@sphereon/ssi-sdk.kms-rest 0.36.1-feature.SSISDK.44.finish.dcql.1 → 0.36.1-feature.SSISDK.70.integrate.digidentity.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +137 -83
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +8 -4
  4. package/dist/index.d.ts +8 -4
  5. package/dist/index.js +138 -84
  6. package/dist/index.js.map +1 -1
  7. package/package.json +6 -6
  8. package/src/RestKeyManagementSystem.ts +106 -80
  9. package/src/types/index.ts +2 -0
package/dist/index.js CHANGED
@@ -2,7 +2,7 @@ var __defProp = Object.defineProperty;
2
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
3
 
4
4
  // src/RestKeyManagementSystem.ts
5
- import { calculateJwkThumbprint, toJwk, x25519PublicHexFromPrivateHex } from "@sphereon/ssi-sdk-ext.key-utils";
5
+ import { calculateJwkThumbprint, isHashString, joseAlgorithmToDigest, shaHasher, signatureAlgorithmFromKeyType, signatureAlgorithmToJoseAlgorithm, toJwk, x25519PublicHexFromPrivateHex } from "@sphereon/ssi-sdk-ext.key-utils";
6
6
  import { hexToPEM, jwkToPEM, pemCertChainTox5c, PEMToHex, PEMToJwk } from "@sphereon/ssi-sdk-ext.x509-utils";
7
7
  import { CurveFromJSONTyped, JwkKeyTypeFromJSONTyped, JwkUse, JwkUseFromJSONTyped, KeyOperations, KmsRestClient, ListKeysResponseToJSONTyped, SignatureAlgorithm } from "@sphereon/ssi-sdk.kms-rest-client";
8
8
  import { JoseSignatureAlgorithm } from "@sphereon/ssi-types";
@@ -17,6 +17,8 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
17
17
  client;
18
18
  id;
19
19
  providerId;
20
+ tenantId;
21
+ userId;
20
22
  constructor(options) {
21
23
  super();
22
24
  const config = {
@@ -25,11 +27,17 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
25
27
  };
26
28
  this.id = options.applicationId;
27
29
  this.providerId = options.providerId;
30
+ this.tenantId = options.tenantId;
31
+ this.userId = options.userId;
28
32
  this.client = new KmsRestClient(config);
29
33
  }
30
34
  async createKey(args) {
31
35
  const { type, meta } = args;
32
- const signatureAlgorithm = this.mapKeyTypeToSignatureAlgorithm(type);
36
+ const joseAlg = signatureAlgorithmFromKeyType({
37
+ type,
38
+ algorithms: meta?.algorithms
39
+ });
40
+ const signatureAlgorithm = this.mapJoseToRestSignatureAlgorithm(joseAlg);
33
41
  const options = {
34
42
  use: meta && "keyUsage" in meta ? this.mapKeyUsage(meta.keyUsage) : JwkUse.Sig,
35
43
  alg: signatureAlgorithm,
@@ -38,7 +46,13 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
38
46
  ],
39
47
  ...meta && "keyAlias" in meta && meta.keyAlias ? {
40
48
  alias: meta.keyAlias
41
- } : {}
49
+ } : {},
50
+ ...this.tenantId && {
51
+ tenantId: this.tenantId
52
+ },
53
+ ...this.userId && {
54
+ userId: this.userId
55
+ }
42
56
  };
43
57
  const key = this.providerId ? await this.client.methods.kmsClientProviderGenerateKey({
44
58
  ...options,
@@ -46,7 +60,7 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
46
60
  }) : await this.client.methods.kmsClientGenerateKey(options);
47
61
  const jwk = {
48
62
  ...key.keyPair.jose.publicJwk,
49
- alg: key.keyPair.jose.publicJwk.alg ? this.mapJoseAlgorithm(key.keyPair.jose.publicJwk.alg) : void 0
63
+ alg: key.keyPair.jose.publicJwk.alg ? signatureAlgorithmToJoseAlgorithm(key.keyPair.jose.publicJwk.alg) : void 0
50
64
  };
51
65
  const kid = key.keyPair.kid ?? key.keyPair.jose.publicJwk.kid;
52
66
  if (!kid) {
@@ -63,7 +77,7 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
63
77
  ],
64
78
  jwkThumbprint: calculateJwkThumbprint({
65
79
  jwk,
66
- digestAlgorithm: this.signatureAlgorithmToDigestAlgorithm(signatureAlgorithm)
80
+ digestAlgorithm: jwk.alg ? joseAlgorithmToDigest(jwk.alg) : "sha256"
67
81
  })
68
82
  },
69
83
  publicKeyHex: Buffer.from(key.keyPair.jose.publicJwk.toString(), "utf8").toString("base64")
@@ -71,12 +85,25 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
71
85
  }
72
86
  async importKey(args) {
73
87
  const { type } = args;
74
- const signatureAlgorithm = this.mapKeyTypeToSignatureAlgorithm(type);
75
88
  const importKey = this.mapImportKey(args);
76
89
  const result = this.providerId ? await this.client.methods.kmsClientProviderStoreKey({
77
90
  ...importKey.key,
78
- providerId: this.providerId
79
- }) : await this.client.methods.kmsClientStoreKey(importKey.key);
91
+ providerId: this.providerId,
92
+ ...this.tenantId && {
93
+ tenantId: this.tenantId
94
+ },
95
+ ...this.userId && {
96
+ userId: this.userId
97
+ }
98
+ }) : await this.client.methods.kmsClientStoreKey({
99
+ ...importKey.key,
100
+ ...this.tenantId && {
101
+ tenantId: this.tenantId
102
+ },
103
+ ...this.userId && {
104
+ userId: this.userId
105
+ }
106
+ });
80
107
  return {
81
108
  kid: importKey.kid,
82
109
  kms: this.id,
@@ -88,7 +115,7 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
88
115
  ],
89
116
  jwkThumbprint: calculateJwkThumbprint({
90
117
  jwk: importKey.publicKeyJwk,
91
- digestAlgorithm: this.signatureAlgorithmToDigestAlgorithm(signatureAlgorithm)
118
+ digestAlgorithm: importKey.publicKeyJwk.alg ? joseAlgorithmToDigest(importKey.publicKeyJwk.alg) : "sha256"
92
119
  })
93
120
  },
94
121
  publicKeyHex: Buffer.from(result.keyInfo.key.toString(), "utf8").toString("base64")
@@ -98,15 +125,40 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
98
125
  const { kid } = args;
99
126
  return this.providerId ? await this.client.methods.kmsClientProviderDeleteKey({
100
127
  aliasOrKid: kid,
101
- providerId: this.providerId
128
+ providerId: this.providerId,
129
+ ...this.tenantId && {
130
+ tenantId: this.tenantId
131
+ },
132
+ ...this.userId && {
133
+ userId: this.userId
134
+ }
102
135
  }) : await this.client.methods.kmsClientDeleteKey({
103
- aliasOrKid: kid
136
+ aliasOrKid: kid,
137
+ ...this.tenantId && {
138
+ tenantId: this.tenantId
139
+ },
140
+ ...this.userId && {
141
+ userId: this.userId
142
+ }
104
143
  });
105
144
  }
106
145
  async listKeys() {
107
146
  const keys = this.providerId ? await this.client.methods.kmsClientProviderListKeys({
108
- providerId: this.providerId
109
- }) : await this.client.methods.kmsClientListKeys();
147
+ providerId: this.providerId,
148
+ ...this.tenantId && {
149
+ tenantId: this.tenantId
150
+ },
151
+ ...this.userId && {
152
+ userId: this.userId
153
+ }
154
+ }) : await this.client.methods.kmsClientListKeys({
155
+ ...this.tenantId && {
156
+ tenantId: this.tenantId
157
+ },
158
+ ...this.userId && {
159
+ userId: this.userId
160
+ }
161
+ });
110
162
  const restKeys = ListKeysResponseToJSONTyped(keys, false).keyInfos;
111
163
  return restKeys.map((restKey) => {
112
164
  const jwk = restKey.key;
@@ -131,7 +183,7 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
131
183
  jwk,
132
184
  jwkThumbprint: calculateJwkThumbprint({
133
185
  jwk,
134
- digestAlgorithm: restKey.signatureAlgorithm ? this.signatureAlgorithmToDigestAlgorithm(restKey.signatureAlgorithm) : "sha256"
186
+ digestAlgorithm: restKey.key.alg ? joseAlgorithmToDigest(restKey.key.alg) : "sha256"
135
187
  }),
136
188
  alias: restKey.alias,
137
189
  providerId: restKey.providerId,
@@ -161,53 +213,75 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
161
213
  }
162
214
  }
163
215
  async sign(args) {
164
- const { keyRef, data } = args;
216
+ const { keyRef, data, algorithm = "SHA-256" } = args;
165
217
  const key = this.providerId ? await this.client.methods.kmsClientProviderGetKey({
166
218
  aliasOrKid: keyRef.kid,
167
- providerId: this.providerId
219
+ providerId: this.providerId,
220
+ ...this.tenantId && {
221
+ tenantId: this.tenantId
222
+ },
223
+ ...this.userId && {
224
+ userId: this.userId
225
+ }
168
226
  }) : await this.client.methods.kmsClientGetKey({
169
- aliasOrKid: keyRef.kid
227
+ aliasOrKid: keyRef.kid,
228
+ ...this.tenantId && {
229
+ tenantId: this.tenantId
230
+ },
231
+ ...this.userId && {
232
+ userId: this.userId
233
+ }
170
234
  });
235
+ const dataToBeSigned = isHashString(data) ? data : shaHasher(data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength), algorithm);
171
236
