@sphereon/ssi-sdk-ext.kms-musap-rn 0.28.1-feature.esm.cjs.9 → 0.28.1-feature.oyd.cmsm.improv.16

package/dist/{index.d.cts → MusapKeyManagerSystem.d.ts}

@@ -1,8 +1,9 @@
-import { ManagedKeyInfo, TKeyType, IKey, MinimalImportableKey } from '@veramo/core';
-import { SscdType, ExternalSscdSettings } from '@sphereon/musap-react-native';
+import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
+import { ExternalSscdSettings, SscdType } from '@sphereon/musap-react-native';
 import { AbstractKeyManagementSystem } from '@veramo/key-manager';
-
-declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
+import { KeyMetadata } from './index';
+export declare const logger: import("@sphereon/ssi-types").ISimpleLogger<unknown>;
+export declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     private musapClient;
     private readonly sscdType;
     private readonly sscdId;
@@ -42,10 +43,4 @@ declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     private recordToKeyAttributes;
     private recordToSignatureAttributes;
 }
-
-interface KeyMetadata {
-    algorithms?: string[];
-    [x: string]: any;
-}
-
-export { type KeyMetadata, MusapKeyManagementSystem };
+//# sourceMappingURL=MusapKeyManagerSystem.d.ts.map

package/dist/MusapKeyManagerSystem.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MusapKeyManagerSystem.d.ts","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACnF,OAAO,EACL,oBAAoB,EAepB,QAAQ,EACT,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAA;AAGjE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAWrC,eAAO,MAAM,MAAM,sDAA+C,CAAA;AAElE,qBAAa,wBAAyB,SAAQ,2BAA2B;IACvE,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAU;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAoC;IACzE,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAoC;gBAE9D,QAAQ,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QACvD,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;QAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAC/C;IAmBK,QAAQ,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKrC,SAAS,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAuCtF,OAAO,CAAC,yBAAyB,CAWhC;IAED,OAAO,CAAC,yBAAyB,CAchC;IAEK,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAc3D,OAAO,CAAC,kBAAkB;IAapB,IAAI,CAAC,IAAI,EAAE;QACf,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,UAAU,CAAC;QACjB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;KACjB,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBb,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAI9G,OAAO,CAAC,oBAAoB,CAqD3B;IAGD,OAAO,CAAC,cAAc;IAqBtB,YAAY,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,cAAc,GAAG,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAInH,OAAO,CAAC,qBAAqB;IAU7B,OAAO,CAAC,2BAA2B;CASpC"}

package/dist/MusapKeyManagerSystem.js

@@ -0,0 +1,284 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MusapKeyManagementSystem = exports.logger = void 0;
+const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
+const musap_react_native_1 = require("@sphereon/musap-react-native");
+const key_manager_1 = require("@veramo/key-manager");
+const text_encoding_1 = require("text-encoding");
+const ssi_types_1 = require("@sphereon/ssi-types");
+const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
+const u8a = __importStar(require("uint8arrays"));
+exports.logger = ssi_types_1.Loggers.DEFAULT.get('sphereon:musap-rn-kms');
+class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem {
+    constructor(sscdType, sscdId, opts) {
+        super();
+        this.mapKeyTypeToAlgorithmType = (type) => {
+            switch (type) {
+                case 'Secp256k1':
+                    return 'ECCP256K1';
+                case 'Secp256r1':
+                    return 'ECCP256R1';
+                case 'RSA':
+                    return 'RSA2K';
+                default:
+                    throw new Error(`Key type ${type} is not supported by MUSAP`);
+            }
+        };
+        this.mapAlgorithmTypeToKeyType = (type) => {
+            switch (type) {
+                case 'eccp256k1':
+                    return 'Secp256k1';
+                case 'eccp256r1':
+                    return 'Secp256r1';
+                case 'ecc_ed25519':
+                    return 'Ed25519';
+                case 'rsa2k':
+                case 'rsa4k':
+                    return 'RSA';
+                default:
+                    throw new Error(`Key type ${type} is not supported.`);
+            }
+        };
+        this.decodeMusapPublicKey = (args) => {
+            const { publicKey, keyType } = args;
+            // First try the normal PEM decoding path
+            const pemBinary = (0, ssi_sdk_ext_x509_utils_1.PEMToBinary)(publicKey.pem);
+            // Check if we got a string that looks like base64 (might be double encoded)
+            // Convert Uint8Array to string safely
+            const pemString = u8a.toString(pemBinary, 'utf8');
+            const isDoubleEncoded = pemBinary.length > 0 &&
+                typeof pemString === 'string' &&
+                pemString.startsWith('MF');
+            if (isDoubleEncoded) {
+                // Handle double-encoded case
+                const actualDerBytes = u8a.fromString(pemString, 'base64');
+                // For double-encoded case, we know the key data starts after the header
+                const keyDataStart = 24;
+                const keyData = actualDerBytes.slice(keyDataStart);
+                // Convert to public key hex
+                let publicKeyHex = u8a.toString(keyData, 'hex');
+                // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it
+                if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {
+                    publicKeyHex = '04' + publicKeyHex;
+                }
+                // Ensure we have full 65 bytes for uncompressed keys
+                while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {
+                    publicKeyHex = publicKeyHex + '0';
+                }
+                // Now convert to compressed format if needed
+                if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {
+                    const xCoord = u8a.fromString(publicKeyHex.slice(2, 66), 'hex');
+                    const yCoord = u8a.fromString(publicKeyHex.slice(66, 130), 'hex');
+                    const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03]);
+                    const compressedKey = new Uint8Array(33); // 1 byte prefix + 32 bytes x coordinate
+                    compressedKey.set(prefix, 0);
+                    compressedKey.set(xCoord, 1);
+                    return u8a.toString(compressedKey, 'hex');
+                }
+                return publicKeyHex;
+            }
+            // Not double encoded, proceed with normal path
+            const publicKeyBinary = (0, ssi_sdk_ext_key_utils_1.isAsn1Der)(pemBinary) ? (0, ssi_sdk_ext_key_utils_1.asn1DerToRawPublicKey)(pemBinary, keyType) : pemBinary;
+            return (0, ssi_sdk_ext_key_utils_1.isRawCompressedPublicKey)(publicKeyBinary)
+                ? (0, ssi_sdk_ext_key_utils_1.hexStringFromUint8Array)(publicKeyBinary)
+                : (0, ssi_sdk_ext_key_utils_1.toRawCompressedHexPublicKey)(publicKeyBinary, keyType);
+        };
+        try {
+            this.musapClient = musap_react_native_1.MusapClient;
+            this.sscdType = sscdType ? sscdType : 'TEE';
+            this.sscdId = sscdId !== null && sscdId !== void 0 ? sscdId : this.sscdType;
+            this.defaultKeyAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultKeyAttributes;
+            this.defaultSignAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultSignAttributes;
+            const enabledSscds = this.musapClient.listEnabledSscds();
+            if (!enabledSscds.some(value => value.sscdId == sscdId)) {
+                this.musapClient.enableSscd(this.sscdType, this.sscdId, opts === null || opts === void 0 ? void 0 : opts.externalSscdSettings);
+            }
+        }
+        catch (e) {
+            console.error('enableSscd', e);
+            throw Error('enableSscd failed');
+        }
+    }
+    listKeys() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const keysJson = (this.musapClient.listKeys());
+            return keysJson.map((key) => this.asMusapKeyInfo(key));
+        });
+    }
+    createKey(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { type, meta } = args;
+            if (meta === undefined || !('keyAlias' in meta)) {
+                return Promise.reject(Error('a unique keyAlias field is required for MUSAP'));
+            }
+            if (this.sscdType == 'EXTERNAL') {
+                const existingKeys = (this.musapClient.listKeys());
+                const extKey = existingKeys.find(musapKey => musapKey.sscdType === 'External Signature'); // FIXME returning does not match SscdType enum
+                if (extKey) {
+                    extKey.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
+                    return this.asMusapKeyInfo(extKey);
+                }
+                return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
+            }
+            const keyGenReq = {
+                keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
+                keyUsage: 'keyUsage' in meta ? meta.keyUsage : 'sign',
+                keyAlias: meta.keyAlias,
+                attributes: this.recordToKeyAttributes(Object.assign(Object.assign({}, this.defaultKeyAttributes), ('attributes' in meta ? meta.attributes : {}))),
+                role: 'role' in meta ? meta.role : 'administrator',
+            };
+            try {
+                const generatedKeyUri = yield this.musapClient.generateKey(this.sscdType, keyGenReq);
+                if (generatedKeyUri) {
+                    exports.logger.debug('Generated key:', generatedKeyUri);
+                    const key = this.musapClient.getKeyByUri(generatedKeyUri);
+                    return this.asMusapKeyInfo(key);
+                }
+                else {
+                    return Promise.reject(new Error('Failed to generate key. No key URI'));
+                }
+            }
+            catch (error) {
+                exports.logger.error('An error occurred:', error);
+                throw error;
+            }
+        });
+    }
+    deleteKey(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ kid }) {
+            try {
+                const key = this.musapClient.getKeyById(kid);
+                if (key.sscdType === 'External Signature') {
+                    return true; // FIXME we can't remove a eSim key for now because this would mean onboarding again
+                }
+                void this.musapClient.removeKey(kid);
+                return true;
+            }
+            catch (error) {
+                console.warn('Failed to delete key:', error);
+                return false;
+            }
+        });
+    }
+    determineAlgorithm(providedAlgorithm, keyAlgorithm) {
+        if (providedAlgorithm === undefined) {
+            return (0, musap_react_native_1.signatureAlgorithmFromKeyAlgorithm)(keyAlgorithm);
+        }
+        if ((0, musap_react_native_1.isSignatureAlgorithmType)(providedAlgorithm)) {
+            return providedAlgorithm;
+        }
+        // Veramo translates TKeyType to JWSAlgorithm
+        return (0, musap_react_native_1.signatureAlgorithmFromKeyAlgorithm)(providedAlgorithm);
+    }
+    sign(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            if (!args.keyRef) {
+                throw new Error('key_not_found: No key ref provided');
+            }
+            const data = new text_encoding_1.TextDecoder().decode(args.data);
+            const key = this.musapClient.getKeyById(args.keyRef.kid);
+            if (key.sscdType === 'External Signature') {
+                key.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
+            }
+            const signatureReq = {
+                keyUri: key.keyUri,
+                data,
+                algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
+                displayText: args.displayText,
+                transId: args.transId,
+                format: (_a = args.format) !== null && _a !== void 0 ? _a : 'RAW',
+                attributes: this.recordToSignatureAttributes(Object.assign(Object.assign({}, this.defaultSignAttributes), args.attributes)),
+            };
+            return this.musapClient.sign(signatureReq);
+        });
+    }
+    importKey(args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            throw new Error('importKey is not implemented for MusapKeyManagementSystem.');
+        });
+    }
+    asMusapKeyInfo(args) {
+        const _a = Object.assign({}, args), { keyId, publicKey } = _a, metadata = __rest(_a, ["keyId", "publicKey"]);
+        const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
+        const publicKeyHex = this.decodeMusapPublicKey({
+            publicKey: publicKey,
+            keyType: keyType
+        });
+        const keyInfo = {
+            kid: keyId,
+            type: keyType,
+            publicKeyHex,
+            meta: metadata,
+        };
+        const jwkThumbprint = (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key: keyInfo });
+        keyInfo.meta = Object.assign(Object.assign({}, keyInfo.meta), { jwkThumbprint });
+        return keyInfo;
+    }
+    sharedSecret(args) {
+        throw new Error('Not supported.');
+    }
+    recordToKeyAttributes(record) {
+        if (!record) {
+            return [];
+        }
+        return Object.entries(record).map(([key, value]) => ({
+            name: key,
+            value,
+        }));
+    }
+    recordToSignatureAttributes(record) {
+        if (!record) {
+            return [];
+        }
+        return Object.entries(record).map(([key, value]) => ({
+            name: key,
+            value,
+        }));
+    }
+}
+exports.MusapKeyManagementSystem = MusapKeyManagementSystem;
+//# sourceMappingURL=MusapKeyManagerSystem.js.map

