@sphereon/ssi-sdk-ext.kms-musap-rn 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.jose.vcdm.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +18 -8
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +2 -2
  4. package/dist/index.js.map +1 -1
  5. package/package.json +6 -5
  6. package/src/MusapKeyManagerSystem.ts +2 -3
package/dist/index.cjs CHANGED
@@ -1,7 +1,9 @@
1
1
  "use strict";
2
+ var __create = Object.create;
2
3
  var __defProp = Object.defineProperty;
3
4
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
5
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
5
7
  var __hasOwnProp = Object.prototype.hasOwnProperty;
6
8
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
7
9
  var __export = (target, all) => {
@@ -16,6 +18,14 @@ var __copyProps = (to, from, except, desc) => {
16
18
  }
17
19
  return to;
18
20
  };
21
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
22
+ // If the importer is in node compatibility mode or this is not an ESM
23
+ // file that has been converted to a CommonJS file using a Babel-
24
+ // compatible transform (i.e. "__esModule" has not been set), then set
25
+ // "default" to the CommonJS "module.exports" for node compatibility.
26
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
27
+ mod
28
+ ));
19
29
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
20
30
 
21
31
  // src/index.ts
@@ -32,8 +42,8 @@ var import_key_manager = require("@veramo/key-manager");
32
42
  var import_text_encoding = require("text-encoding");
33
43
  var import_ssi_types = require("@sphereon/ssi-types");
34
44
  var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.key-utils");
35
- var import_from_string = require("uint8arrays/from-string");
36
- var import_to_string = require("uint8arrays/to-string");
45
+ var u8a = __toESM(require("uint8arrays"), 1);
46
+ var { fromString, toString } = u8a;
37
47
  var logger = import_ssi_types.Loggers.DEFAULT.get("sphereon:musap-rn-kms");
38
48
  var MusapKeyManagementSystem = class extends import_key_manager.AbstractKeyManagementSystem {
39
49
  static {
@@ -181,13 +191,13 @@ var MusapKeyManagementSystem = class extends import_key_manager.AbstractKeyManag
181
191
  decodeMusapPublicKey = /* @__PURE__ */ __name((args) => {
182
192
  const { publicKey, keyType } = args;
183
193
  const pemBinary = (0, import_ssi_sdk_ext.PEMToBinary)(publicKey.pem);
184
- const pemString = (0, import_to_string.toString)(pemBinary, "utf8");
194
+ const pemString = toString(pemBinary, "utf8");
185
195
  const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === "string" && pemString.startsWith("MF");
186
196
  if (isDoubleEncoded) {
187
- const actualDerBytes = (0, import_from_string.fromString)(pemString, "base64");
197
+ const actualDerBytes = fromString(pemString, "base64");
188
198
  const keyDataStart = 24;
189
199
  const keyData = actualDerBytes.slice(keyDataStart);
190
- let publicKeyHex = (0, import_to_string.toString)(keyData, "hex");
200
+ let publicKeyHex = toString(keyData, "hex");
191
201
  if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith("04")) {
192
202
  publicKeyHex = "04" + publicKeyHex;
193
203
  }
@@ -195,15 +205,15 @@ var MusapKeyManagementSystem = class extends import_key_manager.AbstractKeyManag
195
205
  publicKeyHex = publicKeyHex + "0";
196
206
  }
197
207
  if (publicKeyHex.startsWith("04") && publicKeyHex.length === 130) {
198
- const xCoord = (0, import_from_string.fromString)(publicKeyHex.slice(2, 66), "hex");
199
- const yCoord = (0, import_from_string.fromString)(publicKeyHex.slice(66, 130), "hex");
208
+ const xCoord = fromString(publicKeyHex.slice(2, 66), "hex");
209
+ const yCoord = fromString(publicKeyHex.slice(66, 130), "hex");
200
210
  const prefix = new Uint8Array([
201
211
  yCoord[31] % 2 === 0 ? 2 : 3
202
212
  ]);
203
213
  const compressedKey = new Uint8Array(33);
204
214
  compressedKey.set(prefix, 0);
205
215
  compressedKey.set(xCoord, 1);
206
- return (0, import_to_string.toString)(compressedKey, "hex");
216
+ return toString(compressedKey, "hex");
207
217
  }
208
218
  return publicKeyHex;
209
219
  }
