@sphereon/ssi-sdk-ext.kms-musap-rn 0.26.1-feature.OIDF.69.80 → 0.26.1-feature.SPRIND.116.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,19 +1,12 @@
|
|
|
1
1
|
import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
|
|
2
|
-
import {
|
|
2
|
+
import { SscdType } from '@sphereon/musap-react-native';
|
|
3
3
|
import { AbstractKeyManagementSystem } from '@veramo/key-manager';
|
|
4
4
|
import { KeyMetadata } from './index';
|
|
5
5
|
export declare const logger: import("@sphereon/ssi-types").ISimpleLogger<unknown>;
|
|
6
6
|
export declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
7
|
-
private
|
|
8
|
-
private
|
|
9
|
-
|
|
10
|
-
private readonly defaultKeyAttributes;
|
|
11
|
-
private readonly defaultSignAttributes;
|
|
12
|
-
constructor(sscdType?: SscdType, sscdId?: string, opts?: {
|
|
13
|
-
externalSscdSettings?: ExternalSscdSettings;
|
|
14
|
-
defaultKeyAttributes?: Record<string, string>;
|
|
15
|
-
defaultSignAttributes?: Record<string, string>;
|
|
16
|
-
});
|
|
7
|
+
private musapKeyStore;
|
|
8
|
+
private sscdType;
|
|
9
|
+
constructor(sscdType?: SscdType);
|
|
17
10
|
listKeys(): Promise<ManagedKeyInfo[]>;
|
|
18
11
|
createKey(args: {
|
|
19
12
|
type: TKeyType;
|
|
@@ -39,7 +32,5 @@ export declare class MusapKeyManagementSystem extends AbstractKeyManagementSyste
|
|
|
39
32
|
myKeyRef: Pick<IKey, 'kid'>;
|
|
40
33
|
theirKey: Pick<IKey, 'publicKeyHex' | 'type'>;
|
|
41
34
|
}): Promise<string>;
|
|
42
|
-
private recordToKeyAttributes;
|
|
43
|
-
private recordToSignatureAttributes;
|
|
44
35
|
}
|
|
45
36
|
//# sourceMappingURL=MusapKeyManagerSystem.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MusapKeyManagerSystem.d.ts","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"MusapKeyManagerSystem.d.ts","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAenF,OAAO,EAAgB,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AACrE,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAA;AAGjE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAUrC,eAAO,MAAM,MAAM,sDAA+C,CAAA;AAElE,qBAAa,wBAAyB,SAAQ,2BAA2B;IACvE,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,QAAQ,CAAU;gBAEd,QAAQ,CAAC,EAAE,QAAQ;IAYzB,QAAQ,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKrC,SAAS,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IA6BtF,OAAO,CAAC,yBAAyB,CAWhC;IAED,OAAO,CAAC,yBAAyB,CAWhC;IAEK,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAU3D,OAAO,CAAC,kBAAkB;IAapB,IAAI,CAAC,IAAI,EAAE;QAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,UAAU,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAoBlH,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAI9G,OAAO,CAAC,cAAc;IAoBtB,YAAY,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,cAAc,GAAG,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;CAGpH"}
|
|
@@ -29,7 +29,7 @@ const ssi_types_1 = require("@sphereon/ssi-types");
|
|
|
29
29
|
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
30
30
|
exports.logger = ssi_types_1.Loggers.DEFAULT.get('sphereon:musap-rn-kms');
|
|
31
31
|
class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem {
|
|
32
|
-
constructor(sscdType
|
|
32
|
+
constructor(sscdType) {
|
|
33
33
|
super();
|
|
34
34
|
this.mapKeyTypeToAlgorithmType = (type) => {
|
|
35
35
|
switch (type) {
|
|
@@ -49,9 +49,6 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
49
49
|
return 'Secp256k1';
|
|
50
50
|
case 'eccp256r1':
|
|
51
51
|
return 'Secp256r1';
|
|
52
|
-
case 'ecc_ed25519':
|
|
53
|
-
return 'Ed25519';
|
|
54
|
-
case 'rsa2k':
|
|
55
52
|
case 'rsa4k':
|
|
56
53
|
return 'RSA';
|
|
57
54
|
default:
|
|
@@ -59,15 +56,9 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
59
56
|
}
|
|
60
57
|
};
|
|
61
58
|
try {
|
|
62
|
-
this.
