@sphereon/ssi-sdk-ext.kms-musap-rn 0.28.1-feature.jose.vcdm.52 → 0.28.1-feature.oyd.cmsm.improv.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/{index.d.cts → MusapKeyManagerSystem.d.ts} +6 -11
  2. package/dist/MusapKeyManagerSystem.d.ts.map +1 -0
  3. package/dist/MusapKeyManagerSystem.js +284 -0
  4. package/dist/MusapKeyManagerSystem.js.map +1 -0
  5. package/dist/index.d.ts +3 -48
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +5 -237
  8. package/dist/index.js.map +1 -1
  9. package/package.json +13 -25
  10. package/src/MusapKeyManagerSystem.ts +34 -32
  11. package/dist/index.cjs +0 -269
  12. package/dist/index.cjs.map +0 -1
package/dist/{index.d.cts → MusapKeyManagerSystem.d.ts} RENAMED
@@ -1,8 +1,9 @@
1
- import { ManagedKeyInfo, TKeyType, IKey, MinimalImportableKey } from '@veramo/core';
2
- import { SscdType, ExternalSscdSettings } from '@sphereon/musap-react-native';
1
+ import { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
2
+ import { ExternalSscdSettings, SscdType } from '@sphereon/musap-react-native';
3
3
  import { AbstractKeyManagementSystem } from '@veramo/key-manager';
4
-
5
- declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
4
+ import { KeyMetadata } from './index';
5
+ export declare const logger: import("@sphereon/ssi-types").ISimpleLogger<unknown>;
6
+ export declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
6
7
  private musapClient;
7
8
  private readonly sscdType;
8
9
  private readonly sscdId;
@@ -42,10 +43,4 @@ declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
42
43
  private recordToKeyAttributes;
43
44
  private recordToSignatureAttributes;
44
45
  }
45
-
46
- interface KeyMetadata {
47
- algorithms?: string[];
48
- [x: string]: any;
49
- }
50
-
51
- export { type KeyMetadata, MusapKeyManagementSystem };
46
+ //# sourceMappingURL=MusapKeyManagerSystem.d.ts.map
package/dist/MusapKeyManagerSystem.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"MusapKeyManagerSystem.d.ts","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AACnF,OAAO,EACL,oBAAoB,EAepB,QAAQ,EACT,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAA;AAGjE,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAWrC,eAAO,MAAM,MAAM,sDAA+C,CAAA;AAElE,qBAAa,wBAAyB,SAAQ,2BAA2B;IACvE,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAU;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAoC;IACzE,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAoC;gBAE9D,QAAQ,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;QACvD,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;QAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAC/C;IAmBK,QAAQ,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAKrC,SAAS,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,QAAQ,CAAC;QAAC,IAAI,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAuCtF,OAAO,CAAC,yBAAyB,CAWhC;IAED,OAAO,CAAC,yBAAyB,CAchC;IAEK,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAc3D,OAAO,CAAC,kBAAkB;IAapB,IAAI,CAAC,IAAI,EAAE;QACf,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,UAAU,CAAC;QACjB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;KACjB,GAAG,OAAO,CAAC,MAAM,CAAC;IAuBb,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAI9G,OAAO,CAAC,oBAAoB,CAqD3B;IAGD,OAAO,CAAC,cAAc;IAqBtB,YAAY,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,cAAc,GAAG,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAInH,OAAO,CAAC,qBAAqB;IAU7B,OAAO,CAAC,2BAA2B;CASpC"}
package/dist/MusapKeyManagerSystem.js ADDED
@@ -0,0 +1,284 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || function (mod) {
19
+ if (mod && mod.__esModule) return mod;
20
+ var result = {};
21
+ if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22
+ __setModuleDefault(result, mod);
23
+ return result;
24
+ };
25
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
26
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
27
+ return new (P || (P = Promise))(function (resolve, reject) {
28
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
29
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
30
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
31
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
32
+ });
33
+ };
34
+ var __rest = (this && this.__rest) || function (s, e) {
35
+ var t = {};
36
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
37
+ t[p] = s[p];
38
+ if (s != null && typeof Object.getOwnPropertySymbols === "function")
39
+ for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
40
+ if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
41
+ t[p[i]] = s[p[i]];
42
+ }
43
+ return t;
44
+ };
45
+ Object.defineProperty(exports, "__esModule", { value: true });
46
+ exports.MusapKeyManagementSystem = exports.logger = void 0;
47
+ const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
48
+ const musap_react_native_1 = require("@sphereon/musap-react-native");
49
+ const key_manager_1 = require("@veramo/key-manager");
50
+ const text_encoding_1 = require("text-encoding");
51
+ const ssi_types_1 = require("@sphereon/ssi-types");
52
+ const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
53
+ const u8a = __importStar(require("uint8arrays"));
54
+ exports.logger = ssi_types_1.Loggers.DEFAULT.get('sphereon:musap-rn-kms');
55
+ class MusapKeyManagementSystem extends key_manager_1.AbstractKeyManagementSystem {
56
+ constructor(sscdType, sscdId, opts) {
57
+ super();
58
+ this.mapKeyTypeToAlgorithmType = (type) => {
59
+ switch (type) {
60
+ case 'Secp256k1':
61
+ return 'ECCP256K1';
62
+ case 'Secp256r1':
63
+ return 'ECCP256R1';
64
+ case 'RSA':
65
+ return 'RSA2K';
66
+ default:
67
+ throw new Error(`Key type ${type} is not supported by MUSAP`);
68
+ }
69
+ };
70
+ this.mapAlgorithmTypeToKeyType = (type) => {
71
+ switch (type) {
72
+ case 'eccp256k1':
73
+ return 'Secp256k1';
74
+ case 'eccp256r1':
75
+ return 'Secp256r1';
76
+ case 'ecc_ed25519':
77
+ return 'Ed25519';
78
+ case 'rsa2k':
79
+ case 'rsa4k':
80
+ return 'RSA';
81
+ default:
82
+ throw new Error(`Key type ${type} is not supported.`);
83
+ }
84
+ };
85
+ this.decodeMusapPublicKey = (args) => {
86
+ const { publicKey, keyType } = args;
87
+ // First try the normal PEM decoding path
88
+ const pemBinary = (0, ssi_sdk_ext_x509_utils_1.PEMToBinary)(publicKey.pem);
89
+ // Check if we got a string that looks like base64 (might be double encoded)
90
+ // Convert Uint8Array to string safely
91
+ const pemString = u8a.toString(pemBinary, 'utf8');
92
+ const isDoubleEncoded = pemBinary.length > 0 &&
93
+ typeof pemString === 'string' &&
94
+ pemString.startsWith('MF');
95
+ if (isDoubleEncoded) {
96
+ // Handle double-encoded case
97
+ const actualDerBytes = u8a.fromString(pemString, 'base64');
98
+ // For double-encoded case, we know the key data starts after the header
99
+ const keyDataStart = 24;
100
+ const keyData = actualDerBytes.slice(keyDataStart);
101
+ // Convert to public key hex
102
+ let publicKeyHex = u8a.toString(keyData, 'hex');
103
+ // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it
104
+ if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {
105
+ publicKeyHex = '04' + publicKeyHex;
106
+ }
107
+ // Ensure we have full 65 bytes for uncompressed keys
108
+ while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {
109
+ publicKeyHex = publicKeyHex + '0';
110
+ }
111
+ // Now convert to compressed format if needed
112
+ if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {
113
+ const xCoord = u8a.fromString(publicKeyHex.slice(2, 66), 'hex');
114
+ const yCoord = u8a.fromString(publicKeyHex.slice(66, 130), 'hex');
115
+ const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03]);
116
+ const compressedKey = new Uint8Array(33); // 1 byte prefix + 32 bytes x coordinate
117
+ compressedKey.set(prefix, 0);
118
+ compressedKey.set(xCoord, 1);
119
+ return u8a.toString(compressedKey, 'hex');
120
+ }
121
+ return publicKeyHex;
122
+ }
123
+ // Not double encoded, proceed with normal path
124
+ const publicKeyBinary = (0, ssi_sdk_ext_key_utils_1.isAsn1Der)(pemBinary) ? (0, ssi_sdk_ext_key_utils_1.asn1DerToRawPublicKey)(pemBinary, keyType) : pemBinary;
125
+ return (0, ssi_sdk_ext_key_utils_1.isRawCompressedPublicKey)(publicKeyBinary)
126
+ ? (0, ssi_sdk_ext_key_utils_1.hexStringFromUint8Array)(publicKeyBinary)
127
+ : (0, ssi_sdk_ext_key_utils_1.toRawCompressedHexPublicKey)(publicKeyBinary, keyType);
128
+ };
129
+ try {
130
+ this.musapClient = musap_react_native_1.MusapClient;
131
+ this.sscdType = sscdType ? sscdType : 'TEE';
132
+ this.sscdId = sscdId !== null && sscdId !== void 0 ? sscdId : this.sscdType;
133
+ this.defaultKeyAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultKeyAttributes;
134
+ this.defaultSignAttributes = opts === null || opts === void 0 ? void 0 : opts.defaultSignAttributes;
135
+ const enabledSscds = this.musapClient.listEnabledSscds();
136
+ if (!enabledSscds.some(value => value.sscdId == sscdId)) {
137
+ this.musapClient.enableSscd(this.sscdType, this.sscdId, opts === null || opts === void 0 ? void 0 : opts.externalSscdSettings);
138
+ }
139
+ }
140
+ catch (e) {
141
+ console.error('enableSscd', e);
142
+ throw Error('enableSscd failed');
143
+ }
144
+ }
145
+ listKeys() {
146
+ return __awaiter(this, void 0, void 0, function* () {
147
+ const keysJson = (this.musapClient.listKeys());
148
+ return keysJson.map((key) => this.asMusapKeyInfo(key));
149
+ });
150
+ }
151
+ createKey(args) {
152
+ return __awaiter(this, void 0, void 0, function* () {
153
+ const { type, meta } = args;
154
+ if (meta === undefined || !('keyAlias' in meta)) {
155