package/dist/MusapKeyManagerSystem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MusapKeyManagerSystem.js","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6EAA8D;AAE9D,qEAiBqC;AACrC,qDAAiE;AACjE,iDAA2C;AAC3C,mDAA6C;AAE7C,2EAOwC;AACxC,iDAAkC;AAErB,QAAA,MAAM,GAAG,mBAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAElE,MAAa,wBAAyB,SAAQ,yCAA2B;IAOvE,YAAY,QAAmB,EAAE,MAAe,EAAE,IAIjD;QACC,KAAK,EAAE,CAAA;QA8DD,8BAAyB,GAAG,CAAC,IAAc,EAAoB,EAAE;YACvE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,KAAK;oBACR,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,4BAA4B,CAAC,CAAA;YACjE,CAAC;QACH,CAAC,CAAA;QAEO,8BAAyB,GAAG,CAAC,IAAkB,EAAY,EAAE;YACnE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,aAAa;oBAChB,OAAO,SAAS,CAAA;gBAClB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,CAAA;gBACd;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,oBAAoB,CAAC,CAAA;YACzD,CAAC;QACH,CAAC,CAAA;QA6DO,yBAAoB,GAAG,CAAC,IAAuD,EAAU,EAAE;YACjG,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;YAEnC,yCAAyC;YACzC,MAAM,SAAS,GAAG,IAAA,oCAAW,EAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAE5C,4EAA4E;YAC5E,sCAAsC;YACtC,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACjD,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC;gBAC1C,OAAO,SAAS,KAAK,QAAQ;gBAC7B,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAE5B,IAAI,eAAe,EAAE,CAAC;gBACpB,6BAA6B;gBAC7B,MAAM,cAAc,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;gBAE1D,wEAAwE;gBACxE,MAAM,YAAY,GAAG,EAAE,CAAA;gBACvB,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBAElD,4BAA4B;gBAC5B,IAAI,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBAE/C,6FAA6F;gBAC7F,IAAI,YAAY,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjE,YAAY,GAAG,IAAI,GAAG,YAAY,CAAA;gBACpC,CAAC;gBAED,qDAAqD;gBACrD,OAAO,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;oBAClE,YAAY,GAAG,YAAY,GAAG,GAAG,CAAA;gBACnC,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACjE,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAA;oBAC/D,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAA;oBACjE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;oBACnE,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA,CAAC,wCAAwC;oBACjF,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;oBAC5B,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;oBAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE,KAAK,CAAC,CAAA;gBAC3C,CAAC;gBAED,OAAO,YAAY,CAAA;YACrB,CAAC;YAED,+CAA+C;YAC/C,MAAM,eAAe,GAAG,IAAA,iCAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAA,6CAAqB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACpG,OAAO,IAAA,gDAAwB,EAAC,eAAe,CAAC;gBAC9C,CAAC,CAAC,IAAA,+CAAuB,EAAC,eAAe,CAAC;gBAC1C,CAAC,CAAC,IAAA,mDAA2B,EAAC,eAAe,EAAE,OAAO,CAAC,CAAA;QAC3D,CAAC,CAAA;QA1MC,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,GAAG,gCAAW,CAAA;YAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAA;YAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,IAAI,CAAC,QAAQ,CAAA;YACrC,IAAI,CAAC,oBAAoB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,CAAA;YACtD,IAAI,CAAC,qBAAqB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,qBAAqB,CAAA;YAExD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAA;YACxD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,CAAC,CAAA;YACrF,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAA;YAC9B,MAAM,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAEK,QAAQ;;YACZ,MAAM,QAAQ,GAAe,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAe,CAAA;YACxE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAA;QACxD,CAAC;KAAA;IAEK,SAAS,CAAC,IAA4C;;YAC1D,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;YAC3B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;gBAChD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAA;YAC/E,CAAC;YAED,IAAI,IAAI,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;gBAChC,MAAM,YAAY,GAAe,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAe,CAAA;gBAC5E,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAkB,KAAK,oBAAoB,CAAC,CAAA,CAAC,+CAA+C;gBAClJ,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,SAAS,GAAG,WAAW,CAAA,CAAC,2DAA2D;oBAC1F,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;gBACpC,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;YACvF,CAAC;YAED,MAAM,SAAS,GAAG;gBAChB,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;gBAClD,QAAQ,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,QAAmB,CAAC,CAAC,CAAC,MAAM;gBACjE,QAAQ,EAAE,IAAI,CAAC,QAAkB;gBACjC,UAAU,EAAE,IAAI,CAAC,qBAAqB,iCAAM,IAAI,CAAC,oBAAoB,GAAK,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAG;gBAC1H,IAAI,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,IAAe,CAAC,CAAC,CAAC,eAAe;aAC3C,CAAA;YAErB,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;gBACpF,IAAI,eAAe,EAAE,CAAC;oBACpB,cAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAA;oBAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,eAAe,CAAC,CAAA;oBACzD,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAA;gBACxE,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,cAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;gBACzC,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;KAAA;IA+BK,SAAS;6DAAC,EAAE,GAAG,EAAmB;YACpC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAa,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAa,CAAA;gBAClE,IAAI,GAAG,CAAC,QAAkB,KAAK,oBAAoB,EAAE,CAAC;oBACpD,OAAO,IAAI,CAAA,CAAC,oFAAoF;gBAClG,CAAC;gBACD,KAAK,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;gBACtC,OAAO,IAAI,CAAA;YACb,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAA;gBAC5C,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KAAA;IAEO,kBAAkB,CAAC,iBAAqC,EAAE,YAA0B;QAC1F,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,IAAA,uDAAkC,EAAC,YAAY,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,IAAA,6CAAwB,EAAC,iBAAiB,CAAC,EAAE,CAAC;YAChD,OAAO,iBAAiB,CAAA;QAC1B,CAAC;QAED,6CAA6C;QAC7C,OAAO,IAAA,uDAAkC,EAAC,iBAAiC,CAAC,CAAA;IAC9E,CAAC;IAEK,IAAI,CAAC,IAKV;;;YACC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,2BAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAkB,CAAC,CAAA;YAE9D,MAAM,GAAG,GAAa,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAa,CAAA;YAC9E,IAAI,GAAG,CAAC,QAAkB,KAAK,oBAAoB,EAAE,CAAC;gBACpD,GAAG,CAAC,SAAS,GAAG,WAAW,CAAA,CAAC,2DAA2D;YACzF,CAAC;YACD,MAAM,YAAY,GAAiB;gBACjC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC;gBACjE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,MAAC,IAAI,CAAC,MAA0B,mCAAI,KAAK;gBACjD,UAAU,EAAE,IAAI,CAAC,2BAA2B,iCAAM,IAAI,CAAC,qBAAqB,GAAK,IAAI,CAAC,UAAU,EAAG;aACpG,CAAA;YACD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;KAAA;IAEK,SAAS,CAAC,IAAoE;;YAClF,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAC/E,CAAC;KAAA;IA0DO,cAAc,CAAC,IAAc;QACnC,MAAM,uBAAsD,IAAI,CAAE,EAA5D,EAAE,KAAK,EAAE,SAAS,OAA0C,EAArC,QAAQ,cAA/B,sBAAiC,CAA2B,CAAA;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QAE9D,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC7C,SAAS,EAAE,SAAS;YACpB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAA;QAEF,MAAM,OAAO,GAA4B;YACvC,GAAG,EAAE,KAAK;YACV,IAAI,EAAE,OAAO;YACb,YAAY;YACZ,IAAI,EAAE,QAAQ;SACf,CAAA;QAED,MAAM,aAAa,GAAG,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,OAAyB,EAAE,CAAC,CAAA;QACtF,OAAO,CAAC,IAAI,mCAAQ,OAAO,CAAC,IAAI,KAAE,aAAa,GAAE,CAAA;QACjD,OAAO,OAAyB,CAAA;IAClC,CAAC;IAED,YAAY,CAAC,IAAoF;QAC/F,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;IACnC,CAAC;IAEO,qBAAqB,CAAC,MAA+B;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,EAAE,GAAG;YACT,KAAK;SACN,CAAC,CAAC,CAAA;IACL,CAAC;IAEO,2BAA2B,CAAC,MAA+B;QACjE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,EAAE,GAAG;YACT,KAAK;SACN,CAAC,CAAC,CAAA;IACL,CAAC;CACF;AAtQD,4DAsQC"}

