.cn ?? args.alias ?? publicKeyHex
190
- };
191
- let certChain = x509.certificateChainPEM ?? "";
192
- if (x509.certificatePEM) {
193
- if (!certChain.includes(x509.certificatePEM)) {
194
- certChain = `${x509.certificatePEM}
195
- ${certChain}`;
196
- }
197
- }
198
- if (certChain.length > 0) {
199
- meta.x509.certificateChainPEM = certChain;
200
- const x5c = pemCertChainTox5c(certChain);
201
- if (!x509.certificateChainURL) {
202
- publicKeyJwk.x5c = x5c;
203
- }
204
- meta.x509.x5c = x5c;
205
- }
206
- if (x509.certificateChainURL) {
207
- publicKeyJwk.x5u = x509.certificateChainURL;
208
- meta.x509.x5u = x509.certificateChainURL;
209
- }
210
- }
211
- key = {
212
- type: args.type,
213
- kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,
214
- publicKeyHex,
215
- meta: {
216
- ...meta,
217
- // todo: could als be EcDSA etc
218
- algorithms: [
219
- "PS256",
220
- "PS512",
221
- "RS256",
222
- "RS512"
223
- ],
224
- publicKeyJwk,
225
- publicKeyPEM
226
- }
227
- };
228
- break;
229
- }
230
- default:
231
- throw Error("not_supported: Key type not supported: " + args.type);
232
- }
233
- return key;
234
- }
235
- /**
236
- * @returns a base64url encoded signature for the `RS256` alg
237
- */
238
- async signRSA(privateKey, data, signingAlgorithm) {
239
- const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm);
240
- const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, "private"), "private"), {
241
- hashAlgorithm,
242
- scheme
243
- });
244
- const signature = await signer.sign(data);
245
- return signature;
246
- }
247
- async verifyRSA(publicKeyHex, data, signingAlgorithm, signature) {
248
- const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm);
249
- const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, "public"), "public"), {
250
- hashAlgorithm,
251
- scheme
252
- });
253
- return await signer.verify(data, signature);
254
- }
255
- async listKeys() {
256
- return (await this.privateKeyStore.list({})).map((privateKey) => this.asSphereonManagedKeyInfo(privateKey));
257
- }
258
- };
259
-
260
- // src/index.ts
261
- export * from "@veramo/kms-local";
262
- var KeyType = /* @__PURE__ */ function(KeyType2) {
263
- KeyType2["Bls12381G2"] = "Bls12381G2";
264
- return KeyType2;
265
- }({});
266
- export {
267
- KeyType,
268
- SphereonKeyManagementSystem
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
269
15
  };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ exports.KeyType = exports.SphereonKeyManagementSystem = void 0;
18
+ var SphereonKeyManagementSystem_1 = require("./SphereonKeyManagementSystem");
19
+ Object.defineProperty(exports, "SphereonKeyManagementSystem", { enumerable: true, get: function () { return SphereonKeyManagementSystem_1.SphereonKeyManagementSystem; } });
20
+ __exportStar(require("@veramo/kms-local"), exports);
21
+ var KeyType;
22
+ (function (KeyType) {
23
+ KeyType["Bls12381G2"] = "Bls12381G2";
24
+ })(KeyType || (exports.KeyType = KeyType = {}));
270
25
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/SphereonKeyManagementSystem.ts","../src/index.ts"],"sourcesContent":["import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, type X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport type { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, type ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString } = u8a\nimport { KeyType, type ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA'\n ) {\n if (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512') {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n }\n return Promise.reject(\n new Error(`not_supported: Cannot sign using key of type RSA and alg: ${algorithm}. Only RS and PS algorithms are supported.`)\n )\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be EcDSA etc\n algorithms: ['PS256', 'PS512', 'RS256', 'RS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n","import type { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n"],"mappings":";;;;AAAA,SAASA,wBAAwBC,uBAAuBC,aAA4B;AAIpF,SAASC,2BAA2B;AACpC,OAAOC,WAAW;AAClB,OAAOC,cAAc;AAErB,YAAYC,SAAS;AAGrB,SACEC,UACAC,UACAC,mBACAC,UACAC,UACAC,WACAC,uCACK;AAVP,IAAM,EAAEC,WAAU,IAAKC;AAYvB,IAAMC,QAAQC,MAAM,oBAAA;AAEb,IAAMC,8BAAN,cAA0CC,oBAAAA;EAvBjD,OAuBiDA;;;EAC9BC;EAEjBC,YAAYC,UAAmC;AAC7C,UAAMA,QAAAA;AACN,SAAKF,kBAAkBE;EACzB;EAEA,MAAMC,UAAUC,MAA+F;AAC7G,YAAQA,KAAKC,MAAI;MACf,KAAKC,QAAQC,WAAWC,SAAQ;AAC9B,YAAI,CAACJ,KAAKK,iBAAiB,CAACL,KAAKM,cAAc;AAC7C,gBAAM,IAAIC,MAAM,qFAAA;QAClB;AACA,cAAMC,aAAa,KAAKC,yBAAyB;UAC/C,GAAGT;UACHU,OAAOV,KAAKW;UACZN,eAAeL,KAAKK;UACpBC,cAAcN,KAAKM;UACnBL,MAAMD,KAAKC;QACb,CAAA;AACA,cAAM,KAAKL,gBAAgBgB,OAAO;UAAEF,OAAOF,WAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,WAAWP,MAAMO,WAAWF,YAAY;AAC9D,eAAOE;MAET,KAAK;MACL,KAAK;;MAEL,KAAK,OAAO;AACV,YAAI,CAACR,KAAKK,iBAAiB,CAACL,KAAKa,eAAe;AAC9C,gBAAM,IAAIN,MAAM,kGAAA;QAClB;AACA,cAAMC,cAAa,KAAKC,yBAAyB;UAAEC,OAAOV,KAAKW;UAAK,GAAGX;QAAK,CAAA;AAC5E,cAAM,KAAKJ,gBAAgBgB,OAAO;UAAEF,OAAOF,YAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,