+ return Promise.reject(Error('a unique keyAlias field is required for MUSAP'));
156
+ }
157
+ if (this.sscdType == 'EXTERNAL') {
158
+ const existingKeys = (this.musapClient.listKeys());
159
+ const extKey = existingKeys.find(musapKey => musapKey.sscdType === 'External Signature'); // FIXME returning does not match SscdType enum
160
+ if (extKey) {
161
+ extKey.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
162
+ return this.asMusapKeyInfo(extKey);
163
+ }
164
+ return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
165
+ }
166
+ const keyGenReq = {
167
+ keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
168
+ keyUsage: 'keyUsage' in meta ? meta.keyUsage : 'sign',
169
+ keyAlias: meta.keyAlias,
170
+ attributes: this.recordToKeyAttributes(Object.assign(Object.assign({}, this.defaultKeyAttributes), ('attributes' in meta ? meta.attributes : {}))),
171
+ role: 'role' in meta ? meta.role : 'administrator',
172
+ };
173
+ try {
174
+ const generatedKeyUri = yield this.musapClient.generateKey(this.sscdType, keyGenReq);
175
+ if (generatedKeyUri) {
176
+ exports.logger.debug('Generated key:', generatedKeyUri);
177
+ const key = this.musapClient.getKeyByUri(generatedKeyUri);
178
+ return this.asMusapKeyInfo(key);
179
+ }
180
+ else {
181
+ return Promise.reject(new Error('Failed to generate key. No key URI'));
182
+ }
183
+ }
184
+ catch (error) {
185
+ exports.logger.error('An error occurred:', error);
186
+ throw error;
187
+ }
188
+ });
189
+ }
190
+ deleteKey(_a) {
191
+ return __awaiter(this, arguments, void 0, function* ({ kid }) {
192
+ try {
193
+ const key = this.musapClient.getKeyById(kid);
194
+ if (key.sscdType === 'External Signature') {
195
+ return true; // FIXME we can't remove a eSim key for now because this would mean onboarding again
196
+ }
197
+ void this.musapClient.removeKey(kid);
198
+ return true;
199
+ }
200
+ catch (error) {
201
+ console.warn('Failed to delete key:', error);
202
+ return false;
203
+ }
204
+ });
205
+ }
206
+ determineAlgorithm(providedAlgorithm, keyAlgorithm) {
207
+ if (providedAlgorithm === undefined) {
208
+ return (0, musap_react_native_1.signatureAlgorithmFromKeyAlgorithm)(keyAlgorithm);
209
+ }
210
+ if ((0, musap_react_native_1.isSignatureAlgorithmType)(providedAlgorithm)) {
211
+ return providedAlgorithm;
212
+ }
213
+ // Veramo translates TKeyType to JWSAlgorithm
214
+ return (0, musap_react_native_1.signatureAlgorithmFromKeyAlgorithm)(providedAlgorithm);
215
+ }
216
+ sign(args) {
217
+ return __awaiter(this, void 0, void 0, function* () {
218
+ var _a;
219
+ if (!args.keyRef) {
220
+ throw new Error('key_not_found: No key ref provided');
221
+ }
222
+ const data = new text_encoding_1.TextDecoder().decode(args.data);
223
+ const key = this.musapClient.getKeyById(args.keyRef.kid);
224
+ if (key.sscdType === 'External Signature') {
225
+ key.algorithm = 'eccp256r1'; // FIXME MUSAP announces key as rsa2k, but it's actually EC
226
+ }
227
+ const signatureReq = {
228
+ keyUri: key.keyUri,
229
+ data,
230
+ algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
231
+ displayText: args.displayText,
232
+ transId: args.transId,
233
+ format: (_a = args.format) !== null && _a !== void 0 ? _a : 'RAW',
234
+ attributes: this.recordToSignatureAttributes(Object.assign(Object.assign({}, this.defaultSignAttributes), args.attributes)),
235
+ };
236
+ return this.musapClient.sign(signatureReq);
237
+ });
238
+ }
239
+ importKey(args) {
240
+ return __awaiter(this, void 0, void 0, function* () {
241
+ throw new Error('importKey is not implemented for MusapKeyManagementSystem.');
242
+ });
243
+ }
244
+ asMusapKeyInfo(args) {
245
+ const _a = Object.assign({}, args), { keyId, publicKey } = _a, metadata = __rest(_a, ["keyId", "publicKey"]);
246
+ const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
247
+ const publicKeyHex = this.decodeMusapPublicKey({
248
+ publicKey: publicKey,
249
+ keyType: keyType
250
+ });
251
+ const keyInfo = {
252
+ kid: keyId,
253
+ type: keyType,
254
+ publicKeyHex,
255
+ meta: metadata,
256
+ };
257
+ const jwkThumbprint = (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key: keyInfo });
258
+ keyInfo.meta = Object.assign(Object.assign({}, keyInfo.meta), { jwkThumbprint });
259
+ return keyInfo;
260
+ }
261
+ sharedSecret(args) {
262
+ throw new Error('Not supported.');
263
+ }
264
+ recordToKeyAttributes(record) {
265
+ if (!record) {
266
+ return [];
267
+ }
268
+ return Object.entries(record).map(([key, value]) => ({
269
+ name: key,
270
+ value,
271
+ }));
272
+ }
273
+ recordToSignatureAttributes(record) {
274
+ if (!record) {
275
+ return [];
276
+ }
277
+ return Object.entries(record).map(([key, value]) => ({
278
+ name: key,
279
+ value,
280
+ }));
281
+ }
282
+ }
283
+ exports.MusapKeyManagementSystem = MusapKeyManagementSystem;
284
+ //# sourceMappingURL=MusapKeyManagerSystem.js.map
package/dist/MusapKeyManagerSystem.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"MusapKeyManagerSystem.js","sourceRoot":"","sources":["../src/MusapKeyManagerSystem.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,6EAA8D;AAE9D,qEAiBqC;AACrC,qDAAiE;AACjE,iDAA2C;AAC3C,mDAA6C;AAE7C,2EAOwC;AACxC,iDAAkC;AAErB,QAAA,MAAM,GAAG,mBAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAElE,MAAa,wBAAyB,SAAQ,yCAA2B;IAOvE,YAAY,QAAmB,EAAE,MAAe,EAAE,IAIjD;QACC,KAAK,EAAE,CAAA;QA8DD,8BAAyB,GAAG,CAAC,IAAc,EAAoB,EAAE;YACvE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,KAAK;oBACR,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,4BAA4B,CAAC,CAAA;YACjE,CAAC;QACH,CAAC,CAAA;QAEO,8BAAyB,GAAG,CAAC,IAAkB,EAAY,EAAE;YACnE,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,WAAW;oBACd,OAAO,WAAW,CAAA;gBACpB,KAAK,aAAa;oBAChB,OAAO,SAAS,CAAA;gBAClB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,CAAA;gBACd;oBACE,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,oBAAoB,CAAC,CAAA;YACzD,CAAC;QACH,CAAC,CAAA;QA6DO,yBAAoB,GAAG,CAAC,IAAuD,EAAU,EAAE;YACjG,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;YAEnC,yCAAyC;YACzC,MAAM,SAAS,GAAG,IAAA,oCAAW,EAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAE5C,4EAA4E;YAC5E,sCAAsC;YACtC,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACjD,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC;gBAC1C,OAAO,SAAS,KAAK,QAAQ;gBAC7B,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;YAE5B,IAAI,eAAe,EAAE,CAAC;gBACpB,6BAA6B;gBAC7B,MAAM,cAAc,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;gBAE1D,wEAAwE;gBACxE,MAAM,YAAY,GAAG,EAAE,CAAA;gBACvB,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;gBAElD,4BAA4B;gBAC5B,IAAI,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;gBAE/C,6FAA6F;gBAC7F,IAAI,YAAY,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjE,YAAY,GAAG,IAAI,GAAG,YAAY,CAAA;gBACpC,CAAC;gBAED,qDAAqD;gBACrD,OAAO,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;oBAClE,YAAY,GAAG,YAAY,GAAG,GAAG,CAAA;gBACnC,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBACjE,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAA;oBAC/D,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAA;oBACjE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;oBACnE,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA,CAAC,wCAAwC;oBACjF,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;oBAC5B,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;oBAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE,KAAK,CAAC,CAAA;gBAC3C,CAAC;gBAED,OAAO,YAAY,CAAA;YACrB,CAAC;YAED,+CAA+C;YAC/C,MAAM,eAAe,GAAG,IAAA,iCAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAA,6CAAqB,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACpG,OAAO,IAAA,gDAAwB,EAAC,eAAe,CAAC;gBAC9C,CAAC,CAAC,IAAA,+CAAuB,EAAC,eAAe,CAAC;gBAC1C,CAAC,CAAC,IAAA,mDAA2B,EAAC,eAAe,EAAE,OAAO,CAAC,CAAA;QAC3D,CAAC,CAAA;QA1MC,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,GAAG,gCAAW,CAAA;YAC9B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAA;YAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,IAAI,CAAC,QAAQ,CAAA;YACrC,IAAI,CAAC,oBAAoB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,CAAA;YACtD,IAAI,CAAC,qBAAqB,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,qBAAqB,CAAA;YAExD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAA;YACxD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB,CAAC,CAAA;YACrF,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAA;YAC9B,MAAM,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAClC,CAAC;IACH,CAAC;IAEK,QAAQ;;YACZ,MAAM,QAAQ,GAAe,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAe,CAAA;YACxE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAA;QACxD,CAAC;KAAA;IAEK,SAAS,CAAC,IAA4C;;YAC1D,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAA;YAC3B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,UAAU,IAAI,IAAI,CAAC,EAAE,CAAC;gBAChD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAA;YAC/E,CAAC;YAED,IAAI,IAAI,CAAC,QAAQ,IAAI,UAAU,EAAE,CAAC;gBAChC,MAAM,YAAY,GAAe,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAe,CAAA;gBAC5E,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAkB,KAAK,oBAAoB,CAAC,CAAA,CAAC,+CAA+C;gBAClJ,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,SAAS,GAAG,WAAW,CAAA,CAAC,2DAA2D;oBAC1F,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;gBACpC,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;YACvF,CAAC;YAED,MAAM,SAAS,GAAG;gBAChB,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;gBAClD,QAAQ,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,QAAmB,CAAC,CAAC,CAAC,MAAM;gBACjE,QAAQ,EAAE,IAAI,CAAC,QAAkB;gBACjC,UAAU,EAAE,IAAI,CAAC,qBAAqB,iCAAM,IAAI,CAAC,oBAAoB,GAAK,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAG;gBAC1H,IAAI,EAAE,MAAM,IAAI,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,IAAe,CAAC,CAAC,CAAC,eAAe;aAC3C,CAAA;YAErB,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;gBACpF,IAAI,eAAe,EAAE,CAAC;oBACpB,cAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAA;oBAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,eAAe,CAAC,CAAA;oBACzD,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAA;gBACxE,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,cAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;gBACzC,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;KAAA;IA+BK,SAAS;6DAAC,EAAE,GAAG,EAAmB;YACpC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAa,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAa,CAAA;gBAClE,IAAI,GAAG,CAAC,QAAkB,KAAK,oBAAoB,EAAE,CAAC;oBACpD,OAAO,IAAI,CAAA,CAAC,oFAAoF;gBAClG,CAAC;gBACD,KAAK,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;gBACtC,OAAO,IAAI,CAAA;YACb,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAA;gBAC5C,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;KAAA;IAEO,kBAAkB,CAAC,iBAAqC,EAAE,YAA0B;QAC1F,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,IAAA,uDAAkC,EAAC,YAAY,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,IAAA,6CAAwB,EAAC,iBAAiB,CAAC,EAAE,CAAC;YAChD,OAAO,iBAAiB,CAAA;QAC1B,CAAC;QAED,6CAA6C;QAC7C,OAAO,IAAA,uDAAkC,EAAC,iBAAiC,CAAC,CAAA;IAC9E,CAAC;IAEK,IAAI,CAAC,IAKV;;;YACC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,2BAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAkB,CAAC,CAAA;YAE9D,MAAM,GAAG,GAAa,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAa,CAAA;YAC9E,IAAI,GAAG,CAAC,QAAkB,KAAK,oBAAoB,EAAE,CAAC;gBACpD,GAAG,CAAC,SAAS,GAAG,WAAW,CAAA,CAAC,2DAA2D;YACzF,CAAC;YACD,MAAM,YAAY,GAAiB;gBACjC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC;gBACjE,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,MAAC,IAAI,CAAC,MAA0B,mCAAI,KAAK;gBACjD,UAAU,EAAE,IAAI,CAAC,2BAA2B,iCAAM,IAAI,CAAC,qBAAqB,GAAK,IAAI,CAAC,UAAU,EAAG;aACpG,CAAA;YACD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QAC5C,CAAC;KAAA;IAEK,SAAS,CAAC,IAAoE;;YAClF,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAC/E,CAAC;KAAA;IA0DO,cAAc,CAAC,IAAc;QACnC,MAAM,uBAAsD,IAAI,CAAE,EAA5D,EAAE,KAAK,EAAE,SAAS,OAA0C,EAArC,QAAQ,cAA/B,sBAAiC,CAA2B,CAAA;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QAE9D,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC;YAC7C,SAAS,EAAE,SAAS;YACpB,OAAO,EAAE,OAAO;SACjB,CAAC,CAAA;QAEF,MAAM,OAAO,GAA4B;YACvC,GAAG,EAAE,KAAK;YACV,IAAI,EAAE,OAAO;YACb,YAAY;YACZ,IAAI,EAAE,QAAQ;SACf,CAAA;QAED,MAAM,aAAa,GAAG,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,OAAyB,EAAE,CAAC,CAAA;QACtF,OAAO,CAAC,IAAI,mCAAQ,OAAO,CAAC,IAAI,KAAE,aAAa,GAAE,CAAA;QACjD,OAAO,OAAyB,CAAA;IAClC,CAAC;IAED,YAAY,CAAC,IAAoF;QAC/F,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;IACnC,CAAC;IAEO,qBAAqB,CAAC,MAA+B;QAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,EAAE,GAAG;YACT,KAAK;SACN,CAAC,CAAC,CAAA;IACL,CAAC;IAEO,2BAA2B,CAAC,MAA+B;QACjE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI,EAAE,GAAG;YACT,KAAK;SACN,CAAC,CAAC,CAAA;IACL,CAAC;CACF;AAtQD,4DAsQC"}
package/dist/index.d.ts CHANGED
@@ -1,51 +1,6 @@
1
- import { ManagedKeyInfo, TKeyType, IKey, MinimalImportableKey } from '@veramo/core';
2
- import { SscdType, ExternalSscdSettings } from '@sphereon/musap-react-native';
3
- import { AbstractKeyManagementSystem } from '@veramo/key-manager';
4
-
5
- declare class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
6
- private musapClient;
7
- private readonly sscdType;
8
- private readonly sscdId;
9
- private readonly defaultKeyAttributes;
10
- private readonly defaultSignAttributes;
11
- constructor(sscdType?: SscdType, sscdId?: string, opts?: {
12
- externalSscdSettings?: ExternalSscdSettings;
13
- defaultKeyAttributes?: Record<string, string>;
14
- defaultSignAttributes?: Record<string, string>;
15
- });
16
- listKeys(): Promise<ManagedKeyInfo[]>;
17
- createKey(args: {
18
- type: TKeyType;
19
- meta?: KeyMetadata;
20
- }): Promise<ManagedKeyInfo>;
21
- private mapKeyTypeToAlgorithmType;
22
- private mapAlgorithmTypeToKeyType;
23
- deleteKey({ kid }: {
24
- kid: string;
25
- }): Promise<boolean>;
26
- private determineAlgorithm;
27
- sign(args: {
28
- keyRef: Pick<IKey, 'kid'>;
29
- algorithm?: string;
30
- data: Uint8Array;
31
- [x: string]: any;
32
- }): Promise<string>;
33
- importKey(args: Omit<MinimalImportableKey, 'kms'> & {
34
- privateKeyPEM?: string;
35
- }): Promise<ManagedKeyInfo>;
36
- private decodeMusapPublicKey;
37
- private asMusapKeyInfo;
38
- sharedSecret(args: {
39
- myKeyRef: Pick<IKey, 'kid'>;
40
- theirKey: Pick<IKey, 'publicKeyHex' | 'type'>;
41
- }): Promise<string>;
42
- private recordToKeyAttributes;
43
- private recordToSignatureAttributes;
44
- }
45
-
46
- interface KeyMetadata {
1
+ export { MusapKeyManagementSystem } from './MusapKeyManagerSystem';
2
+ export interface KeyMetadata {
47
3
  algorithms?: string[];
48
4
  [x: string]: any;
49
5
  }
50
-
51
- export { type KeyMetadata, MusapKeyManagementSystem };
6
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAA;AAElE,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IAErB,CAAC,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CACjB"}
package/dist/index.js CHANGED
@@ -1,238 +1,6 @@
1
- var __defProp = Object.defineProperty;
2
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
-
4
- // src/MusapKeyManagerSystem.ts
5
- import { PEMToBinary } from "@sphereon/ssi-sdk-ext.x509-utils";
6
- import { isSignatureAlgorithmType, MusapClient, signatureAlgorithmFromKeyAlgorithm } from "@sphereon/musap-react-native";
7
- import { AbstractKeyManagementSystem } from "@veramo/key-manager";
8
- import { TextDecoder } from "text-encoding";
9
- import { Loggers } from "@sphereon/ssi-types";
10
- import { asn1DerToRawPublicKey, calculateJwkThumbprintForKey, hexStringFromUint8Array, isAsn1Der, isRawCompressedPublicKey, toRawCompressedHexPublicKey } from "@sphereon/ssi-sdk-ext.key-utils";
11
- import * as u8a from "uint8arrays";
12
- var { fromString, toString } = u8a;
13
- var logger = Loggers.DEFAULT.get("sphereon:musap-rn-kms");
14
- var MusapKeyManagementSystem = class extends AbstractKeyManagementSystem {
15
- static {
16
- __name(this, "MusapKeyManagementSystem");
17
- }
18
- musapClient;
19
- sscdType;
20
- sscdId;
21
- defaultKeyAttributes;
22
- defaultSignAttributes;
23
- constructor(sscdType, sscdId, opts) {
24
- super();
25
- try {
26
- this.musapClient = MusapClient;
27
- this.sscdType = sscdType ? sscdType : "TEE";
28
- this.sscdId = sscdId ?? this.sscdType;
29
- this.defaultKeyAttributes = opts?.defaultKeyAttributes;
30
- this.defaultSignAttributes = opts?.defaultSignAttributes;
31
- const enabledSscds = this.musapClient.listEnabledSscds();
32
- if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
33
- this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings);
34
- }
35
- } catch (e) {
36
- console.error("enableSscd", e);
37
- throw Error("enableSscd failed");
38
- }
39
- }
40
- async listKeys() {
41
- const keysJson = this.musapClient.listKeys();
42
- return keysJson.map((key) => this.asMusapKeyInfo(key));
43
- }
44
- async createKey(args) {
45
- const { type, meta } = args;
46
- if (meta === void 0 || !("keyAlias" in meta)) {
47
- return Promise.reject(Error("a unique keyAlias field is required for MUSAP"));
48
- }
49
- if (this.sscdType == "EXTERNAL") {
50
- const existingKeys = this.musapClient.listKeys();
51
- const extKey = existingKeys.find((musapKey) => musapKey.sscdType === "External Signature");
52
- if (extKey) {
53
- extKey.algorithm = "eccp256r1";
54
- return this.asMusapKeyInfo(extKey);
55
- }
56
- return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
57
- }
58
- const keyGenReq = {
59
- keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
60
- keyUsage: "keyUsage" in meta ? meta.keyUsage : "sign",
61
- keyAlias: meta.keyAlias,
62
- attributes: this.recordToKeyAttributes({
63
- ...this.defaultKeyAttributes,
64
- ..."attributes" in meta ? meta.attributes : {}
65
- }),
66
- role: "role" in meta ? meta.role : "administrator"
67
- };
68
- try {
69
- const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq);
70
- if (generatedKeyUri) {
71
- logger.debug("Generated key:", generatedKeyUri);
72
- const key = this.musapClient.getKeyByUri(generatedKeyUri);
73
- return this.asMusapKeyInfo(key);
74
- } else {
75
- return Promise.reject(new Error("Failed to generate key. No key URI"));
76
- }
77
- } catch (error) {
78
- logger.error("An error occurred:", error);
79
- throw error;
80
- }
81
- }
82
- mapKeyTypeToAlgorithmType = /* @__PURE__ */ __name((type) => {
83
- switch (type) {
84
- case "Secp256k1":
85
- return "ECCP256K1";
86
- case "Secp256r1":
87
- return "ECCP256R1";
88
- case "RSA":
89
- return "RSA2K";
90
- default:
91
- throw new Error(`Key type ${type} is not supported by MUSAP`);
92
- }
93
- }, "mapKeyTypeToAlgorithmType");
94
- mapAlgorithmTypeToKeyType = /* @__PURE__ */ __name((type) => {
95
- switch (type) {
96
- case "eccp256k1":
97
- return "Secp256k1";
98
- case "eccp256r1":
99
- return "Secp256r1";
100
- case "ecc_ed25519":
101
- return "Ed25519";
102
- case "rsa2k":
103
- case "rsa4k":
104
- return "RSA";
105
- default:
106
- throw new Error(`Key type ${type} is not supported.`);
107
- }
108
- }, "mapAlgorithmTypeToKeyType");
109
- async deleteKey({ kid }) {
110
- try {
111
- const key = this.musapClient.getKeyById(kid);
112
- if (key.sscdType === "External Signature") {
113
- return true;
114
- }
115
- void this.musapClient.removeKey(kid);
116