package/dist/index.d.ts

@@ -1,51 +1,6 @@
-import { ManagedKeyInfo, TKeyType, IKey, MinimalImportableKey } from '@veramo/core';
-import { SscdType, ExternalSscdSettings } from '@sphereon/musap-react-native';
-import { AbstractKeyManagementSystem } from '@veramo/key-manager';
-
-declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
-    private musapClient;
-    private readonly sscdType;
-    private readonly sscdId;
-    private readonly defaultKeyAttributes;
-    private readonly defaultSignAttributes;
-    constructor(sscdType?: SscdType, sscdId?: string, opts?: {
-        externalSscdSettings?: ExternalSscdSettings;
-        defaultKeyAttributes?: Record<string, string>;
-        defaultSignAttributes?: Record<string, string>;
-    });
-    listKeys(): Promise<ManagedKeyInfo[]>;
-    createKey(args: {
-        type: TKeyType;
-        meta?: KeyMetadata;
-    }): Promise<ManagedKeyInfo>;
-    private mapKeyTypeToAlgorithmType;
-    private mapAlgorithmTypeToKeyType;
-    deleteKey({ kid }: {
-        kid: string;
-    }): Promise<boolean>;
-    private determineAlgorithm;
-    sign(args: {
-        keyRef: Pick<IKey, 'kid'>;
-        algorithm?: string;
-        data: Uint8Array;
-        [x: string]: any;
-    }): Promise<string>;
-    importKey(args: Omit<MinimalImportableKey, 'kms'> & {
-        privateKeyPEM?: string;
-    }): Promise<ManagedKeyInfo>;
-    private decodeMusapPublicKey;
-    private asMusapKeyInfo;
-    sharedSecret(args: {
-        myKeyRef: Pick<IKey, 'kid'>;
-        theirKey: Pick<IKey, 'publicKeyHex' | 'type'>;
-    }): Promise<string>;
-    private recordToKeyAttributes;
-    private recordToSignatureAttributes;
-}
-
-interface KeyMetadata {
+export { MusapKeyManagementSystem } from './MusapKeyManagerSystem';
+export interface KeyMetadata {
     algorithms?: string[];
     [x: string]: any;
 }
-
-export { type KeyMetadata, MusapKeyManagementSystem };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAA;AAElE,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IAErB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CACjB"}