  const signingResult = await this.client.methods.kmsClientCreateRawSignature({
172
237
  keyInfo: key.keyInfo,
173
- input: toString(data, "base64")
238
+ input: toString(dataToBeSigned, "base64"),
239
+ ...this.tenantId && {
240
+ tenantId: this.tenantId
241
+ },
242
+ ...this.userId && {
243
+ userId: this.userId
244
+ }
174
245
  });
175
246
  return signingResult.signature;
176
247
  }
177
248
  async verify(args) {
178
- const { keyRef, data, signature } = args;
249
+ const { keyRef, data, signature, algorithm = "SHA-256" } = args;
179
250
  const key = this.providerId ? await this.client.methods.kmsClientProviderGetKey({
180
251
  aliasOrKid: keyRef.kid,
181
- providerId: this.providerId
252
+ providerId: this.providerId,
253
+ ...this.tenantId && {
254
+ tenantId: this.tenantId
255
+ },
256
+ ...this.userId && {
257
+ userId: this.userId
258
+ }
182
259
  }) : await this.client.methods.kmsClientGetKey({
183
- aliasOrKid: keyRef.kid
260
+ aliasOrKid: keyRef.kid,
261
+ ...this.tenantId && {
262
+ tenantId: this.tenantId
263
+ },
264
+ ...this.userId && {
265
+ userId: this.userId
266
+ }
184
267
  });
268
+ const dataToBeVerified = isHashString(data) ? data : shaHasher(data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength), algorithm);
185
269
  const verification = await this.client.methods.kmsClientIsValidRawSignature({
186
270
  keyInfo: key.keyInfo,
187
- input: toString(data, "base64"),
188
- signature
271
+ input: toString(dataToBeVerified, "base64"),
272
+ signature,
273
+ ...this.tenantId && {
274
+ tenantId: this.tenantId
275
+ },
276
+ ...this.userId && {
277
+ userId: this.userId
278
+ }
189
279
  });
190
280
  return verification.isValid;
191
281
  }
192
282
  async sharedSecret(args) {
193
283
  throw new Error("sharedSecret is not implemented for REST KMS.");
194
284
  }
195
- signatureAlgorithmToDigestAlgorithm = /* @__PURE__ */ __name((signatureAlgorithm) => {
196
- switch (signatureAlgorithm) {
197
- case SignatureAlgorithm.EcdsaSha256:
198
- case SignatureAlgorithm.RsaSsaPssSha256Mgf1:
199
- case SignatureAlgorithm.EckaDhSha256:
200
- case SignatureAlgorithm.HmacSha256:
201
- case SignatureAlgorithm.Es256K:
202
- return "sha256";
203
- case SignatureAlgorithm.EcdsaSha512:
204
- case SignatureAlgorithm.HmacSha512:
205
- case SignatureAlgorithm.RsaSsaPssSha512Mgf1:
206
- return "sha512";
207
- default:
208
- throw new Error(`Signature algorithm ${signatureAlgorithm} is not supported by REST KMS`);
209
- }
210
- }, "signatureAlgorithmToDigestAlgorithm");
211
285
  mapKeyUsage = /* @__PURE__ */ __name((usage) => {
212
286
  switch (usage) {
213
287
  case "sig":
@@ -218,54 +292,34 @@ var RestKeyManagementSystem = class extends AbstractKeyManagementSystem {
218
292
  throw new Error(`Key usage ${usage} is not supported by REST KMS`);
219
293
  }
220
294
  }, "mapKeyUsage");
221
- mapKeyTypeToSignatureAlgorithm = /* @__PURE__ */ __name((type) => {
222
- switch (type) {
223
- case "Secp256r1":
224
- return SignatureAlgorithm.EcdsaSha256;
225
- case "RSA":
226
- return SignatureAlgorithm.RsaSsaPssSha256Mgf1;
227
- case "X25519":
228
- return SignatureAlgorithm.EckaDhSha256;
229
- default:
230
- throw new Error(`Key type ${type} is not supported by REST KMS`);
231
- }
232
- }, "mapKeyTypeToSignatureAlgorithm");
233
- mapJoseAlgorithm = /* @__PURE__ */ __name((alg) => {
295
+ mapJoseToRestSignatureAlgorithm = /* @__PURE__ */ __name((alg) => {
234
296
  switch (alg) {
235
- case "RS256":
236
- return JoseSignatureAlgorithm.RS256;
237
- case "RS384":
238
- return JoseSignatureAlgorithm.RS384;
239
- case "RS512":
240
- return JoseSignatureAlgorithm.RS512;
241
- case "ES256":
242
- return JoseSignatureAlgorithm.ES256;
243
- case "ES256K":
244
- return JoseSignatureAlgorithm.ES256K;
245
- case "ES384":
246
- return JoseSignatureAlgorithm.ES384;
247
- case "ES512":
248
- return JoseSignatureAlgorithm.ES512;
249
- case "EdDSA":
250
- return JoseSignatureAlgorithm.EdDSA;
251
- case "HS256":
252
- return JoseSignatureAlgorithm.HS256;
253
- case "HS384":
254
- return JoseSignatureAlgorithm.HS384;
255
- case "HS512":
256
- return JoseSignatureAlgorithm.HS512;
257
- case "PS256":
258
- return JoseSignatureAlgorithm.PS256;
259
- case "PS384":
260
- return JoseSignatureAlgorithm.PS384;
261
- case "PS512":
262
- return JoseSignatureAlgorithm.PS512;
263
- case "none":
264
- return JoseSignatureAlgorithm.none;
297
+ case JoseSignatureAlgorithm.RS256:
298
+ return SignatureAlgorithm.RsaSha256;
299
+ case JoseSignatureAlgorithm.RS384:
300
+ return SignatureAlgorithm.RsaSha384;
301
+ case JoseSignatureAlgorithm.RS512:
302
+ return SignatureAlgorithm.RsaSha512;
303
+ case JoseSignatureAlgorithm.PS256:
304
+ return SignatureAlgorithm.RsaSsaPssSha256Mgf1;
305
+ case JoseSignatureAlgorithm.PS384:
306
+ return SignatureAlgorithm.RsaSsaPssSha384Mgf1;
307
+ case JoseSignatureAlgorithm.PS512:
308
+ return SignatureAlgorithm.RsaSsaPssSha512Mgf1;
309
+ case JoseSignatureAlgorithm.ES256:
310
+ return SignatureAlgorithm.EcdsaSha256;
311
+ case JoseSignatureAlgorithm.ES384:
312
+ return SignatureAlgorithm.EcdsaSha384;
313
+ case JoseSignatureAlgorithm.ES512:
314
+ return SignatureAlgorithm.EcdsaSha512;
315
+ case JoseSignatureAlgorithm.ES256K:
316
+ return SignatureAlgorithm.Es256K;
317
+ case JoseSignatureAlgorithm.EdDSA:
318
+ return SignatureAlgorithm.Ed25519;
265
319
  default:
266
- throw new Error(`Signature algorithm ${alg} is not supported by REST KMS`);
320
+ throw new Error(`JOSE algorithm ${alg} not supported by REST KMS`);
267
321
  }
268
- }, "mapJoseAlgorithm");
322
+ }, "mapJoseToRestSignatureAlgorithm");
269
323
  mapKeyOperation = /* @__PURE__ */ __name((operation) => {
270
324
  switch (operation) {
271
325
  case "sign":
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/RestKeyManagementSystem.ts"],"sourcesContent":["import { calculateJwkThumbprint, toJwk, x25519PublicHexFromPrivateHex, type X509Opts } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { hexToPEM, jwkToPEM, pemCertChainTox5c, PEMToHex, PEMToJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport type { ManagedKeyInfo as RestManagedKeyInfo } from '@sphereon/ssi-sdk.kms-rest-client'\nimport {\n CurveFromJSONTyped,\n JwkKeyTypeFromJSONTyped,\n JwkUse,\n JwkUseFromJSONTyped,\n KeyOperations,\n KmsRestClient,\n ListKeysResponseToJSONTyped,\n type RestClientAuthenticationOpts,\n SignatureAlgorithm,\n type StoreKey,\n} from '@sphereon/ssi-sdk.kms-rest-client'\nimport { JoseSignatureAlgorithm, type JWK } from '@sphereon/ssi-types'\nimport type { ManagedKeyInfo, TKeyType } from '@veramo/core'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport type { CreateKeyArgs, DeleteKeyArgs, ImportKeyArgs, MapImportKeyArgs, MappedImportKey, SharedSecretArgs, SignArgs, VerifyArgs } from './types'\n\nconst { fromString, toString } = u8a\n\ninterface KeyManagementSystemOptions {\n applicationId: string\n baseUrl: string\n providerId?: string\n authOpts?: RestClientAuthenticationOpts\n}\n\nexport class RestKeyManagementSystem extends AbstractKeyManagementSystem {\n private client: KmsRestClient\n private readonly id: string\n private providerId: string | undefined\n\n constructor(options: KeyManagementSystemOptions) {\n super()\n\n const config = {\n baseUrl: options.baseUrl,\n authOpts: options.authOpts,\n }\n\n this.id = options.applicationId\n this.providerId = options.providerId\n this.client = new KmsRestClient(config)\n }\n\n async createKey(args: CreateKeyArgs): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n\n const signatureAlgorithm = this.mapKeyTypeToSignatureAlgorithm(type)\n const options = {\n use: meta && 'keyUsage' in meta ? this.mapKeyUsage(meta.keyUsage) : JwkUse.Sig,\n alg: signatureAlgorithm,\n keyOperations: meta && meta.keyOperations ? this.mapKeyOperations(meta.keyOperations as string[]) : [KeyOperations.Sign],\n ...