YAAWP,MAAMO,YAAWF,YAAY;AAC9D,eAAOE;MACT;MACA;AACE,eAAO,MAAM,MAAMT,UAAUC,IAAAA;IACjC;EACF;EAEA,MAAMc,UAAU,EAAEb,KAAI,GAAiD;AACrE,QAAIc;AAEJ,YAAQd,MAAAA;MACN,KAAKC,QAAQC,YAAY;AACvB,cAAMI,MACJ,mLAAA;MAaJ;;MAGA,KAAK,OAAO;AACV,cAAMF,gBAAgB,MAAMW,sBAAsBf,IAAAA;AAClDc,cAAM,MAAM,KAAKhB,UAAU;UACzBE;UACAI;QACF,CAAA;AACA;MACF;MACA;AACEU,cAAM,MAAM,MAAMD,UAAU;UAAEb;QAAK,CAAA;IACvC;AAEAT,UAAM,eAAeS,MAAMc,IAAIT,YAAY;AAE3C,WAAOS;EACT;EAEA,MAAME,KAAK,EAAEC,QAAQC,WAAWC,KAAI,GAA0F;AAC5H,QAAIC;AACJ,QAAI;AACFA,mBAAa,MAAM,KAAKzB,gBAAgB0B,IAAI;QAAEZ,OAAOQ,OAAOP;MAAI,CAAA;IAClE,SAASY,GAAG;AACV,YAAM,IAAIhB,MAAM,6CAA6CW,OAAOP,GAAG,EAAE;IAC3E;AAEA,QAAIU,WAAWpB,SAASC,QAAQC,YAAY;AAC1C,YAAMI,MACJ,mLAAA;IAgBJ;;MAEEc,WAAWpB,SAAS;MACpB;AACA,UAAI,OAAOkB,cAAc,eAAeA,cAAc,WAAWA,cAAc,WAAWA,cAAc,WAAWA,cAAc,SAAS;AACxI,eAAO,MAAM,KAAKK,QAAQH,YAAYD,MAAMD,aAAa,OAAA;MAC3D;AACA,aAAOM,QAAQC,OACb,IAAInB,MAAM,6DAA6DY,SAAAA,4CAAqD,CAAA;IAEhI,OAAO;AACL,aAAO,MAAM,MAAMF,KAAK;QAAEC;QAAQC;QAAWC;MAAK,CAAA;IACpD;EACF;EAEA,MAAMO,OAAO,EACXrB,cACAL,MACAkB,WACAC,MACAQ,UAAS,GAOU;AACnB,QAAI3B,SAAS,OAAO;AAClB,aAAO,MAAM,KAAK4B,UAAUvB,cAAcc,MAAMD,aAAa,SAASS,SAAAA;IACxE;AACA,UAAMrB,MAAM,yCAAyCN,IAAAA,EAAM;EAC7D;EAEQQ,yBAAyBT,MAA0C;AACzE,QAAIe;AACJ,YAAQf,KAAKC,MAAI;MACf,KAAKC,QAAQC;AACXY,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASV,KAAKM;UACxBA,cAAcN,KAAKM;UACnBwB,MAAM;YACJC,YAAY;cAAC;;UACf;QACF;AACA;MACF,KAAK,aAAa;AAChB,cAAMC,eAAe1C,WAAWU,KAAKK,cAAc4B,YAAW,GAAI,QAAA;AAClE,cAAMC,YAAY,IAAIC,SAASC,GAAG,WAAA;AAClC,cAAMC,UAAUH,UAAUI,eAAeN,cAAc,KAAA;AACvD,cAAM1B,eAAe+B,QAAQE,UAAU,MAAM,KAAA;AAC7CxB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAwB,MAAM;YACJU,eAAeC,uBAAuB;cAAEC,KAAKC,MAAMrC,cAAc,WAAA;YAAa,CAAA;YAC9EyB,YAAY;cAAC;cAAU;cAAY;cAAuB;cAAqB;cAAmB;;UACpG;QACF;AACA;MACF;MACA,KAAK,aAAa;AAChB,cAAMC,eAAe1C,WAAWU,KAAKK,cAAc4B,YAAW,GAAI,QAAA;AAClE,cAAMW,YAAY,IAAIT,SAASC,GAAG,MAAA;AAClC,cAAMC,UAAUO,UAAUN,eAAeN,cAAc,KAAA;AACvD,cAAM1B,eAAe+B,QAAQE,UAAU,MAAM,KAAA;AAC7CxB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAwB,MAAM;YACJU,eAAeC,uBAAuB;cAAEC,KAAKC,MAAMrC,cAAc,WAAA;YAAa,CAAA;YAC9EyB,YAAY;cAAC;;UACf;QACF;AACA;MACF;;MAEA,KAAK,OAAO;AACV,cAAMc,OAAO7C,KAAK8B,MAAMe;AACxB,cAAMhC,gBACJgC,MAAMhC,kBAAkBb,KAAKK,cAAcyC,SAAS,KAAA,IAAS9C,KAAKK,gBAAgB0C,SAAS/C,KAAKK,eAAe,SAAA;AACjH,cAAM2C,eAAeC,SAASpC,eAAe,QAAA;AAC7C,cAAMqC,eAAeC,SAASH,cAAc,QAAA;AAC5C,cAAM1C,eAAe8C,SAASF,YAAAA;AAE9B,cAAMpB,OAAO,CAAC;AACd,YAAIe,MAAM;AACRf,eAAKe,OAAO;YACVQ,IAAIR,KAAKQ,MAAMrD,KAAKU,SAASJ;UAC/B;AACA,cAAIgD,YAAoBT,KAAKU,uBAAuB;AACpD,cAAIV,KAAKW,gBAAgB;AACvB,gBAAI,CAACF,UAAUR,SAASD,KAAKW,cAAc,GAAG;AAC5CF,0BAAY,GAAGT,KAAKW,cAAc;EAAKF,SAAAA;YACzC;UACF;AACA,cAAIA,UAAUG,SAAS,GAAG;AACxB3B,iBAAKe,KAAKU,sBAAsBD;AAChC,kBAAMI,MAAMC,kBAAkBL,SAAAA;AAC9B,gBAAI,CAACT,KAAKe,qBAAqB;AAG7BZ,2BAAaU,MAAMA;YACrB;AACA5B,iBAAKe,KAAKa,MAAMA;UAClB;AACA,cAAIb,KAAKe,qBAAqB;AAE5BZ,yBAAaa,MAAMhB,KAAKe;AACxB9B,iBAAKe,KAAKgB,MAAMhB,KAAKe;UACvB;QACF;AAEA7C,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASoB,MAAMe,MAAMQ,MAAM/C;UACrCA;UACAwB,MAAM;YACJ,GAAGA;;YAEHC,YAAY;cAAC;cAAS;cAAS;cAAS;;YACxCiB;YACAE;UACF;QACF;AACA;MACF;MAEA;AACE,cAAM3C,MAAM,4CAA4CP,KAAKC,IAAI;IACrE;AACA,WAAOc;EACT;;;;EAKA,MAAcS,QAAQH,YAA+BD,MAAkB0C,kBAA2C;AAChH,UAAM,EAAEC,eAAeC,OAAM,IAAKC,gCAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,UAAUlB,SAASF,SAAS1B,WAAWhB,eAAe,SAAA,GAAY,SAAA,GAAY;MAAE0D;MAAeC;IAAO,CAAA;AACzH,UAAMpC,YAAY,MAAMsC,OAAOjD,KAAKG,IAAAA;AACpC,WAAOQ;EACT;EAEA,MAAcC,UAAUvB,cAAsBc,MAAkB0C,kBAA0BlC,WAAmB;AAC3G,UAAM,EAAEmC,eAAeC,OAAM,IAAKC,gCAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,UAAUlB,SAASF,SAASzC,cAAc,QAAA,GAAW,QAAA,GAAW;MAAEyD;MAAeC;IAAO,CAAA;AAC3G,WAAO,MAAME,OAAOvC,OAAOP,MAAMQ,SAAAA;EACnC;EAEA,MAAawC,WAA2C;AACtD,YAAQ,MAAM,KAAKxE,gBAAgByE,KAAK,CAAC,CAAA,GAAIC,IAAI,CAACjD,eAAkC,KAAKZ,yBAAyBY,UAAAA,CAAAA;EACpH;AACF;;;ACzRA,cAAc;AAcP,IAAKkD,UAAAA,yBAAAA,UAAAA;;SAAAA;;","names":["calculateJwkThumbprint","generatePrivateKeyHex","toJwk","KeyManagementSystem","Debug","elliptic","u8a","hexToPEM","jwkToPEM","pemCertChainTox5c","PEMToHex","PEMToJwk","RSASigner","signAlgorithmToSchemeAndHashAlg","fromString","u8a","debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signRSA","Promise","reject","verify","signature","verifyRSA","meta","algorithms","privateBytes","toLowerCase","secp256k1","elliptic","ec","keyPair","keyFromPrivate","getPublic","jwkThumbprint","calculateJwkThumbprint","jwk","toJwk","secp256r1","x509","includes","hexToPEM","publicKeyJwk","PEMToJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","x5c","pemCertChainTox5c","certificateChainURL","x5u","signingAlgorithm","hashAlgorithm","scheme","signAlgorithmToSchemeAndHashAlg","signer","RSASigner","listKeys","list","map","KeyType"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAGA,6EAA2E;AAAlE,0IAAA,2BAA2B,OAAA;AAEpC,oDAAiC;AAcjC,IAAY,OAEX;AAFD,WAAY,OAAO;IACjB,oCAAyB,CAAA;AAC3B,CAAC,EAFW,OAAO,uBAAP,OAAO,QAElB"}
package/dist/ssi-sdk-ext.kms-local.d.ts CHANGED
@@ -7,9 +7,10 @@ import { MinimalImportableKey } from '@veramo/core';
7
7
  import { TKeyType } from '@veramo/core';