package/dist/index.js

@@ -1,238 +1,6 @@
-var __defProp = Object.defineProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-
-// src/MusapKeyManagerSystem.ts
-import { PEMToBinary } from "@sphereon/ssi-sdk-ext.x509-utils";
-import { isSignatureAlgorithmType, MusapClient, signatureAlgorithmFromKeyAlgorithm } from "@sphereon/musap-react-native";
-import { AbstractKeyManagementSystem } from "@veramo/key-manager";
-import { TextDecoder } from "text-encoding";
-import { Loggers } from "@sphereon/ssi-types";
-import { asn1DerToRawPublicKey, calculateJwkThumbprintForKey, hexStringFromUint8Array, isAsn1Der, isRawCompressedPublicKey, toRawCompressedHexPublicKey } from "@sphereon/ssi-sdk-ext.key-utils";
-import { fromString } from "uint8arrays/from-string";
-import { toString } from "uint8arrays/to-string";
-var logger = Loggers.DEFAULT.get("sphereon:musap-rn-kms");
-var MusapKeyManagementSystem = class extends AbstractKeyManagementSystem {
-  static {
-    __name(this, "MusapKeyManagementSystem");
-  }
-  musapClient;
-  sscdType;
-  sscdId;
-  defaultKeyAttributes;
-  defaultSignAttributes;
-  constructor(sscdType, sscdId, opts) {
-    super();
-    try {
-      this.musapClient = MusapClient;
-      this.sscdType = sscdType ? sscdType : "TEE";
-      this.sscdId = sscdId ?? this.sscdType;
-      this.defaultKeyAttributes = opts?.defaultKeyAttributes;
-      this.defaultSignAttributes = opts?.defaultSignAttributes;
-      const enabledSscds = this.musapClient.listEnabledSscds();
-      if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
-        this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings);
-      }
-    } catch (e) {
-      console.error("enableSscd", e);
-      throw Error("enableSscd failed");
-    }
-  }
-  async listKeys() {
-    const keysJson = this.musapClient.listKeys();
-    return keysJson.map((key) => this.asMusapKeyInfo(key));
-  }
-  async createKey(args) {
-    const { type, meta } = args;
-    if (meta === void 0 || !("keyAlias" in meta)) {
-      return Promise.reject(Error("a unique keyAlias field is required for MUSAP"));
-    }
-    if (this.sscdType == "EXTERNAL") {
-      const existingKeys = this.musapClient.listKeys();
-      const extKey = existingKeys.find((musapKey) => musapKey.sscdType === "External Signature");
-      if (extKey) {
-        extKey.algorithm = "eccp256r1";
-        return this.asMusapKeyInfo(extKey);
-      }
-      return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
-    }
-    const keyGenReq = {
-      keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
-      keyUsage: "keyUsage" in meta ? meta.keyUsage : "sign",
-      keyAlias: meta.keyAlias,
-      attributes: this.recordToKeyAttributes({
-        ...this.defaultKeyAttributes,
-        ..."attributes" in meta ? meta.attributes : {}
-      }),
-      role: "role" in meta ? meta.role : "administrator"
-    };
-    try {
-      const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq);
-      if (generatedKeyUri) {
-        logger.debug("Generated key:", generatedKeyUri);
-        const key = this.musapClient.getKeyByUri(generatedKeyUri);
-        return this.asMusapKeyInfo(key);
-      } else {
-        return Promise.reject(new Error("Failed to generate key. No key URI"));
-      }
-    } catch (error) {
-      logger.error("An error occurred:", error);
-      throw error;
-    }
-  }
-  mapKeyTypeToAlgorithmType = /* @__PURE__ */ __name((type) => {
-    switch (type) {
-      case "Secp256k1":
-        return "ECCP256K1";
-      case "Secp256r1":
-        return "ECCP256R1";
-      case "RSA":
-        return "RSA2K";
-      default:
-        throw new Error(`Key type ${type} is not supported by MUSAP`);
-    }
-  }, "mapKeyTypeToAlgorithmType");
-  mapAlgorithmTypeToKeyType = /* @__PURE__ */ __name((type) => {
-    switch (type) {
-      case "eccp256k1":
-        return "Secp256k1";
-      case "eccp256r1":
-        return "Secp256r1";
-      case "ecc_ed25519":
-        return "Ed25519";
-      case "rsa2k":
-      case "rsa4k":
-        return "RSA";
-      default:
-        throw new Error(`Key type ${type} is not supported.`);
-    }
-  }, "mapAlgorithmTypeToKeyType");
-  async deleteKey({ kid }) {
-    try {
-      const key = this.musapClient.getKeyById(kid);
-      if (key.sscdType === "External Signature") {
-        return true;
-      }
-      void this.musapClient.removeKey(kid);
-      return true;
-    } catch (error) {
-      console.warn("Failed to delete key:", error);
-      return false;
-    }
-  }
-  determineAlgorithm(providedAlgorithm, keyAlgorithm) {
-    if (providedAlgorithm === void 0) {
-      return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm);
-    }
-    if (isSignatureAlgorithmType(providedAlgorithm)) {
-      return providedAlgorithm;
-    }
-    return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm);
-  }
-  async sign(args) {
-    if (!args.keyRef) {
-      throw new Error("key_not_found: No key ref provided");
-    }
-    const data = new TextDecoder().decode(args.data);
-    const key = this.musapClient.getKeyById(args.keyRef.kid);
-    if (key.sscdType === "External Signature") {
-      key.algorithm = "eccp256r1";
-    }
-    const signatureReq = {
-      keyUri: key.keyUri,
-      data,
-      algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
-      displayText: args.displayText,
-      transId: args.transId,
-      format: args.format ?? "RAW",
-      attributes: this.recordToSignatureAttributes({
-        ...this.defaultSignAttributes,
-        ...args.attributes
-      })
-    };
-    return this.musapClient.sign(signatureReq);
-  }
-  async importKey(args) {
-    throw new Error("importKey is not implemented for MusapKeyManagementSystem.");
-  }
-  decodeMusapPublicKey = /* @__PURE__ */ __name((args) => {
-    const { publicKey, keyType } = args;
-    const pemBinary = PEMToBinary(publicKey.pem);
-    const pemString = toString(pemBinary, "utf8");
-    const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === "string" && pemString.startsWith("MF");
-    if (isDoubleEncoded) {
-      const actualDerBytes = fromString(pemString, "base64");
-      const keyDataStart = 24;
-      const keyData = actualDerBytes.slice(keyDataStart);
-      let publicKeyHex = toString(keyData, "hex");
-      if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith("04")) {
-        publicKeyHex = "04" + publicKeyHex;
-      }
-      while (publicKeyHex.startsWith("04") && publicKeyHex.length < 130) {
-        publicKeyHex = publicKeyHex + "0";
-      }
-      if (publicKeyHex.startsWith("04") && publicKeyHex.length === 130) {
-        const xCoord = fromString(publicKeyHex.slice(2, 66), "hex");
-        const yCoord = fromString(publicKeyHex.slice(66, 130), "hex");
-        const prefix = new Uint8Array([
-          yCoord[31] % 2 === 0 ? 2 : 3
-        ]);
-        const compressedKey = new Uint8Array(33);
-        compressedKey.set(prefix, 0);
-        compressedKey.set(xCoord, 1);
-        return toString(compressedKey, "hex");
-      }
-      return publicKeyHex;
-    }
-    const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary;
-    return isRawCompressedPublicKey(publicKeyBinary) ? hexStringFromUint8Array(publicKeyBinary) : toRawCompressedHexPublicKey(publicKeyBinary, keyType);
-  }, "decodeMusapPublicKey");
-  asMusapKeyInfo(args) {
-    const { keyId, publicKey, ...metadata } = {
-      ...args
-    };
-    const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
-    const publicKeyHex = this.decodeMusapPublicKey({
-      publicKey,
-      keyType
-    });
-    const keyInfo = {
-      kid: keyId,
-      type: keyType,
-      publicKeyHex,
-      meta: metadata
-    };
-    const jwkThumbprint = calculateJwkThumbprintForKey({
-      key: keyInfo
-    });
-    keyInfo.meta = {
-      ...keyInfo.meta,
-      jwkThumbprint
-    };
-    return keyInfo;
-  }
-  sharedSecret(args) {
-    throw new Error("Not supported.");
-  }
-  recordToKeyAttributes(record) {
-    if (!record) {
-      return [];
-    }
-    return Object.entries(record).map(([key, value]) => ({
-      name: key,
-      value
-    }));
-  }
-  recordToSignatureAttributes(record) {
-    if (!record) {
-      return [];
-    }
-    return Object.entries(record).map(([key, value]) => ({
-      name: key,
-      value
-    }));
-  }
-};
-export {
-  MusapKeyManagementSystem
-};
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MusapKeyManagementSystem = void 0;
+var MusapKeyManagerSystem_1 = require("./MusapKeyManagerSystem");
+Object.defineProperty(exports, "MusapKeyManagementSystem", { enumerable: true, get: function () { return MusapKeyManagerSystem_1.MusapKeyManagementSystem; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/MusapKeyManagerSystem.ts"],"sourcesContent":["import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n  ExternalSscdSettings,\n  IMusapClient,\n  isSignatureAlgorithmType,\n  JWSAlgorithm,\n  KeyAlgorithm,\n  KeyAlgorithmType,\n  KeyAttribute,\n  KeyGenReq,\n  MusapClient,\n  MusapKey,\n  signatureAlgorithmFromKeyAlgorithm,\n  SignatureAlgorithmType,\n  SignatureAttribute,\n  SignatureFormat,\n  SignatureReq,\n  SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n  asn1DerToRawPublicKey,\n  calculateJwkThumbprintForKey,\n  hexStringFromUint8Array,\n  isAsn1Der,\n  isRawCompressedPublicKey,\n  toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n  private musapClient: IMusapClient\n  private readonly sscdType: SscdType\n  private readonly sscdId: string\n  private readonly defaultKeyAttributes: Record<string, string> | undefined\n  private readonly defaultSignAttributes: Record<string, string> | undefined\n\n  constructor(\n    sscdType?: SscdType,\n    sscdId?: string,\n    opts?: {\n      externalSscdSettings?: ExternalSscdSettings\n      defaultKeyAttributes?: Record<string, string>\n      defaultSignAttributes?: Record<string, string>\n    }\n  ) {\n    super()\n    try {\n      this.musapClient = MusapClient\n      this.sscdType = sscdType ? sscdType : 'TEE'\n      this.sscdId = sscdId ?? this.sscdType\n      this.defaultKeyAttributes = opts?.defaultKeyAttributes\n      this.defaultSignAttributes = opts?.defaultSignAttributes\n\n      const enabledSscds = this.musapClient.listEnabledSscds()\n      if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n        this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n      }\n    } catch (e) {\n      console.error('enableSscd', e)\n      throw Error('enableSscd failed')\n    }\n  }\n\n  async listKeys(): Promise<ManagedKeyInfo[]> {\n    const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n    return keysJson.map((key) => this.asMusapKeyInfo(key))\n  }\n\n  async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n    const { type, meta } = args\n    if (meta === undefined || !('keyAlias' in meta)) {\n      return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n    }\n\n    if (this.sscdType == 'EXTERNAL') {\n      const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n      const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n      if (extKey) {\n        extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n        return this.asMusapKeyInfo(extKey)\n      }\n      return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n    }\n\n    const keyGenReq = {\n      keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n      keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n      keyAlias: meta.keyAlias as string,\n      attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n      role: 'role' in meta ? (meta.role as string) : 'administrator',\n    } satisfies KeyGenReq\n\n    try {\n      const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n      if (generatedKeyUri) {\n        logger.debug('Generated key:', generatedKeyUri)\n        const key = this.musapClient.getKeyByUri(generatedKeyUri)\n        return this.asMusapKeyInfo(key)\n      } else {\n        return Promise.reject(new Error('Failed to generate key. No key URI'))\n      }\n    } catch (error) {\n      logger.error('An error occurred:', error)\n      throw error\n    }\n  }\n\n  private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n    switch (type) {\n      case 'Secp256k1':\n        return 'ECCP256K1'\n      case 'Secp256r1':\n        return 'ECCP256R1'\n      case 'RSA':\n        return 'RSA2K'\n      default:\n        throw new Error(`Key type ${type} is not supported by MUSAP`)\n    }\n  }\n\n  private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n    switch (type) {\n      case 'eccp256k1':\n        return 'Secp256k1'\n      case 'eccp256r1':\n        return 'Secp256r1'\n      case 'ecc_ed25519':\n        return 'Ed25519'\n      case 'rsa2k':\n      case 'rsa4k':\n        return 'RSA'\n      default:\n        throw new Error(`Key type ${type} is not supported.`)\n    }\n  }\n\n  async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n    try {\n      const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n      if ((key.sscdType as string) === 'External Signature') {\n        return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n      }\n      void this.musapClient.removeKey(kid)\n      return true\n    } catch (error) {\n      console.warn('Failed to delete key:', error)\n      return false\n    }\n  }\n\n  private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n    if (providedAlgorithm === undefined) {\n      return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n    }\n\n    if (isSignatureAlgorithmType(providedAlgorithm)) {\n      return providedAlgorithm\n    }\n\n    // Veramo translates TKeyType to JWSAlgorithm\n    return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n  }\n\n  async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n    if (!args.keyRef) {\n      throw new Error('key_not_found: No key ref provided')\n    }\n\n    const data = new TextDecoder().decode(args.data as Uint8Array)\n\n    const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n    if ((key.sscdType as string) === 'External Signature') {\n      key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n    }\n    const signatureReq: SignatureReq = {\n      keyUri: key.keyUri,\n      data,\n      algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n      displayText: args.displayText,\n      transId: args.transId,\n      format: (args.format as SignatureFormat) ?? 'RAW',\n      attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n    }\n    return this.musapClient.sign(signatureReq)\n  }\n\n  async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n    throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n  }\n\n  private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n    const { publicKey, keyType } = args\n\n    // First try the normal PEM decoding path\n    const pemBinary = PEMToBinary(publicKey.pem)\n\n    // Check if we got a string that looks like base64 (might be double encoded)\n    // Convert Uint8Array to string safely\n    const pemString = toString(pemBinary, 'utf8')\n    const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n    if (isDoubleEncoded) {\n      // Handle double-encoded case\n      const actualDerBytes = fromString(pemString, 'base64')\n\n      // For double-encoded case, we know the key data starts after the header\n      const keyDataStart = 24\n      const keyData = actualDerBytes.slice(keyDataStart)\n\n      // Convert to public key hex\n      let publicKeyHex = toString(keyData, 'hex')\n\n      // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n      if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n        publicKeyHex = '04' + publicKeyHex\n      }\n\n      // Ensure we have full 65 bytes for uncompressed keys\n      while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n        publicKeyHex = publicKeyHex + '0'\n      }\n\n      // Now convert to compressed format if needed\n      if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n        const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n        const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n        const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n        const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n        compressedKey.set(prefix, 0)\n        compressedKey.set(xCoord, 1)\n        return toString(compressedKey, 'hex')\n      }\n\n      return publicKeyHex\n    }\n\n    // Not double encoded, proceed with normal path\n    const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n    return isRawCompressedPublicKey(publicKeyBinary)\n      ? hexStringFromUint8Array(publicKeyBinary)\n      : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n  }\n\n  private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n    const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n    const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n    const publicKeyHex = this.decodeMusapPublicKey({\n      publicKey: publicKey,\n      keyType: keyType,\n    })\n\n    const keyInfo: Partial<ManagedKeyInfo> = {\n      kid: keyId,\n      type: keyType,\n      publicKeyHex,\n      meta: metadata,\n    }\n\n    const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n    keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n    return keyInfo as ManagedKeyInfo\n  }\n\n  sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n    throw new Error('Not supported.')\n  }\n\n  private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n    if (!record) {\n      return []\n    }\n    return Object.entries(record).map(([key, value]) => ({\n      name: key,\n      value,\n    }))\n  }\n\n  private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n    if (!record) {\n      return []\n    }\n    return Object.entries(record).map(([key, value]) => ({\n      name: key,\n      value,\n    }))\n  }\n}\n"],"mappings":";;;;AAAA,SAASA,mBAAmB;AAE5B,SAGEC,0BAMAC,aAEAC,0CAMK;AACP,SAASC,mCAAmC;AAC5C,SAASC,mBAAmB;AAC5B,SAASC,eAAe;AAExB,SACEC,uBACAC,8BACAC,yBACAC,WACAC,0BACAC,mCACK;AAEP,SAASC,kBAAkB;AAE3B,SAASC,gBAAgB;AAElB,IAAMC,SAASC,QAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,4BAAAA;EAvC9C,OAuC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,aAAO4B,mCAAmCnB,YAAAA;IAC5C;AAEA,QAAIoB,yBAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,WAAOC,mCAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,YAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,YAAYC,YAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYC,SAASJ,WAAW,MAAA;AACtC,UAAMK,kBAAkBL,UAAUM,SAAS,KAAK,OAAOH,cAAc,YAAYA,UAAUI,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBC,WAAWN,WAAW,QAAA;AAG7C,YAAMO,eAAe;AACrB,YAAMC,UAAUH,eAAeI,MAAMF,YAAAA;AAGrC,UAAIG,eAAeT,SAASO,SAAS,KAAA;AAGrC,UAAIE,aAAaP,UAAU,OAAO,CAACO,aAAaN,WAAW,IAAA,GAAO;AAChEM,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaN,WAAW,IAAA,KAASM,aAAaP,SAAS,KAAK;AACjEO,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaN,WAAW,IAAA,KAASM,aAAaP,WAAW,KAAK;AAChE,cAAMQ,SAASL,WAAWI,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAASN,WAAWI,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAOV,SAASc,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,kBAAkBC,UAAUrB,SAAAA,IAAasB,sBAAsBtB,WAAWD,OAAAA,IAAWC;AAC3F,WAAOuB,yBAAyBH,eAAAA,IAC5BI,wBAAwBJ,eAAAA,IACxBK,4BAA4BL,iBAAiBrB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAE0E,OAAO5B,WAAW,GAAG6B,SAAAA,IAA0B;MAAE,GAAG3E;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMmD,eAAe,KAAKhB,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM6B,UAAmC;MACvCnD,KAAKiD;MACLzE,MAAM8C;MACNc;MACA3D,MAAMyE;IACR;AAEA,UAAME,gBAAgBC,6BAA6B;MAAEjF,KAAK+E;IAA0B,CAAA;AACpFA,YAAQ1E,OAAO;MAAE,GAAG0E,QAAQ1E;MAAM2E;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa/E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB+D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BqC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQpF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnDgG,MAAMtF;MACNV;IACF,EAAA;EACF;AACF;","names":["PEMToBinary","isSignatureAlgorithmType","MusapClient","signatureAlgorithmFromKeyAlgorithm","AbstractKeyManagementSystem","TextDecoder","Loggers","asn1DerToRawPublicKey","calculateJwkThumbprintForKey","hexStringFromUint8Array","isAsn1Der","isRawCompressedPublicKey","toRawCompressedHexPublicKey","fromString","toString","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","toString","isDoubleEncoded","length","startsWith","actualDerBytes","fromString","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iEAAkE;AAAzD,iIAAA,wBAAwB,OAAA"}