- return true;
117
- } catch (error) {
118
- console.warn("Failed to delete key:", error);
119
- return false;
120
- }
121
- }
122
- determineAlgorithm(providedAlgorithm, keyAlgorithm) {
123
- if (providedAlgorithm === void 0) {
124
- return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm);
125
- }
126
- if (isSignatureAlgorithmType(providedAlgorithm)) {
127
- return providedAlgorithm;
128
- }
129
- return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm);
130
- }
131
- async sign(args) {
132
- if (!args.keyRef) {
133
- throw new Error("key_not_found: No key ref provided");
134
- }
135
- const data = new TextDecoder().decode(args.data);
136
- const key = this.musapClient.getKeyById(args.keyRef.kid);
137
- if (key.sscdType === "External Signature") {
138
- key.algorithm = "eccp256r1";
139
- }
140
- const signatureReq = {
141
- keyUri: key.keyUri,
142
- data,
143
- algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
144
- displayText: args.displayText,
145
- transId: args.transId,
146
- format: args.format ?? "RAW",
147
- attributes: this.recordToSignatureAttributes({
148
- ...this.defaultSignAttributes,
149
- ...args.attributes
150
- })
151
- };
152
- return this.musapClient.sign(signatureReq);
153
- }
154
- async importKey(args) {
155
- throw new Error("importKey is not implemented for MusapKeyManagementSystem.");
156
- }
157
- decodeMusapPublicKey = /* @__PURE__ */ __name((args) => {
158
- const { publicKey, keyType } = args;
159
- const pemBinary = PEMToBinary(publicKey.pem);
160
- const pemString = toString(pemBinary, "utf8");
161
- const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === "string" && pemString.startsWith("MF");
162
- if (isDoubleEncoded) {
163
- const actualDerBytes = fromString(pemString, "base64");
164
- const keyDataStart = 24;
165
- const keyData = actualDerBytes.slice(keyDataStart);
166
- let publicKeyHex = toString(keyData, "hex");
167
- if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith("04")) {
168
- publicKeyHex = "04" + publicKeyHex;
169
- }
170
- while (publicKeyHex.startsWith("04") && publicKeyHex.length < 130) {
171
- publicKeyHex = publicKeyHex + "0";
172
- }
173
- if (publicKeyHex.startsWith("04") && publicKeyHex.length === 130) {
174
- const xCoord = fromString(publicKeyHex.slice(2, 66), "hex");
175
- const yCoord = fromString(publicKeyHex.slice(66, 130), "hex");
176
- const prefix = new Uint8Array([
177
- yCoord[31] % 2 === 0 ? 2 : 3
178
- ]);
179
- const compressedKey = new Uint8Array(33);
180
- compressedKey.set(prefix, 0);
181
- compressedKey.set(xCoord, 1);
182
- return toString(compressedKey, "hex");
183
- }
184
- return publicKeyHex;
185
- }
186
- const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary;
187
- return isRawCompressedPublicKey(publicKeyBinary) ? hexStringFromUint8Array(publicKeyBinary) : toRawCompressedHexPublicKey(publicKeyBinary, keyType);
188
- }, "decodeMusapPublicKey");
189
- asMusapKeyInfo(args) {
190
- const { keyId, publicKey, ...metadata } = {
191
- ...args
192
- };
193
- const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
194
- const publicKeyHex = this.decodeMusapPublicKey({
195
- publicKey,
196
- keyType
197
- });
198
- const keyInfo = {
199
- kid: keyId,
200
- type: keyType,
201
- publicKeyHex,
202
- meta: metadata
203
- };
204
- const jwkThumbprint = calculateJwkThumbprintForKey({
205
- key: keyInfo
206
- });
207
- keyInfo.meta = {
208
- ...keyInfo.meta,
209
- jwkThumbprint
210
- };
211
- return keyInfo;
212
- }
213
- sharedSecret(args) {
214
- throw new Error("Not supported.");
215
- }
216
- recordToKeyAttributes(record) {
217
- if (!record) {
218
- return [];
219
- }
220
- return Object.entries(record).map(([key, value]) => ({
221
- name: key,
222
- value
223
- }));
224
- }
225
- recordToSignatureAttributes(record) {
226
- if (!record) {
227
- return [];
228
- }
229
- return Object.entries(record).map(([key, value]) => ({
230
- name: key,
231
- value
232
- }));
233
- }
234
- };
235
- export {
236
- MusapKeyManagementSystem
237
- };
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.MusapKeyManagementSystem = void 0;
4
+ var MusapKeyManagerSystem_1 = require("./MusapKeyManagerSystem");
5
+ Object.defineProperty(exports, "MusapKeyManagementSystem", { enumerable: true, get: function () { return MusapKeyManagerSystem_1.MusapKeyManagementSystem; } });
238
6
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/MusapKeyManagerSystem.ts"],"sourcesContent":["import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;AAAA,SAASA,mBAAmB;AAE5B,SAGEC,0BAMAC,aAEAC,0CAMK;AACP,SAASC,mCAAmC;AAC5C,SAASC,mBAAmB;AAC5B,SAASC,eAAe;AAExB,SACEC,uBACAC,8BACAC,yBACAC,WACAC,0BACAC,mCACK;AAEP,YAAYC,SAAS;AACrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,SAASC,QAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,4BAAAA;EAtC9C,OAsC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,aAAO4B,mCAAmCnB,YAAAA;IAC5C;AAEA,QAAIoB,yBAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,WAAOC,mCAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,YAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,YAAYC,YAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYnF,SAASgF,WAAW,MAAA;AACtC,UAAMI,kBAAkBJ,UAAUK,SAAS,KAAK,OAAOF,cAAc,YAAYA,UAAUG,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBxF,WAAWoF,WAAW,QAAA;AAG7C,YAAMK,eAAe;AACrB,YAAMC,UAAUF,eAAeG,MAAMF,YAAAA;AAGrC,UAAIG,eAAe3F,SAASyF,SAAS,KAAA;AAGrC,UAAIE,aAAaN,UAAU,OAAO,CAACM,aAAaL,WAAW,IAAA,GAAO;AAChEK,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaL,WAAW,IAAA,KAASK,aAAaN,SAAS,KAAK;AACjEM,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaL,WAAW,IAAA,KAASK,aAAaN,WAAW,KAAK;AAChE,cAAMO,SAAS7F,WAAW4F,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAAS9F,WAAW4F,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAO5F,SAASgG,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,kBAAkBC,UAAUnB,SAAAA,IAAaoB,sBAAsBpB,WAAWD,OAAAA,IAAWC;AAC3F,WAAOqB,yBAAyBH,eAAAA,IAC5BI,wBAAwBJ,eAAAA,IACxBK,4BAA4BL,iBAAiBnB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAEwE,OAAO1B,WAAW,GAAG2B,SAAAA,IAA0B;MAAE,GAAGzE;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMiD,eAAe,KAAKd,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM2B,UAAmC;MACvCjD,KAAK+C;MACLvE,MAAM8C;MACNY;MACAzD,MAAMuE;IACR;AAEA,UAAME,gBAAgBC,6BAA6B;MAAE/E,KAAK6E;IAA0B,CAAA;AACpFA,YAAQxE,OAAO;MAAE,GAAGwE,QAAQxE;MAAMyE;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa7E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB6D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BmC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;AACF;","names":["PEMToBinary","isSignatureAlgorithmType","MusapClient","signatureAlgorithmFromKeyAlgorithm","AbstractKeyManagementSystem","TextDecoder","Loggers","asn1DerToRawPublicKey","calculateJwkThumbprintForKey","hexStringFromUint8Array","isAsn1Der","isRawCompressedPublicKey","toRawCompressedHexPublicKey","u8a","fromString","toString","u8a","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","isDoubleEncoded","length","startsWith","actualDerBytes","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iEAAkE;AAAzD,iIAAA,wBAAwB,OAAA"}
package/package.json CHANGED
@@ -1,43 +1,31 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.kms-musap-rn",
3
3
  "description": "Sphereon SSI-SDK react-native plugin for management of keys with musap.",
4
- "version": "0.28.1-feature.jose.vcdm.52+751e224",
5
- "source": "./src/index.ts",
6
- "type": "module",
7
- "main": "./dist/index.cjs",
8
- "module": "./dist/index.js",
9
- "types": "./dist/index.d.ts",
10
- "exports": {
11
- "react-native": "./dist/index.js",
12
- "import": {
13
- "types": "./dist/index.d.ts",
14
- "import": "./dist/index.js"
15
- },
16
- "require": {
17
- "types": "./dist/index.d.cts",
18
- "require": "./dist/index.cjs"
19
- }
20
- },
4
+ "version": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
5
+ "source": "src/index.ts",
6
+ "main": "dist/index.js",
7
+ "types": "dist/index.d.ts",
21
8
  "scripts": {
22
- "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
9
+ "build": "tsc --build",
10
+ "build:clean": "tsc --build --clean && tsc --build"
23
11
  },
24
12
  "dependencies": {
25
13
  "@sphereon/musap-react-native": "0.2.1-next.170",
26
- "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.52+751e224",
27
- "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.52+751e224",
28
- "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.65",
14
+ "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
15
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.oyd.cmsm.improv.20+7c3cf5a",
16
+ "@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
29
17
  "@veramo/core": "4.2.0",
30
18
  "@veramo/key-manager": "4.2.0",
31
19
  "@veramo/kms-local": "4.2.0",
32
20
  "text-encoding": "^0.7.0",
33
- "uint8arrays": "3.1.1"
21
+ "uint8arrays": "^3.1.1"
34
22
  },
35
23
  "devDependencies": {
36
24
  "@types/text-encoding": "0.0.39"
37
25
  },
38
26
  "files": [
39
- "dist",
40
- "src",
27
+ "dist/**/*",
28
+ "src/**/*",
41
29
  "README.md",
42
30
  "LICENSE"
43
31
  ],
@@ -54,5 +42,5 @@
54
42
  "react-native",
55
43
  "Veramo"
56
44
  ],
57
- "gitHead": "751e224f245c6ba757827ea4e50ad3c46afbea94"
45
+ "gitHead": "7c3cf5a3b32ef8a31744757aab14c21338880f79"
58
46
  }
package/src/MusapKeyManagerSystem.ts CHANGED
@@ -30,9 +30,7 @@ import {
30
30
  isRawCompressedPublicKey,
31
31
  toRawCompressedHexPublicKey,
32
32
  } from '@sphereon/ssi-sdk-ext.key-utils'
33
- // @ts-ignore
34
33
  import * as u8a from 'uint8arrays'
35
- const { fromString, toString } = u8a
36
34
 