|
|
59
|
+
this.musapKeyStore = musap_react_native_1.MusapModule;
|
|
63
60
|
this.sscdType = sscdType ? sscdType : 'TEE';
|
|
64
|
-
this.
|
|
65
|
-
this.defaultKeyAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultKeyAttributes;
|
|
66
|
-
this.defaultSignAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultSignAttributes;
|
|
67
|
-
const enabledSscds = this.musapClient.listEnabledSscds();
|
|
68
|
-
if (!enabledSscds.some(value => value.sscdId == sscdId)) {
|
|
69
|
-
this.musapClient.enableSscd(this.sscdType, this.sscdId, opts === null || opts === void 0 ? void 0 : opts.externalSscdSettings);
|
|
70
|
-
}
|
|
61
|
+
this.musapKeyStore.enableSscd(this.sscdType);
|
|
71
62
|
}
|
|
72
63
|
catch (e) {
|
|
73
64
|
console.error('enableSscd', e);
|
|
@@ -76,7 +67,7 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
76
67
|
}
|
|
77
68
|
listKeys() {
|
|
78
69
|
return __awaiter(this, void 0, void 0, function* () {
|
|
79
|
-
const keysJson = (this.
|
|
70
|
+
const keysJson = (yield this.musapKeyStore.listKeys());
|
|
80
71
|
return keysJson.map((key) => this.asMusapKeyInfo(key));
|
|
81
72
|
});
|
|
82
73
|
}
|
|
@@ -86,27 +77,18 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
86
77
|
if (meta === undefined || !('keyAlias' in meta)) {
|
|
87
78
|
return Promise.reject(Error('a unique keyAlias field is required for MUSAP'));
|
|
88
79
|
}
|
|
89
|
-
if (this.sscdType == 'EXTERNAL') {
|
|
90
|
-
const existingKeys = (this.musapClient.listKeys());
|
|
91
|
-
const extKey = existingKeys.find(musapKey => musapKey.sscdType === 'External Signature'); // FIXME returning does not match SscdType enum
|
|
92
|
-
if (extKey) {
|
|
93
|
-
extKey.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
|
|
94
|
-
return this.asMusapKeyInfo(extKey);
|
|
95
|
-
}
|
|
96
|
-
return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
|
|
97
|
-
}
|
|
98
80
|
const keyGenReq = {
|
|
99
81
|
keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
|
|
100
82
|
keyUsage: 'keyUsage' in meta ? meta.keyUsage : 'sign',
|
|
101
83
|
keyAlias: meta.keyAlias,
|
|
102
|
-
attributes:
|
|
84
|
+
attributes: 'attributes' in meta ? meta.attributes : [],
|
|
103
85
|
role: 'role' in meta ? meta.role : 'administrator',
|
|
104
86
|
};
|
|
105
87
|
try {
|
|
106
|
-
const generatedKeyUri = yield this.
|
|
88
|
+
const generatedKeyUri = yield this.musapKeyStore.generateKey(this.sscdType, keyGenReq);
|
|
107
89
|
if (generatedKeyUri) {
|
|
108
90
|
exports.logger.debug('Generated key:', generatedKeyUri);
|
|
109
|
-
const key = this.