8
8
  import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils';
9
9
 
10
- export declare enum KeyType {
10
+ declare enum KeyType_2 {
11
11
  Bls12381G2 = "Bls12381G2"
12
12
  }
13
+ export { KeyType_2 as KeyType }
13
14
 
14
15
  export declare interface ManagedKeyInfoArgs {
15
16
  alias?: string;
package/package.json CHANGED
@@ -1,48 +1,34 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.kms-local",
3
3
  "description": "Sphereon Local Key Management System with support for BLS/BBS+, RSA keys",
4
- "version": "0.28.1-feature.jose.vcdm.52+751e224",
5
- "source": "./src/index.ts",
6
- "type": "module",
7
- "main": "./dist/index.cjs",
8
- "module": "./dist/index.js",
9
- "types": "./dist/index.d.ts",
10
- "exports": {
11
- "react-native": "./dist/index.js",
12
- "import": {
13
- "types": "./dist/index.d.ts",
14
- "import": "./dist/index.js"
15
- },
16
- "require": {
17
- "types": "./dist/index.d.cts",
18
- "require": "./dist/index.cjs"
19
- }
20
- },
4
+ "version": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
5
+ "source": "src/index.ts",
6
+ "main": "dist/index.js",
7
+ "types": "dist/index.d.ts",
21
8
  "scripts": {
22
- "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json && sphereon dev generate-plugin-schema",
9
+ "build": "tsc --build",
23
10
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
24
11
  },
25
12
  "dependencies": {
26
- "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.jose.vcdm.52+751e224",
27
- "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.52+751e224",
28
- "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.52+751e224",
13
+ "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
14
+ "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
15
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
29
16
  "@trust/keyto": "2.0.0-alpha1",
30
17
  "@veramo/core": "4.2.0",
31
18
  "@veramo/key-manager": "4.2.0",
32
19
  "@veramo/kms-local": "4.2.0",
33
- "debug": "^4.4.0",
34
20
  "elliptic": "^6.5.4",
35
21
  "uint8arrays": "3.1.1"
36
22
  },
37
23
  "devDependencies": {
38
24
  "@sphereon/jsencrypt": "3.3.2-unstable.0",
39
- "@sphereon/ssi-sdk.dev": "0.33.1-feature.jose.vcdm.65",
25
+ "@sphereon/ssi-sdk.dev": "0.30.2-feature.SDK.41.oidf.support.286",
40
26
  "@types/elliptic": "6.4.14",
41
27
  "@veramo/cli": "4.2.0"
42
28
  },
43
29
  "files": [
44
- "dist",
45
- "src",
30
+ "dist/**/*",
31
+ "src/**/*",
46
32
  "plugin.schema.json",
47
33
  "README.md",
48
34
  "LICENSE"
@@ -58,5 +44,5 @@
58
44
  "kms",
59
45
  "Veramo"
60
46
  ],
61
- "gitHead": "751e224f245c6ba757827ea4e50ad3c46afbea94"
47
+ "gitHead": "7c3cf5a3b32ef8a31744757aab14c21338880f79"
62
48
  }
package/src/SphereonKeyManagementSystem.ts CHANGED
@@ -1,14 +1,12 @@
1
- import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, type X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
1
+ import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
2
2
 
3
- import type { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
4
- import { AbstractPrivateKeyStore, type ManagedPrivateKey } from '@veramo/key-manager'
3
+ import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
4
+ import { AbstractPrivateKeyStore, ManagedPrivateKey } from '@veramo/key-manager'
5
5
  import { KeyManagementSystem } from '@veramo/kms-local'
6
6
  import Debug from 'debug'
7
7
  import elliptic from 'elliptic'
8
- // @ts-ignore
9
8
  import * as u8a from 'uint8arrays'
10
- const { fromString } = u8a
11
- import { KeyType, type ManagedKeyInfoArgs } from './index'
9
+ import { KeyType, ManagedKeyInfoArgs } from './index'
12
10
  import {
13
11
  hexToPEM,
14
12
  jwkToPEM,
@@ -130,17 +128,14 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
130
128
  return signature*/
131
129
  } else if (
132
130
  // @ts-ignore
133
- privateKey.type === 'RSA'
131
+ privateKey.type === 'RSA' &&
132
+ (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512')
134
133
  ) {
135
- if (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512') {
136
- return await this.signRSA(privateKey, data, algorithm ?? 'PS256')
137
- }
138
- return Promise.reject(
139
- new Error(`not_supported: Cannot sign using key of type RSA and alg: ${algorithm}. Only RS and PS algorithms are supported.`)
140
- )
134
+ return await this.signRSA(privateKey, data, algorithm ?? 'PS256')
141
135
  } else {
142
136
  return await super.sign({ keyRef, algorithm, data })
143
137
  }
138
+ throw Error(`not_supported: Cannot sign using key of type ${privateKey.type}`)
144
139
  }
145
140
 
146
141
  async verify({
@@ -176,7 +171,7 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
176
171
  }
177
172
  break
178
173
  case 'Secp256k1': {
179
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')
174
+ const privateBytes = u8a.fromString(args.privateKeyHex.toLowerCase(), 'base16')
180
175
  const secp256k1 = new elliptic.ec('secp256k1')
181
176
  const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')
182
177
