@sudoplatform/sudo-common 7.0.1 → 7.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (315) hide show
  1. package/lib/configurationManager/defaultConfigurationManager.js +3 -5
  2. package/lib/sudoKeyManager/sudoCryptoProvider.d.ts +0 -16
  3. package/lib/sudoKeyManager/sudoKeyManager.d.ts +0 -18
  4. package/lib/sudoKeyManager/sudoKeyManager.js +2 -10
  5. package/lib/utils/base64.d.ts +35 -0
  6. package/lib/utils/base64.js +65 -0
  7. package/package.json +3 -4
  8. package/.babelrc +0 -10
  9. package/.eslintrc.js +0 -91
  10. package/.gitignore +0 -14
  11. package/.gitlab-ci.yml +0 -101
  12. package/.npmignore +0 -1
  13. package/.prettierignore +0 -3
  14. package/.prettierrc.js +0 -7
  15. package/.publisher.json +0 -7
  16. package/.vscode/settings.json +0 -5
  17. package/.yarn/releases/yarn-1.22.19.cjs +0 -147529
  18. package/.yarnrc +0 -5
  19. package/bin/outdated-with-suppression.sh +0 -203
  20. package/bin/suppress-audit.sh +0 -15
  21. package/bin/suppress-outdated.sh +0 -60
  22. package/bin/yarn-audit-with-suppression.sh +0 -19
  23. package/dependencies-report.json +0 -640
  24. package/docs/.nojekyll +0 -1
  25. package/docs/assets/highlight.css +0 -57
  26. package/docs/assets/main.js +0 -54
  27. package/docs/assets/search.js +0 -1
  28. package/docs/assets/style.css +0 -1224
  29. package/docs/assets/widgets.png +0 -0
  30. package/docs/assets/widgets@2x.png +0 -0
  31. package/docs/classes/AccountLockedError.html +0 -163
  32. package/docs/classes/AuthenticationError.html +0 -169
  33. package/docs/classes/Base64.html +0 -134
  34. package/docs/classes/Buffer.html +0 -158
  35. package/docs/classes/ConfigurationNotSetError.html +0 -164
  36. package/docs/classes/ConfigurationSetNotFoundError.html +0 -168
  37. package/docs/classes/DecodeError.html +0 -168
  38. package/docs/classes/DefaultConfigurationManager.html +0 -213
  39. package/docs/classes/DefaultLogger.html +0 -291
  40. package/docs/classes/DefaultSudoKeyArchive.html +0 -363
  41. package/docs/classes/DefaultSudoKeyManager.html +0 -858
  42. package/docs/classes/FatalError.html +0 -169
  43. package/docs/classes/IllegalArgumentError.html +0 -168
  44. package/docs/classes/IllegalStateError.html +0 -169
  45. package/docs/classes/InsufficientEntitlementsError.html +0 -164
  46. package/docs/classes/InvalidOwnershipProofError.html +0 -163
  47. package/docs/classes/InvalidTokenError.html +0 -163
  48. package/docs/classes/KeyArchiveDecodingError.html +0 -168
  49. package/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
  50. package/docs/classes/KeyArchiveMissingError.html +0 -168
  51. package/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
  52. package/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
  53. package/docs/classes/KeyArchiveTypeError.html +0 -168
  54. package/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
  55. package/docs/classes/KeyArchiveVersionError.html +0 -168
  56. package/docs/classes/KeyNotFoundError.html +0 -168
  57. package/docs/classes/KeyStoreNotExportableError.html +0 -168
  58. package/docs/classes/LimitExceededError.html +0 -164
  59. package/docs/classes/NoEntitlementsError.html +0 -163
  60. package/docs/classes/NotAuthorizedError.html +0 -169
  61. package/docs/classes/NotRegisteredError.html +0 -168
  62. package/docs/classes/NotSignedInError.html +0 -164
  63. package/docs/classes/OperationNotImplementedError.html +0 -168
  64. package/docs/classes/RegisterError.html +0 -169
  65. package/docs/classes/RequestFailedError.html +0 -189
  66. package/docs/classes/ServiceError.html +0 -170
  67. package/docs/classes/SignOutError.html +0 -168
  68. package/docs/classes/SudoCryptoProviderDefaults.html +0 -106
  69. package/docs/classes/UnknownGraphQLError.html +0 -169
  70. package/docs/classes/UnrecognizedAlgorithmError.html +0 -168
  71. package/docs/classes/UserNotConfirmedError.html +0 -164
  72. package/docs/classes/VersionMismatchError.html +0 -166
  73. package/docs/enums/CachePolicy.html +0 -72
  74. package/docs/enums/EncryptionAlgorithm.html +0 -80
  75. package/docs/enums/KeyArchiveKeyType.html +0 -86
  76. package/docs/enums/KeyDataKeyFormat.html +0 -92
  77. package/docs/enums/KeyDataKeyType.html +0 -85
  78. package/docs/enums/ListOperationResultStatus.html +0 -85
  79. package/docs/enums/PublicKeyFormat.html +0 -68
  80. package/docs/functions/isAppSyncNetworkError.html +0 -147
  81. package/docs/functions/isInsecureKeyArchive.html +0 -147
  82. package/docs/functions/isSecureKeyArchive.html +0 -147
  83. package/docs/functions/isUnrecognizedKeyArchive.html +0 -147
  84. package/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
  85. package/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
  86. package/docs/functions/mapGraphQLToClientError.html +0 -154