|
|
91
|
+
const key = yield this.musapKeyStore.getKeyByUri(generatedKeyUri);
|
|
110
92
|
return this.asMusapKeyInfo(key);
|
|
111
93
|
}
|
|
112
94
|
else {
|
|
@@ -122,7 +104,7 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
122
104
|
deleteKey(_a) {
|
|
123
105
|
return __awaiter(this, arguments, void 0, function* ({ kid }) {
|
|
124
106
|
try {
|
|
125
|
-
|
|
107
|
+
this.musapKeyStore.removeKey(kid);
|
|
126
108
|
return true;
|
|
127
109
|
}
|
|
128
110
|
catch (error) {
|
|
@@ -148,10 +130,7 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
148
130
|
throw new Error('key_not_found: No key ref provided');
|
|
149
131
|
}
|
|
150
132
|
const data = new text_encoding_1.TextDecoder().decode(args.data);
|
|
151
|
-
const key = this.
|
|
152
|
-
if (key.sscdType === 'External Signature') {
|
|
153
|
-
key.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
|
|
154
|
-
}
|
|
133
|
+
const key = this.musapKeyStore.getKeyById(args.keyRef.kid);
|
|
155
134
|
const signatureReq = {
|
|
156
135
|
keyUri: key.keyUri,
|
|
157
136
|
data,
|
|
@@ -159,9 +138,9 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
159
138
|
displayText: args.displayText,
|
|
160
139
|
transId: args.transId,
|
|
161
140
|
format: (_a = args.format) !== null && _a !== void 0 ? _a : 'RAW',
|
|
162
|
-
attributes:
|
|
141
|
+
attributes: args.attributes,
|
|
163
142
|
};
|
|
164
|
-
return this.
|
|
143
|
+
return this.musapKeyStore.sign(signatureReq);
|
|
165
144
|
});
|
|
166
145
|
}
|
|
167
146
|
importKey(args) {
|
|
@@ -190,24 +169,6 @@ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem
|
|
|
190
169
|
sharedSecret(args) {
|
|
191
170
|
throw new Error('Not supported.');
|
|
192
171
|
}
|
|
193
|
-
recordToKeyAttributes(record) {
|
|
194
|
-
if (!record) {
|
|
195
|
-
return [];
|
|
196
|
-
}
|
|
197
|
-
return Object.entries(record).map(([key, value]) => ({
|
|
198
|
-
name: key,
|
|
199
|
-
value,
|
|
200
|
-
}));
|
|
201
|
-
}
|
|
202
|
-
recordToSignatureAttributes(record) {
|
|
203
|
-
if (!record) {
|
|
204
|
-
return [];
|
|
205
|
-
}
|
|
206
|
-
return Object.entries(record).map(([key, value]) => ({
|
|
207
|
-
name: key,
|
|
208
|
-
value,
|
|
209
|
-
}));
|
|
210
|
-
}
|
|
211
172
|
}
|
|
212
173
|
exports.MusapKeyManagementSystem = MusapKeyManagementSystem;
|
|
213
174
|
//# sourceMappingURL=MusapKeyManagerSystem.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MusapKeyManagerSystem.js","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA,6EAA8D;AAE9D,
|
|
1
|
+
{"version":3,"file":"MusapKeyManagerSystem.js","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA,6EAA8D;AAE9D,qEAaqC;AAErC,qDAAiE;AACjE,iDAA2C;AAC3C,mDAA6C;AAE7C,2EAOwC;AAE3B,QAAA,MAAM,GAAG,mBAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAElE,MAAa,wBAAyB,SAAQ,yCAA2B;IAIvE,YAAY,QAAmB;QAC7B,KAAK,EAAE,CAAA;QA6CD,8BAAyB,GAAG,CAAC,IAAc,EAAoB,EAAE;YACvE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,KAAK;oBACR,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,4BAA4B,CAAC,CAAA;YACjE,CAAC;QACH,CAAC,CAAA;QAEO,8BAAyB,GAAG,CAAC,IAAkB,EAAY,EAAE;YACnE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,OAAO;oBACV,OAAO,KAAK,CAAA;gBACd;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,oBAAoB,CAAC,CAAA;YACzD,CAAC;QACH,CAAC,CAAA;QApEC,IAAI,CAAC;YACH,IAAI,CAAC,aAAa,GAAG,gCAAW,CAAA;YAChC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAA;YAC3C,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAA;YAC9B,MAAM,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAEK,QAAQ;;YACZ,MAAM,QAAQ,GAAe,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAe,CAAA;YAChF,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAA;QACxD,CAAC;KAAA;IAEK,SAAS,CAAC,IAA4C;;YAC1D,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;YAC3B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;gBAChD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAA;YAC/E,CAAC;YAED,MAAM,SAAS,GAAG;gBAChB,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;gBAClD,QAAQ,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,QAAmB,CAAC,CAAC,CAAC,MAAM;gBACjE,QAAQ,EAAE,IAAI,CAAC,QAAkB;gBACjC,UAAU,EAAE,YAAY,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,UAA6B,CAAC,CAAC,CAAC,EAAE;gBAC3E,IAAI,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,IAAe,CAAC,CAAC,CAAC,eAAe;aAC3C,CAAA;YAErB,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;gBACtF,IAAI,eAAe,EAAE,CAAC;oBACpB,cAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAA;oBAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,eAAe,CAAC,CAAA;oBACjE,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAA;gBACxE,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,cAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;gBACzC,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;KAAA;IA4BK,SAAS;6DAAC,EAAE,GAAG,EAAmB;YACtC,IAAI,CAAC;gBACH,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;gBACjC,OAAO,IAAI,CAAA;YACb,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAA;gBAC5C,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KAAA;IAEO,kBAAkB,CAAC,iBAAqC,EAAE,YAA0B;QAC1F,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,IAAA,uDAAkC,EAAC,YAAY,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,IAAA,6CAAwB,EAAC,iBAAiB,CAAC,EAAE,CAAC;YAChD,OAAO,iBAAiB,CAAA;QAC1B,CAAC;QAED,6CAA6C;QAC7C,OAAO,IAAA,uDAAkC,EAAC,iBAAiC,CAAC,CAAA;IAC9E,CAAC;IAEK,IAAI,CAAC,IAA2F;;;YACpG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,2BAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAkB,CAAC,CAAA;YAE9D,MAAM,GAAG,GAAa,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAa,CAAA;YAChF,MAAM,YAAY,GAAiB;gBACjC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC;gBACjE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,MAAC,IAAI,CAAC,MAA0B,mCAAI,KAAK;gBACjD,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAA;YACD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC9C,CAAC;KAAA;IAEK,SAAS,CAAC,IAAoE;;YAClF,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAC/E,CAAC;KAAA;IAEO,cAAc,CAAC,IAAc;QACnC,MAAM,uBAAsD,IAAI,CAAE,EAA5D,EAAE,KAAK,EAAE,SAAS,OAA0C,EAArC,QAAQ,cAA/B,sBAAiC,CAA2B,CAAA;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,IAAA,oCAAW,EAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA,CAAC,8DAA8D;QAChH,MAAM,eAAe,GAAG,IAAA,iCAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAA,6CAAqB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACpG,MAAM,YAAY,GAAG,IAAA,gDAAwB,EAAC,eAAe,CAAC,CAAC,kNAAkN;YAC/Q,CAAC,CAAC,IAAA,+CAAuB,EAAC,eAAe,CAAC;YAC1C,CAAC,CAAC,IAAA,mDAA2B,EAAC,eAAe,EAAE,OAAO,CAAC,CAAA;QACzD,MAAM,OAAO,GAA4B;YACvC,GAAG,EAAE,KAAK;YACV,IAAI,EAAE,OAAO;YACb,YAAY;YACZ,IAAI,EAAE,QAAQ;SACf,CAAA;QAED,MAAM,aAAa,GAAG,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,OAAyB,EAAE,CAAC,CAAA;QACtF,OAAO,CAAC,IAAI,mCAAQ,OAAO,CAAC,IAAI,KAAE,aAAa,GAAE,CAAA;QACjD,OAAO,OAAyB,CAAA;IAClC,CAAC;IAED,YAAY,CAAC,IAAoF;QAC/F,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;IACnC,CAAC;CACF;AAlJD,4DAkJC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.kms-musap-rn",
|
|
3
3
|
"description": "Sphereon SSI-SDK react-native plugin for management of keys with musap.",
|
|
4
|
-
"version": "0.26.1-feature.