  const publicKeyHex = keyPair.getPublic(true, 'hex')
@@ -192,7 +187,7 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
192
187
  break
193
188
  }
194
189
  case 'Secp256r1': {
195
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')
190
+ const privateBytes = u8a.fromString(args.privateKeyHex.toLowerCase(), 'base16')
196
191
  const secp256r1 = new elliptic.ec('p256')
197
192
  const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')
198
193
  const publicKeyHex = keyPair.getPublic(true, 'hex')
@@ -250,8 +245,8 @@ export class SphereonKeyManagementSystem extends KeyManagementSystem {
250
245
  publicKeyHex,
251
246
  meta: {
252
247
  ...meta,
253
- // todo: could als be EcDSA etc
254
- algorithms: ['PS256', 'PS512', 'RS256', 'RS512'],
248
+ // todo: could als be DSA etc
249
+ algorithms: ['RS256', 'RS512', 'PS256', 'PS512'],
255
250
  publicKeyJwk,
256
251
  publicKeyPEM,
257
252
  },
package/src/__tests__/key-management-system.test.ts CHANGED
@@ -1,7 +1,6 @@
1
- import { ManagedKeyInfo } from '@veramo/core'
2
- import { MemoryPrivateKeyStore } from '@veramo/key-manager'
3
- import { describe, expect, it } from 'vitest'
4
1
  import { SphereonKeyManagementSystem } from '../SphereonKeyManagementSystem'
2
+ import { MemoryPrivateKeyStore } from '@veramo/key-manager'
3
+ import { ManagedKeyInfo } from '@veramo/core'
5
4
 
6
5
  describe('Key creation', () => {
7
6
  it('should create a RSA key', async () => {
package/src/__tests__/rsa.test.ts CHANGED
@@ -1,4 +1,8 @@
1
1
  import JSEncrypt from '@sphereon/jsencrypt'
2
+ import { PEM_CERT, PEM_CHAIN, PEM_FULL_CHAIN, PEM_PRIV_KEY } from './certs'
3
+ import { SphereonKeyManagementSystem } from '../SphereonKeyManagementSystem'
4
+ import { MemoryPrivateKeyStore } from '@veramo/key-manager'
5
+ import * as u8a from 'uint8arrays'
2
6
  import { digestMethodParams, X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
3
7
  import {
4
8
  pemCertChainTox5c,
@@ -9,11 +13,6 @@ import {
9
13
  toKeyObject,
10
14
  x5cToPemCertChain,
11
15
  } from '@sphereon/ssi-sdk-ext.x509-utils'
12
- import { MemoryPrivateKeyStore } from '@veramo/key-manager'
13
- import * as u8a from 'uint8arrays'
14
- import { describe, expect, it } from 'vitest'
15
- import { SphereonKeyManagementSystem } from '../SphereonKeyManagementSystem'
16
- import { PEM_CERT, PEM_CHAIN, PEM_FULL_CHAIN, PEM_PRIV_KEY } from './certs'
17
16
 
18
17
  describe('X509 PEMs', () => {
19
18
  it('should get public key from private key', () => {
@@ -118,7 +117,7 @@ describe('@veramo/kms-local x509 import', () => {
118
117
  '30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5eb1f8708914a91581b7945b2f620963859b5279bcd9db3830cc6ac1cf8e9f26ecf8f6cc1a9d914b099fad9c4c4360008d1be9507f893b6ac32a5d6144314da8c4867526ffd15e41ff2f8fc0b7e0e23cf343de8607af88242b0a55ab2f38c371c12fa105522adcfc0356337374aabb0f2e41f14a56a3c20cacba9d58e14de0c78fdb710494dfa261fe5981e90f7b2e9915eedc6079c59406c02e87db772b689a55d51c370ffcfb9c596a960f40419c129e3bc8f8b1389d92997a68476893a6f64ae19372177271a8a420da9189a956d5a2fb614b07714243aa176d686d077a22225cbc39a71d2c4ba3a0e21c1198118c493bcdcf4a44d8dd7ca1ef264c024530203010001'
119
118
  )
120
119
  expect(key.kid).toEqual('test')
121
- expect(key.meta?.algorithms).toEqual(['PS256', 'PS512', 'RS256', 'RS512'])
120
+ expect(key.meta?.algorithms).toEqual(['RS256', 'RS512', 'PS256', 'PS512'])
122
121
 
123
122
  expect(key.meta?.publicKeyPEM).toBeDefined()
124
123
  await expect(key.meta?.publicKeyJwk).toMatchObject({
package/src/index.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
2
- import type { KeyMetadata, TKeyType } from '@veramo/core'
1
+ import { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'
2
+ import { KeyMetadata, TKeyType } from '@veramo/core'
3
3
 
4
4
  export { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'
5
5
 
package/dist/index.cjs DELETED
@@ -1,302 +0,0 @@
1
- "use strict";
2
- var __create = Object.create;
3
- var __defProp = Object.defineProperty;
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
- var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
- var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
- var __export = (target, all) => {
10
- for (var name in all)
11
- __defProp(target, name, { get: all[name], enumerable: true });
12
- };
13
- var __copyProps = (to, from, except, desc) => {
14
- if (from && typeof from === "object" || typeof from === "function") {
15
- for (let key of __getOwnPropNames(from))
16
- if (!__hasOwnProp.call(to, key) && key !== except)
17
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
18
- }
19
- return to;
20
- };
21
- var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
22
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
23
- // If the importer is in node compatibility mode or this is not an ESM
24
- // file that has been converted to a CommonJS file using a Babel-
25
- // compatible transform (i.e. "__esModule" has not been set), then set
26
- // "default" to the CommonJS "module.exports" for node compatibility.