(meta && 'keyAlias' in meta && meta.keyAlias ? { alias: meta.keyAlias } : {}),\n }\n\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGenerateKey({\n ...options,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientGenerateKey(options)\n\n const jwk = {\n ...key.keyPair.jose.publicJwk,\n alg: key.keyPair.jose.publicJwk.alg ? this.mapJoseAlgorithm(key.keyPair.jose.publicJwk.alg) : undefined,\n } satisfies JWK\n\n const kid = key.keyPair.kid ?? key.keyPair.jose.publicJwk.kid\n if (!kid) {\n throw new Error(`No kid present in key`)\n }\n\n return {\n kid,\n kms: this.id,\n type,\n meta: {\n alias: key.keyPair.alias,\n algorithms: [key.keyPair.jose.publicJwk.alg ?? 'PS256'],\n jwkThumbprint: calculateJwkThumbprint({\n jwk,\n digestAlgorithm: this.signatureAlgorithmToDigestAlgorithm(signatureAlgorithm),\n }),\n },\n publicKeyHex: Buffer.from(key.keyPair.jose.publicJwk.toString(), 'utf8').toString('base64'),\n }\n }\n\n async importKey(args: ImportKeyArgs): Promise<ManagedKeyInfo> {\n const { type } = args\n const signatureAlgorithm = this.mapKeyTypeToSignatureAlgorithm(type)\n const importKey = this.mapImportKey(args)\n\n const result = this.providerId\n ? await this.client.methods.kmsClientProviderStoreKey({\n ...importKey.key,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientStoreKey(importKey.key)\n\n return {\n kid: importKey.kid,\n kms: this.id,\n type,\n meta: {\n alias: importKey.key.keyInfo.alias,\n algorithms: [result.keyInfo.key.alg ?? 'PS256'],\n jwkThumbprint: calculateJwkThumbprint({\n jwk: importKey.publicKeyJwk,\n digestAlgorithm: this.signatureAlgorithmToDigestAlgorithm(signatureAlgorithm),\n }),\n },\n publicKeyHex: Buffer.from(result.keyInfo.key.toString(), 'utf8').toString('base64'),\n }\n }\n\n async deleteKey(args: DeleteKeyArgs): Promise<boolean> {\n const { kid } = args\n\n return this.providerId\n ? await this.client.methods.kmsClientProviderDeleteKey({\n aliasOrKid: kid,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientDeleteKey({ aliasOrKid: kid })\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keys = this.providerId\n ? await this.client.methods.kmsClientProviderListKeys({ providerId: this.providerId })\n : await this.client.methods.kmsClientListKeys()\n\n const restKeys = ListKeysResponseToJSONTyped(keys, false).keyInfos\n\n return restKeys.map((restKey: RestManagedKeyInfo) => {\n const jwk = restKey.key\n let publicKeyHex = ''\n\n // Derive publicKeyHex from JWK based on key type\n if (jwk.kty === 'EC') {\n publicKeyHex = jwk.x || ''\n } else if (jwk.kty === 'RSA') {\n publicKeyHex = jwk.n || ''\n } else if (jwk.kty === 'OKP') {\n publicKeyHex = jwk.x || ''\n }\n\n const keyType = this.mapRestKeyTypeToTKeyType(restKey.keyType)\n\n return {\n kid: restKey.kid || restKey.alias,\n kms: this.id,\n type: keyType,\n publicKeyHex,\n meta: {\n algorithms: restKey.signatureAlgorithm ? [restKey.signatureAlgorithm] : undefined,\n jwk,\n jwkThumbprint: calculateJwkThumbprint({\n jwk: jwk as JWK,\n digestAlgorithm: restKey.signatureAlgorithm ? this.signatureAlgorithmToDigestAlgorithm(restKey.signatureAlgorithm) : 'sha256',\n }),\n alias: restKey.alias,\n providerId: restKey.providerId,\n x5c: restKey.x5c,\n keyVisibility: restKey.keyVisibility,\n keyEncoding: restKey.keyEncoding,\n ...restKey.opts,\n },\n } satisfies ManagedKeyInfo\n })\n }\n\n private mapRestKeyTypeToTKeyType(keyType: string | undefined): TKeyType {\n switch (keyType) {\n case 'RSA':\n return 'RSA'\n case 'EC':\n case 'P256':\n return 'Secp256r1'\n case 'X25519':\n return 'X25519'\n case 'Ed25519':\n return 'Ed25519'\n case 'secp256k1':\n return 'Secp256k1'\n default:\n throw new Error(`Unknown key type: ${keyType}`)\n }\n }\n\n async sign(args: SignArgs): Promise<string> {\n const { keyRef, data } = args\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGetKey({\n aliasOrKid: keyRef.kid,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientGetKey({ aliasOrKid: keyRef.kid })\n\n const signingResult = await this.client.methods.kmsClientCreateRawSignature({\n keyInfo: key.keyInfo,\n input: toString(data, 'base64'),\n })\n\n return signingResult.signature\n }\n\n async verify(args: VerifyArgs): Promise<boolean> {\n const { keyRef, data, signature } = args\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGetKey({\n aliasOrKid: keyRef.kid,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientGetKey({ aliasOrKid: keyRef.kid })\n\n const verification = await this.client.methods.kmsClientIsValidRawSignature({\n keyInfo: key.keyInfo,\n input: toString(data, 'base64'),\n signature,\n })\n\n return verification.isValid\n }\n\n async sharedSecret(args: SharedSecretArgs): Promise<string> {\n throw new Error('sharedSecret is not implemented for REST KMS.')\n }\n\n private signatureAlgorithmToDigestAlgorithm = (signatureAlgorithm: SignatureAlgorithm): 'sha256' | 'sha512' => {\n switch (signatureAlgorithm) {\n case SignatureAlgorithm.EcdsaSha256:\n case SignatureAlgorithm.RsaSsaPssSha256Mgf1:\n case SignatureAlgorithm.EckaDhSha256:\n case SignatureAlgorithm.HmacSha256:\n case SignatureAlgorithm.Es256K:\n return 'sha256'\n case SignatureAlgorithm.EcdsaSha512:\n case SignatureAlgorithm.HmacSha512:\n case SignatureAlgorithm.RsaSsaPssSha512Mgf1:\n return 'sha512'\n default:\n throw new Error(`Signature algorithm ${signatureAlgorithm} is not supported by REST KMS`)\n }\n }\n\n private mapKeyUsage = (usage: string): JwkUse => {\n switch (usage) {\n case 'sig':\n return JwkUse.Sig\n case 'enc':\n return JwkUse.Enc\n default:\n throw new Error(`Key usage ${usage} is not supported by REST KMS`)\n }\n }\n\n private mapKeyTypeToSignatureAlgorithm = (type: TKeyType): SignatureAlgorithm => {\n switch (type) {\n case 'Secp256r1':\n return SignatureAlgorithm.EcdsaSha256\n case 'RSA':\n return SignatureAlgorithm.RsaSsaPssSha256Mgf1\n case 'X25519':\n return SignatureAlgorithm.EckaDhSha256\n default:\n throw new Error(`Key type ${type} is not supported by REST KMS`)\n }\n }\n\n private mapJoseAlgorithm = (alg: string): JoseSignatureAlgorithm => {\n switch (alg) {\n case 'RS256':\n return JoseSignatureAlgorithm.RS256\n case 'RS384':\n return JoseSignatureAlgorithm.RS384\n case 'RS512':\n return JoseSignatureAlgorithm.RS512\n case 'ES256':\n return JoseSignatureAlgorithm.ES256\n case 'ES256K':\n return JoseSignatureAlgorithm.ES256K\n case 'ES384':\n return JoseSignatureAlgorithm.ES384\n case 'ES512':\n return JoseSignatureAlgorithm.ES512\n case 'EdDSA':\n return JoseSignatureAlgorithm.EdDSA\n case 'HS256':\n return JoseSignatureAlgorithm.HS256\n case 'HS384':\n return JoseSignatureAlgorithm.HS384\n case 'HS512':\n return JoseSignatureAlgorithm.HS512\n case 'PS256':\n return JoseSignatureAlgorithm.PS256\n case 'PS384':\n return JoseSignatureAlgorithm.PS384\n case 'PS512':\n return JoseSignatureAlgorithm.PS512\n case 'none':\n return JoseSignatureAlgorithm.none\n default:\n throw new Error(`Signature algorithm ${alg} is not supported by REST KMS`)\n }\n }\n\n private mapKeyOperation = (operation: string): KeyOperations => {\n switch (operation) {\n case 'sign':\n return KeyOperations.Sign\n case 'verify':\n return KeyOperations.Verify\n case 'wrapKey':\n return KeyOperations.WrapKey\n case 'deriveKey':\n return KeyOperations.DeriveKey\n case 'unwrapKey':\n return KeyOperations.UnwrapKey\n case 'decrypt':\n return KeyOperations.Decrypt\n case 'deriveBits':\n return KeyOperations.DeriveBits\n case 'encrypt':\n return KeyOperations.Encrypt\n default:\n throw new Error(`Key operation ${operation} is not supported by REST KMS`)\n }\n }\n\n private mapKeyOperations = (operations: string[]): KeyOperations[] => {\n return operations.map((operation) => this.mapKeyOperation(operation))\n }\n\n private mapImportRsaKey = (args: MapImportKeyArgs): MappedImportKey => {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const privateKeyJwk = PEMToJwk(privateKeyPEM)\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.kid ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n const kid = args.kid ?? meta?.x509?.cn ?? publicKeyHex\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n certChain: meta.x509.x5c,\n } satisfies StoreKey,\n }\n }\n\n private mapImportSecp256r1Key = (args: MapImportKeyArgs): MappedImportKey => {\n