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/MusapKeyManagerSystem.ts"],"sourcesContent":["export { MusapKeyManagementSystem } from './MusapKeyManagerSystem'\n\nexport interface KeyMetadata {\n algorithms?: string[]\n\n [x: string]: any\n}\n","import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA,yBAA4B;AAE5B,gCAiBO;AACP,yBAA4C;AAC5C,2BAA4B;AAC5B,uBAAwB;AAExB,IAAAA,sBAOO;AAEP,yBAA2B;AAE3B,uBAAyB;AAElB,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,+CAAAA;EAvC9C,OAuC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,iBAAO4B,8DAAmCnB,YAAAA;IAC5C;AAEA,YAAIoB,oDAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,eAAOC,8DAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,iCAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,gBAAYC,gCAAYH,UAAUI,GAAG;AAI3C,UAAMC,gBAAYC,2BAASJ,WAAW,MAAA;AACtC,UAAMK,kBAAkBL,UAAUM,SAAS,KAAK,OAAOH,cAAc,YAAYA,UAAUI,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,qBAAiBC,+BAAWN,WAAW,QAAA;AAG7C,YAAMO,eAAe;AACrB,YAAMC,UAAUH,eAAeI,MAAMF,YAAAA;AAGrC,UAAIG,mBAAeT,2BAASO,SAAS,KAAA;AAGrC,UAAIE,aAAaP,UAAU,OAAO,CAACO,aAAaN,WAAW,IAAA,GAAO;AAChEM,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaN,WAAW,IAAA,KAASM,aAAaP,SAAS,KAAK;AACjEO,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaN,WAAW,IAAA,KAASM,aAAaP,WAAW,KAAK;AAChE,cAAMQ,aAASL,+BAAWI,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,aAASN,+BAAWI,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,mBAAOV,2BAASc,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,sBAAkBC,+BAAUrB,SAAAA,QAAasB,2CAAsBtB,WAAWD,OAAAA,IAAWC;AAC3F,eAAOuB,8CAAyBH,eAAAA,QAC5BI,6CAAwBJ,eAAAA,QACxBK,iDAA4BL,iBAAiBrB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAE0E,OAAO5B,WAAW,GAAG6B,SAAAA,IAA0B;MAAE,GAAG3E;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMmD,eAAe,KAAKhB,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM6B,UAAmC;MACvCnD,KAAKiD;MACLzE,MAAM8C;MACNc;MACA3D,MAAMyE;IACR;AAEA,UAAME,oBAAgBC,kDAA6B;MAAEjF,KAAK+E;IAA0B,CAAA;AACpFA,YAAQ1E,OAAO;MAAE,GAAG0E,QAAQ1E;MAAM2E;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa/E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB+D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BqC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;AACF;","names":["import_ssi_sdk_ext","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","toString","isDoubleEncoded","length","startsWith","actualDerBytes","fromString","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/MusapKeyManagerSystem.ts"],"sourcesContent":["export { MusapKeyManagementSystem } from './MusapKeyManagerSystem'\n\nexport interface KeyMetadata {\n algorithms?: string[]\n\n [x: string]: any\n}\n","import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA,yBAA4B;AAE5B,gCAiBO;AACP,yBAA4C;AAC5C,2BAA4B;AAC5B,uBAAwB;AAExB,IAAAA,sBAOO;AAEP,UAAqB;AACrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,+CAAAA;EAtC9C,OAsC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,iBAAO4B,8DAAmCnB,YAAAA;IAC5C;AAEA,YAAIoB,oDAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,eAAOC,8DAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,iCAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,gBAAYC,gCAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYnF,SAASgF,WAAW,MAAA;AACtC,UAAMI,kBAAkBJ,UAAUK,SAAS,KAAK,OAAOF,cAAc,YAAYA,UAAUG,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBxF,WAAWoF,WAAW,QAAA;AAG7C,YAAMK,eAAe;AACrB,YAAMC,UAAUF,eAAeG,MAAMF,YAAAA;AAGrC,UAAIG,eAAe3F,SAASyF,SAAS,KAAA;AAGrC,UAAIE,aAAaN,UAAU,OAAO,CAACM,aAAaL,WAAW,IAAA,GAAO;AAChEK,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaL,WAAW,IAAA,KAASK,aAAaN,SAAS,KAAK;AACjEM,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaL,WAAW,IAAA,KAASK,aAAaN,WAAW,KAAK;AAChE,cAAMO,SAAS7F,WAAW4F,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAAS9F,WAAW4F,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAO5F,SAASgG,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,sBAAkBC,+BAAUnB,SAAAA,QAAaoB,2CAAsBpB,WAAWD,OAAAA,IAAWC;AAC3F,eAAOqB,8CAAyBH,eAAAA,QAC5BI,6CAAwBJ,eAAAA,QACxBK,iDAA4BL,iBAAiBnB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAEwE,OAAO1B,WAAW,GAAG2B,SAAAA,IAA0B;MAAE,GAAGzE;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMiD,eAAe,KAAKd,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM2B,UAAmC;MACvCjD,KAAK+C;MACLvE,MAAM8C;MACNY;MACAzD,MAAMuE;IACR;AAEA,UAAME,oBAAgBC,kDAA6B;MAAE/E,KAAK6E;IAA0B,CAAA;AACpFA,YAAQxE,OAAO;MAAE,GAAGwE,QAAQxE;MAAMyE;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa7E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB6D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BmC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;AACF;","names":["import_ssi_sdk_ext","fromString","toString","u8a","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","isDoubleEncoded","length","startsWith","actualDerBytes","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