27
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
28
- mod
29
- ));
30
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
31
-
32
- // src/index.ts
33
- var index_exports = {};
34
- __export(index_exports, {
35
- KeyType: () => KeyType,
36
- SphereonKeyManagementSystem: () => SphereonKeyManagementSystem
37
- });
38
- module.exports = __toCommonJS(index_exports);
39
-
40
- // src/SphereonKeyManagementSystem.ts
41
- var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.key-utils");
42
- var import_kms_local = require("@veramo/kms-local");
43
- var import_debug = __toESM(require("debug"), 1);
44
- var import_elliptic = __toESM(require("elliptic"), 1);
45
- var u8a = __toESM(require("uint8arrays"), 1);
46
- var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.x509-utils");
47
- var { fromString } = u8a;
48
- var debug = (0, import_debug.default)("sphereon:kms:local");
49
- var SphereonKeyManagementSystem = class extends import_kms_local.KeyManagementSystem {
50
- static {
51
- __name(this, "SphereonKeyManagementSystem");
52
- }
53
- privateKeyStore;
54
- constructor(keyStore) {
55
- super(keyStore);
56
- this.privateKeyStore = keyStore;
57
- }
58
- async importKey(args) {
59
- switch (args.type) {
60
- case KeyType.Bls12381G2.toString():
61
- if (!args.privateKeyHex || !args.publicKeyHex) {
62
- throw new Error("invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key");
63
- }
64
- const managedKey = this.asSphereonManagedKeyInfo({
65
- ...args,
66
- alias: args.kid,
67
- privateKeyHex: args.privateKeyHex,
68
- publicKeyHex: args.publicKeyHex,
69
- type: args.type
70
- });
71
- await this.privateKeyStore.import({
72
- alias: managedKey.kid,
73
- ...args
74
- });
75
- debug("imported key", managedKey.type, managedKey.publicKeyHex);
76
- return managedKey;
77
- case "Secp256k1":
78
- case "Secp256r1":
79
- // @ts-ignore
80
- case "RSA": {
81
- if (!args.privateKeyHex && !args.privateKeyPEM) {
82
- throw new Error("invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key");
83
- }
84
- const managedKey2 = this.asSphereonManagedKeyInfo({
85
- alias: args.kid,
86
- ...args
87
- });
88
- await this.privateKeyStore.import({
89
- alias: managedKey2.kid,
90
- ...args
91
- });
92
- debug("imported key", managedKey2.type, managedKey2.publicKeyHex);
93
- return managedKey2;
94
- }
95
- default:
96
- return await super.importKey(args);
97
- }
98
- }
99
- async createKey({ type }) {
100
- let key;
101
- switch (type) {
102
- case KeyType.Bls12381G2: {
103
- throw Error("BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures");
104
- }
105
- // @ts-ignore
106
- case "RSA": {
107
- const privateKeyHex = await (0, import_ssi_sdk_ext.generatePrivateKeyHex)(type);
108
- key = await this.importKey({
109
- type,
110
- privateKeyHex
111
- });
112
- break;
113
- }
114
- default:
115
- key = await super.createKey({
116
- type
117
- });
118
- }
119
- debug("Created key", type, key.publicKeyHex);
120
- return key;
121
- }
122
- async sign({ keyRef, algorithm, data }) {
123
- let privateKey;
124
- try {
125
- privateKey = await this.privateKeyStore.get({
126
- alias: keyRef.kid
127
- });
128
- } catch (e) {
129
- throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`);
130
- }
131
- if (privateKey.type === KeyType.Bls12381G2) {
132
- throw Error("BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures");
133
- } else if (
134
- // @ts-ignore
135
- privateKey.type === "RSA"
136
- ) {
137
- if (typeof algorithm === "undefined" || algorithm === "RS256" || algorithm === "RS512" || algorithm === "PS256" || algorithm === "PS512") {
138
- return await this.signRSA(privateKey, data, algorithm ?? "PS256");
139
- }
140
- return Promise.reject(new Error(`not_supported: Cannot sign using key of type RSA and alg: ${algorithm}. Only RS and PS algorithms are supported.`));
141
- } else {
142
- return await super.sign({
143
- keyRef,
144
- algorithm,
145
- data
146
- });
147
- }
148
- }
149
- async verify({ publicKeyHex, type, algorithm, data, signature }) {
150
- if (type === "RSA") {
151
- return await this.verifyRSA(publicKeyHex, data, algorithm ?? "PS256", signature);
152
- }
153
- throw Error(`KMS verify is not implemented yet for ${type}`);
154
- }
155
- asSphereonManagedKeyInfo(args) {
156
- let key;
157
- switch (args.type) {
158
- case KeyType.Bls12381G2:
159
- key = {
160
- type: args.type,
161
- kid: args.alias ?? args.publicKeyHex,
162
- publicKeyHex: args.publicKeyHex,
163
- meta: {
164
- algorithms: [
165
- "BLS"
166
- ]
167
- }
168
- };
169
- break;
170
- case "Secp256k1": {
171
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
172
- const secp256k1 = new import_elliptic.default.ec("secp256k1");
173
- const keyPair = secp256k1.keyFromPrivate(privateBytes, "hex");
174
- const publicKeyHex = keyPair.getPublic(true, "hex");
175
- key = {
176
- type: args.type,
177
- kid: args.alias ?? publicKeyHex,
178
- publicKeyHex,
179
- meta: {
180
- jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
181
- jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256k1")
182
- }),
183
- algorithms: [
184
- "ES256K",
185
- "ES256K-R",
186
- "eth_signTransaction",
187
- "eth_signTypedData",
188
- "eth_signMessage",
189
- "eth_rawSign"
190
- ]
191
- }
192
- };
193
- break;
194
- }
195
- case "Secp256r1": {
196
- const privateBytes = fromString(args.privateKeyHex.toLowerCase(), "base16");
197
- const secp256r1 = new import_elliptic.default.ec("p256");
198
- const keyPair = secp256r1.keyFromPrivate(privateBytes, "hex");
199
- const publicKeyHex = keyPair.getPublic(true, "hex");
200
- key = {
201
- type: args.type,
202
- kid: args.alias ?? publicKeyHex,
203
- publicKeyHex,
204
- meta: {