const { privateKeyHex } = args\n const privateBytes = fromString(privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n const publicKeyJwk = toJwk(publicKeyHex, 'Secp256r1')\n const privateKeyJwk = toJwk(privateKeyHex, 'Secp256r1', { isPrivateKey: true })\n const kid = args.kid ?? publicKeyJwk.kid ?? publicKeyHex\n\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n } satisfies StoreKey,\n }\n }\n\n private mapImportX25519Key = (args: MapImportKeyArgs): MappedImportKey => {\n const { privateKeyHex } = args\n const privateKeyJwk = toJwk(privateKeyHex, 'X25519', { isPrivateKey: true })\n const publicKeyHex = x25519PublicHexFromPrivateHex(privateKeyHex)\n const publicKeyJwk = toJwk(publicKeyHex, 'X25519')\n const kid = args.kid ?? publicKeyJwk.kid ?? publicKeyHex\n\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n } satisfies StoreKey,\n }\n }\n\n private mapImportKey = (args: MapImportKeyArgs): MappedImportKey => {\n switch (args.type) {\n case 'RSA': {\n return this.mapImportRsaKey(args)\n }\n case 'Secp256r1': {\n return this.mapImportSecp256r1Key(args)\n }\n case 'X25519': {\n return this.mapImportX25519Key(args)\n }\n default:\n throw new Error(`Key type ${args.type} is not supported by REST KMS`)\n }\n }\n}\n"],"mappings":";;;;AAAA,SAASA,wBAAwBC,OAAOC,qCAAoD;AAC5F,SAASC,UAAUC,UAAUC,mBAAmBC,UAAUC,gBAAgB;AAE1E,SACEC,oBACAC,yBACAC,QACAC,qBACAC,eACAC,eACAC,6BAEAC,0BAEK;AACP,SAASC,8BAAwC;AAEjD,SAASC,mCAAmC;AAC5C,OAAOC,cAAc;AAErB,YAAYC,SAAS;AAGrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAS1B,IAAMC,0BAAN,cAAsCC,4BAAAA;EAhC7C,OAgC6CA;;;EACnCC;EACSC;EACTC;EAER,YAAYC,SAAqC;AAC/C,UAAK;AAEL,UAAMC,SAAS;MACbC,SAASF,QAAQE;MACjBC,UAAUH,QAAQG;IACpB;AAEA,SAAKL,KAAKE,QAAQI;AAClB,SAAKL,aAAaC,QAAQD;AAC1B,SAAKF,SAAS,IAAIQ,cAAcJ,MAAAA;EAClC;EAEA,MAAMK,UAAUC,MAA8C;AAC5D,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AAEvB,UAAMG,qBAAqB,KAAKC,+BAA+BH,IAAAA;AAC/D,UAAMR,UAAU;MACdY,KAAKH,QAAQ,cAAcA,OAAO,KAAKI,YAAYJ,KAAKK,QAAQ,IAAIC,OAAOC;MAC3EC,KAAKP;MACLQ,eAAeT,QAAQA,KAAKS,gBAAgB,KAAKC,iBAAiBV,KAAKS,aAAa,IAAgB;QAACE,cAAcC;;MACnH,GAAIZ,QAAQ,cAAcA,QAAQA,KAAKa,WAAW;QAAEC,OAAOd,KAAKa;MAAS,IAAI,CAAC;IAChF;AAEA,UAAME,MAAM,KAAKzB,aACb,MAAM,KAAKF,OAAO4B,QAAQC,6BAA6B;MACrD,GAAG1B;MACHD,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAO4B,QAAQE,qBAAqB3B,OAAAA;AAEnD,UAAM4B,MAAM;MACV,GAAGJ,IAAIK,QAAQC,KAAKC;MACpBd,KAAKO,IAAIK,QAAQC,KAAKC,UAAUd,MAAM,KAAKe,iBAAiBR,IAAIK,QAAQC,KAAKC,UAAUd,GAAG,IAAIgB;IAChG;AAEA,UAAMC,MAAMV,IAAIK,QAAQK,OAAOV,IAAIK,QAAQC,KAAKC,UAAUG;AAC1D,QAAI,CAACA,KAAK;AACR,YAAM,IAAIC,MAAM,uBAAuB;IACzC;AAEA,WAAO;MACLD;MACAE,KAAK,KAAKtC;MACVU;MACAC,MAAM;QACJc,OAAOC,IAAIK,QAAQN;QACnBc,YAAY;UAACb,IAAIK,QAAQC,KAAKC,UAAUd,OAAO;;QAC/CqB,eAAeC,uBAAuB;UACpCX;UACAY,iBAAiB,KAAKC,oCAAoC/B,kBAAAA;QAC5D,CAAA;MACF;MACAgC,cAAcC,OAAOC,KAAKpB,IAAIK,QAAQC,KAAKC,UAAUtC,SAAQ,GAAI,MAAA,EAAQA,SAAS,QAAA;IACpF;EACF;EAEA,MAAMoD,UAAUtC,MAA8C;AAC5D,UAAM,EAAEC,KAAI,IAAKD;AACjB,UAAMG,qBAAqB,KAAKC,+BAA+BH,IAAAA;AAC/D,UAAMqC,YAAY,KAAKC,aAAavC,IAAAA;AAEpC,UAAMwC,SAAS,KAAKhD,aAChB,MAAM,KAAKF,OAAO4B,QAAQuB,0BAA0B;MAClD,GAAGH,UAAUrB;MACbzB,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAO4B,QAAQwB,kBAAkBJ,UAAUrB,GAAG;AAE7D,WAAO;MACLU,KAAKW,UAAUX;MACfE,KAAK,KAAKtC;MACVU;MACAC,MAAM;QACJc,OAAOsB,UAAUrB,IAAI0B,QAAQ3B;QAC7Bc,YAAY;UAACU,OAAOG,QAAQ1B,IAAIP,OAAO;;QACvCqB,eAAeC,uBAAuB;UACpCX,KAAKiB,UAAUM;UACfX,iBAAiB,KAAKC,oCAAoC/B,kBAAAA;QAC5D,CAAA;MACF;MACAgC,cAAcC,OAAOC,KAAKG,OAAOG,QAAQ1B,IAAI/B,SAAQ,GAAI,MAAA,EAAQA,SAAS,QAAA;IAC5E;EACF;EAEA,MAAM2D,UAAU7C,MAAuC;AACrD,UAAM,EAAE2B,IAAG,IAAK3B;AAEhB,WAAO,KAAKR,aACR,MAAM,KAAKF,OAAO4B,QAAQ4B,2BAA2B;MACnDC,YAAYpB;MACZnC,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAO4B,QAAQ8B,mBAAmB;MAAED,YAAYpB;IAAI,CAAA;EACrE;EAEA,MAAMsB,WAAsC;AAC1C,UAAMC,OAAO,KAAK1D,aACd,MAAM,KAAKF,OAAO4B,QAAQiC,0BAA0B;MAAE3D,YAAY,KAAKA;IAAW,CAAA,IAClF,MAAM,KAAKF,OAAO4B,QAAQkC,kBAAiB;AAE/C,UAAMC,WAAWC,4BAA4BJ,MAAM,KAAA,EAAOK;AAE1D,WAAOF,SAASG,IAAI,CAACC,YAAAA;AACnB,YAAMpC,MAAMoC,QAAQxC;AACpB,UAAIkB,eAAe;AAGnB,UAAId,IAAIqC,QAAQ,MAAM;AACpBvB,uBAAed,IAAIsC,KAAK;MAC1B,WAAWtC,IAAIqC,QAAQ,OAAO;AAC5BvB,uBAAed,IAAIuC,KAAK;MAC1B,WAAWvC,IAAIqC,QAAQ,OAAO;AAC5BvB,uBAAed,IAAIsC,KAAK;MAC1B;AAEA,YAAME,UAAU,KAAKC,yBAAyBL,QAAQI,OAAO;AAE7D,aAAO;QACLlC,KAAK8B,QAAQ9B,OAAO8B,QAAQzC;QAC5Ba,KAAK,KAAKtC;QACVU,MAAM4D;QACN1B;QACAjC,MAAM;UACJ4B,YAAY2B,QAAQtD,qBAAqB;YAACsD,QAAQtD;cAAsBuB;UACxEL;UACAU,eAAeC,uBAAuB;YACpCX;YACAY,iBAAiBwB,QAAQtD,qBAAqB,KAAK+B,oCAAoCuB,QAAQtD,kBAAkB,IAAI;UACvH,CAAA;UACAa,OAAOyC,QAAQzC;UACfxB,YAAYiE,QAAQjE;UACpBuE,KAAKN,QAAQM;UACbC,eAAeP,QAAQO;UACvBC,aAAaR,QAAQQ;UACrB,GAAGR,QAAQS;QACb;MACF;IACF,CAAA;EACF;EAEQJ,yBAAyBD,SAAuC;AACtE,YAAQA,SAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIjC,MAAM,qBAAqBiC,OAAAA,EAAS;IAClD;EACF;EAEA,MAAMM,KAAKnE,MAAiC;AAC1C,UAAM,EAAEoE,QAAQC,KAAI,IAAKrE;AACzB,UAAMiB,MAAM,KAAKzB,aACb,MAAM,KAAKF,OAAO4B,QAAQoD,wBAAwB;MAChDvB,YAAYqB,OAAOzC;MACnBnC,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAO4B,QAAQqD,gBAAgB;MAAExB,YAAYqB,OAAOzC;IAAI,CAAA;AAEvE,UAAM6C,gBAAgB,MAAM,KAAKlF,OAAO4B,QAAQuD,4BAA4B;MAC1E9B,SAAS1B,IAAI0B;MACb+B,OAAOxF,SAASmF,MAAM,QAAA;IACxB,CAAA;AAEA,WAAOG,cAAcG;EACvB;EAEA,MAAMC,OAAO5E,MAAoC;AAC/C,UAAM,EAAEoE,QAAQC,MAAMM,UAAS,IAAK3E;AACpC,UAAMiB,MAAM,KAAKzB,aACb,MAAM,KAAKF,OAAO4B,QAAQoD,wBAAwB;MAChDvB,YAAYqB,OAAOzC;MACnBnC,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAO4B,QAAQqD,gBAAgB;MAAExB,YAAYqB,OAAOzC;IAAI,CAAA;AAEvE,UAAMkD,eAAe,MAAM,KAAKvF,OAAO4B,QAAQ4D,6BAA6B;MAC1EnC,SAAS1B,IAAI0B;MACb+B,OAAOxF,SAASmF,MAAM,QAAA;MACtBM;IACF,CAAA;AAEA,WAAOE,aAAaE;EACtB;EAEA,MAAMC,aAAahF,MAAyC;AAC1D,UAAM,IAAI4B,MAAM,+CAAA;EAClB;EAEQM,sCAAsC,wBAAC/B,uBAAAA;AAC7C,YAAQA,oBAAAA;MACN,KAAK8E,mBAAmBC;MACxB,KAAKD,mBAAmBE;MACxB,KAAKF,mBAAmBG;MACxB,KAAKH,mBAAmBI;MACxB,KAAKJ,mBAAmBK;AACtB,eAAO;MACT,KAAKL,mBAAmBM;MACxB,KAAKN,mBAAmBO;MACxB,KAAKP,mBAAmBQ;AACtB,eAAO;MACT;AACE,cAAM,IAAI7D,MAAM,uBAAuBzB,kBAAAA,+BAAiD;IAC5F;EACF,GAf8C;EAiBtCG,cAAc,wBAACoF,UAAAA;AACrB,YAAQA,OAAAA;MACN,KAAK;AACH,eAAOlF,OAAOC;MAChB,KAAK;AACH,eAAOD,OAAOmF;MAChB;AACE,cAAM,IAAI/D,MAAM,aAAa8D,KAAAA,+BAAoC;IACrE;EACF,GATsB;EAWdtF,iCAAiC,wBAACH,SAAAA;AACxC,YAAQA,MAAAA;MACN,KAAK;AACH,eAAOgF,mBAAmBC;MAC5B,KAAK;AACH,eAAOD,mBAAmBE;MAC5B,KAAK;AACH,eAAOF,mBAAmBG;MAC5B;AACE,cAAM,IAAIxD,MAAM,YAAY3B,IAAAA,+BAAmC;IACnE;EACF,GAXyC;EAajCwB,mBAAmB,wBAACf,QAAAA;AAC1B,YAAQA,KAAAA;MACN,KAAK;AACH,eAAOkF,uBAAuBC;MAChC,KAAK;AACH,eAAOD,uBAAuBE;MAChC,KAAK;AACH,eAAOF,uBAAuBG;MAChC,KAAK;AACH,eAAOH,uBAAuBI;MAChC,KAAK;AACH,eAAOJ,uBAAuBK;MAChC,KAAK;AACH,eAAOL,uBAAuBM;MAChC,KAAK;AACH,eAAON,uBAAuBO;MAChC,KAAK;AACH,eAAOP,uBAAuBQ;MAChC,KAAK;AACH,eAAOR,uBAAuBS;MAChC,KAAK;AACH,eAAOT,uBAAuBU;MAChC,KAAK;AACH,eAAOV,uBAAuBW;MAChC,KAAK;AACH,eAAOX,uBAAuBY;MAChC,KAAK;AACH,eAAOZ,uBAAuBa;MAChC,KAAK;AACH,eAAOb,uBAAuBc;MAChC,KAAK;AACH,eAAOd,uBAAuBe;MAChC;AACE,cAAM,IAAI/E,MAAM,uBAAuBlB,GAAAA,+BAAkC;IAC7E;EACF,GAnC2B;EAqCnBkG,kBAAkB,wBAACC,cAAAA;AACzB,YAAQA,WAAAA;MACN,KAAK;AACH,eAAOhG,cAAcC;MACvB,KAAK;AACH,eAAOD,cAAciG;MACvB,KAAK;AACH,eAAOjG,cAAckG;MACvB,KAAK;AACH,eAAOlG,cAAcmG;MACvB,KAAK;AACH,eAAOnG,cAAcoG;MACvB,KAAK;AACH,eAAOpG,cAAcqG;MACvB,KAAK;AACH,eAAOrG,cAAcsG;MACvB,KAAK;AACH,eAAOtG,cAAcuG;MACvB;AACE,cAAM,IAAIxF,MAAM,iBAAiBiF,SAAAA,+BAAwC;IAC7E;EACF,GArB0B;EAuBlBjG,mBAAmB,wBAACyG,eAAAA;AAC1B,WAAOA,WAAW7D,IAAI,CAACqD,cAAc,KAAKD,gBAAgBC,SAAAA,CAAAA;EAC5D,GAF2B;EAInBS,kBAAkB,wBAACtH,SAAAA;AACzB,UAAMuH,OAAOvH,KAAKE,MAAMqH;AACxB,UAAMC,gBAAgBD,MAAMC,kBAAkBxH,KAAKyH,cAAcC,SAAS,KAAA,IAAS1H,KAAKyH,gBAAgBE,SAAS3H,KAAKyH,eAAe,SAAA;AACrI,UAAM7E,eAAegF,SAASJ,eAAe,QAAA;AAC7C,UAAMK,gBAAgBD,SAASJ,aAAAA;AAC/B,UAAMM,eAAeC,SAASnF,cAAc,QAAA;AAC5C,UAAMT,eAAe6F,SAASF,YAAAA;AAE9B,UAAM5H,OAAO,CAAC;AACd,QAAIqH,MAAM;AACRrH,WAAKqH,OAAO;QACVU,IAAIV,KAAKU,MAAMjI,KAAK2B,OAAOQ;MAC7B;AACA,UAAI+F,YAAoBX,KAAKY,uBAAuB;AACpD,UAAIZ,KAAKa,gBAAgB;AACvB,YAAI,CAACF,UAAUR,SAASH,KAAKa,cAAc,GAAG;AAC5CF,sBAAY,GAAGX,KAAKa,cAAc;EAAKF,SAAAA;QACzC;MACF;AACA,UAAIA,UAAUG,SAAS,GAAG;AACxBnI,aAAKqH,KAAKY,sBAAsBD;AAChC,cAAMnE,MAAMuE,kBAAkBJ,SAAAA;AAC9B,YAAI,CAACX,KAAKgB,qBAAqB;AAG7B3F,uBAAamB,MAAMA;QACrB;AACA7D,aAAKqH,KAAKxD,MAAMA;MAClB;AACA,UAAIwD,KAAKgB,qBAAqB;AAE5B3F,qBAAa4F,MAAMjB,KAAKgB;AACxBrI,aAAKqH,KAAKiB,MAAMjB,KAAKgB;MACvB;IACF;AAEA,UAAM5G,MAAM3B,KAAK2B,OAAOzB,MAAMqH,MAAMU,MAAM9F;AAC1C,WAAO;MACLR;MACAiB;MACA3B,KAAK;QACH0B,SAAS;UACP1B,KAAK;YACH,GAAG4G;YACHlG;YACA+B,KAAK+E,wBAAwBZ,cAAcnE,KAAK,KAAA;YAChDrD,KAAKqI,oBAAoBb,cAAcxH,KAAK,KAAA;YAC5CsI,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;QACAT,WAAWhI,KAAKqH,KAAKxD;MACvB;IACF;EACF,GArD0B;EAuDlB8E,wBAAwB,wBAAC7I,SAAAA;AAC/B,UAAM,EAAEyH,cAAa,IAAKzH;AAC1B,UAAM8I,eAAe7J,WAAWwI,cAAcsB,YAAW,GAAI,QAAA;AAC7D,UAAMC,YAAY,IAAIC,SAASC,GAAG,MAAA;AAClC,UAAM5H,UAAU0H,UAAUG,eAAeL,cAAc,KAAA;AACvD,UAAM3G,eAAeb,QAAQ8H,UAAU,MAAM,KAAA;AAC7C,UAAMxG,eAAeyG,MAAMlH,cAAc,WAAA;AACzC,UAAM0F,gBAAgBwB,MAAM5B,eAAe,aAAa;MAAE6B,cAAc;IAAK,CAAA;AAC7E,UAAM3H,MAAM3B,KAAK2B,OAAOiB,aAAajB,OAAOQ;AAE5C,WAAO;MACLR;MACAiB;MACA3B,KAAK;QACH0B,SAAS;UACP1B,KAAK;YACH,GAAG4G;YACHlG;YACA+B,KAAK+E,wBAAwBZ,cAAcnE,KAAK,KAAA;YAChDrD,KAAKqI,oBAAoBb,cAAcxH,KAAK,KAAA;YAC5CsI,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;MACF;IACF;EACF,GAzBgC;EA2BxBY,qBAAqB,wBAACvJ,SAAAA;AAC5B,UAAM,EAAEyH,cAAa,IAAKzH;AAC1B,UAAM6H,gBAAgBwB,MAAM5B,eAAe,UAAU;MAAE6B,cAAc;IAAK,CAAA;AAC1E,UAAMnH,eAAeqH,8BAA8B/B,aAAAA;AACnD,UAAM7E,eAAeyG,MAAMlH,cAAc,QAAA;AACzC,UAAMR,MAAM3B,KAAK2B,OAAOiB,aAAajB,OAAOQ;AAE5C,WAAO;MACLR;MACAiB;MACA3B,KAAK;QACH0B,SAAS;UACP1B,KAAK;YACH,GAAG4G;YACHlG;YACA+B,KAAK+E,wBAAwBZ,cAAcnE,KAAK,KAAA;YAChDrD,KAAKqI,oBAAoBb,cAAcxH,KAAK,KAAA;YAC5CsI,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;MACF;IACF;EACF,GAtB6B;EAwBrBpG,eAAe,wBAACvC,SAAAA;AACtB,YAAQA,KAAKC,MAAI;MACf,KAAK,OAAO;AACV,eAAO,KAAKqH,gBAAgBtH,IAAAA;MAC9B;MACA,KAAK,aAAa;AAChB,eAAO,KAAK6I,sBAAsB7I,IAAAA;MACpC;MACA,KAAK,UAAU;AACb,eAAO,KAAKuJ,mBAAmBvJ,IAAAA;MACjC;MACA;AACE,cAAM,IAAI4B,MAAM,YAAY5B,KAAKC,IAAI,+BAA+B;IACxE;EACF,GAduB;AAezB;","names":["calculateJwkThumbprint","toJwk","x25519PublicHexFromPrivateHex","hexToPEM","jwkToPEM","pemCertChainTox5c","PEMToHex","PEMToJwk","CurveFromJSONTyped","JwkKeyTypeFromJSONTyped","JwkUse","JwkUseFromJSONTyped","KeyOperations","KmsRestClient","ListKeysResponseToJSONTyped","SignatureAlgorithm","JoseSignatureAlgorithm","AbstractKeyManagementSystem","elliptic","u8a","fromString","toString","u8a","RestKeyManagementSystem","AbstractKeyManagementSystem","client","id","providerId","options","config","baseUrl","authOpts","applicationId","KmsRestClient","createKey","args","type","meta","signatureAlgorithm","mapKeyTypeToSignatureAlgorithm","use","mapKeyUsage","keyUsage","JwkUse","Sig","alg","keyOperations","mapKeyOperations","KeyOperations","Sign","keyAlias","alias","key","methods","kmsClientProviderGenerateKey","kmsClientGenerateKey","jwk","keyPair","jose","publicJwk","mapJoseAlgorithm","undefined","kid","Error","kms","algorithms","jwkThumbprint","calculateJwkThumbprint","digestAlgorithm","signatureAlgorithmToDigestAlgorithm","publicKeyHex","Buffer","from","importKey","mapImportKey","result","kmsClientProviderStoreKey","kmsClientStoreKey","keyInfo","publicKeyJwk","deleteKey","kmsClientProviderDeleteKey","aliasOrKid","kmsClientDeleteKey","listKeys","keys","kmsClientProviderListKeys","kmsClientListKeys","restKeys","ListKeysResponseToJSONTyped","keyInfos","map","restKey","kty","x","n","keyType","mapRestKeyTypeToTKeyType","x5c","keyVisibility","keyEncoding","opts","sign","keyRef","data","kmsClientProviderGetKey","kmsClientGetKey","signingResult","kmsClientCreateRawSignature","input","signature","verify","verification","kmsClientIsValidRawSignature","isValid","sharedSecret","SignatureAlgorithm","EcdsaSha256","RsaSsaPssSha256Mgf1","EckaDhSha256","HmacSha256","Es256K","EcdsaSha512","HmacSha512","RsaSsaPssSha512Mgf1","usage","Enc","JoseSignatureAlgorithm","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA","HS256","HS384","HS512","PS256","PS384","PS512","none","mapKeyOperation","operation","Verify","WrapKey","DeriveKey","UnwrapKey","Decrypt","DeriveBits","Encrypt","operations","mapImportRsaKey","x509","privateKeyPEM","privateKeyHex","includes","hexToPEM","PEMToJwk","privateKeyJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","pemCertChainTox5c","certificateChainURL","x5u","JwkKeyTypeFromJSONTyped","JwkUseFromJSONTyped","crv","CurveFromJSONTyped","mapImportSecp256r1Key","privateBytes","toLowerCase","secp256r1","elliptic","ec","keyFromPrivate","getPublic","toJwk","isPrivateKey","mapImportX25519Key","x25519PublicHexFromPrivateHex"]}
1
+ {"version":3,"sources":["../src/RestKeyManagementSystem.ts"],"sourcesContent":["import {\n calculateJwkThumbprint,\n isHashString,\n joseAlgorithmToDigest,\n shaHasher,\n signatureAlgorithmFromKeyType,\n signatureAlgorithmToJoseAlgorithm,\n toJwk,\n x25519PublicHexFromPrivateHex,\n type X509Opts,\n} from '@sphereon/ssi-sdk-ext.key-utils'\nimport { hexToPEM, jwkToPEM, pemCertChainTox5c, PEMToHex, PEMToJwk } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport type { ManagedKeyInfo as RestManagedKeyInfo } from '@sphereon/ssi-sdk.kms-rest-client'\nimport {\n CurveFromJSONTyped,\n JwkKeyTypeFromJSONTyped,\n JwkUse,\n JwkUseFromJSONTyped,\n KeyOperations,\n KmsRestClient,\n ListKeysResponseToJSONTyped,\n type RestClientAuthenticationOpts,\n SignatureAlgorithm,\n type StoreKey,\n} from '@sphereon/ssi-sdk.kms-rest-client'\nimport { JoseSignatureAlgorithm, type JWK } from '@sphereon/ssi-types'\nimport type { ManagedKeyInfo, TKeyType } from '@veramo/core'\nimport { AbstractKeyManagementSystem } from '@veramo/key-manager'\nimport elliptic from 'elliptic'\n// @ts-ignore\nimport * as u8a from 'uint8arrays'\nimport type { CreateKeyArgs, DeleteKeyArgs, ImportKeyArgs, MapImportKeyArgs, MappedImportKey, SharedSecretArgs, SignArgs, VerifyArgs } from './types'\n\nconst { fromString, toString } = u8a\n\ninterface KeyManagementSystemOptions {\n applicationId: string\n baseUrl: string\n providerId?: string\n tenantId?: string\n userId?: string\n authOpts?: RestClientAuthenticationOpts\n}\n\nexport class RestKeyManagementSystem extends AbstractKeyManagementSystem {\n private client: KmsRestClient\n private readonly id: string\n private readonly providerId: string | undefined\n private readonly tenantId: string | undefined\n private readonly userId: string | undefined\n\n constructor(options: KeyManagementSystemOptions) {\n super()\n\n const config = {\n baseUrl: options.baseUrl,\n authOpts: options.authOpts,\n }\n\n this.id = options.applicationId\n this.providerId = options.providerId\n this.tenantId = options.tenantId\n this.userId = options.userId\n this.client = new KmsRestClient(config)\n }\n\n async createKey(args: CreateKeyArgs): Promise<ManagedKeyInfo> {\n const { type, meta } = args\n\n const joseAlg = signatureAlgorithmFromKeyType({\n type,\n algorithms: meta?.algorithms as string[] | undefined,\n })\n const signatureAlgorithm = this.mapJoseToRestSignatureAlgorithm(joseAlg)\n const options = {\n use: meta && 'keyUsage' in meta ? this.mapKeyUsage(meta.keyUsage) : JwkUse.Sig,\n alg: signatureAlgorithm,\n keyOperations: meta && meta.keyOperations ? this.mapKeyOperations(meta.keyOperations as string[]) : [KeyOperations.Sign],\n ...(meta && 'keyAlias' in meta && meta.keyAlias ? { alias: meta.keyAlias } : {}),\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n }\n\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGenerateKey({\n ...options,\n providerId: this.providerId,\n })\n : await this.client.methods.kmsClientGenerateKey(options)\n\n const jwk = {\n ...key.keyPair.jose.publicJwk,\n alg: key.keyPair.jose.publicJwk.alg ? signatureAlgorithmToJoseAlgorithm(key.keyPair.jose.publicJwk.alg) : undefined,\n } satisfies JWK\n\n const kid = key.keyPair.kid ?? key.keyPair.jose.publicJwk.kid\n if (!kid) {\n throw new Error(`No kid present in key`)\n }\n\n return {\n kid,\n kms: this.id,\n type,\n meta: {\n alias: key.keyPair.alias,\n algorithms: [key.keyPair.jose.publicJwk.alg ?? 