|
|
4
|
+
"version": "0.26.1-feature.SPRIND.116.44+f1862bf",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -10,9 +10,9 @@
|
|
|
10
10
|
"build:clean": "tsc --build --clean && tsc --build"
|
|
11
11
|
},
|
|
12
12
|
"dependencies": {
|
|
13
|
-
"@sphereon/musap-react-native": "0.
|
|
14
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.26.1-feature.
|
|
15
|
-
"@sphereon/ssi-sdk-ext.x509-utils": "0.26.1-feature.
|
|
13
|
+
"@sphereon/musap-react-native": "0.0.1-next.154",
|
|
14
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.26.1-feature.SPRIND.116.44+f1862bf",
|
|
15
|
+
"@sphereon/ssi-sdk-ext.x509-utils": "0.26.1-feature.SPRIND.116.44+f1862bf",
|
|
16
16
|
"@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
|
|
17
17
|
"@veramo/core": "4.2.0",
|
|
18
18
|
"@veramo/key-manager": "4.2.0",
|
|
@@ -41,5 +41,5 @@
|
|
|
41
41
|
"react-native",
|
|
42
42
|
"Veramo"
|
|
43
43
|
],
|
|
44
|
-
"gitHead": "
|
|
44
|
+
"gitHead": "f1862bf57b3488fffaad2222174ed6927e5e3a05"
|
|
45
45
|
}
|
|
@@ -1,23 +1,20 @@
|
|
|
1
1
|
import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'
|
|
2
2
|
import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
|
|
3
3
|
import {
|
|
4
|
-
ExternalSscdSettings,
|
|
5
|
-
IMusapClient,
|
|
6
4
|
isSignatureAlgorithmType,
|
|
7
5
|
JWSAlgorithm,
|
|
8
6
|
KeyAlgorithm,
|
|
9
7
|
KeyAlgorithmType,
|
|
10
|
-
KeyAttribute,
|
|
11
8
|
KeyGenReq,
|
|
12
|
-
MusapClient,
|
|
13
9
|
MusapKey,
|
|
10
|
+
MusapModule,
|
|
11
|
+
MusapModuleType,
|
|
14
12
|
signatureAlgorithmFromKeyAlgorithm,
|
|
15
13
|
SignatureAlgorithmType,
|
|
16
|
-
SignatureAttribute,
|
|
17
14
|
SignatureFormat,
|
|
18
15
|
SignatureReq,
|
|
19
|
-
SscdType,
|
|
20
16
|
} from '@sphereon/musap-react-native'
|
|
17
|
+
import { KeyAttribute, SscdType } from '@sphereon/musap-react-native'
|
|
21
18
|
import { AbstractKeyManagementSystem } from '@veramo/key-manager'
|
|
22
19
|
import { TextDecoder } from 'text-encoding'
|
|
23
20
|
import { Loggers } from '@sphereon/ssi-types'
|
|
@@ -34,29 +31,15 @@ import {
|
|
|
34
31
|
export const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')
|
|
35
32
|
|
|
36
33
|
export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
37
|
-
private
|
|
38
|
-
private
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
private readonly defaultSignAttributes: Record<string, string> | undefined
|
|
42
|
-
|
|
43
|
-
constructor(sscdType?: SscdType, sscdId?: string, opts?: {
|
|
44
|
-
externalSscdSettings?: ExternalSscdSettings,
|
|
45
|
-
defaultKeyAttributes?: Record<string, string>,
|
|
46
|
-
defaultSignAttributes?: Record<string, string>
|
|
47
|
-
}) {
|
|
34
|
+
private musapKeyStore: MusapModuleType
|
|
35
|
+
private sscdType: SscdType
|
|
36
|
+
|
|
37
|
+
constructor(sscdType?: SscdType) {
|
|
48
38
|
super()
|
|
49
39
|
try {
|
|
50
|
-
this.