package/package.json

@@ -1,42 +1,31 @@
 {
   "name": "@sphereon/ssi-sdk-ext.kms-musap-rn",
   "description": "Sphereon SSI-SDK react-native plugin for management of keys with musap.",
-  "version": "0.28.1-feature.esm.cjs.9+71682ea",
-  "source": "./src/index.ts",
-  "type": "module",
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    "import": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
-    },
-    "require": {
-      "types": "./dist/index.d.cts",
-      "require": "./dist/index.cjs"
-    }
-  },
+  "version": "0.28.1-feature.oyd.cmsm.improv.16+a254c6d",
+  "source": "src/index.ts",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "scripts": {
-    "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
+    "build": "tsc --build",
+    "build:clean": "tsc --build --clean && tsc --build"
   },
   "dependencies": {
     "@sphereon/musap-react-native": "0.2.1-next.170",
-    "@sphereon/ssi-sdk-ext.key-utils": "^0.28.1-feature.esm.cjs.9+71682ea",
-    "@sphereon/ssi-sdk-ext.x509-utils": "^0.28.1-feature.esm.cjs.9+71682ea",
-    "@sphereon/ssi-types": " ^0.33",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.oyd.cmsm.improv.16+a254c6d",
+    "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.oyd.cmsm.improv.16+a254c6d",
+    "@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
     "@veramo/core": "4.2.0",
     "@veramo/key-manager": "4.2.0",
     "@veramo/kms-local": "4.2.0",
     "text-encoding": "^0.7.0",
-    "uint8arrays": " 3.1.1"
+    "uint8arrays": "^3.1.1"
   },
   "devDependencies": {
     "@types/text-encoding": "0.0.39"
   },
   "files": [
-    "dist",
-    "src",
+    "dist/**/*",
+    "src/**/*",
     "README.md",
     "LICENSE"
   ],
@@ -53,5 +42,5 @@
     "react-native",
     "Veramo"
   ],
-  "gitHead": "71682ea0c528f5b32c421245c253b3bc9d6296a0"
+  "gitHead": "a254c6d44af6fbb12419b55054f1db5afbe484f0"
 }

package/src/MusapKeyManagerSystem.ts

@@ -30,10 +30,7 @@ import {
   isRawCompressedPublicKey,
   toRawCompressedHexPublicKey,
 } from '@sphereon/ssi-sdk-ext.key-utils'
-// @ts-ignore
-import { fromString } from 'uint8arrays/from-string'
-// @ts-ignore
-import { toString } from 'uint8arrays/to-string'
+import * as u8a from 'uint8arrays'
 
 export const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')
 
@@ -44,15 +41,11 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
   private readonly defaultKeyAttributes: Record<string, string> | undefined
   private readonly defaultSignAttributes: Record<string, string> | undefined
 
-  constructor(
-    sscdType?: SscdType,
-    sscdId?: string,
-    opts?: {
-      externalSscdSettings?: ExternalSscdSettings
-      defaultKeyAttributes?: Record<string, string>
-      defaultSignAttributes?: Record<string, string>
-    }
-  ) {
+  constructor(sscdType?: SscdType, sscdId?: string, opts?: {
+    externalSscdSettings?: ExternalSscdSettings,
+    defaultKeyAttributes?: Record<string, string>,
+    defaultSignAttributes?: Record<string, string>
+  }) {
     super()
     try {
       this.musapClient = MusapClient
@@ -62,7 +55,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
       this.defaultSignAttributes = opts?.defaultSignAttributes
 
       const enabledSscds = this.musapClient.listEnabledSscds()
-      if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
+      if (!enabledSscds.some(value => value.sscdId == sscdId)) {
         this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)
       }
     } catch (e) {
@@ -72,7 +65,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
   }
 
   async listKeys(): Promise<ManagedKeyInfo[]> {
-    const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]
+    const keysJson: MusapKey[] = (this.musapClient.listKeys()) as MusapKey[]
     return keysJson.map((key) => this.asMusapKeyInfo(key))
   }
 
@@ -83,8 +76,8 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     }
 
     if (this.sscdType == 'EXTERNAL') {
-      const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]
-      const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum
+      const existingKeys: MusapKey[] = (this.musapClient.listKeys()) as MusapKey[]
+      const extKey = existingKeys.find(musapKey => musapKey.sscdType as string === 'External Signature') // FIXME returning does not match SscdType enum
       if (extKey) {
         extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
         return this.asMusapKeyInfo(extKey)
@@ -145,12 +138,12 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
   }
 
   async deleteKey({ kid }: { kid: string }): Promise<boolean> {
-    try {
-      const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey
-      if ((key.sscdType as string) === 'External Signature') {
-        return true // FIXME we can't remove a eSim key for now because this would mean onboarding again
-      }
-      void this.musapClient.removeKey(kid)
+      try {
+        const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey
+        if (key.sscdType as string === 'External Signature') {
+          return true // FIXME we can't remove a eSim key for now because this would mean onboarding again
+        }
+        void this.musapClient.removeKey(kid)
       return true
     } catch (error) {
       console.warn('Failed to delete key:', error)
@@ -171,7 +164,12 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)
   }
 
-  async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {
+  async sign(args: {
+    keyRef: Pick<IKey, 'kid'>;
+    algorithm?: string;
+    data: Uint8Array;
+    [x: string]: any
+  }): Promise<string> {
     if (!args.keyRef) {
       throw new Error('key_not_found: No key ref provided')
     }
@@ -179,7 +177,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     const data = new TextDecoder().decode(args.data as Uint8Array)
 
     const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey
-    if ((key.sscdType as string) === 'External Signature') {
+    if (key.sscdType as string === 'External Signature') {
       key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
     }
     const signatureReq: SignatureReq = {
@@ -198,7 +196,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
     throw new Error('importKey is not implemented for MusapKeyManagementSystem.')
   }
 
-  private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {
+  private decodeMusapPublicKey = (args: { publicKey: { pem: string }, keyType: TKeyType }): string => {
     const { publicKey, keyType } = args
 
     // First try the normal PEM decoding path
@@ -206,19 +204,21 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
 
     // Check if we got a string that looks like base64 (might be double encoded)
     // Convert Uint8Array to string safely
-    const pemString = toString(pemBinary, 'utf8')
-    const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')
+    const pemString = u8a.toString(pemBinary, 'utf8')
+    const isDoubleEncoded = pemBinary.length > 0 &&
+      typeof pemString === 'string' &&
+      pemString.startsWith('MF')
 
     if (isDoubleEncoded) {
       // Handle double-encoded case
-      const actualDerBytes = fromString(pemString, 'base64')
+      const actualDerBytes = u8a.fromString(pemString, 'base64')
 