'PS256'],\n jwkThumbprint: calculateJwkThumbprint({\n jwk,\n digestAlgorithm: jwk.alg ? joseAlgorithmToDigest(jwk.alg) : 'sha256',\n }),\n },\n publicKeyHex: Buffer.from(key.keyPair.jose.publicJwk.toString(), 'utf8').toString('base64'),\n }\n }\n\n async importKey(args: ImportKeyArgs): Promise<ManagedKeyInfo> {\n const { type } = args\n const importKey = this.mapImportKey(args)\n\n const result = this.providerId\n ? await this.client.methods.kmsClientProviderStoreKey({\n ...importKey.key,\n providerId: this.providerId,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n : await this.client.methods.kmsClientStoreKey({\n ...importKey.key,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n return {\n kid: importKey.kid,\n kms: this.id,\n type,\n meta: {\n alias: importKey.key.keyInfo.alias,\n algorithms: [result.keyInfo.key.alg ?? 'PS256'],\n jwkThumbprint: calculateJwkThumbprint({\n jwk: importKey.publicKeyJwk,\n digestAlgorithm: importKey.publicKeyJwk.alg ? joseAlgorithmToDigest(importKey.publicKeyJwk.alg) : 'sha256',\n }),\n },\n publicKeyHex: Buffer.from(result.keyInfo.key.toString(), 'utf8').toString('base64'),\n }\n }\n\n async deleteKey(args: DeleteKeyArgs): Promise<boolean> {\n const { kid } = args\n\n return this.providerId\n ? await this.client.methods.kmsClientProviderDeleteKey({\n aliasOrKid: kid,\n providerId: this.providerId,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n : await this.client.methods.kmsClientDeleteKey({\n aliasOrKid: kid,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n }\n\n async listKeys(): Promise<ManagedKeyInfo[]> {\n const keys = this.providerId\n ? await this.client.methods.kmsClientProviderListKeys({\n providerId: this.providerId,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n : await this.client.methods.kmsClientListKeys({\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n const restKeys = ListKeysResponseToJSONTyped(keys, false).keyInfos\n\n return restKeys.map((restKey: RestManagedKeyInfo) => {\n const jwk = restKey.key\n let publicKeyHex = ''\n\n // Derive publicKeyHex from JWK based on key type\n if (jwk.kty === 'EC') {\n publicKeyHex = jwk.x || ''\n } else if (jwk.kty === 'RSA') {\n publicKeyHex = jwk.n || ''\n } else if (jwk.kty === 'OKP') {\n publicKeyHex = jwk.x || ''\n }\n\n const keyType = this.mapRestKeyTypeToTKeyType(restKey.keyType)\n\n return {\n kid: restKey.kid || restKey.alias,\n kms: this.id,\n type: keyType,\n publicKeyHex,\n meta: {\n algorithms: restKey.signatureAlgorithm ? [restKey.signatureAlgorithm] : undefined,\n jwk,\n jwkThumbprint: calculateJwkThumbprint({\n jwk: jwk as JWK,\n digestAlgorithm: restKey.key.alg ? joseAlgorithmToDigest(restKey.key.alg) : 'sha256',\n }),\n alias: restKey.alias,\n providerId: restKey.providerId,\n x5c: restKey.x5c,\n keyVisibility: restKey.keyVisibility,\n keyEncoding: restKey.keyEncoding,\n ...restKey.opts,\n },\n } satisfies ManagedKeyInfo\n })\n }\n\n private mapRestKeyTypeToTKeyType(keyType: string | undefined): TKeyType {\n switch (keyType) {\n case 'RSA':\n return 'RSA'\n case 'EC':\n case 'P256':\n return 'Secp256r1'\n case 'X25519':\n return 'X25519'\n case 'Ed25519':\n return 'Ed25519'\n case 'secp256k1':\n return 'Secp256k1'\n default:\n throw new Error(`Unknown key type: ${keyType}`)\n }\n }\n\n async sign(args: SignArgs): Promise<string> {\n const { keyRef, data, algorithm = 'SHA-256' } = args\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGetKey({\n aliasOrKid: keyRef.kid,\n providerId: this.providerId,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n : await this.client.methods.kmsClientGetKey({\n aliasOrKid: keyRef.kid,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n // with remote signing we are not going to send the whole data over the network, we need to hash it (unless we already get a hash\n const dataToBeSigned: Uint8Array = isHashString(data)\n ? data\n : shaHasher(data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength), algorithm)\n const signingResult = await this.client.methods.kmsClientCreateRawSignature({\n keyInfo: key.keyInfo,\n input: toString(dataToBeSigned, 'base64'),\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n return signingResult.signature\n }\n\n async verify(args: VerifyArgs): Promise<boolean> {\n const { keyRef, data, signature, algorithm = 'SHA-256' } = args\n const key = this.providerId\n ? await this.client.methods.kmsClientProviderGetKey({\n aliasOrKid: keyRef.kid,\n providerId: this.providerId,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n : await this.client.methods.kmsClientGetKey({\n aliasOrKid: keyRef.kid,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n // with remote signing we are not going to send the whole data over the network, we need to hash it (unless we already get a hash\n const dataToBeVerified: Uint8Array = isHashString(data)\n ? data\n : shaHasher(data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength), algorithm)\n const verification = await this.client.methods.kmsClientIsValidRawSignature({\n keyInfo: key.keyInfo,\n input: toString(dataToBeVerified, 'base64'),\n signature,\n ...(this.tenantId && { tenantId: this.tenantId }),\n ...(this.userId && { userId: this.userId }),\n })\n\n return verification.isValid\n }\n\n async sharedSecret(args: SharedSecretArgs): Promise<string> {\n throw new Error('sharedSecret is not implemented for REST KMS.')\n }\n\n private mapKeyUsage = (usage: string): JwkUse => {\n switch (usage) {\n case 'sig':\n return JwkUse.Sig\n case 'enc':\n return JwkUse.Enc\n default:\n throw new Error(`Key usage ${usage} is not supported by REST KMS`)\n }\n }\n\n private mapJoseToRestSignatureAlgorithm = (alg: JoseSignatureAlgorithm): SignatureAlgorithm => {\n switch (alg) {\n case JoseSignatureAlgorithm.RS256:\n return SignatureAlgorithm.RsaSha256\n case JoseSignatureAlgorithm.RS384:\n return SignatureAlgorithm.RsaSha384\n case JoseSignatureAlgorithm.RS512:\n return SignatureAlgorithm.RsaSha512\n case JoseSignatureAlgorithm.PS256:\n return SignatureAlgorithm.RsaSsaPssSha256Mgf1\n case JoseSignatureAlgorithm.PS384:\n return SignatureAlgorithm.RsaSsaPssSha384Mgf1\n case JoseSignatureAlgorithm.PS512:\n return SignatureAlgorithm.RsaSsaPssSha512Mgf1\n case JoseSignatureAlgorithm.ES256:\n return SignatureAlgorithm.EcdsaSha256\n case JoseSignatureAlgorithm.ES384:\n return SignatureAlgorithm.EcdsaSha384\n case JoseSignatureAlgorithm.ES512:\n return SignatureAlgorithm.EcdsaSha512\n case JoseSignatureAlgorithm.ES256K:\n return SignatureAlgorithm.Es256K\n case JoseSignatureAlgorithm.EdDSA:\n return SignatureAlgorithm.Ed25519\n default:\n throw new Error(`JOSE algorithm ${alg} not supported by REST KMS`)\n }\n }\n\n private mapKeyOperation = (operation: string): KeyOperations => {\n switch (operation) {\n case 'sign':\n return KeyOperations.Sign\n case 'verify':\n return KeyOperations.Verify\n case 'wrapKey':\n return KeyOperations.WrapKey\n case 'deriveKey':\n return KeyOperations.DeriveKey\n case 'unwrapKey':\n return KeyOperations.UnwrapKey\n case 'decrypt':\n return KeyOperations.Decrypt\n case 'deriveBits':\n return KeyOperations.DeriveBits\n case 'encrypt':\n return KeyOperations.Encrypt\n default:\n throw new Error(`Key operation ${operation} is not supported by REST KMS`)\n }\n }\n\n private mapKeyOperations = (operations: string[]): KeyOperations[] => {\n return operations.map((operation) => this.mapKeyOperation(operation))\n }\n\n private mapImportRsaKey = (args: MapImportKeyArgs): MappedImportKey => {\n const x509 = args.meta?.x509 as X509Opts\n const privateKeyPEM = x509?.privateKeyPEM ?? (args.privateKeyHex.includes('---') ? args.privateKeyHex : hexToPEM(args.privateKeyHex, 'private')) // In case we have x509 opts, the private key hex really was a PEM already (yuck)\n const publicKeyJwk = PEMToJwk(privateKeyPEM, 'public')\n const privateKeyJwk = PEMToJwk(privateKeyPEM)\n const publicKeyPEM = jwkToPEM(publicKeyJwk, 'public')\n const publicKeyHex = PEMToHex(publicKeyPEM)\n\n const meta = {} as any\n if (x509) {\n meta.x509 = {\n cn: x509.cn ?? args.kid ?? publicKeyHex,\n }\n let certChain: string = x509.certificateChainPEM ?? ''\n if (x509.certificatePEM) {\n if (!certChain.includes(x509.certificatePEM)) {\n certChain = `${x509.certificatePEM}\\n${certChain}`\n }\n }\n if (certChain.length > 0) {\n