|
|
40
|
+
this.musapKeyStore = MusapModule
|
|
51
41
|
this.sscdType = sscdType ? sscdType : 'TEE'
|
|
52
|
-
this.
|
|
53
|
-
this.defaultKeyAttributes = opts?.defaultKeyAttributes
|
|
54
|
-
this.defaultSignAttributes = opts?.defaultSignAttributes
|
|
55
|
-
|
|
56
|
-
const enabledSscds = this.musapClient.listEnabledSscds()
|
|
57
|
-
if (!enabledSscds.some(value => value.sscdId == sscdId)) {
|
|
58
|
-
this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)
|
|
59
|
-
}
|
|
42
|
+
this.musapKeyStore.enableSscd(this.sscdType)
|
|
60
43
|
} catch (e) {
|
|
61
44
|
console.error('enableSscd', e)
|
|
62
45
|
throw Error('enableSscd failed')
|
|
@@ -64,7 +47,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
64
47
|
}
|
|
65
48
|
|
|
66
49
|
async listKeys(): Promise<ManagedKeyInfo[]> {
|
|
67
|
-
const keysJson: MusapKey[] = (this.
|
|
50
|
+
const keysJson: MusapKey[] = (await this.musapKeyStore.listKeys()) as MusapKey[]
|
|
68
51
|
return keysJson.map((key) => this.asMusapKeyInfo(key))
|
|
69
52
|
}
|
|
70
53
|
|
|
@@ -74,29 +57,19 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
74
57
|
return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))
|
|
75
58
|
}
|
|
76
59
|
|
|
77
|
-
if (this.sscdType == 'EXTERNAL') {
|
|
78
|
-
const existingKeys: MusapKey[] = (this.musapClient.listKeys()) as MusapKey[]
|
|
79
|
-
const extKey = existingKeys.find(musapKey => musapKey.sscdType as string === 'External Signature') // FIXME returning does not match SscdType enum
|
|
80
|
-
if (extKey) {
|
|
81
|
-
extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
|
|
82
|
-
return this.asMusapKeyInfo(extKey)
|
|
83
|
-
}
|
|
84
|
-
return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))
|
|
85
|
-
}
|
|
86
|
-
|
|
87
60
|
const keyGenReq = {
|
|
88
61
|
keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
|
|
89
62
|
keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',
|
|
90
63
|
keyAlias: meta.keyAlias as string,
|
|
91
|
-
attributes:
|
|
64
|
+
attributes: 'attributes' in meta ? (meta.attributes as KeyAttribute[]) : [],
|
|
92
65
|
role: 'role' in meta ? (meta.role as string) : 'administrator',
|
|
93
66
|
} satisfies KeyGenReq
|
|
94
67
|
|
|
95
68
|
try {
|
|
96
|
-
const generatedKeyUri = await this.
|
|
69
|
+
const generatedKeyUri = await this.musapKeyStore.generateKey(this.sscdType, keyGenReq)
|
|
97
70
|
if (generatedKeyUri) {
|
|
98
71
|
logger.debug('Generated key:', generatedKeyUri)
|
|
99
|
-
const key = this.