37
35
  export const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')
38
36
 
@@ -43,15 +41,11 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
43
41
  private readonly defaultKeyAttributes: Record<string, string> | undefined
44
42
  private readonly defaultSignAttributes: Record<string, string> | undefined
45
43
 
46
- constructor(
47
- sscdType?: SscdType,
48
- sscdId?: string,
49
- opts?: {
50
- externalSscdSettings?: ExternalSscdSettings
51
- defaultKeyAttributes?: Record<string, string>
52
- defaultSignAttributes?: Record<string, string>
53
- }
54
- ) {
44
+ constructor(sscdType?: SscdType, sscdId?: string, opts?: {
45
+ externalSscdSettings?: ExternalSscdSettings,
46
+ defaultKeyAttributes?: Record<string, string>,
47
+ defaultSignAttributes?: Record<string, string>
48
+ }) {
55
49
  super()
56
50
  try {
57
51
  this.musapClient = MusapClient
@@ -61,7 +55,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
61
55
  this.defaultSignAttributes = opts?.defaultSignAttributes
62
56
 
63
57
  const enabledSscds = this.musapClient.listEnabledSscds()
64
- if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
58
+ if (!enabledSscds.some(value => value.sscdId == sscdId)) {
65
59
  this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)
66
60
  }
67
61
  } catch (e) {
@@ -71,7 +65,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
71
65
  }
72
66
 
73
67
  async listKeys(): Promise<ManagedKeyInfo[]> {
74
- const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]
68
+ const keysJson: MusapKey[] = (this.musapClient.listKeys()) as MusapKey[]
75
69
  return keysJson.map((key) => this.asMusapKeyInfo(key))
76
70
  }
77
71
 
@@ -82,8 +76,8 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
82
76
  }
83
77
 
84
78
  if (this.sscdType == 'EXTERNAL') {
85
- const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]
86
- const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum
79
+ const existingKeys: MusapKey[] = (this.musapClient.listKeys()) as MusapKey[]
80
+ const extKey = existingKeys.find(musapKey => musapKey.sscdType as string === 'External Signature') // FIXME returning does not match SscdType enum
87
81
  if (extKey) {
88
82
  extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
89
83
  return this.asMusapKeyInfo(extKey)
@@ -144,12 +138,12 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
144
138
  }
145
139
 
146
140
  async deleteKey({ kid }: { kid: string }): Promise<boolean> {
147
- try {
148
- const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey
149
- if ((key.sscdType as string) === 'External Signature') {
150
- return true // FIXME we can't remove a eSim key for now because this would mean onboarding again
151
- }
152
- void this.musapClient.removeKey(kid)
141
+ try {
142
+ const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey
143
+ if (key.sscdType as string === 'External Signature') {
144
+ return true // FIXME we can't remove a eSim key for now because this would mean onboarding again
145
+ }
146
+ void this.musapClient.removeKey(kid)
153
147
  return true
154
148
  } catch (error) {
155
149
  console.warn('Failed to delete key:', error)
@@ -170,7 +164,12 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
170
164
  return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)
171
165
  }
172
166
 
173
- async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {
167
+ async sign(args: {
168
+ keyRef: Pick<IKey, 'kid'>;
169
+ algorithm?: string;
170
+ data: Uint8Array;
171
+ [x: string]: any
172
+ }): Promise<string> {
174
173
  if (!args.keyRef) {
175
174
  throw new Error('key_not_found: No key ref provided')
176
175
  }
@@ -178,7 +177,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
178
177
  const data = new TextDecoder().decode(args.data as Uint8Array)
179
178
 
180
179
  const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey
181
- if ((key.sscdType as string) === 'External Signature') {
180
+ if (key.sscdType as string === 'External Signature') {
182
181
  key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC
183
182
  }
184
183
  const signatureReq: SignatureReq = {
@@ -197,7 +196,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
197
196
  throw new Error('importKey is not implemented for MusapKeyManagementSystem.')
198
197
  }
199
198
 
200
- private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {
199
+ private decodeMusapPublicKey = (args: { publicKey: { pem: string }, keyType: TKeyType }): string => {
201
200
  const { publicKey, keyType } = args
202
201
 
203
202
  // First try the normal PEM decoding path
@@ -205,19 +204,21 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
205
204
 
206
205
  // Check if we got a string that looks like base64 (might be double encoded)
207
206
  // Convert Uint8Array to string safely
208
- const pemString = toString(pemBinary, 'utf8')
209
- const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')
207
+ const pemString = u8a.toString(pemBinary, 'utf8')
208
+ const isDoubleEncoded = pemBinary.length > 0 &&
209
+ typeof pemString === 'string' &&
210
+ pemString.startsWith('MF')
210
211
 
211
212
  if (isDoubleEncoded) {
212
213
  // Handle double-encoded case
213
- const actualDerBytes = fromString(pemString, 'base64')
214
+ const actualDerBytes = u8a.fromString(pemString, 'base64')
214
215
 
215
216
  // For double-encoded case, we know the key data starts after the header
216
217
  const keyDataStart = 24
217
218
  const keyData = actualDerBytes.slice(keyDataStart)
218
219
 
219
220
  // Convert to public key hex
220
- let publicKeyHex = toString(keyData, 'hex')
221
+ let publicKeyHex = u8a.toString(keyData, 'hex')
221
222
 
222
223
  // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it
223
224
  if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {
@@ -231,13 +232,13 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
231
232
 
232
233
  // Now convert to compressed format if needed
233
234
  if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {
234
- const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')
235
- const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')
235
+ const xCoord = u8a.fromString(publicKeyHex.slice(2, 66), 'hex')
236
+ const yCoord = u8a.fromString(publicKeyHex.slice(66, 130), 'hex')
236
237
  const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])
237
238
  const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate
238
239
  compressedKey.set(prefix, 0)
239
240
  compressedKey.set(xCoord, 1)
240
- return toString(compressedKey, 'hex')
241
+ return u8a.toString(compressedKey, 'hex')
241
242
  }
242
243
 
243
244
  return publicKeyHex
@@ -249,6 +250,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
249
250
  ? hexStringFromUint8Array(publicKeyBinary)
250
251
  : toRawCompressedHexPublicKey(publicKeyBinary, keyType)
251
252
  }
253
+
252
254
 
253
255
  private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {
254
256
  const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }
@@ -256,7 +258,7 @@ export class MusapKeyManagementSystem extends AbstractKeyManagementSystem {
256
258
 
257
259
  const publicKeyHex = this.decodeMusapPublicKey({
258
260
  publicKey: publicKey,
259
- keyType: keyType,
261
+ keyType: keyType
260
262
  })
261
263
 