meta.x509.certificateChainPEM = certChain\n const x5c = pemCertChainTox5c(certChain)\n if (!x509.certificateChainURL) {\n // Do not put the chain in the JWK when the chain is hosted. We do put it in the x509 metadata\n // @ts-ignore\n publicKeyJwk.x5c = x5c\n }\n meta.x509.x5c = x5c\n }\n if (x509.certificateChainURL) {\n // @ts-ignore\n publicKeyJwk.x5u = x509.certificateChainURL\n meta.x509.x5u = x509.certificateChainURL\n }\n }\n\n const kid = args.kid ?? meta?.x509?.cn ?? publicKeyHex\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n certChain: meta.x509.x5c,\n } satisfies StoreKey,\n }\n }\n\n private mapImportSecp256r1Key = (args: MapImportKeyArgs): MappedImportKey => {\n const { privateKeyHex } = args\n const privateBytes = fromString(privateKeyHex.toLowerCase(), 'base16')\n const secp256r1 = new elliptic.ec('p256')\n const keyPair = secp256r1.keyFromPrivate(privateBytes, 'hex')\n const publicKeyHex = keyPair.getPublic(true, 'hex')\n const publicKeyJwk = toJwk(publicKeyHex, 'Secp256r1')\n const privateKeyJwk = toJwk(privateKeyHex, 'Secp256r1', { isPrivateKey: true })\n const kid = args.kid ?? publicKeyJwk.kid ?? publicKeyHex\n\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n } satisfies StoreKey,\n }\n }\n\n private mapImportX25519Key = (args: MapImportKeyArgs): MappedImportKey => {\n const { privateKeyHex } = args\n const privateKeyJwk = toJwk(privateKeyHex, 'X25519', { isPrivateKey: true })\n const publicKeyHex = x25519PublicHexFromPrivateHex(privateKeyHex)\n const publicKeyJwk = toJwk(publicKeyHex, 'X25519')\n const kid = args.kid ?? publicKeyJwk.kid ?? publicKeyHex\n\n return {\n kid,\n publicKeyJwk: publicKeyJwk as JWK,\n key: {\n keyInfo: {\n key: {\n ...privateKeyJwk,\n kid,\n kty: JwkKeyTypeFromJSONTyped(privateKeyJwk.kty, false),\n use: JwkUseFromJSONTyped(privateKeyJwk.use, false),\n crv: CurveFromJSONTyped(privateKeyJwk.crv, false),\n },\n },\n } satisfies StoreKey,\n }\n }\n\n private mapImportKey = (args: MapImportKeyArgs): MappedImportKey => {\n switch (args.type) {\n case 'RSA': {\n return this.mapImportRsaKey(args)\n }\n case 'Secp256r1': {\n return this.mapImportSecp256r1Key(args)\n }\n case 'X25519': {\n return this.mapImportX25519Key(args)\n }\n default:\n throw new Error(`Key type ${args.type} is not supported by REST KMS`)\n }\n }\n}\n"],"mappings":";;;;AAAA,SACEA,wBACAC,cACAC,uBACAC,WACAC,+BACAC,mCACAC,OACAC,qCAEK;AACP,SAASC,UAAUC,UAAUC,mBAAmBC,UAAUC,gBAAgB;AAE1E,SACEC,oBACAC,yBACAC,QACAC,qBACAC,eACAC,eACAC,6BAEAC,0BAEK;AACP,SAASC,8BAAwC;AAEjD,SAASC,mCAAmC;AAC5C,OAAOC,cAAc;AAErB,YAAYC,SAAS;AAGrB,IAAM,EAAEC,YAAYC,SAAQ,IAAKC;AAW1B,IAAMC,0BAAN,cAAsCC,4BAAAA;EA5C7C,OA4C6CA;;;EACnCC;EACSC;EACAC;EACAC;EACAC;EAEjB,YAAYC,SAAqC;AAC/C,UAAK;AAEL,UAAMC,SAAS;MACbC,SAASF,QAAQE;MACjBC,UAAUH,QAAQG;IACpB;AAEA,SAAKP,KAAKI,QAAQI;AAClB,SAAKP,aAAaG,QAAQH;AAC1B,SAAKC,WAAWE,QAAQF;AACxB,SAAKC,SAASC,QAAQD;AACtB,SAAKJ,SAAS,IAAIU,cAAcJ,MAAAA;EAClC;EAEA,MAAMK,UAAUC,MAA8C;AAC5D,UAAM,EAAEC,MAAMC,KAAI,IAAKF;AAEvB,UAAMG,UAAUC,8BAA8B;MAC5CH;MACAI,YAAYH,MAAMG;IACpB,CAAA;AACA,UAAMC,qBAAqB,KAAKC,gCAAgCJ,OAAAA;AAChE,UAAMV,UAAU;MACde,KAAKN,QAAQ,cAAcA,OAAO,KAAKO,YAAYP,KAAKQ,QAAQ,IAAIC,OAAOC;MAC3EC,KAAKP;MACLQ,eAAeZ,QAAQA,KAAKY,gBAAgB,KAAKC,iBAAiBb,KAAKY,aAAa,IAAgB;QAACE,cAAcC;;MACnH,GAAIf,QAAQ,cAAcA,QAAQA,KAAKgB,WAAW;QAAEC,OAAOjB,KAAKgB;MAAS,IAAI,CAAC;MAC9E,GAAI,KAAK3B,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C;AAEA,UAAM4B,MAAM,KAAK9B,aACb,MAAM,KAAKF,OAAOiC,QAAQC,6BAA6B;MACrD,GAAG7B;MACHH,YAAY,KAAKA;IACnB,CAAA,IACA,MAAM,KAAKF,OAAOiC,QAAQE,qBAAqB9B,OAAAA;AAEnD,UAAM+B,MAAM;MACV,GAAGJ,IAAIK,QAAQC,KAAKC;MACpBd,KAAKO,IAAIK,QAAQC,KAAKC,UAAUd,MAAMe,kCAAkCR,IAAIK,QAAQC,KAAKC,UAAUd,GAAG,IAAIgB;IAC5G;AAEA,UAAMC,MAAMV,IAAIK,QAAQK,OAAOV,IAAIK,QAAQC,KAAKC,UAAUG;AAC1D,QAAI,CAACA,KAAK;AACR,YAAM,IAAIC,MAAM,uBAAuB;IACzC;AAEA,WAAO;MACLD;MACAE,KAAK,KAAK3C;MACVY;MACAC,MAAM;QACJiB,OAAOC,IAAIK,QAAQN;QACnBd,YAAY;UAACe,IAAIK,QAAQC,KAAKC,UAAUd,OAAO;;QAC/CoB,eAAeC,uBAAuB;UACpCV;UACAW,iBAAiBX,IAAIX,MAAMuB,sBAAsBZ,IAAIX,GAAG,IAAI;QAC9D,CAAA;MACF;MACAwB,cAAcC,OAAOC,KAAKnB,IAAIK,QAAQC,KAAKC,UAAU3C,SAAQ,GAAI,MAAA,EAAQA,SAAS,QAAA;IACpF;EACF;EAEA,MAAMwD,UAAUxC,MAA8C;AAC5D,UAAM,EAAEC,KAAI,IAAKD;AACjB,UAAMwC,YAAY,KAAKC,aAAazC,IAAAA;AAEpC,UAAM0C,SAAS,KAAKpD,aAChB,MAAM,KAAKF,OAAOiC,QAAQsB,0BAA0B;MAClD,GAAGH,UAAUpB;MACb9B,YAAY,KAAKA;MACjB,GAAI,KAAKC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA,IACA,MAAM,KAAKJ,OAAOiC,QAAQuB,kBAAkB;MAC1C,GAAGJ,UAAUpB;MACb,GAAI,KAAK7B,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAEJ,WAAO;MACLsC,KAAKU,UAAUV;MACfE,KAAK,KAAK3C;MACVY;MACAC,MAAM;QACJiB,OAAOqB,UAAUpB,IAAIyB,QAAQ1B;QAC7Bd,YAAY;UAACqC,OAAOG,QAAQzB,IAAIP,OAAO;;QACvCoB,eAAeC,uBAAuB;UACpCV,KAAKgB,UAAUM;UACfX,iBAAiBK,UAAUM,aAAajC,MAAMuB,sBAAsBI,UAAUM,aAAajC,GAAG,IAAI;QACpG,CAAA;MACF;MACAwB,cAAcC,OAAOC,KAAKG,OAAOG,QAAQzB,IAAIpC,SAAQ,GAAI,MAAA,EAAQA,SAAS,QAAA;IAC5E;EACF;EAEA,MAAM+D,UAAU/C,MAAuC;AACrD,UAAM,EAAE8B,IAAG,IAAK9B;AAEhB,WAAO,KAAKV,aACR,MAAM,KAAKF,OAAOiC,QAAQ2B,2BAA2B;MACnDC,YAAYnB;MACZxC,YAAY,KAAKA;MACjB,GAAI,KAAKC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA,IACA,MAAM,KAAKJ,OAAOiC,QAAQ6B,mBAAmB;MAC3CD,YAAYnB;MACZ,GAAI,KAAKvC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;EACN;EAEA,MAAM2D,WAAsC;AAC1C,UAAMC,OAAO,KAAK9D,aACd,MAAM,KAAKF,OAAOiC,QAAQgC,0BAA0B;MAClD/D,YAAY,KAAKA;MACjB,GAAI,KAAKC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA,IACA,MAAM,KAAKJ,OAAOiC,QAAQiC,kBAAkB;MAC1C,GAAI,KAAK/D,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAEJ,UAAM+D,WAAWC,4BAA4BJ,MAAM,KAAA,EAAOK;AAE1D,WAAOF,SAASG,IAAI,CAACC,YAAAA;AACnB,YAAMnC,MAAMmC,QAAQvC;AACpB,UAAIiB,eAAe;AAGnB,UAAIb,IAAIoC,QAAQ,MAAM;AACpBvB,uBAAeb,IAAIqC,KAAK;MAC1B,WAAWrC,IAAIoC,QAAQ,OAAO;AAC5BvB,uBAAeb,IAAIsC,KAAK;MAC1B,WAAWtC,IAAIoC,QAAQ,OAAO;AAC5BvB,uBAAeb,IAAIqC,KAAK;MAC1B;AAEA,YAAME,UAAU,KAAKC,yBAAyBL,QAAQI,OAAO;AAE7D,aAAO;QACLjC,KAAK6B,QAAQ7B,OAAO6B,QAAQxC;QAC5Ba,KAAK,KAAK3C;QACVY,MAAM8D;QACN1B;QACAnC,MAAM;UACJG,YAAYsD,QAAQrD,qBAAqB;YAACqD,QAAQrD;cAAsBuB;UACxEL;UACAS,eAAeC,uBAAuB;YACpCV;YACAW,iBAAiBwB,QAAQvC,IAAIP,MAAMuB,sBAAsBuB,QAAQvC,IAAIP,GAAG,IAAI;UAC9E,CAAA;UACAM,OAAOwC,QAAQxC;UACf7B,YAAYqE,QAAQrE;UACpB2E,KAAKN,QAAQM;UACbC,eAAeP,QAAQO;UACvBC,aAAaR,QAAQQ;UACrB,GAAGR,QAAQS;QACb;MACF;IACF,CAAA;EACF;EAEQJ,yBAAyBD,SAAuC;AACtE,YAAQA,SAAAA;MACN,KAAK;AACH,eAAO;MACT,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO;MACT;AACE,cAAM,IAAIhC,MAAM,qBAAqBgC,OAAAA,EAAS;IAClD;EACF;EAEA,MAAMM,KAAKrE,MAAiC;AAC1C,UAAM,EAAEsE,QAAQC,MAAMC,YAAY,UAAS,IAAKxE;AAChD,UAAMoB,MAAM,KAAK9B,aACb,MAAM,KAAKF,OAAOiC,QAAQoD,wBAAwB;MAChDxB,YAAYqB,OAAOxC;MACnBxC,YAAY,KAAKA;MACjB,GAAI,KAAKC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA,IACA,MAAM,KAAKJ,OAAOiC,QAAQqD,gBAAgB;MACxCzB,YAAYqB,OAAOxC;MACnB,GAAI,KAAKvC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAGJ,UAAMmF,iBAA6BC,aAAaL,IAAAA,IAC5CA,OACAM,UAAUN,KAAKO,OAAOC,MAAMR,KAAKS,YAAYT,KAAKS,aAAaT,KAAKU,UAAU,GAAGT,SAAAA;AACrF,UAAMU,gBAAgB,MAAM,KAAK9F,OAAOiC,QAAQ8D,4BAA4B;MAC1EtC,SAASzB,IAAIyB;MACbuC,OAAOpG,SAAS2F,gBAAgB,QAAA;MAChC,GAAI,KAAKpF,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAEA,WAAO0F,cAAcG;EACvB;EAEA,MAAMC,OAAOtF,MAAoC;AAC/C,UAAM,EAAEsE,QAAQC,MAAMc,WAAWb,YAAY,UAAS,IAAKxE;AAC3D,UAAMoB,MAAM,KAAK9B,aACb,MAAM,KAAKF,OAAOiC,QAAQoD,wBAAwB;MAChDxB,YAAYqB,OAAOxC;MACnBxC,YAAY,KAAKA;MACjB,GAAI,KAAKC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA,IACA,MAAM,KAAKJ,OAAOiC,QAAQqD,gBAAgB;MACxCzB,YAAYqB,OAAOxC;MACnB,GAAI,KAAKvC,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAGJ,UAAM+F,mBAA+BX,aAAaL,IAAAA,IAC9CA,OACAM,UAAUN,KAAKO,OAAOC,MAAMR,KAAKS,YAAYT,KAAKS,aAAaT,KAAKU,UAAU,GAAGT,SAAAA;AACrF,UAAMgB,eAAe,MAAM,KAAKpG,OAAOiC,QAAQoE,6BAA6B;MAC1E5C,SAASzB,IAAIyB;MACbuC,OAAOpG,SAASuG,kBAAkB,QAAA;MAClCF;MACA,GAAI,KAAK9F,YAAY;QAAEA,UAAU,KAAKA;MAAS;MAC/C,GAAI,KAAKC,UAAU;QAAEA,QAAQ,KAAKA;MAAO;IAC3C,CAAA;AAEA,WAAOgG,aAAaE;EACtB;EAEA,MAAMC,aAAa3F,MAAyC;AAC1D,UAAM,IAAI+B,MAAM,+CAAA;EAClB;EAEQtB,cAAc,wBAACmF,UAAAA;AACrB,YAAQA,OAAAA;MACN,KAAK;AACH,eAAOjF,OAAOC;MAChB,KAAK;AACH,eAAOD,OAAOkF;MAChB;AACE,cAAM,IAAI9D,MAAM,aAAa6D,KAAAA,+BAAoC;IACrE;EACF,GATsB;EAWdrF,kCAAkC,wBAACM,QAAAA;AACzC,YAAQA,KAAAA;MACN,KAAKiF,uBAAuBC;AAC1B,eAAOC,mBAAmBC;MAC5B,KAAKH,uBAAuBI;AAC1B,eAAOF,mBAAmBG;MAC5B,KAAKL,uBAAuBM;AAC1B,eAAOJ,mBAAmBK;MAC5B,KAAKP,uBAAuBQ;AAC1B,eAAON,mBAAmBO;MAC5B,KAAKT,uBAAuBU;AAC1B,eAAOR,mBAAmBS;MAC5B,KAAKX,uBAAuBY;AAC1B,eAAOV,mBAAmBW;MAC5B,KAAKb,uBAAuBc;AAC1B,eAAOZ,mBAAmBa;MAC5B,KAAKf,uBAAuBgB;AAC1B,eAAOd,mBAAmBe;MAC5B,KAAKjB,uBAAuBkB;AAC1B,eAAOhB,mBAAmBiB;MAC5B,KAAKnB,uBAAuBoB;AAC1B,eAAOlB,mBAAmBmB;MAC5B,KAAKrB,uBAAuBsB;AAC1B,eAAOpB,mBAAmBqB;MAC5B;AACE,cAAM,IAAItF,MAAM,kBAAkBlB,GAAAA,4BAA+B;IACrE;EACF,GA3B0C;EA6BlCyG,kBAAkB,wBAACC,cAAAA;AACzB,YAAQA,WAAAA;MACN,KAAK;AACH,eAAOvG,cAAcC;MACvB,KAAK;AACH,eAAOD,cAAcwG;MACvB,KAAK;AACH,eAAOxG,cAAcyG;MACvB,KAAK;AACH,eAAOzG,cAAc0G;MACvB,KAAK;AACH,eAAO1G,cAAc2G;MACvB,KAAK;AACH,eAAO3G,cAAc4G;MACvB,KAAK;AACH,eAAO5G,cAAc6G;MACvB,KAAK;AACH,eAAO7G,cAAc8G;MACvB;AACE,cAAM,IAAI/F,MAAM,iBAAiBwF,SAAAA,+BAAwC;IAC7E;EACF,GArB0B;EAuBlBxG,mBAAmB,wBAACgH,eAAAA;AAC1B,WAAOA,WAAWrE,IAAI,CAAC6D,cAAc,KAAKD,gBAAgBC,SAAAA,CAAAA;EAC5D,GAF2B;EAInBS,kBAAkB,wBAAChI,SAAAA;AACzB,UAAMiI,OAAOjI,KAAKE,MAAM+H;AACxB,UAAMC,gBAAgBD,MAAMC,kBAAkBlI,KAAKmI,cAAcC,SAAS,KAAA,IAASpI,KAAKmI,gBAAgBE,SAASrI,KAAKmI,eAAe,SAAA;AACrI,UAAMrF,eAAewF,SAASJ,eAAe,QAAA;AAC7C,UAAMK,gBAAgBD,SAASJ,aAAAA;AAC/B,UAAMM,eAAeC,SAAS3F,cAAc,QAAA;AAC5C,UAAMT,eAAeqG,SAASF,YAAAA;AAE9B,UAAMtI,OAAO,CAAC;AACd,QAAI+H,MAAM;AACR/H,WAAK+H,OAAO;QACVU,IAAIV,KAAKU,MAAM3I,KAAK8B,OAAOO;MAC7B;AACA,UAAIuG,YAAoBX,KAAKY,uBAAuB;AACpD,UAAIZ,KAAKa,gBAAgB;AACvB,YAAI,CAACF,UAAUR,SAASH,KAAKa,cAAc,GAAG;AAC5CF,sBAAY,GAAGX,KAAKa,cAAc;EAAKF,SAAAA;QACzC;MACF;AACA,UAAIA,UAAUG,SAAS,GAAG;AACxB7I,aAAK+H,KAAKY,sBAAsBD;AAChC,cAAM3E,MAAM+E,kBAAkBJ,SAAAA;AAC9B,YAAI,CAACX,KAAKgB,qBAAqB;AAG7BnG,uBAAamB,MAAMA;QACrB;AACA/D,aAAK+H,KAAKhE,MAAMA;MAClB;AACA,UAAIgE,KAAKgB,qBAAqB;AAE5BnG,qBAAaoG,MAAMjB,KAAKgB;AACxB/I,aAAK+H,KAAKiB,MAAMjB,KAAKgB;MACvB;IACF;AAEA,UAAMnH,MAAM9B,KAAK8B,OAAO5B,MAAM+H,MAAMU,MAAMtG;AAC1C,WAAO;MACLP;MACAgB;MACA1B,KAAK;QACHyB,SAAS;UACPzB,KAAK;YACH,GAAGmH;YACHzG;YACA8B,KAAKuF,wBAAwBZ,cAAc3E,KAAK,KAAA;YAChDpD,KAAK4I,oBAAoBb,cAAc/H,KAAK,KAAA;YAC5C6I,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;QACAT,WAAW1I,KAAK+H,KAAKhE;MACvB;IACF;EACF,GArD0B;EAuDlBsF,wBAAwB,wBAACvJ,SAAAA;AAC/B,UAAM,EAAEmI,cAAa,IAAKnI;AAC1B,UAAMwJ,eAAezK,WAAWoJ,cAAcsB,YAAW,GAAI,QAAA;AAC7D,UAAMC,YAAY,IAAIC,SAASC,GAAG,MAAA;AAClC,UAAMnI,UAAUiI,UAAUG,eAAeL,cAAc,KAAA;AACvD,UAAMnH,eAAeZ,QAAQqI,UAAU,MAAM,KAAA;AAC7C,UAAMhH,eAAeiH,MAAM1H,cAAc,WAAA;AACzC,UAAMkG,gBAAgBwB,MAAM5B,eAAe,aAAa;MAAE6B,cAAc;IAAK,CAAA;AAC7E,UAAMlI,MAAM9B,KAAK8B,OAAOgB,aAAahB,OAAOO;AAE5C,WAAO;MACLP;MACAgB;MACA1B,KAAK;QACHyB,SAAS;UACPzB,KAAK;YACH,GAAGmH;YACHzG;YACA8B,KAAKuF,wBAAwBZ,cAAc3E,KAAK,KAAA;YAChDpD,KAAK4I,oBAAoBb,cAAc/H,KAAK,KAAA;YAC5C6I,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;MACF;IACF;EACF,GAzBgC;EA2BxBY,qBAAqB,wBAACjK,SAAAA;AAC5B,UAAM,EAAEmI,cAAa,IAAKnI;AAC1B,UAAMuI,gBAAgBwB,MAAM5B,eAAe,UAAU;MAAE6B,cAAc;IAAK,CAAA;AAC1E,UAAM3H,eAAe6H,8BAA8B/B,aAAAA;AACnD,UAAMrF,eAAeiH,MAAM1H,cAAc,QAAA;AACzC,UAAMP,MAAM9B,KAAK8B,OAAOgB,aAAahB,OAAOO;AAE5C,WAAO;MACLP;MACAgB;MACA1B,KAAK;QACHyB,SAAS;UACPzB,KAAK;YACH,GAAGmH;YACHzG;YACA8B,KAAKuF,wBAAwBZ,cAAc3E,KAAK,KAAA;YAChDpD,KAAK4I,oBAAoBb,cAAc/H,KAAK,KAAA;YAC5C6I,KAAKC,mBAAmBf,cAAcc,KAAK,KAAA;UAC7C;QACF;MACF;IACF;EACF,GAtB6B;EAwBrB5G,eAAe,wBAACzC,SAAAA;AACtB,YAAQA,KAAKC,MAAI;MACf,KAAK,OAAO;AACV,eAAO,KAAK+H,gBAAgBhI,IAAAA;MAC9B;MACA,KAAK,aAAa;AAChB,eAAO,KAAKuJ,sBAAsBvJ,IAAAA;MACpC;MACA,KAAK,UAAU;AACb,eAAO,KAAKiK,mBAAmBjK,IAAAA;MACjC;MACA;AACE,cAAM,IAAI+B,MAAM,YAAY/B,KAAKC,IAAI,+BAA+B;IACxE;EACF,GAduB;AAezB;","names":["calculateJwkThumbprint","isHashString","joseAlgorithmToDigest","shaHasher","signatureAlgorithmFromKeyType","signatureAlgorithmToJoseAlgorithm","toJwk","x25519PublicHexFromPrivateHex","hexToPEM","jwkToPEM","pemCertChainTox5c","PEMToHex","PEMToJwk","CurveFromJSONTyped","JwkKeyTypeFromJSONTyped","JwkUse","JwkUseFromJSONTyped","KeyOperations","KmsRestClient","ListKeysResponseToJSONTyped","SignatureAlgorithm","JoseSignatureAlgorithm","AbstractKeyManagementSystem","elliptic","u8a","fromString","toString","u8a","RestKeyManagementSystem","AbstractKeyManagementSystem","client","id","providerId","tenantId","userId","options","config","baseUrl","authOpts","applicationId","KmsRestClient","createKey","args","type","meta","joseAlg","signatureAlgorithmFromKeyType","algorithms","signatureAlgorithm","mapJoseToRestSignatureAlgorithm","use","mapKeyUsage","keyUsage","JwkUse","Sig","alg","keyOperations","mapKeyOperations","KeyOperations","Sign","keyAlias","alias","key","methods","kmsClientProviderGenerateKey","kmsClientGenerateKey","jwk","keyPair","jose","publicJwk","signatureAlgorithmToJoseAlgorithm","undefined","kid","Error","kms","jwkThumbprint","calculateJwkThumbprint","digestAlgorithm","joseAlgorithmToDigest","publicKeyHex","Buffer","from","importKey","mapImportKey","result","kmsClientProviderStoreKey","kmsClientStoreKey","keyInfo","publicKeyJwk","deleteKey","kmsClientProviderDeleteKey","aliasOrKid","kmsClientDeleteKey","listKeys","keys","kmsClientProviderListKeys","kmsClientListKeys","restKeys","ListKeysResponseToJSONTyped","keyInfos","map","restKey","kty","x","n","keyType","mapRestKeyTypeToTKeyType","x5c","keyVisibility","keyEncoding","opts","sign","keyRef","data","algorithm","kmsClientProviderGetKey","kmsClientGetKey","dataToBeSigned","isHashString","shaHasher","buffer","slice","byteOffset","byteLength","signingResult","kmsClientCreateRawSignature","input","signature","verify","dataToBeVerified","verification","kmsClientIsValidRawSignature","isValid","sharedSecret","usage","Enc","JoseSignatureAlgorithm","RS256","SignatureAlgorithm","RsaSha256","RS384","RsaSha384","RS512","RsaSha512","PS256","RsaSsaPssSha256Mgf1","PS384","RsaSsaPssSha384Mgf1","PS512","RsaSsaPssSha512Mgf1","ES256","EcdsaSha256","ES384","EcdsaSha384","ES512","EcdsaSha512","ES256K","Es256K","EdDSA","Ed25519","mapKeyOperation","operation","Verify","WrapKey","DeriveKey","UnwrapKey","Decrypt","DeriveBits","Encrypt","operations","mapImportRsaKey","x509","privateKeyPEM","privateKeyHex","includes","hexToPEM","PEMToJwk","privateKeyJwk","publicKeyPEM","jwkToPEM","PEMToHex","cn","certChain","certificateChainPEM","certificatePEM","length","pemCertChainTox5c","certificateChainURL","x5u","JwkKeyTypeFromJSONTyped","JwkUseFromJSONTyped","crv","CurveFromJSONTyped","mapImportSecp256r1Key","privateBytes","toLowerCase","secp256r1","elliptic","ec","keyFromPrivate","getPublic","toJwk","isPrivateKey","mapImportX25519Key","x25519PublicHexFromPrivateHex"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.kms-rest",
3
3
  "description": "Sphereon SSI-SDK plugin for REST Key Management System.",
4
- "version": "0.36.1-feature.SSISDK.44.finish.dcql.1+66f32d8d",
4
+ "version": "0.36.1-feature.SSISDK.70.integrate.digidentity.55+fc4df611",
5
5
  "source": "./src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -22,10 +22,10 @@
22
22
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
23
23
  },
24
24
  "dependencies": {
25
- "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feature.SSISDK.44.finish.dcql.1+66f32d8d",
26
- "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-feature.SSISDK.44.finish.dcql.1+66f32d8d",
27
- "@sphereon/ssi-sdk.kms-rest-client": "0.36.1-feature.SSISDK.44.finish.dcql.1+66f32d8d",
28
- "@sphereon/ssi-types": "0.36.1-feature.SSISDK.44.finish.dcql.1+66f32d8d",
25
+ "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feature.SSISDK.70.integrate.digidentity.55+fc4df611",
26
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-feature.SSISDK.70.integrate.digidentity.55+fc4df611",
27
+ "@sphereon/ssi-sdk.kms-rest-client": "0.36.1-feature.SSISDK.70.integrate.digidentity.55+fc4df611",
28
+ "@sphereon/ssi-types": "0.36.1-feature.SSISDK.70.integrate.digidentity.55+fc4df611",
29
29
  "@veramo/core": "4.2.0",
30
30
  "@veramo/key-manager": "4.2.0",
31
31
  "elliptic": "^6.5.4",
@@ -54,5 +54,5 @@
54
54
  "key-management",
55
55
  "Veramo"
56
56
  ],
57
- "gitHead": "66f32d8dcf60bfa79709c5c257be2073015198a0"
57
+ "gitHead": "fc4df611242812613a69238d3d03452395505b64"
58
58
  }