|
|
72
|
+
const key = await this.musapKeyStore.getKeyByUri(generatedKeyUri)
|
|
100
73
|
return this.asMusapKeyInfo(key)
|
|
101
74
|
} else {
|
|
102
75
|
return Promise.reject(new Error('Failed to generate key. No key URI'))
|
|
@@ -126,9 +99,6 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
126
99
|
return 'Secp256k1'
|
|
127
100
|
case 'eccp256r1':
|
|
128
101
|
return 'Secp256r1'
|
|
129
|
-
case 'ecc_ed25519':
|
|
130
|
-
return 'Ed25519'
|
|
131
|
-
case 'rsa2k':
|
|
132
102
|
case 'rsa4k':
|
|
133
103
|
return 'RSA'
|
|
134
104
|
default:
|
|
@@ -138,7 +108,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
138
108
|
|
|
139
109
|
async deleteKey({ kid }: { kid: string }): Promise<boolean> {
|
|
140
110
|
try {
|
|
141
|
-
|
|
111
|
+
this.musapKeyStore.removeKey(kid)
|
|
142
112
|
return true
|
|
143
113
|
} catch (error) {
|
|
144
114
|
console.warn('Failed to delete key:', error)
|
|
@@ -159,22 +129,14 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
159
129
|
return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)
|
|
160
130
|
}
|
|
161
131
|
|
|
162
|
-
async sign(args: {
|
|
163
|
-
keyRef: Pick<IKey, 'kid'>;
|
|
164
|
-
algorithm?: string;
|
|
165
|
-
data: Uint8Array;
|
|
166
|
-
[x: string]: any
|
|
167
|
-
}): Promise<string> {
|
|
132
|
+
async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {
|
|
168
133
|
if (!args.keyRef) {
|
|
169
134
|
throw new Error('key_not_found: No key ref provided')
|
|
170
135
|
}
|
|
171
136
|
|
|
172
137
|
const data = new TextDecoder().decode(args.data as Uint8Array)
|
|
173
138
|
|
|
174
|
-
const key: MusapKey = this.
|
|
175
|
-
if (key.sscdType as string === 'External Signature') {
|
|
176
|
-
key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
|
|
177
|
-
}
|
|
139
|
+
const key: MusapKey = this.musapKeyStore.getKeyById(args.keyRef.kid) as MusapKey
|
|
178
140
|
const signatureReq: SignatureReq = {
|
|
179
141
|
keyUri: key.keyUri,
|
|
180
142
|
data,
|
|
@@ -182,9 +144,9 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
182
144
|
displayText: args.displayText,
|
|
183
145
|
transId: args.transId,
|
|
184
146
|
format: (args.format as SignatureFormat) ?? 'RAW',
|
|
185
|
-
attributes:
|
|
147
|
+
attributes: args.attributes,
|
|
186
148
|
}
|
|
187
|
-
return this.
|
|
149
|
+
return this.musapKeyStore.sign(signatureReq)
|
|
188
150
|
}
|
|
189
151
|
|
|
190
152
|
async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {
|
|
@@ -194,7 +156,6 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
194
156
|
private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {
|
|
195
157
|
const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }
|
|
196
158
|
const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)
|
|
197
|
-
|
|
198
159
|
const pemBinary = PEMToBinary(args.publicKey.pem) // The der is flawed, it's not binary but a string [123, 4567]
|
|
199
160
|
const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary
|
|
200
161
|
const publicKeyHex = isRawCompressedPublicKey(publicKeyBinary) // TODO In the future I think it's better to have an option in KeyGenReq to specify which public key format we want back. Now it's different in iOS vs Android and we need to handle that inconsistency afterwards
|
|
@@ -215,24 +176,4 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
|
|
|
215
176
|
sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {
|
|
216
177
|
throw new Error('Not supported.')
|
|
217
178
|
}
|
|
218
|
-
|
|
219
|
-
private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {
|
|
220
|
-
if (!record) {
|
|
221
|
-
return []
|
|
222
|
-
}
|
|
223
|
-
return Object.entries(record).map(([key, value]) => ({
|
|
224
|
-
name: key,
|
|
225
|
-
value,
|
|
226
|
-
}))
|
|
227
|
-
}
|
|
228
|
-
|
|
229
|
-
private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {
|
|
230
|
-
if (!record) {
|
|
231
|
-
return []
|
|
232
|
-
}
|
|
233
|
-
return Object.entries(record).map(([key, value]) => ({
|
|
234
|
-
name: key,
|
|
235
|
-
value,
|
|
236
|
-
}))
|
|
237
|
-
}
|
|
238
179
|
}
|