package/dist/index.js CHANGED
@@ -8,8 +8,8 @@ import { AbstractKeyManagementSystem } from "@veramo/key-manager";
8
8
  import { TextDecoder } from "text-encoding";
9
9
  import { Loggers } from "@sphereon/ssi-types";
10
10
  import { asn1DerToRawPublicKey, calculateJwkThumbprintForKey, hexStringFromUint8Array, isAsn1Der, isRawCompressedPublicKey, toRawCompressedHexPublicKey } from "@sphereon/ssi-sdk-ext.key-utils";
11
- import { fromString } from "uint8arrays/from-string";
12
- import { toString } from "uint8arrays/to-string";
11
+ import * as u8a from "uint8arrays";
12
+ var { fromString, toString } = u8a;
13
13
  var logger = Loggers.DEFAULT.get("sphereon:musap-rn-kms");
14
14
  var MusapKeyManagementSystem = class extends AbstractKeyManagementSystem {
15
15
  static {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/MusapKeyManagerSystem.ts"],"sourcesContent":["import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;AAAA,SAASA,mBAAmB;AAE5B,SAGEC,0BAMAC,aAEAC,0CAMK;AACP,SAASC,mCAAmC;AAC5C,SAASC,mBAAmB;AAC5B,SAASC,eAAe;AAExB,SACEC,uBACAC,8BACAC,yBACAC,WACAC,0BACAC,mCACK;AAEP,SAASC,kBAAkB;AAE3B,SAASC,gBAAgB;AAElB,IAAMC,SAASC,QAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,4BAAAA;EAvC9C,OAuC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,aAAO4B,mCAAmCnB,YAAAA;IAC5C;AAEA,QAAIoB,yBAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,WAAOC,mCAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,YAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,YAAYC,YAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYC,SAASJ,WAAW,MAAA;AACtC,UAAMK,kBAAkBL,UAAUM,SAAS,KAAK,OAAOH,cAAc,YAAYA,UAAUI,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBC,WAAWN,WAAW,QAAA;AAG7C,YAAMO,eAAe;AACrB,YAAMC,UAAUH,eAAeI,MAAMF,YAAAA;AAGrC,UAAIG,eAAeT,SAASO,SAAS,KAAA;AAGrC,UAAIE,aAAaP,UAAU,OAAO,CAACO,aAAaN,WAAW,IAAA,GAAO;AAChEM,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaN,WAAW,IAAA,KAASM,aAAaP,SAAS,KAAK;AACjEO,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaN,WAAW,IAAA,KAASM,aAAaP,WAAW,KAAK;AAChE,cAAMQ,SAASL,WAAWI,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAASN,WAAWI,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAOV,SAASc,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,kBAAkBC,UAAUrB,SAAAA,IAAasB,sBAAsBtB,WAAWD,OAAAA,IAAWC;AAC3F,WAAOuB,yBAAyBH,eAAAA,IAC5BI,wBAAwBJ,eAAAA,IACxBK,4BAA4BL,iBAAiBrB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAE0E,OAAO5B,WAAW,GAAG6B,SAAAA,IAA0B;MAAE,GAAG3E;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMmD,eAAe,KAAKhB,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM6B,UAAmC;MACvCnD,KAAKiD;MACLzE,MAAM8C;MACNc;MACA3D,MAAMyE;IACR;AAEA,UAAME,gBAAgBC,6BAA6B;MAAEjF,KAAK+E;IAA0B,CAAA;AACpFA,YAAQ1E,OAAO;MAAE,GAAG0E,QAAQ1E;MAAM2E;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa/E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB+D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BqC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;AACF;","names":["PEMToBinary","isSignatureAlgorithmType","MusapClient","signatureAlgorithmFromKeyAlgorithm","AbstractKeyManagementSystem","TextDecoder","Loggers","asn1DerToRawPublicKey","calculateJwkThumbprintForKey","hexStringFromUint8Array","isAsn1Der","isRawCompressedPublicKey","toRawCompressedHexPublicKey","fromString","toString","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","toString","isDoubleEncoded","length","startsWith","actualDerBytes","fromString","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
1