       // For double-encoded case, we know the key data starts after the header
       const keyDataStart = 24
       const keyData = actualDerBytes.slice(keyDataStart)
 
       // Convert to public key hex
-      let publicKeyHex = toString(keyData, 'hex')
+      let publicKeyHex = u8a.toString(keyData, 'hex')
 
       // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it
       if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {
@@ -232,13 +232,13 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
 
       // Now convert to compressed format if needed
       if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {
-        const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')
-        const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')
+        const xCoord = u8a.fromString(publicKeyHex.slice(2, 66), 'hex')
+        const yCoord = u8a.fromString(publicKeyHex.slice(66, 130), 'hex')
         const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])
         const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate
         compressedKey.set(prefix, 0)
         compressedKey.set(xCoord, 1)
-        return toString(compressedKey, 'hex')
+        return u8a.toString(compressedKey, 'hex')
       }
 
       return publicKeyHex
@@ -250,6 +250,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
       ? hexStringFromUint8Array(publicKeyBinary)
       : toRawCompressedHexPublicKey(publicKeyBinary, keyType)
   }
+  
 
   private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {
     const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }
@@ -257,7 +258,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
 
     const publicKeyHex = this.decodeMusapPublicKey({
       publicKey: publicKey,
-      keyType: keyType,
+      keyType: keyType
     })
 