262
264
  const keyInfo: Partial<ManagedKeyInfo> = {
package/dist/index.cjs DELETED
@@ -1,269 +0,0 @@
1
- "use strict";
2
- var __create = Object.create;
3
- var __defProp = Object.defineProperty;
4
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
- var __getOwnPropNames = Object.getOwnPropertyNames;
6
- var __getProtoOf = Object.getPrototypeOf;
7
- var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
- var __export = (target, all) => {
10
- for (var name in all)
11
- __defProp(target, name, { get: all[name], enumerable: true });
12
- };
13
- var __copyProps = (to, from, except, desc) => {
14
- if (from && typeof from === "object" || typeof from === "function") {
15
- for (let key of __getOwnPropNames(from))
16
- if (!__hasOwnProp.call(to, key) && key !== except)
17
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
18
- }
19
- return to;
20
- };
21
- var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
22
- // If the importer is in node compatibility mode or this is not an ESM
23
- // file that has been converted to a CommonJS file using a Babel-
24
- // compatible transform (i.e. "__esModule" has not been set), then set
25
- // "default" to the CommonJS "module.exports" for node compatibility.
26
- isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
27
- mod
28
- ));
29
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
30
-
31
- // src/index.ts
32
- var index_exports = {};
33
- __export(index_exports, {
34
- MusapKeyManagementSystem: () => MusapKeyManagementSystem
35
- });
36
- module.exports = __toCommonJS(index_exports);
37
-
38
- // src/MusapKeyManagerSystem.ts
39
- var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.x509-utils");
40
- var import_musap_react_native = require("@sphereon/musap-react-native");
41
- var import_key_manager = require("@veramo/key-manager");
42
- var import_text_encoding = require("text-encoding");
43
- var import_ssi_types = require("@sphereon/ssi-types");
44
- var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.key-utils");
45
- var u8a = __toESM(require("uint8arrays"), 1);
46
- var { fromString, toString } = u8a;
47
- var logger = import_ssi_types.Loggers.DEFAULT.get("sphereon:musap-rn-kms");
48
- var MusapKeyManagementSystem = class extends import_key_manager.AbstractKeyManagementSystem {
49
- static {
50
- __name(this, "MusapKeyManagementSystem");
51
- }
52
- musapClient;
53
- sscdType;
54
- sscdId;
55
- defaultKeyAttributes;
56
- defaultSignAttributes;
57
- constructor(sscdType, sscdId, opts) {
58
- super();
59
- try {
60
- this.musapClient = import_musap_react_native.MusapClient;
61
- this.sscdType = sscdType ? sscdType : "TEE";
62
- this.sscdId = sscdId ?? this.sscdType;
63
- this.defaultKeyAttributes = opts?.defaultKeyAttributes;
64
- this.defaultSignAttributes = opts?.defaultSignAttributes;
65
- const enabledSscds = this.musapClient.listEnabledSscds();
66
- if (!enabledSscds.some((value) => value.sscdId == sscdId)) {
67
- this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings);
68
- }
69
- } catch (e) {
70
- console.error("enableSscd", e);
71
- throw Error("enableSscd failed");
72
- }
73
- }
74
- async listKeys() {
75
- const keysJson = this.musapClient.listKeys();
76
- return keysJson.map((key) => this.asMusapKeyInfo(key));
77
- }
78
- async createKey(args) {
79
- const { type, meta } = args;
80
- if (meta === void 0 || !("keyAlias" in meta)) {
81
- return Promise.reject(Error("a unique keyAlias field is required for MUSAP"));
82
- }
83
- if (this.sscdType == "EXTERNAL") {
84
- const existingKeys = this.musapClient.listKeys();
85
- const extKey = existingKeys.find((musapKey) => musapKey.sscdType === "External Signature");
86
- if (extKey) {
87
- extKey.algorithm = "eccp256r1";
88
- return this.asMusapKeyInfo(extKey);
89
- }
90
- return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`));
91
- }
92
- const keyGenReq = {
93
- keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),
94
- keyUsage: "keyUsage" in meta ? meta.keyUsage : "sign",
95
- keyAlias: meta.keyAlias,
96
- attributes: this.recordToKeyAttributes({
97
- ...this.defaultKeyAttributes,
98
- ..."attributes" in meta ? meta.attributes : {}
99
- }),
100
- role: "role" in meta ? meta.role : "administrator"
101
- };
102
- try {
103
- const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq);
104
- if (generatedKeyUri) {
105
- logger.debug("Generated key:", generatedKeyUri);
106
- const key = this.musapClient.getKeyByUri(generatedKeyUri);
107
- return this.asMusapKeyInfo(key);
108
- } else {
109
- return Promise.reject(new Error("Failed to generate key. No key URI"));
110
- }
111
- } catch (error) {
112
- logger.error("An error occurred:", error);
113
- throw error;
114
- }
115
- }
116
- mapKeyTypeToAlgorithmType = /* @__PURE__ */ __name((type) => {
117
- switch (type) {
118
- case "Secp256k1":
119
- return "ECCP256K1";
120
- case "Secp256r1":
121
- return "ECCP256R1";
122
- case "RSA":
123
- return "RSA2K";
124
- default:
125
- throw new Error(`Key type ${type} is not supported by MUSAP`);
126
- }
127
- }, "mapKeyTypeToAlgorithmType");
128
- mapAlgorithmTypeToKeyType = /* @__PURE__ */ __name((type) => {
129
- switch (type) {
130
- case "eccp256k1":
131
- return "Secp256k1";
132
- case "eccp256r1":
133
- return "Secp256r1";
134
- case "ecc_ed25519":
135
- return "Ed25519";
136
- case "rsa2k":
137
- case "rsa4k":
138
- return "RSA";
139
- default:
140
- throw new Error(`Key type ${type} is not supported.`);
141
- }
142
- }, "mapAlgorithmTypeToKeyType");
143
- async deleteKey({ kid }) {
144
- try {
145
- const key = this.musapClient.getKeyById(kid);
146
- if (key.sscdType === "External Signature") {
147
- return true;
148
- }
149
- void this.musapClient.removeKey(kid);
150
- return true;
151
- } catch (error) {
152
- console.warn("Failed to delete key:", error);
153
- return false;
154
- }
155
- }
156
- determineAlgorithm(providedAlgorithm, keyAlgorithm) {
157
- if (providedAlgorithm === void 0) {
158
- return (0, import_musap_react_native.signatureAlgorithmFromKeyAlgorithm)(keyAlgorithm);
159
- }
160
- if ((0, import_musap_react_native.isSignatureAlgorithmType)(providedAlgorithm)) {
161
- return providedAlgorithm;
162
- }
163
- return (0, import_musap_react_native.signatureAlgorithmFromKeyAlgorithm)(providedAlgorithm);
164
- }
165
- async sign(args) {
166
- if (!args.keyRef) {
167
- throw new Error("key_not_found: No key ref provided");
168
- }
169
- const data = new import_text_encoding.TextDecoder().decode(args.data);
170
- const key = this.musapClient.getKeyById(args.keyRef.kid);
171
- if (key.sscdType === "External Signature") {
172
- key.algorithm = "eccp256r1";
173
- }
174
- const signatureReq = {
175
- keyUri: key.keyUri,
176
- data,
177
- algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),
178
- displayText: args.displayText,
179
- transId: args.transId,
180
- format: args.format ?? "RAW",
181
- attributes: this.recordToSignatureAttributes({
182
- ...this.defaultSignAttributes,
183
- ...args.attributes
184
- })
185
- };
186
- return this.musapClient.sign(signatureReq);
187
- }
188
- async importKey(args) {
189
- throw new Error("importKey is not implemented for MusapKeyManagementSystem.");
190
- }
191
- decodeMusapPublicKey = /* @__PURE__ */ __name((args) => {
192
- const { publicKey, keyType } = args;
193
- const pemBinary = (0, import_ssi_sdk_ext.PEMToBinary)(publicKey.pem);
194
- const pemString = toString(pemBinary, "utf8");
195
- const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === "string" && pemString.startsWith("MF");
196
- if (isDoubleEncoded) {
197
- const actualDerBytes = fromString(pemString, "base64");
198
- const keyDataStart = 24;
199
- const keyData = actualDerBytes.slice(keyDataStart);
200
- let publicKeyHex = toString(keyData, "hex");
201
- if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith("04")) {
202
- publicKeyHex = "04" + publicKeyHex;
203
- }
204
- while (publicKeyHex.startsWith("04") && publicKeyHex.length < 130) {
205
- publicKeyHex = publicKeyHex + "0";
206
- }
207
- if (publicKeyHex.startsWith("04") && publicKeyHex.length === 130) {
208
- const xCoord = fromString(publicKeyHex.slice(2, 66), "hex");
209
- const yCoord = fromString(publicKeyHex.slice(66, 130), "hex");
210
- const prefix = new Uint8Array([
211
- yCoord[31] % 2 === 0 ? 2 : 3
212
- ]);
213
- const compressedKey = new Uint8Array(33);
214
- compressedKey.set(prefix, 0);
215
- compressedKey.set(xCoord, 1);
216
- return toString(compressedKey, "hex");
217
- }
218
- return publicKeyHex;
219
- }
220
- const publicKeyBinary = (0, import_ssi_sdk_ext2.isAsn1Der)(pemBinary) ? (0, import_ssi_sdk_ext2.asn1DerToRawPublicKey)(pemBinary, keyType) : pemBinary;
221
- return (0, import_ssi_sdk_ext2.isRawCompressedPublicKey)(publicKeyBinary) ? (0, import_ssi_sdk_ext2.hexStringFromUint8Array)(publicKeyBinary) : (0, import_ssi_sdk_ext2.toRawCompressedHexPublicKey)(publicKeyBinary, keyType);