+ {"version":3,"sources":["../src/MusapKeyManagerSystem.ts"],"sourcesContent":["import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;AAAA,SAASA,mBAAmB;AAE5B,SAGEC,0BAMAC,aAEAC,0CAMK;AACP,SAASC,mCAAmC;AAC5C,SAASC,mBAAmB;AAC5B,SAASC,eAAe;AAExB,SACEC,uBACAC,8BACAC,yBACAC,WACAC,0BACAC,mCACK;AAEP,YAAYC,SAAS;AACrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,SAASC,QAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,4BAAAA;EAtC9C,OAsC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,aAAO4B,mCAAmCnB,YAAAA;IAC5C;AAEA,QAAIoB,yBAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,WAAOC,mCAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,YAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,YAAYC,YAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYnF,SAASgF,WAAW,MAAA;AACtC,UAAMI,kBAAkBJ,UAAUK,SAAS,KAAK,OAAOF,cAAc,YAAYA,UAAUG,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBxF,WAAWoF,WAAW,QAAA;AAG7C,YAAMK,eAAe;AACrB,YAAMC,UAAUF,eAAeG,MAAMF,YAAAA;AAGrC,UAAIG,eAAe3F,SAASyF,SAAS,KAAA;AAGrC,UAAIE,aAAaN,UAAU,OAAO,CAACM,aAAaL,WAAW,IAAA,GAAO;AAChEK,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaL,WAAW,IAAA,KAASK,aAAaN,SAAS,KAAK;AACjEM,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaL,WAAW,IAAA,KAASK,aAAaN,WAAW,KAAK;AAChE,cAAMO,SAAS7F,WAAW4F,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAAS9F,WAAW4F,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAO5F,SAASgG,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,kBAAkBC,UAAUnB,SAAAA,IAAaoB,sBAAsBpB,WAAWD,OAAAA,IAAWC;AAC3F,WAAOqB,yBAAyBH,eAAAA,IAC5BI,wBAAwBJ,eAAAA,IACxBK,4BAA4BL,iBAAiBnB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAEwE,OAAO1B,WAAW,GAAG2B,SAAAA,IAA0B;MAAE,GAAGzE;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMiD,eAAe,KAAKd,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM2B,UAAmC;MACvCjD,KAAK+C;MACLvE,MAAM8C;MACNY;MACAzD,MAAMuE;IACR;AAEA,UAAME,gBAAgBC,6BAA6B;MAAE/E,KAAK6E;IAA0B,CAAA;AACpFA,YAAQxE,OAAO;MAAE,GAAGwE,QAAQxE;MAAMyE;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa7E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB6D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BmC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;AACF;","names":["PEMToBinary","isSignatureAlgorithmType","MusapClient","signatureAlgorithmFromKeyAlgorithm","AbstractKeyManagementSystem","TextDecoder","Loggers","asn1DerToRawPublicKey","calculateJwkThumbprintForKey","hexStringFromUint8Array","isAsn1Der","isRawCompressedPublicKey","toRawCompressedHexPublicKey","u8a","fromString","toString","u8a","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","isDoubleEncoded","length","startsWith","actualDerBytes","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
package/package.json CHANGED
@@ -1,13 +1,14 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.kms-musap-rn",
3
3
  "description": "Sphereon SSI-SDK react-native plugin for management of keys with musap.",
4
- "version": "0.28.1-feature.esm.cjs.8+4c162d1",
4
+ "version": "0.28.1-feature.jose.vcdm.19+2c20244",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
8
8
  "module": "./dist/index.js",
9
9
  "types": "./dist/index.d.ts",
10
10
  "exports": {
11
+ "react-native": "./dist/index.js",
11
12
  "import": {
12
13
  "types": "./dist/index.d.ts",
13
14
  "import": "./dist/index.js"
@@ -22,9 +23,9 @@
22
23
  },
23
24
  "dependencies": {
24
25
  "@sphereon/musap-react-native": "0.2.1-next.170",
25
- "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.8+4c162d1",
26
- "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.8+4c162d1",
27
- "@sphereon/ssi-types": " ^0.33",
26
+ "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.19+2c20244",
27
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.19+2c20244",
28
+ "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.56",
28
29
  "@veramo/core": "4.2.0",
29
30
  "@veramo/key-manager": "4.2.0",
30
31
  "@veramo/kms-local": "4.2.0",
@@ -53,5 +54,5 @@
53
54
  "react-native",
54
55
  "Veramo"
55
56
  ],
56
- "gitHead": "4c162d14577f462070adeea3e7ec5a443c324ee7"
57
+ "gitHead": "2c2024461b7732a2b9c6e6940cc399d5ca4626ac"
57
58
  }
package/src/MusapKeyManagerSystem.ts CHANGED
@@ -31,9 +31,8 @@ import {
31
31
  toRawCompressedHexPublicKey,
32
32
  } from '@sphereon/ssi-sdk-ext.key-utils'
33
33
  // @ts-ignore
34
- import { fromString } from 'uint8arrays/from-string'
35
- // @ts-ignore
36
- import { toString } from 'uint8arrays/to-string'
34
+ import * as u8a from 'uint8arrays'
35
+ const { fromString, toString } = u8a
37
36
 
38
37
  export const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')
39
38