     const keyInfo: Partial<ManagedKeyInfo> = {

package/dist/index.cjs

@@ -1,238 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class;var __defProp = Object.defineProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-
-// src/MusapKeyManagerSystem.ts
-var _ssisdkextx509utils = require('@sphereon/ssi-sdk-ext.x509-utils');
-var _musapreactnative = require('@sphereon/musap-react-native');
-var _keymanager = require('@veramo/key-manager');
-var _textencoding = require('text-encoding');
-var _ssitypes = require('@sphereon/ssi-types');
-var _ssisdkextkeyutils = require('@sphereon/ssi-sdk-ext.key-utils');
-var _fromstring = require('uint8arrays/from-string');
-var _tostring = require('uint8arrays/to-string');
-var logger = _ssitypes.Loggers.DEFAULT.get("sphereon:musap-rn-kms");
-var MusapKeyManagementSystem = (_class = class extends _keymanager.AbstractKeyManagementSystem {
-  static {
-    __name(this, "MusapKeyManagementSystem");
-  }
-  
-  
-  
-  
-  
-  constructor(sscdType, sscdId, opts) {
-    super();_class.prototype.__init.call(this);_class.prototype.__init2.call(this);_class.prototype.__init3.call(this);;
-    try {
-      this.musapClient = _musapreactnative.MusapClient;
-      this.sscdType = sscdType ? sscdType : "TEE";
-      this.sscdId = _nullishCoalesce(sscdId, () => ( this.sscdType));
-      this.defaultKeyAttributes = _optionalChain([opts, 'optionalAccess', _ => _.defaultKeyAttributes]);
-      this.defaultSignAttributes = _optionalChain([opts, 'optionalAccess', _2 => _2.defaultSignAttributes]);
-      const enabledSscds = this.musapClient.listEnabledSscds();
-      if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
-        this.musapClient.enableSscd(this.sscdType, this.sscdId, _optionalChain([opts, 'optionalAccess', _3 => _3.externalSscdSettings]));
-      }
-    } catch (e) {
-      console.error("enableSscd", e);
-      throw Error("enableSscd failed");
-    }
-  }
-  async listKeys() {
-    const keysJson = this.musapClient.listKeys();
-    return keysJson.map((key) => this.asMusapKeyInfo(key));
-  }
-  async createKey(args) {
-    const { type, meta } = args;
-    if (meta === void 0 || !("keyAlias" in meta)) {
-      return Promise.reject(Error("a unique keyAlias field is required for MUSAP"));
-    }
-    if (this.sscdType == "EXTERNAL") {
-      const existingKeys = this.musapClient.listKeys();
-      const extKey = existingKeys.find((musapKey) => musapKey.sscdType === "External Signature");
-      if (extKey) {
-        extKey.algorithm = "eccp256r1";
-        return this.asMusapKeyInfo(extKey);
-      }
-      return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
-    }
-    const keyGenReq = {
-      keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
-      keyUsage: "keyUsage" in meta ? meta.keyUsage : "sign",
-      keyAlias: meta.keyAlias,
-      attributes: this.recordToKeyAttributes({
-        ...this.defaultKeyAttributes,
-        ..."attributes" in meta ? meta.attributes : {}
-      }),
-      role: "role" in meta ? meta.role : "administrator"
-    };
-    try {
-      const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq);
-      if (generatedKeyUri) {
-        logger.debug("Generated key:", generatedKeyUri);
-        const key = this.musapClient.getKeyByUri(generatedKeyUri);
-        return this.asMusapKeyInfo(key);
-      } else {
-        return Promise.reject(new Error("Failed to generate key. No key URI"));
-      }
-    } catch (error) {
-      logger.error("An error occurred:", error);
-      throw error;
-    }
-  }
-  __init() {this.mapKeyTypeToAlgorithmType = /* @__PURE__ */ __name((type) => {
-    switch (type) {
-      case "Secp256k1":
-        return "ECCP256K1";
-      case "Secp256r1":
-        return "ECCP256R1";
-      case "RSA":
-        return "RSA2K";
-      default:
-        throw new Error(`Key type ${type} is not supported by MUSAP`);
-    }
-  }, "mapKeyTypeToAlgorithmType")}
-  __init2() {this.mapAlgorithmTypeToKeyType = /* @__PURE__ */ __name((type) => {
-    switch (type) {
-      case "eccp256k1":
-        return "Secp256k1";
-      case "eccp256r1":
-        return "Secp256r1";
-      case "ecc_ed25519":
-        return "Ed25519";
-      case "rsa2k":
-      case "rsa4k":
-        return "RSA";
-      default:
-        throw new Error(`Key type ${type} is not supported.`);
-    }
-  }, "mapAlgorithmTypeToKeyType")}
-  async deleteKey({ kid }) {
-    try {
-      const key = this.musapClient.getKeyById(kid);
-      if (key.sscdType === "External Signature") {
-        return true;
-      }
-      void this.musapClient.removeKey(kid);
-      return true;
-    } catch (error) {
-      console.warn("Failed to delete key:", error);
-      return false;
-    }
-  }
-  determineAlgorithm(providedAlgorithm, keyAlgorithm) {
-    if (providedAlgorithm === void 0) {
-      return _musapreactnative.signatureAlgorithmFromKeyAlgorithm.call(void 0, keyAlgorithm);
-    }
-    if (_musapreactnative.isSignatureAlgorithmType.call(void 0, providedAlgorithm)) {
-      return providedAlgorithm;
-    }
-    return _musapreactnative.signatureAlgorithmFromKeyAlgorithm.call(void 0, providedAlgorithm);
-  }
-  async sign(args) {
-    if (!args.keyRef) {
-      throw new Error("key_not_found: No key ref provided");
-    }
-    const data = new (0, _textencoding.TextDecoder)().decode(args.data);
-    const key = this.musapClient.getKeyById(args.keyRef.kid);
-    if (key.sscdType === "External Signature") {
-      key.algorithm = "eccp256r1";
-    }
-    const signatureReq = {
-      keyUri: key.keyUri,
-      data,
-      algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
-      displayText: args.displayText,
-      transId: args.transId,
-      format: _nullishCoalesce(args.format, () => ( "RAW")),
-      attributes: this.recordToSignatureAttributes({
-        ...this.defaultSignAttributes,
-        ...args.attributes
-      })
-    };
-    return this.musapClient.sign(signatureReq);
-  }
-  async importKey(args) {
-    throw new Error("importKey is not implemented for MusapKeyManagementSystem.");
-  }
-  __init3() {this.decodeMusapPublicKey = /* @__PURE__ */ __name((args) => {
-    const { publicKey, keyType } = args;
-    const pemBinary = _ssisdkextx509utils.PEMToBinary.call(void 0, publicKey.pem);
-    const pemString = _tostring.toString.call(void 0, pemBinary, "utf8");
-    const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === "string" && pemString.startsWith("MF");
-    if (isDoubleEncoded) {
-      const actualDerBytes = _fromstring.fromString.call(void 0, pemString, "base64");
-      const keyDataStart = 24;
-      const keyData = actualDerBytes.slice(keyDataStart);
-      let publicKeyHex = _tostring.toString.call(void 0, keyData, "hex");
-      if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith("04")) {
-        publicKeyHex = "04" + publicKeyHex;
-      }
-      while (publicKeyHex.startsWith("04") && publicKeyHex.length < 130) {
-        publicKeyHex = publicKeyHex + "0";
-      }
-      if (publicKeyHex.startsWith("04") && publicKeyHex.length === 130) {
-        const xCoord = _fromstring.fromString.call(void 0, publicKeyHex.slice(2, 66), "hex");
-        const yCoord = _fromstring.fromString.call(void 0, publicKeyHex.slice(66, 130), "hex");
-        const prefix = new Uint8Array([
-          yCoord[31] % 2 === 0 ? 2 : 3
-        ]);
-        const compressedKey = new Uint8Array(33);
-        compressedKey.set(prefix, 0);
-        compressedKey.set(xCoord, 1);
-        return _tostring.toString.call(void 0, compressedKey, "hex");
-      }
-      return publicKeyHex;
-    }
-    const publicKeyBinary = _ssisdkextkeyutils.isAsn1Der.call(void 0, pemBinary) ? _ssisdkextkeyutils.asn1DerToRawPublicKey.call(void 0, pemBinary, keyType) : pemBinary;
-    return _ssisdkextkeyutils.isRawCompressedPublicKey.call(void 0, publicKeyBinary) ? _ssisdkextkeyutils.hexStringFromUint8Array.call(void 0, publicKeyBinary) : _ssisdkextkeyutils.toRawCompressedHexPublicKey.call(void 0, publicKeyBinary, keyType);
-  }, "decodeMusapPublicKey")}
-  asMusapKeyInfo(args) {
-    const { keyId, publicKey, ...metadata } = {
-      ...args
-    };
-    const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
-    const publicKeyHex = this.decodeMusapPublicKey({
-      publicKey,
-      keyType
-    });
-    const keyInfo = {
-      kid: keyId,
-      type: keyType,
-      publicKeyHex,
-      meta: metadata
-    };
-    const jwkThumbprint = _ssisdkextkeyutils.calculateJwkThumbprintForKey.call(void 0, {
-      key: keyInfo
-    });
-    keyInfo.meta = {
-      ...keyInfo.meta,
-      jwkThumbprint
-    };
-    return keyInfo;
-  }
-  sharedSecret(args) {
-    throw new Error("Not supported.");
-  }
-  recordToKeyAttributes(record) {
-    if (!record) {
-      return [];
-    }
-    return Object.entries(record).map(([key, value]) => ({
-      name: key,
-      value
-    }));
-  }
-  recordToSignatureAttributes(record) {
-    if (!record) {
-      return [];
-    }
-    return Object.entries(record).map(([key, value]) => ({
-      name: key,
-      value
-    }));
-  }
-}, _class);
-
-
-exports.MusapKeyManagementSystem = MusapKeyManagementSystem;
-//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-musap-rn/dist/index.cjs","../src/MusapKeyManagerSystem.ts"],"names":["logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyAlias","keyGenReq","generatedKeyUri","kid","keyAlgorithm","providedAlgorithm","keyUri","data","displayText","transId","attributes","signatureReq","pemString","keyDataStart","publicKeyHex","keyType","publicKeyBinary","publicKey","keyId","metadata","keyInfo","jwkThumbprint"],"mappings":"AAAA,isBAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;AACxF;AACA;ACHA,sEAA4B;AAE5B,gEAiBO;AACP,iDAA4C;AAC5C,6CAA4B;AAC5B,+CAAwB;AAExB,oEAOO;AAEP,qDAA2B;AAE3B,iDAAyB;AAElB,IAAMA,OAAAA,EAASC,iBAAAA,CAAQC,OAAAA,CAAQC,GAAAA,CAAI,uBAAA,CAAA;AAEnC,IAAMC,yBAAAA,YAAN,MAAA,QAAuCC,wCAAAA;ADzB9C,ECdA,OAuC8CA;ADxB9C,IAAI,MAAM,CAAC,IAAI,EAAE,0BAA0B,CAAC;AAC5C,EAAE;AACF,ECuBUC;ADtBV,ECuBmBC;ADtBnB,ECuBmBC;ADtBnB,ECuBmBC;ADtBnB,ECuBmBC;ADtBnB,ECwBEC,WAAAA,CACEJ,QAAAA,EACAC,MAAAA,EACAI,IAAAA,EAKA;AACA,IAAA,KAAA,CAAK,6GAAA;AACL,IAAA,IAAI;AACF,MAAA,IAAA,CAAKN,YAAAA,EAAcO,6BAAAA;AACnB,MAAA,IAAA,CAAKN,SAAAA,EAAWA,SAAAA,EAAWA,SAAAA,EAAW,KAAA;AACtC,MAAA,IAAA,CAAKC,OAAAA,mBAASA,MAAAA,UAAU,IAAA,CAAKD,UAAAA;AAC7B,MAAA,IAAA,CAAKE,qBAAAA,kBAAuBG,IAAAA,2BAAMH,sBAAAA;AAClC,MAAA,IAAA,CAAKC,sBAAAA,kBAAwBE,IAAAA,6BAAMF,uBAAAA;AAEnC,MAAA,MAAMI,aAAAA,EAAe,IAAA,CAAKR,WAAAA,CAAYS,gBAAAA,CAAgB,CAAA;AACtD,MAAA,GAAA,CAAI,CAACD,YAAAA,CAAaE,IAAAA,CAAK,CAACC,KAAAA,EAAAA,GAAUA,KAAAA,CAAMT,OAAAA,GAAUA,MAAAA,CAAAA,EAAS;AACzD,QAAA,IAAA,CAAKF,WAAAA,CAAYY,UAAAA,CAAW,IAAA,CAAKX,QAAAA,EAAU,IAAA,CAAKC,MAAAA,kBAAQI,IAAAA,6BAAMO,sBAAAA,CAAAA;ADhCtE,MCiCM;ADhCN,ICiCI,EAAA,MAAA,CAASC,CAAAA,EAAG;AACVC,MAAAA,OAAAA,CAAQC,KAAAA,CAAM,YAAA,EAAcF,CAAAA,CAAAA;AAC5B,MAAA,MAAMG,KAAAA,CAAM,mBAAA,CAAA;ADhClB,ICiCI;ADhCJ,ECiCE;ADhCF,ECkCE,MAAMC,QAAAA,CAAAA,EAAsC;AAC1C,IAAA,MAAMC,SAAAA,EAAuB,IAAA,CAAKnB,WAAAA,CAAYkB,QAAAA,CAAQ,CAAA;AACtD,IAAA,OAAOC,QAAAA,CAASC,GAAAA,CAAI,CAACC,GAAAA,EAAAA,GAAQ,IAAA,CAAKC,cAAAA,CAAeD,GAAAA,CAAAA,CAAAA;ADjCrD,ECkCE;ADjCF,ECmCE,MAAME,SAAAA,CAAUC,IAAAA,EAAuE;AACrF,IAAA,MAAM,EAAEC,IAAAA,EAAMC,KAAI,EAAA,EAAKF,IAAAA;AACvB,IAAA,GAAA,CAAIE,KAAAA,IAASC,KAAAA,EAAAA,GAAa,CAAA,CAAE,WAAA,GAAcD,IAAAA,CAAAA,EAAO;AAC/C,MAAA,OAAOE,OAAAA,CAAQC,MAAAA,CAAOZ,KAAAA,CAAM,+CAAA,CAAA,CAAA;ADlClC,ICmCI;AAEA,IAAA,GAAA,CAAI,IAAA,CAAKhB,SAAAA,GAAY,UAAA,EAAY;AAC/B,MAAA,MAAM6B,aAAAA,EAA2B,IAAA,CAAK9B,WAAAA,CAAYkB,QAAAA,CAAQ,CAAA;AAC1D,MAAA,MAAMa,OAAAA,EAASD,YAAAA,CAAaE,IAAAA,CAAK,CAACC,QAAAA,EAAAA,GAAcA,QAAAA,CAAShC,SAAAA,IAAwB,oBAAA,CAAA;AACjF,MAAA,GAAA,CAAI8B,MAAAA,EAAQ;AACVA,QAAAA,MAAAA,CAAOG,UAAAA,EAAY,WAAA;AACnB,QAAA,OAAO,IAAA,CAAKZ,cAAAA,CAAeS,MAAAA,CAAAA;ADnCnC,MCoCM;AACA,MAAA,OAAOH,OAAAA,CAAQC,MAAAA,CAAOZ,KAAAA,CAAM,CAAA,uCAAA,EAA0C,IAAA,CAAKf,MAAM,CAAA,CAAA;AACnF,IAAA;AAEkB,IAAA;AAC6BuB,MAAAA;AACc,MAAA;AAC5CU,MAAAA;AACwB,MAAA;AAAUhC,QAAAA;AAAoE,QAAA;AAAG,MAAA;AACzE,MAAA;AACjD,IAAA;AAEI,IAAA;AACwEiC,MAAAA;AACrD,MAAA;AACYC,QAAAA;AACUA,QAAAA;AACdhB,QAAAA;AACtB,MAAA;AAC2B,QAAA;AAClC,MAAA;AACc,IAAA;AACqBL,MAAAA;AAC7BA,MAAAA;AACR,IAAA;AACF,EAAA;AAEqCS,iBAAAA;AAC3BA,IAAAA;AACD,MAAA;AACI,QAAA;AACJ,MAAA;AACI,QAAA;AACJ,MAAA;AACI,QAAA;AACT,MAAA;AAC8D,QAAA;AAChE,IAAA;AAVkC,EAAA;AAaCA,kBAAAA;AAC3BA,IAAAA;AACD,MAAA;AACI,QAAA;AACJ,MAAA;AACI,QAAA;AACJ,MAAA;AACI,QAAA;AACJ,MAAA;AACA,MAAA;AACI,QAAA;AACT,MAAA;AACsD,QAAA;AACxD,IAAA;AAbkC,EAAA;AAgBwB,EAAA;AACtD,IAAA;AACgDa,MAAAA;AACK,MAAA;AAC9C,QAAA;AACT,MAAA;AACgCA,MAAAA;AACzB,MAAA;AACO,IAAA;AACwBtB,MAAAA;AAC/B,MAAA;AACT,IAAA;AACF,EAAA;AAEsH,EAAA;AAC/E,IAAA;AACOuB,MAAAA;AAC5C,IAAA;AAEiD,IAAA;AACxCC,MAAAA;AACT,IAAA;AAG0CA,IAAAA;AAC5C,EAAA;AAEyH,EAAA;AACrG,IAAA;AACA,MAAA;AAClB,IAAA;AAE+C,IAAA;AAEkB,IAAA;AACV,IAAA;AACrC,MAAA;AAClB,IAAA;AACmC,IAAA;AACrBC,MAAAA;AACZC,MAAAA;AACgE,MAAA;AAC9CC,MAAAA;AACJC,MAAAA;AAC8B,MAAA;AACC,MAAA;AAAUxC,QAAAA;AAA+ByC,QAAAA;AAAW,MAAA;AACnG,IAAA;AAC6BC,IAAAA;AAC/B,EAAA;AAE+G,EAAA;AAC7F,IAAA;AAClB,EAAA;AAEgCtB,kBAAAA;AACCA,IAAAA;AAGY,IAAA;AAIL,IAAA;AAC2CuB,IAAAA;AAE5D,IAAA;AAE0B,MAAA;AAGxB,MAAA;AACgBC,MAAAA;AAGA,MAAA;AAG6B,MAAA;AAC1CC,QAAAA;AACxB,MAAA;AAGmE,MAAA;AACnC,QAAA;AAChC,MAAA;AAGkE,MAAA;AACX,QAAA;AACE,QAAA;AACzB,QAAA;AAA+B,UAAA;AAAK,QAAA;AAC7B,QAAA;AACX,QAAA;AACA,QAAA;AACK,QAAA;AACjC,MAAA;AAEOA,MAAAA;AACT,IAAA;AAGgFC,IAAAA;AAEpDC,IAAAA;AAjDC,EAAA;AAqDwB,EAAA;AACE,IAAA;AAAK3B,MAAAA;AAAK,IAAA;AACJ,IAAA;AAEd,IAAA;AAC7C4B,MAAAA;AACAF,MAAAA;AACF,IAAA;AAEyC,IAAA;AAClCG,MAAAA;AACCH,MAAAA;AACND,MAAAA;AACMK,MAAAA;AACR,IAAA;AAEmD,IAAA;AAAOC,MAAAA;AAA0B,IAAA;AACrE,IAAA;AAAa7B,MAAAA;AAAM8B,MAAAA;AAAc,IAAA;AACzCD,IAAAA;AACT,EAAA;AAEoH,EAAA;AAClG,IAAA;AAClB,EAAA;AAE+E,EAAA;AAChE,IAAA;AACJ,MAAA;AACT,IAAA;AACqD,IAAA;AAC7ClC,MAAAA;AACNV,MAAAA;AACF,IAAA;AACF,EAAA;AAE2F,EAAA;AAC5E,IAAA;AACJ,MAAA;AACT,IAAA;AACqD,IAAA;AAC7CU,MAAAA;AACNV,MAAAA;AACF,IAAA;AACF,EAAA;AACF;AD/DwF;AACA;AACA","file":"/home/runner/work/SSI-SDK-crypto-extensions/SSI-SDK-crypto-extensions/packages/kms-musap-rn/dist/index.cjs","sourcesContent":[null,"import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n  ExternalSscdSettings,\n  IMusapClient,\n  isSignatureAlgorithmType,\n  JWSAlgorithm,\n  KeyAlgorithm,\n  KeyAlgorithmType,\n  KeyAttribute,\n  KeyGenReq,\n  MusapClient,\n  MusapKey,\n  signatureAlgorithmFromKeyAlgorithm,\n  SignatureAlgorithmType,\n  SignatureAttribute,\n  SignatureFormat,\n  SignatureReq,\n  SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n  asn1DerToRawPublicKey,\n  calculateJwkThumbprintForKey,\n  hexStringFromUint8Array,\n  isAsn1Der,\n  isRawCompressedPublicKey,\n  toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n  private musapClient: IMusapClient\n  private readonly sscdType: SscdType\n  private readonly sscdId: string\n  private readonly defaultKeyAttributes: Record<string, string> | undefined\n  private readonly defaultSignAttributes: Record<string, string> | undefined\n\n  constructor(\n    sscdType?: SscdType,\n    sscdId?: string,\n    opts?: {\n      externalSscdSettings?: ExternalSscdSettings\n      defaultKeyAttributes?: Record<string, string>\n      defaultSignAttributes?: Record<string, string>\n    }\n  ) {\n    super()\n    try {\n      this.musapClient = MusapClient\n      this.sscdType = sscdType ? sscdType : 'TEE'\n      this.sscdId = sscdId ?? this.sscdType\n      this.defaultKeyAttributes = opts?.defaultKeyAttributes\n      this.defaultSignAttributes = opts?.defaultSignAttributes\n\n      const enabledSscds = this.musapClient.listEnabledSscds()\n      if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n        this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n      }\n    } catch (e) {\n      console.error('enableSscd', e)\n      throw Error('enableSscd failed')\n    }\n  }\n\n  async listKeys(): Promise<ManagedKeyInfo[]> {\n    const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n    return keysJson.map((key) => this.asMusapKeyInfo(key))\n  }\n\n  async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n    const { type, meta } = args\n    if (meta === undefined || !('keyAlias' in meta)) {\n      return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n    }\n\n    if (this.sscdType == 'EXTERNAL') {\n      const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n      const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n      if (extKey) {\n        extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n        return this.asMusapKeyInfo(extKey)\n      }\n      return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n    }\n\n    const keyGenReq = {\n      keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n      keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n      keyAlias: meta.keyAlias as string,\n      attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n      role: 'role' in meta ? (meta.role as string) : 'administrator',\n    } satisfies KeyGenReq\n\n    try {\n      const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n      if (generatedKeyUri) {\n        logger.debug('Generated key:', generatedKeyUri)\n        const key = this.musapClient.getKeyByUri(generatedKeyUri)\n        return this.asMusapKeyInfo(key)\n      } else {\n        return Promise.reject(new Error('Failed to generate key. No key URI'))\n      }\n    } catch (error) {\n      logger.error('An error occurred:', error)\n      throw error\n    }\n  }\n\n  private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n    switch (type) {\n      case 'Secp256k1':\n        return 'ECCP256K1'\n      case 'Secp256r1':\n        return 'ECCP256R1'\n      case 'RSA':\n        return 'RSA2K'\n      default:\n        throw new Error(`Key type ${type} is not supported by MUSAP`)\n    }\n  }\n\n  private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n    switch (type) {\n      case 'eccp256k1':\n        return 'Secp256k1'\n      case 'eccp256r1':\n        return 'Secp256r1'\n      case 'ecc_ed25519':\n        return 'Ed25519'\n      case 'rsa2k':\n      case 'rsa4k':\n        return 'RSA'\n      default:\n        throw new Error(`Key type ${type} is not supported.`)\n    }\n  }\n\n  async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n    try {\n      const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n      if ((key.sscdType as string) === 'External Signature') {\n        return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n      }\n      void this.musapClient.removeKey(kid)\n      return true\n    } catch (error) {\n      console.warn('Failed to delete key:', error)\n      return false\n    }\n  }\n\n  private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n    if (providedAlgorithm === undefined) {\n      return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n    }\n\n    if (isSignatureAlgorithmType(providedAlgorithm)) {\n      return providedAlgorithm\n    }\n\n    // Veramo translates TKeyType to JWSAlgorithm\n    return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n  }\n\n  async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n    if (!args.keyRef) {\n      throw new Error('key_not_found: No key ref provided')\n    }\n\n    const data = new TextDecoder().decode(args.data as Uint8Array)\n\n    const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n    if ((key.sscdType as string) === 'External Signature') {\n      key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n    }\n    const signatureReq: SignatureReq = {\n      keyUri: key.keyUri,\n      data,\n      algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n      displayText: args.displayText,\n      transId: args.transId,\n      format: (args.format as SignatureFormat) ?? 'RAW',\n      attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n    }\n    return this.musapClient.sign(signatureReq)\n  }\n\n  async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n    throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n  }\n\n  private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n    const { publicKey, keyType } = args\n\n    // First try the normal PEM decoding path\n    const pemBinary = PEMToBinary(publicKey.pem)\n\n    // Check if we got a string that looks like base64 (might be double encoded)\n    // Convert Uint8Array to string safely\n    const pemString = toString(pemBinary, 'utf8')\n    const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n    if (isDoubleEncoded) {\n      // Handle double-encoded case\n      const actualDerBytes = fromString(pemString, 'base64')\n\n      // For double-encoded case, we know the key data starts after the header\n      const keyDataStart = 24\n      const keyData = actualDerBytes.slice(keyDataStart)\n\n      // Convert to public key hex\n      let publicKeyHex = toString(keyData, 'hex')\n\n      // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n      if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n        publicKeyHex = '04' + publicKeyHex\n      }\n\n      // Ensure we have full 65 bytes for uncompressed keys\n      while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n        publicKeyHex = publicKeyHex + '0'\n      }\n\n      // Now convert to compressed format if needed\n      if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n        const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n        const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n        const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n        const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n        compressedKey.set(prefix, 0)\n        compressedKey.set(xCoord, 1)\n        return toString(compressedKey, 'hex')\n      }\n\n      return publicKeyHex\n    }\n\n    // Not double encoded, proceed with normal path\n    const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n    return isRawCompressedPublicKey(publicKeyBinary)\n      ? hexStringFromUint8Array(publicKeyBinary)\n      : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n  }\n\n  private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n    const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n    const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n    const publicKeyHex = this.decodeMusapPublicKey({\n      publicKey: publicKey,\n      keyType: keyType,\n    })\n\n    const keyInfo: Partial<ManagedKeyInfo> = {\n      kid: keyId,\n      type: keyType,\n      publicKeyHex,\n      meta: metadata,\n    }\n\n    const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n    keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n    return keyInfo as ManagedKeyInfo\n  }\n\n  sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n    throw new Error('Not supported.')\n  }\n\n  private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n    if (!record) {\n      return []\n    }\n    return Object.entries(record).map(([key, value]) => ({\n      name: key,\n      value,\n    }))\n  }\n\n  private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n    if (!record) {\n      return []\n    }\n    return Object.entries(record).map(([key, value]) => ({\n      name: key,\n      value,\n    }))\n  }\n}\n"]}