222
- }, "decodeMusapPublicKey");
223
- asMusapKeyInfo(args) {
224
- const { keyId, publicKey, ...metadata } = {
225
- ...args
226
- };
227
- const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm);
228
- const publicKeyHex = this.decodeMusapPublicKey({
229
- publicKey,
230
- keyType
231
- });
232
- const keyInfo = {
233
- kid: keyId,
234
- type: keyType,
235
- publicKeyHex,
236
- meta: metadata
237
- };
238
- const jwkThumbprint = (0, import_ssi_sdk_ext2.calculateJwkThumbprintForKey)({
239
- key: keyInfo
240
- });
241
- keyInfo.meta = {
242
- ...keyInfo.meta,
243
- jwkThumbprint
244
- };
245
- return keyInfo;
246
- }
247
- sharedSecret(args) {
248
- throw new Error("Not supported.");
249
- }
250
- recordToKeyAttributes(record) {
251
- if (!record) {
252
- return [];
253
- }
254
- return Object.entries(record).map(([key, value]) => ({
255
- name: key,
256
- value
257
- }));
258
- }
259
- recordToSignatureAttributes(record) {
260
- if (!record) {
261
- return [];
262
- }
263
- return Object.entries(record).map(([key, value]) => ({
264
- name: key,
265
- value
266
- }));
267
- }
268
- };
269
- //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/index.ts","../src/MusapKeyManagerSystem.ts"],"sourcesContent":["export { MusapKeyManagementSystem } from './MusapKeyManagerSystem'\n\nexport interface KeyMetadata {\n algorithms?: string[]\n\n [x: string]: any\n}\n","import { PEMToBinary } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { IKey, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'\nimport {\n ExternalSscdSettings,\n IMusapClient,\n isSignatureAlgorithmType,\n JWSAlgorithm,\n KeyAlgorithm,\n KeyAlgorithmType,\n KeyAttribute,\n KeyGenReq,\n MusapClient,\n MusapKey,\n signatureAlgorithmFromKeyAlgorithm,\n SignatureAlgorithmType,\n SignatureAttribute,\n SignatureFormat,\n SignatureReq,\n SscdType,\n} from '@sphereon/musap-react-native'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport { TextDecoder } from 'text-encoding'\nimport { Loggers } from '@sphereon/ssi-types'\nimport { KeyMetadata } from './index'\nimport {\n asn1DerToRawPublicKey,\n calculateJwkThumbprintForKey,\n hexStringFromUint8Array,\n isAsn1Der,\n isRawCompressedPublicKey,\n toRawCompressedHexPublicKey,\n} from '@sphereon/ssi-sdk-ext.key-utils'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nconst { fromString, toString } = u8a\n\nexport const logger = Loggers.DEFAULT.get('sphereon:musap-rn-kms')\n\nexport class MusapKeyManagementSystem extends AbstractKeyManagementSystem {\n private musapClient: IMusapClient\n private readonly sscdType: SscdType\n private readonly sscdId: string\n private readonly defaultKeyAttributes: Record<string, string> | undefined\n private readonly defaultSignAttributes: Record<string, string> | undefined\n\n constructor(\n sscdType?: SscdType,\n sscdId?: string,\n opts?: {\n externalSscdSettings?: ExternalSscdSettings\n defaultKeyAttributes?: Record<string, string>\n defaultSignAttributes?: Record<string, string>\n }\n ) {\n super()\n try {\n this.musapClient = MusapClient\n this.sscdType = sscdType ? sscdType : 'TEE'\n this.sscdId = sscdId ?? this.sscdType\n this.defaultKeyAttributes = opts?.defaultKeyAttributes\n this.defaultSignAttributes = opts?.defaultSignAttributes\n\n const enabledSscds = this.musapClient.listEnabledSscds()\n if (!enabledSscds.some((value) => value.sscdId == sscdId)) {\n this.musapClient.enableSscd(this.sscdType, this.sscdId, opts?.externalSscdSettings)\n }\n } catch (e) {\n console.error('enableSscd', e)\n throw Error('enableSscd failed')\n }\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keysJson: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n return keysJson.map((key) => this.asMusapKeyInfo(key))\n }\n\n async createKey(args: { type: TKeyType; meta?: KeyMetadata }): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n if (meta === undefined || !('keyAlias' in meta)) {\n return Promise.reject(Error('a unique keyAlias field is required for MUSAP'))\n }\n\n if (this.sscdType == 'EXTERNAL') {\n const existingKeys: MusapKey[] = this.musapClient.listKeys() as MusapKey[]\n const extKey = existingKeys.find((musapKey) => (musapKey.sscdType as string) === 'External Signature') // FIXME returning does not match SscdType enum\n if (extKey) {\n extKey.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n return this.asMusapKeyInfo(extKey)\n }\n return Promise.reject(Error(`No external key was bound yet for sscd ${this.sscdId}`))\n }\n\n const keyGenReq = {\n keyAlgorithm: this.mapKeyTypeToAlgorithmType(type),\n keyUsage: 'keyUsage' in meta ? (meta.keyUsage as string) : 'sign',\n keyAlias: meta.keyAlias as string,\n attributes: this.recordToKeyAttributes({ ...this.defaultKeyAttributes, ...('attributes' in meta ? meta.attributes : {}) }),\n role: 'role' in meta ? (meta.role as string) : 'administrator',\n } satisfies KeyGenReq\n\n try {\n const generatedKeyUri = await this.musapClient.generateKey(this.sscdType, keyGenReq)\n if (generatedKeyUri) {\n logger.debug('Generated key:', generatedKeyUri)\n const key = this.musapClient.getKeyByUri(generatedKeyUri)\n return this.asMusapKeyInfo(key)\n } else {\n return Promise.reject(new Error('Failed to generate key. No key URI'))\n }\n } catch (error) {\n logger.error('An error occurred:', error)\n throw error\n }\n }\n\n private mapKeyTypeToAlgorithmType = (type: TKeyType): KeyAlgorithmType => {\n switch (type) {\n case 'Secp256k1':\n return 'ECCP256K1'\n case 'Secp256r1':\n return 'ECCP256R1'\n case 'RSA':\n return 'RSA2K'\n default:\n throw new Error(`Key type ${type} is not supported by MUSAP`)\n }\n }\n\n private mapAlgorithmTypeToKeyType = (type: KeyAlgorithm): TKeyType => {\n switch (type) {\n case 'eccp256k1':\n return 'Secp256k1'\n case 'eccp256r1':\n return 'Secp256r1'\n case 'ecc_ed25519':\n return 'Ed25519'\n case 'rsa2k':\n case 'rsa4k':\n return 'RSA'\n default:\n throw new Error(`Key type ${type} is not supported.`)\n }\n }\n\n async deleteKey({ kid }: { kid: string }): Promise<boolean> {\n try {\n const key: MusapKey = this.musapClient.getKeyById(kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n return true // FIXME we can't remove a eSim key for now because this would mean onboarding again\n }\n void this.musapClient.removeKey(kid)\n return true\n } catch (error) {\n console.warn('Failed to delete key:', error)\n return false\n }\n }\n\n private determineAlgorithm(providedAlgorithm: string | undefined, keyAlgorithm: KeyAlgorithm): SignatureAlgorithmType {\n if (providedAlgorithm === undefined) {\n return signatureAlgorithmFromKeyAlgorithm(keyAlgorithm)\n }\n\n if (isSignatureAlgorithmType(providedAlgorithm)) {\n return providedAlgorithm\n }\n\n // Veramo translates TKeyType to JWSAlgorithm\n return signatureAlgorithmFromKeyAlgorithm(providedAlgorithm as JWSAlgorithm)\n }\n\n async sign(args: { keyRef: Pick<IKey, 'kid'>; algorithm?: string; data: Uint8Array; [x: string]: any }): Promise<string> {\n if (!args.keyRef) {\n throw new Error('key_not_found: No key ref provided')\n }\n\n const data = new TextDecoder().decode(args.data as Uint8Array)\n\n const key: MusapKey = this.musapClient.getKeyById(args.keyRef.kid) as MusapKey\n if ((key.sscdType as string) === 'External Signature') {\n key.algorithm = 'eccp256r1' // FIXME MUSAP announces key as rsa2k, but it's actually EC\n }\n const signatureReq: SignatureReq = {\n keyUri: key.keyUri,\n data,\n algorithm: this.determineAlgorithm(args.algorithm, key.algorithm),\n displayText: args.displayText,\n transId: args.transId,\n format: (args.format as SignatureFormat) ?? 'RAW',\n attributes: this.recordToSignatureAttributes({ ...this.defaultSignAttributes, ...args.attributes }),\n }\n return this.musapClient.sign(signatureReq)\n }\n\n async importKey(args: Omit<MinimalImportableKey, 'kms'> & { privateKeyPEM?: string }): Promise<ManagedKeyInfo> {\n throw new Error('importKey is not implemented for MusapKeyManagementSystem.')\n }\n\n private decodeMusapPublicKey = (args: { publicKey: { pem: string }; keyType: TKeyType }): string => {\n const { publicKey, keyType } = args\n\n // First try the normal PEM decoding path\n const pemBinary = PEMToBinary(publicKey.pem)\n\n // Check if we got a string that looks like base64 (might be double encoded)\n // Convert Uint8Array to string safely\n const pemString = toString(pemBinary, 'utf8')\n const isDoubleEncoded = pemBinary.length > 0 && typeof pemString === 'string' && pemString.startsWith('MF')\n\n if (isDoubleEncoded) {\n // Handle double-encoded case\n const actualDerBytes = fromString(pemString, 'base64')\n\n // For double-encoded case, we know the key data starts after the header\n const keyDataStart = 24\n const keyData = actualDerBytes.slice(keyDataStart)\n\n // Convert to public key hex\n let publicKeyHex = toString(keyData, 'hex')\n\n // If it's not compressed yet and doesn't start with 0x04 (uncompressed point marker), add it\n if (publicKeyHex.length <= 128 && !publicKeyHex.startsWith('04')) {\n publicKeyHex = '04' + publicKeyHex\n }\n\n // Ensure we have full 65 bytes for uncompressed keys\n while (publicKeyHex.startsWith('04') && publicKeyHex.length < 130) {\n publicKeyHex = publicKeyHex + '0'\n }\n\n // Now convert to compressed format if needed\n if (publicKeyHex.startsWith('04') && publicKeyHex.length === 130) {\n const xCoord = fromString(publicKeyHex.slice(2, 66), 'hex')\n const yCoord = fromString(publicKeyHex.slice(66, 130), 'hex')\n const prefix = new Uint8Array([yCoord[31] % 2 === 0 ? 