205
- jwkThumbprint: (0, import_ssi_sdk_ext.calculateJwkThumbprint)({
206
- jwk: (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, "Secp256r1")
207
- }),
208
- algorithms: [
209
- "ES256"
210
- ]
211
- }
212
- };
213
- break;
214
- }
215
- // @ts-ignore
216
- case "RSA": {
217
- const x509 = args.meta?.x509;
218
- const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes("---") ? args.privateKeyHex : (0, import_ssi_sdk_ext2.hexToPEM)(args.privateKeyHex, "private"));
219
- const publicKeyJwk = (0, import_ssi_sdk_ext2.PEMToJwk)(privateKeyPEM, "public");
220
- const publicKeyPEM = (0, import_ssi_sdk_ext2.jwkToPEM)(publicKeyJwk, "public");
221
- const publicKeyHex = (0, import_ssi_sdk_ext2.PEMToHex)(publicKeyPEM);
222
- const meta = {};
223
- if (x509) {
224
- meta.x509 = {
225
- cn: x509.cn ?? args.alias ?? publicKeyHex
226
- };
227
- let certChain = x509.certificateChainPEM ?? "";
228
- if (x509.certificatePEM) {
229
- if (!certChain.includes(x509.certificatePEM)) {
230
- certChain = `${x509.certificatePEM}
231
- ${certChain}`;
232
- }
233
- }
234
- if (certChain.length > 0) {
235
- meta.x509.certificateChainPEM = certChain;
236
- const x5c = (0, import_ssi_sdk_ext2.pemCertChainTox5c)(certChain);
237
- if (!x509.certificateChainURL) {
238
- publicKeyJwk.x5c = x5c;
239
- }
240
- meta.x509.x5c = x5c;
241
- }
242
- if (x509.certificateChainURL) {
243
- publicKeyJwk.x5u = x509.certificateChainURL;
244
- meta.x509.x5u = x509.certificateChainURL;
245
- }
246
- }
247
- key = {
248
- type: args.type,
249
- kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,
250
- publicKeyHex,
251
- meta: {
252
- ...meta,
253
- // todo: could als be EcDSA etc
254
- algorithms: [
255
- "PS256",
256
- "PS512",
257
- "RS256",
258
- "RS512"
259
- ],
260
- publicKeyJwk,
261
- publicKeyPEM
262
- }
263
- };
264
- break;
265
- }
266
- default:
267
- throw Error("not_supported: Key type not supported: " + args.type);
268
- }
269
- return key;
270
- }
271
- /**
272
- * @returns a base64url encoded signature for the `RS256` alg
273
- */
274
- async signRSA(privateKey, data, signingAlgorithm) {
275
- const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
276
- const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(privateKey.privateKeyHex, "private"), "private"), {
277
- hashAlgorithm,
278
- scheme
279
- });
280
- const signature = await signer.sign(data);
281
- return signature;
282
- }
283
- async verifyRSA(publicKeyHex, data, signingAlgorithm, signature) {
284
- const { hashAlgorithm, scheme } = (0, import_ssi_sdk_ext2.signAlgorithmToSchemeAndHashAlg)(signingAlgorithm);
285
- const signer = new import_ssi_sdk_ext2.RSASigner((0, import_ssi_sdk_ext2.PEMToJwk)((0, import_ssi_sdk_ext2.hexToPEM)(publicKeyHex, "public"), "public"), {
286
- hashAlgorithm,
287
- scheme
288
- });
289
- return await signer.verify(data, signature);
290
- }
291
- async listKeys() {
292
- return (await this.privateKeyStore.list({})).map((privateKey) => this.asSphereonManagedKeyInfo(privateKey));
293
- }
294
- };
295
-
296
- // src/index.ts
297
- __reExport(index_exports, require("@veramo/kms-local"), module.exports);
298
- var KeyType = /* @__PURE__ */ function(KeyType2) {
299
- KeyType2["Bls12381G2"] = "Bls12381G2";
300
- return KeyType2;
301
- }({});
302
- //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/index.ts","../src/SphereonKeyManagementSystem.ts"],"sourcesContent":["import type { X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport type { KeyMetadata, TKeyType } from '@veramo/core'\n\nexport { SphereonKeyManagementSystem } from './SphereonKeyManagementSystem'\n\nexport * from '@veramo/kms-local'\n\nexport interface ManagedKeyInfoArgs {\n alias?: string\n type: TKeyType\n privateKeyHex: string\n publicKeyHex?: string\n meta?: ManageKeyInfoMeta | undefined | null\n}\n\nexport interface ManageKeyInfoMeta extends KeyMetadata {\n x509?: X509Opts\n [x: string]: any\n}\nexport enum KeyType {\n Bls12381G2 = 'Bls12381G2',\n}\n","import { calculateJwkThumbprint, generatePrivateKeyHex, toJwk, type X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\n\nimport type { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport { AbstractPrivateKeyStore, type ManagedPrivateKey } from '@veramo/key-manager'\nimport { KeyManagementSystem } from '@veramo/kms-local'\nimport Debug from 'debug'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString } = u8a\nimport { KeyType, type ManagedKeyInfoArgs } from './index'\nimport {\n hexToPEM,\n jwkToPEM,\n pemCertChainTox5c,\n PEMToHex,\n PEMToJwk,\n RSASigner,\n signAlgorithmToSchemeAndHashAlg,\n} from '@sphereon/ssi-sdk-ext.x509-utils'\n\nconst debug = Debug('sphereon:kms:local')\n\nexport class SphereonKeyManagementSystem extends KeyManagementSystem {\n private readonly privateKeyStore: AbstractPrivateKeyStore\n\n constructor(keyStore: AbstractPrivateKeyStore) {\n super(keyStore)\n this.privateKeyStore = keyStore\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n switch (args.type) {\n case KeyType.Bls12381G2.toString():\n if (!args.privateKeyHex || !args.publicKeyHex) {\n throw new Error('invalid_argument: type, publicKeyHex and privateKeyHex are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({\n ...args,\n alias: args.kid,\n privateKeyHex: args.privateKeyHex,\n publicKeyHex: args.publicKeyHex,\n type: args.type,\n })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n\n case 'Secp256k1':\n case 'Secp256r1':\n // @ts-ignore\n case 'RSA': {\n if (!args.privateKeyHex && !args.privateKeyPEM) {\n throw new Error('invalid_argument: type and privateKeyHex (or privateKeyPEM for RSA) are required to import a key')\n }\n const managedKey = this.asSphereonManagedKeyInfo({ alias: args.kid, ...args })\n await this.privateKeyStore.import({ alias: managedKey.kid, ...args })\n debug('imported key', managedKey.type, managedKey.publicKeyHex)\n return managedKey\n }\n default:\n return await super.importKey(args)\n }\n }\n\n async createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> {\n let key: ManagedKeyInfo\n\n switch (type) {\n case KeyType.Bls12381G2: {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n const keyPairBls12381G2 = await bbs.generateKeyPair({\n ciphersuite: 'BLS12-381-SHA-256'\n })\n key = await this.importKey({\n type,\n privateKeyHex: Buffer.from(keyPairBls12381G2.secretKey).toString('hex'),\n publicKeyHex: Buffer.from(keyPairBls12381G2.publicKey).toString('hex'),\n })\n break*/\n }\n\n // @ts-ignore\n case 'RSA': {\n const privateKeyHex = await generatePrivateKeyHex(type)\n key = await this.importKey({\n type,\n privateKeyHex,\n })\n break\n }\n default:\n key = await super.createKey({ type })\n }\n\n debug('Created key', type, key.publicKeyHex)\n\n return key\n }\n\n async sign({ keyRef, algorithm, data }: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array }): Promise<string> {\n let privateKey: ManagedPrivateKey\n try {\n privateKey = await this.privateKeyStore.get({ alias: keyRef.kid })\n } catch (e) {\n throw new Error(`key_not_found: No key entry found for kid=${keyRef.kid}`)\n }\n\n if (privateKey.type === KeyType.Bls12381G2) {\n throw Error(\n 'BLS support not available because upstream is not really providing Windows and React-Native support; giving too much headache. We soon will move to @digitalbazaar/bbs-signatures'\n )\n /*// @ts-ignore\n const bbs = await import('@digitalbazaar/bbs-signatures')\n if (!data || Array.isArray(data)) {\n throw new Error('Data must be defined and cannot be an array')\n }\n const keyPair = {\n keyPair: {\n secretKey: Uint8Array.from(Buffer.from(privateKey.privateKeyHex, 'hex')),\n publicKey: Uint8Array.from(Buffer.from(keyRef.kid, 'hex')),\n },\n messages: [data],\n }\n const signature = await bbs.sign({secretKey: privateKey, publicKey, header, messages});\n return signature*/\n } else if (\n // @ts-ignore\n privateKey.type === 'RSA'\n ) {\n if (typeof algorithm === 'undefined' || algorithm === 'RS256' || algorithm === 'RS512' || algorithm === 'PS256' || algorithm === 'PS512') {\n return await this.signRSA(privateKey, data, algorithm ?? 'PS256')\n }\n return Promise.reject(\n new Error(`not_supported: Cannot sign using key of type RSA and alg: ${algorithm}. Only RS and PS algorithms are supported.`)\n )\n } else {\n return await super.sign({ keyRef, algorithm, data })\n }\n }\n\n async verify({\n publicKeyHex,\n type,\n algorithm,\n data,\n signature,\n }: {\n publicKeyHex: string\n type: TKeyType\n algorithm?: string\n data: Uint8Array\n signature: string\n }): Promise<boolean> {\n if (type === 'RSA') {\n return await this.verifyRSA(publicKeyHex, data, algorithm ?? 'PS256', signature)\n }\n throw Error(`KMS verify is not implemented yet for ${type}`)\n }\n\n private asSphereonManagedKeyInfo(args: ManagedKeyInfoArgs): ManagedKeyInfo {\n let key: Partial<ManagedKeyInfo>\n switch (args.type) {\n case KeyType.Bls12381G2:\n key = {\n type: args.type,\n kid: args.alias ?? args.publicKeyHex,\n publicKeyHex: args.publicKeyHex,\n meta: {\n algorithms: ['BLS'],\n },\n }\n break\n case 'Secp256k1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256k1 = new elliptic.ec('secp256k1')\n const keyPair = secp256k1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256k1') }),\n algorithms: ['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'],\n },\n }\n break\n }\n case 'Secp256r1': {\n const privateBytes = fromString(args.privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n key = {\n type: args.type,\n kid: args.alias ?? publicKeyHex,\n publicKeyHex,\n meta: {\n jwkThumbprint: calculateJwkThumbprint({ jwk: toJwk(publicKeyHex, 'Secp256r1') }),\n algorithms: ['ES256'],\n },\n }\n break\n }\n // @ts-ignore\n case 'RSA': {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM =\n x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.alias ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n key = {\n type: args.type,\n kid: args.alias ?? meta?.x509?.cn ?? publicKeyHex,\n publicKeyHex,\n meta: {\n ...meta,\n // todo: could als be EcDSA etc\n algorithms: ['PS256', 'PS512', 'RS256', 'RS512'],\n publicKeyJwk,\n publicKeyPEM,\n },\n }\n break\n }\n\n default:\n throw Error('not_supported: Key type not supported: ' + args.type)\n }\n return key as ManagedKeyInfo\n }\n\n /**\n * @returns a base64url encoded signature for the `RS256` alg\n */\n private async signRSA(privateKey: ManagedPrivateKey, data: Uint8Array, signingAlgorithm: string): Promise<string> {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(privateKey.privateKeyHex, 'private'), 'private'), { hashAlgorithm, scheme })\n const signature = await signer.sign(data)\n return signature as string\n }\n\n private async verifyRSA(publicKeyHex: string, data: Uint8Array, signingAlgorithm: string, signature: string) {\n const { hashAlgorithm, scheme } = signAlgorithmToSchemeAndHashAlg(signingAlgorithm)\n const signer = new RSASigner(PEMToJwk(hexToPEM(publicKeyHex, 'public'), 'public'), { hashAlgorithm, scheme })\n return await signer.verify(data, signature)\n }\n\n public async listKeys(): Promise<Array<ManagedKeyInfo>> {\n return (await this.privateKeyStore.list({})).map((privateKey: ManagedPrivateKey) => this.asSphereonManagedKeyInfo(privateKey))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGA;;;;;;;;ACHA,yBAAoF;AAIpF,uBAAoC;AACpC,mBAAkB;AAClB,sBAAqB;AAErB,UAAqB;AAGrB,IAAAA,sBAQO;AAVP,IAAM,EAAEC,WAAU,IAAKC;AAYvB,IAAMC,YAAQC,aAAAA,SAAM,oBAAA;AAEb,IAAMC,8BAAN,cAA0CC,qCAAAA;EAvBjD,OAuBiDA;;;EAC9BC;EAEjBC,YAAYC,UAAmC;AAC7C,UAAMA,QAAAA;AACN,SAAKF,kBAAkBE;EACzB;EAEA,MAAMC,UAAUC,MAA+F;AAC7G,YAAQA,KAAKC,MAAI;MACf,KAAKC,QAAQC,WAAWC,SAAQ;AAC9B,YAAI,CAACJ,KAAKK,iBAAiB,CAACL,KAAKM,cAAc;AAC7C,gBAAM,IAAIC,MAAM,qFAAA;QAClB;AACA,cAAMC,aAAa,KAAKC,yBAAyB;UAC/C,GAAGT;UACHU,OAAOV,KAAKW;UACZN,eAAeL,KAAKK;UACpBC,cAAcN,KAAKM;UACnBL,MAAMD,KAAKC;QACb,CAAA;AACA,cAAM,KAAKL,gBAAgBgB,OAAO;UAAEF,OAAOF,WAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,WAAWP,MAAMO,WAAWF,YAAY;AAC9D,eAAOE;MAET,KAAK;MACL,KAAK;;MAEL,KAAK,OAAO;AACV,YAAI,CAACR,KAAKK,iBAAiB,CAACL,KAAKa,eAAe;AAC9C,gBAAM,IAAIN,MAAM,kGAAA;QAClB;AACA,cAAMC,cAAa,KAAKC,yBAAyB;UAAEC,OAAOV,KAAKW;UAAK,GAAGX;QAAK,CAAA;AAC5E,cAAM,KAAKJ,gBAAgBgB,OAAO;UAAEF,OAAOF,YAAWG;UAAK,GAAGX;QAAK,CAAA;AACnER,cAAM,gBAAgBgB,YAAWP,MAAMO,YAAWF,YAAY;AAC9D,eAAOE;MACT;MACA;AACE,eAAO,MAAM,MAAMT,UAAUC,IAAAA;IACjC;EACF;EAEA,MAAMc,UAAU,EAAEb,KAAI,GAAiD;AACrE,QAAIc;AAEJ,YAAQd,MAAAA;MACN,KAAKC,QAAQC,YAAY;AACvB,cAAMI,MACJ,mLAAA;MAaJ;;MAGA,KAAK,OAAO;AACV,cAAMF,gBAAgB,UAAMW,0CAAsBf,IAAAA;AAClDc,cAAM,MAAM,KAAKhB,UAAU;UACzBE;UACAI;QACF,CAAA;AACA;MACF;MACA;AACEU,cAAM,MAAM,MAAMD,UAAU;UAAEb;QAAK,CAAA;IACvC;AAEAT,UAAM,eAAeS,MAAMc,IAAIT,YAAY;AAE3C,WAAOS;EACT;EAEA,MAAME,KAAK,EAAEC,QAAQC,WAAWC,KAAI,GAA0F;AAC5H,QAAIC;AACJ,QAAI;AACFA,mBAAa,MAAM,KAAKzB,gBAAgB0B,IAAI;QAAEZ,OAAOQ,OAAOP;MAAI,CAAA;IAClE,SAASY,GAAG;AACV,YAAM,IAAIhB,MAAM,6CAA6CW,OAAOP,GAAG,EAAE;IAC3E;AAEA,QAAIU,WAAWpB,SAASC,QAAQC,YAAY;AAC1C,YAAMI,MACJ,mLAAA;IAgBJ;;MAEEc,WAAWpB,SAAS;MACpB;AACA,UAAI,OAAOkB,cAAc,eAAeA,cAAc,WAAWA,cAAc,WAAWA,cAAc,WAAWA,cAAc,SAAS;AACxI,eAAO,MAAM,KAAKK,QAAQH,YAAYD,MAAMD,aAAa,OAAA;MAC3D;AACA,aAAOM,QAAQC,OACb,IAAInB,MAAM,6DAA6DY,SAAAA,4CAAqD,CAAA;IAEhI,OAAO;AACL,aAAO,MAAM,MAAMF,KAAK;QAAEC;QAAQC;QAAWC;MAAK,CAAA;IACpD;EACF;EAEA,MAAMO,OAAO,EACXrB,cACAL,MACAkB,WACAC,MACAQ,UAAS,GAOU;AACnB,QAAI3B,SAAS,OAAO;AAClB,aAAO,MAAM,KAAK4B,UAAUvB,cAAcc,MAAMD,aAAa,SAASS,SAAAA;IACxE;AACA,UAAMrB,MAAM,yCAAyCN,IAAAA,EAAM;EAC7D;EAEQQ,yBAAyBT,MAA0C;AACzE,QAAIe;AACJ,YAAQf,KAAKC,MAAI;MACf,KAAKC,QAAQC;AACXY,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASV,KAAKM;UACxBA,cAAcN,KAAKM;UACnBwB,MAAM;YACJC,YAAY;cAAC;;UACf;QACF;AACA;MACF,KAAK,aAAa;AAChB,cAAMC,eAAe1C,WAAWU,KAAKK,cAAc4B,YAAW,GAAI,QAAA;AAClE,cAAMC,YAAY,IAAIC,gBAAAA,QAASC,GAAG,WAAA;AAClC,cAAMC,UAAUH,UAAUI,eAAeN,cAAc,KAAA;AACvD,cAAM1B,eAAe+B,QAAQE,UAAU,MAAM,KAAA;AAC7CxB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAwB,MAAM;YACJU,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMrC,cAAc,WAAA;YAAa,CAAA;YAC9EyB,YAAY;cAAC;cAAU;cAAY;cAAuB;cAAqB;cAAmB;;UACpG;QACF;AACA;MACF;MACA,KAAK,aAAa;AAChB,cAAMC,eAAe1C,WAAWU,KAAKK,cAAc4B,YAAW,GAAI,QAAA;AAClE,cAAMW,YAAY,IAAIT,gBAAAA,QAASC,GAAG,MAAA;AAClC,cAAMC,UAAUO,UAAUN,eAAeN,cAAc,KAAA;AACvD,cAAM1B,eAAe+B,QAAQE,UAAU,MAAM,KAAA;AAC7CxB,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASJ;UACnBA;UACAwB,MAAM;YACJU,mBAAeC,2CAAuB;cAAEC,SAAKC,0BAAMrC,cAAc,WAAA;YAAa,CAAA;YAC9EyB,YAAY;cAAC;;UACf;QACF;AACA;MACF;;MAEA,KAAK,OAAO;AACV,cAAMc,OAAO7C,KAAK8B,MAAMe;AACxB,cAAMhC,gBACJgC,MAAMhC,kBAAkBb,KAAKK,cAAcyC,SAAS,KAAA,IAAS9C,KAAKK,oBAAgB0C,8BAAS/C,KAAKK,eAAe,SAAA;AACjH,cAAM2C,mBAAeC,8BAASpC,eAAe,QAAA;AAC7C,cAAMqC,mBAAeC,8BAASH,cAAc,QAAA;AAC5C,cAAM1C,mBAAe8C,8BAASF,YAAAA;AAE9B,cAAMpB,OAAO,CAAC;AACd,YAAIe,MAAM;AACRf,eAAKe,OAAO;YACVQ,IAAIR,KAAKQ,MAAMrD,KAAKU,SAASJ;UAC/B;AACA,cAAIgD,YAAoBT,KAAKU,uBAAuB;AACpD,cAAIV,KAAKW,gBAAgB;AACvB,gBAAI,CAACF,UAAUR,SAASD,KAAKW,cAAc,GAAG;AAC5CF,0BAAY,GAAGT,KAAKW,cAAc;EAAKF,SAAAA;YACzC;UACF;AACA,cAAIA,UAAUG,SAAS,GAAG;AACxB3B,iBAAKe,KAAKU,sBAAsBD;AAChC,kBAAMI,UAAMC,uCAAkBL,SAAAA;AAC9B,gBAAI,CAACT,KAAKe,qBAAqB;AAG7BZ,2BAAaU,MAAMA;YACrB;AACA5B,iBAAKe,KAAKa,MAAMA;UAClB;AACA,cAAIb,KAAKe,qBAAqB;AAE5BZ,yBAAaa,MAAMhB,KAAKe;AACxB9B,iBAAKe,KAAKgB,MAAMhB,KAAKe;UACvB;QACF;AAEA7C,cAAM;UACJd,MAAMD,KAAKC;UACXU,KAAKX,KAAKU,SAASoB,MAAMe,MAAMQ,MAAM/C;UACrCA;UACAwB,MAAM;YACJ,GAAGA;;YAEHC,YAAY;cAAC;cAAS;cAAS;cAAS;;YACxCiB;YACAE;UACF;QACF;AACA;MACF;MAEA;AACE,cAAM3C,MAAM,4CAA4CP,KAAKC,IAAI;IACrE;AACA,WAAOc;EACT;;;;EAKA,MAAcS,QAAQH,YAA+BD,MAAkB0C,kBAA2C;AAChH,UAAM,EAAEC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAAS1B,WAAWhB,eAAe,SAAA,GAAY,SAAA,GAAY;MAAE0D;MAAeC;IAAO,CAAA;AACzH,UAAMpC,YAAY,MAAMsC,OAAOjD,KAAKG,IAAAA;AACpC,WAAOQ;EACT;EAEA,MAAcC,UAAUvB,cAAsBc,MAAkB0C,kBAA0BlC,WAAmB;AAC3G,UAAM,EAAEmC,eAAeC,OAAM,QAAKC,qDAAgCH,gBAAAA;AAClE,UAAMI,SAAS,IAAIC,kCAAUlB,kCAASF,8BAASzC,cAAc,QAAA,GAAW,QAAA,GAAW;MAAEyD;MAAeC;IAAO,CAAA;AAC3G,WAAO,MAAME,OAAOvC,OAAOP,MAAMQ,SAAAA;EACnC;EAEA,MAAawC,WAA2C;AACtD,YAAQ,MAAM,KAAKxE,gBAAgByE,KAAK,CAAC,CAAA,GAAIC,IAAI,CAACjD,eAAkC,KAAKZ,yBAAyBY,UAAAA,CAAAA;EACpH;AACF;;;ADzRA,0BAAc,8BAFd;AAgBO,IAAKkD,UAAAA,yBAAAA,UAAAA;;SAAAA;;","names":["import_ssi_sdk_ext","fromString","u8a","debug","Debug","SphereonKeyManagementSystem","KeyManagementSystem","privateKeyStore","constructor","keyStore","importKey","args","type","KeyType","Bls12381G2","toString","privateKeyHex","publicKeyHex","Error","managedKey","asSphereonManagedKeyInfo","alias","kid","import","privateKeyPEM","createKey","key","generatePrivateKeyHex","sign","keyRef","algorithm","data","privateKey","get","e","signRSA","Promise","reject","verify","signature","verifyRSA","meta","algorithms","privateBytes","toLowerCase","secp256k1","elliptic","ec","keyPair","keyFromPrivate","getPublic","jwkThumbprint","calculateJwkThumbprint","jwk","toJwk","secp256r1","x509","includes","hexToPEM","publicKeyJwk","PEMToJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","x5c","pemCertChainTox5c","certificateChainURL","x5u","signingAlgorithm","hashAlgorithm","scheme","signAlgorithmToSchemeAndHashAlg","signer","RSASigner","listKeys","list","map","KeyType"]}