0x02 : 0x03])\n const compressedKey = new Uint8Array(33) // 1 byte prefix + 32 bytes x coordinate\n compressedKey.set(prefix, 0)\n compressedKey.set(xCoord, 1)\n return toString(compressedKey, 'hex')\n }\n\n return publicKeyHex\n }\n\n // Not double encoded, proceed with normal path\n const publicKeyBinary = isAsn1Der(pemBinary) ? asn1DerToRawPublicKey(pemBinary, keyType) : pemBinary\n return isRawCompressedPublicKey(publicKeyBinary)\n ? hexStringFromUint8Array(publicKeyBinary)\n : toRawCompressedHexPublicKey(publicKeyBinary, keyType)\n }\n\n private asMusapKeyInfo(args: MusapKey): ManagedKeyInfo {\n const { keyId, publicKey, ...metadata }: KeyMetadata = { ...args }\n const keyType = this.mapAlgorithmTypeToKeyType(args.algorithm)\n\n const publicKeyHex = this.decodeMusapPublicKey({\n publicKey: publicKey,\n keyType: keyType,\n })\n\n const keyInfo: Partial<ManagedKeyInfo> = {\n kid: keyId,\n type: keyType,\n publicKeyHex,\n meta: metadata,\n }\n\n const jwkThumbprint = calculateJwkThumbprintForKey({ key: keyInfo as ManagedKeyInfo })\n keyInfo.meta = { ...keyInfo.meta, jwkThumbprint }\n return keyInfo as ManagedKeyInfo\n }\n\n sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'>; theirKey: Pick<IKey, 'publicKeyHex' | 'type'> }): Promise<string> {\n throw new Error('Not supported.')\n }\n\n private recordToKeyAttributes(record?: Record<string, string>): KeyAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n\n private recordToSignatureAttributes(record?: Record<string, string>): SignatureAttribute[] {\n if (!record) {\n return []\n }\n return Object.entries(record).map(([key, value]) => ({\n name: key,\n value,\n }))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA,yBAA4B;AAE5B,gCAiBO;AACP,yBAA4C;AAC5C,2BAA4B;AAC5B,uBAAwB;AAExB,IAAAA,sBAOO;AAEP,UAAqB;AACrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAE1B,IAAMC,SAASC,yBAAQC,QAAQC,IAAI,uBAAA;AAEnC,IAAMC,2BAAN,cAAuCC,+CAAAA;EAtC9C,OAsC8CA;;;EACpCC;EACSC;EACAC;EACAC;EACAC;EAEjBC,YACEJ,UACAC,QACAI,MAKA;AACA,UAAK;AACL,QAAI;AACF,WAAKN,cAAcO;AACnB,WAAKN,WAAWA,WAAWA,WAAW;AACtC,WAAKC,SAASA,UAAU,KAAKD;AAC7B,WAAKE,uBAAuBG,MAAMH;AAClC,WAAKC,wBAAwBE,MAAMF;AAEnC,YAAMI,eAAe,KAAKR,YAAYS,iBAAgB;AACtD,UAAI,CAACD,aAAaE,KAAK,CAACC,UAAUA,MAAMT,UAAUA,MAAAA,GAAS;AACzD,aAAKF,YAAYY,WAAW,KAAKX,UAAU,KAAKC,QAAQI,MAAMO,oBAAAA;MAChE;IACF,SAASC,GAAG;AACVC,cAAQC,MAAM,cAAcF,CAAAA;AAC5B,YAAMG,MAAM,mBAAA;IACd;EACF;EAEA,MAAMC,WAAsC;AAC1C,UAAMC,WAAuB,KAAKnB,YAAYkB,SAAQ;AACtD,WAAOC,SAASC,IAAI,CAACC,QAAQ,KAAKC,eAAeD,GAAAA,CAAAA;EACnD;EAEA,MAAME,UAAUC,MAAuE;AACrF,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AACvB,QAAIE,SAASC,UAAa,EAAE,cAAcD,OAAO;AAC/C,aAAOE,QAAQC,OAAOZ,MAAM,+CAAA,CAAA;IAC9B;AAEA,QAAI,KAAKhB,YAAY,YAAY;AAC/B,YAAM6B,eAA2B,KAAK9B,YAAYkB,SAAQ;AAC1D,YAAMa,SAASD,aAAaE,KAAK,CAACC,aAAcA,SAAShC,aAAwB,oBAAA;AACjF,UAAI8B,QAAQ;AACVA,eAAOG,YAAY;AACnB,eAAO,KAAKZ,eAAeS,MAAAA;MAC7B;AACA,aAAOH,QAAQC,OAAOZ,MAAM,0CAA0C,KAAKf,MAAM,EAAE,CAAA;IACrF;AAEA,UAAMiC,YAAY;MAChBC,cAAc,KAAKC,0BAA0BZ,IAAAA;MAC7Ca,UAAU,cAAcZ,OAAQA,KAAKY,WAAsB;MAC3DC,UAAUb,KAAKa;MACfC,YAAY,KAAKC,sBAAsB;QAAE,GAAG,KAAKtC;QAAsB,GAAI,gBAAgBuB,OAAOA,KAAKc,aAAa,CAAC;MAAG,CAAA;MACxHE,MAAM,UAAUhB,OAAQA,KAAKgB,OAAkB;IACjD;AAEA,QAAI;AACF,YAAMC,kBAAkB,MAAM,KAAK3C,YAAY4C,YAAY,KAAK3C,UAAUkC,SAAAA;AAC1E,UAAIQ,iBAAiB;AACnBjD,eAAOmD,MAAM,kBAAkBF,eAAAA;AAC/B,cAAMtB,MAAM,KAAKrB,YAAY8C,YAAYH,eAAAA;AACzC,eAAO,KAAKrB,eAAeD,GAAAA;MAC7B,OAAO;AACL,eAAOO,QAAQC,OAAO,IAAIZ,MAAM,oCAAA,CAAA;MAClC;IACF,SAASD,OAAO;AACdtB,aAAOsB,MAAM,sBAAsBA,KAAAA;AACnC,YAAMA;IACR;EACF;EAEQqB,4BAA4B,wBAACZ,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,4BAAgC;IAChE;EACF,GAXoC;EAa5BsB,4BAA4B,wBAACtB,SAAAA;AACnC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIR,MAAM,YAAYQ,IAAAA,oBAAwB;IACxD;EACF,GAdoC;EAgBpC,MAAMuB,UAAU,EAAEC,IAAG,GAAuC;AAC1D,QAAI;AACF,YAAM5B,MAAgB,KAAKrB,YAAYkD,WAAWD,GAAAA;AAClD,UAAK5B,IAAIpB,aAAwB,sBAAsB;AACrD,eAAO;MACT;AACA,WAAK,KAAKD,YAAYmD,UAAUF,GAAAA;AAChC,aAAO;IACT,SAASjC,OAAO;AACdD,cAAQqC,KAAK,yBAAyBpC,KAAAA;AACtC,aAAO;IACT;EACF;EAEQqC,mBAAmBC,mBAAuClB,cAAoD;AACpH,QAAIkB,sBAAsB3B,QAAW;AACnC,iBAAO4B,8DAAmCnB,YAAAA;IAC5C;AAEA,YAAIoB,oDAAyBF,iBAAAA,GAAoB;AAC/C,aAAOA;IACT;AAGA,eAAOC,8DAAmCD,iBAAAA;EAC5C;EAEA,MAAMG,KAAKjC,MAA8G;AACvH,QAAI,CAACA,KAAKkC,QAAQ;AAChB,YAAM,IAAIzC,MAAM,oCAAA;IAClB;AAEA,UAAM0C,OAAO,IAAIC,iCAAAA,EAAcC,OAAOrC,KAAKmC,IAAI;AAE/C,UAAMtC,MAAgB,KAAKrB,YAAYkD,WAAW1B,KAAKkC,OAAOT,GAAG;AACjE,QAAK5B,IAAIpB,aAAwB,sBAAsB;AACrDoB,UAAIa,YAAY;IAClB;AACA,UAAM4B,eAA6B;MACjCC,QAAQ1C,IAAI0C;MACZJ;MACAzB,WAAW,KAAKmB,mBAAmB7B,KAAKU,WAAWb,IAAIa,SAAS;MAChE8B,aAAaxC,KAAKwC;MAClBC,SAASzC,KAAKyC;MACdC,QAAS1C,KAAK0C,UAA8B;MAC5C1B,YAAY,KAAK2B,4BAA4B;QAAE,GAAG,KAAK/D;QAAuB,GAAGoB,KAAKgB;MAAW,CAAA;IACnG;AACA,WAAO,KAAKxC,YAAYyD,KAAKK,YAAAA;EAC/B;EAEA,MAAMM,UAAU5C,MAA+F;AAC7G,UAAM,IAAIP,MAAM,4DAAA;EAClB;EAEQoD,uBAAuB,wBAAC7C,SAAAA;AAC9B,UAAM,EAAE8C,WAAWC,QAAO,IAAK/C;AAG/B,UAAMgD,gBAAYC,gCAAYH,UAAUI,GAAG;AAI3C,UAAMC,YAAYnF,SAASgF,WAAW,MAAA;AACtC,UAAMI,kBAAkBJ,UAAUK,SAAS,KAAK,OAAOF,cAAc,YAAYA,UAAUG,WAAW,IAAA;AAEtG,QAAIF,iBAAiB;AAEnB,YAAMG,iBAAiBxF,WAAWoF,WAAW,QAAA;AAG7C,YAAMK,eAAe;AACrB,YAAMC,UAAUF,eAAeG,MAAMF,YAAAA;AAGrC,UAAIG,eAAe3F,SAASyF,SAAS,KAAA;AAGrC,UAAIE,aAAaN,UAAU,OAAO,CAACM,aAAaL,WAAW,IAAA,GAAO;AAChEK,uBAAe,OAAOA;MACxB;AAGA,aAAOA,aAAaL,WAAW,IAAA,KAASK,aAAaN,SAAS,KAAK;AACjEM,uBAAeA,eAAe;MAChC;AAGA,UAAIA,aAAaL,WAAW,IAAA,KAASK,aAAaN,WAAW,KAAK;AAChE,cAAMO,SAAS7F,WAAW4F,aAAaD,MAAM,GAAG,EAAA,GAAK,KAAA;AACrD,cAAMG,SAAS9F,WAAW4F,aAAaD,MAAM,IAAI,GAAA,GAAM,KAAA;AACvD,cAAMI,SAAS,IAAIC,WAAW;UAACF,OAAO,EAAA,IAAM,MAAM,IAAI,IAAO;SAAK;AAClE,cAAMG,gBAAgB,IAAID,WAAW,EAAA;AACrCC,sBAAcC,IAAIH,QAAQ,CAAA;AAC1BE,sBAAcC,IAAIL,QAAQ,CAAA;AAC1B,eAAO5F,SAASgG,eAAe,KAAA;MACjC;AAEA,aAAOL;IACT;AAGA,UAAMO,sBAAkBC,+BAAUnB,SAAAA,QAAaoB,2CAAsBpB,WAAWD,OAAAA,IAAWC;AAC3F,eAAOqB,8CAAyBH,eAAAA,QAC5BI,6CAAwBJ,eAAAA,QACxBK,iDAA4BL,iBAAiBnB,OAAAA;EACnD,GAnD+B;EAqDvBjD,eAAeE,MAAgC;AACrD,UAAM,EAAEwE,OAAO1B,WAAW,GAAG2B,SAAAA,IAA0B;MAAE,GAAGzE;IAAK;AACjE,UAAM+C,UAAU,KAAKxB,0BAA0BvB,KAAKU,SAAS;AAE7D,UAAMiD,eAAe,KAAKd,qBAAqB;MAC7CC;MACAC;IACF,CAAA;AAEA,UAAM2B,UAAmC;MACvCjD,KAAK+C;MACLvE,MAAM8C;MACNY;MACAzD,MAAMuE;IACR;AAEA,UAAME,oBAAgBC,kDAA6B;MAAE/E,KAAK6E;IAA0B,CAAA;AACpFA,YAAQxE,OAAO;MAAE,GAAGwE,QAAQxE;MAAMyE;IAAc;AAChD,WAAOD;EACT;EAEAG,aAAa7E,MAAuG;AAClH,UAAM,IAAIP,MAAM,gBAAA;EAClB;EAEQwB,sBAAsB6D,QAAiD;AAC7E,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;EAEQwD,4BAA4BmC,QAAuD;AACzF,QAAI,CAACA,QAAQ;AACX,aAAO,CAAA;IACT;AACA,WAAOC,OAAOC,QAAQF,MAAAA,EAAQlF,IAAI,CAAC,CAACC,KAAKV,KAAAA,OAAY;MACnD8F,MAAMpF;MACNV;IACF,EAAA;EACF;AACF;","names":["import_ssi_sdk_ext","fromString","toString","u8a","logger","Loggers","DEFAULT","get","MusapKeyManagementSystem","AbstractKeyManagementSystem","musapClient","sscdType","sscdId","defaultKeyAttributes","defaultSignAttributes","constructor","opts","MusapClient","enabledSscds","listEnabledSscds","some","value","enableSscd","externalSscdSettings","e","console","error","Error","listKeys","keysJson","map","key","asMusapKeyInfo","createKey","args","type","meta","undefined","Promise","reject","existingKeys","extKey","find","musapKey","algorithm","keyGenReq","keyAlgorithm","mapKeyTypeToAlgorithmType","keyUsage","keyAlias","attributes","recordToKeyAttributes","role","generatedKeyUri","generateKey","debug","getKeyByUri","mapAlgorithmTypeToKeyType","deleteKey","kid","getKeyById","removeKey","warn","determineAlgorithm","providedAlgorithm","signatureAlgorithmFromKeyAlgorithm","isSignatureAlgorithmType","sign","keyRef","data","TextDecoder","decode","signatureReq","keyUri","displayText","transId","format","recordToSignatureAttributes","importKey","decodeMusapPublicKey","publicKey","keyType","pemBinary","PEMToBinary","pem","pemString","isDoubleEncoded","length","startsWith","actualDerBytes","keyDataStart","keyData","slice","publicKeyHex","xCoord","yCoord","prefix","Uint8Array","compressedKey","set","publicKeyBinary","isAsn1Der","asn1DerToRawPublicKey","isRawCompressedPublicKey","hexStringFromUint8Array","toRawCompressedHexPublicKey","keyId","metadata","keyInfo","jwkThumbprint","calculateJwkThumbprintForKey","sharedSecret","record","Object","entries","name"]}