  87. package/docs/functions/mapNetworkErrorToClientError.html +0 -154
  88. package/docs/index.html +0 -146
  89. package/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
  90. package/docs/interfaces/BooleanFilter.html +0 -75
  91. package/docs/interfaces/ConfigurationManager.html +0 -200
  92. package/docs/interfaces/KeyData.html +0 -106
  93. package/docs/interfaces/ListOperationFailureResult.html +0 -76
  94. package/docs/interfaces/ListOperationPartialResult.html +0 -102
  95. package/docs/interfaces/ListOperationSuccessResult.html +0 -90
  96. package/docs/interfaces/ListOutput.html +0 -80
  97. package/docs/interfaces/Logger.html +0 -251
  98. package/docs/interfaces/Owner.html +0 -72
  99. package/docs/interfaces/PublicKey.html +0 -72
  100. package/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
  101. package/docs/interfaces/StringFilter.html +0 -82
  102. package/docs/interfaces/SudoCryptoProvider.html +0 -907
  103. package/docs/interfaces/SudoKeyArchive.html +0 -257
  104. package/docs/interfaces/SudoKeyManager.html +0 -890
  105. package/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
  106. package/docs/interfaces/ValidationResult.html +0 -83
  107. package/docs/modules.html +0 -248
  108. package/docs/types/AppSyncError.html +0 -138
  109. package/docs/types/AppSyncNetworkError.html +0 -138
  110. package/docs/types/InsecureKeyArchive.html +0 -138
  111. package/docs/types/KeyArchive.html +0 -138
  112. package/docs/types/KeyArchiveKeyInfo.html +0 -154
  113. package/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
  114. package/docs/types/ListOperationResult.html +0 -148
  115. package/docs/types/SecureKeyArchive.html +0 -138
  116. package/docs/types/Subset.html +0 -144
  117. package/docs/types/UnrecognizedKeyArchive.html +0 -138
  118. package/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
  119. package/docs/variables/InsecureKeyArchiveCodec.html +0 -138
  120. package/docs/variables/InsecureKeyArchiveType.html +0 -138
  121. package/docs/variables/KeyArchiveCodec.html +0 -138
  122. package/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
  123. package/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
  124. package/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
  125. package/docs/variables/SecureKeyArchiveCodec.html +0 -138
  126. package/docs/variables/SecureKeyArchiveType.html +0 -138
  127. package/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
  128. package/github/.babelrc +0 -10
  129. package/github/.eslintrc.js +0 -91
  130. package/github/.gitignore +0 -14
  131. package/github/.gitlab-ci.yml +0 -101
  132. package/github/.npmignore +0 -1
  133. package/github/.prettierignore +0 -3
  134. package/github/.prettierrc.js +0 -7
  135. package/github/.publisher.json +0 -7
  136. package/github/.vscode/settings.json +0 -5
  137. package/github/.yarn/releases/yarn-1.22.19.cjs +0 -147529
  138. package/github/.yarnrc +0 -5
  139. package/github/CHANGELOG.md +0 -51
  140. package/github/README.md +0 -8
  141. package/github/bin/outdated-with-suppression.sh +0 -203
  142. package/github/bin/suppress-audit.sh +0 -15
  143. package/github/bin/suppress-outdated.sh +0 -60
  144. package/github/bin/yarn-audit-with-suppression.sh +0 -19
  145. package/github/docs/.nojekyll +0 -1
  146. package/github/docs/assets/highlight.css +0 -57
  147. package/github/docs/assets/main.js +0 -54
  148. package/github/docs/assets/search.js +0 -1
  149. package/github/docs/assets/style.css +0 -1224
  150. package/github/docs/assets/widgets.png +0 -0
  151. package/github/docs/assets/widgets@2x.png +0 -0
  152. package/github/docs/classes/AccountLockedError.html +0 -163
  153. package/github/docs/classes/AuthenticationError.html +0 -169
  154. package/github/docs/classes/Base64.html +0 -134
  155. package/github/docs/classes/Buffer.html +0 -158
  156. package/github/docs/classes/ConfigurationNotSetError.html +0 -164
  157. package/github/docs/classes/ConfigurationSetNotFoundError.html +0 -168
  158. package/github/docs/classes/DecodeError.html +0 -168
  159. package/github/docs/classes/DefaultConfigurationManager.html +0 -213
  160. package/github/docs/classes/DefaultLogger.html +0 -291
  161. package/github/docs/classes/DefaultSudoKeyArchive.html +0 -363
  162. package/github/docs/classes/DefaultSudoKeyManager.html +0 -858
  163. package/github/docs/classes/FatalError.html +0 -169
  164. package/github/docs/classes/IllegalArgumentError.html +0 -168
  165. package/github/docs/classes/IllegalStateError.html +0 -169
  166. package/github/docs/classes/InsufficientEntitlementsError.html +0 -164
  167. package/github/docs/classes/InvalidOwnershipProofError.html +0 -163
  168. package/github/docs/classes/InvalidTokenError.html +0 -163
  169. package/github/docs/classes/KeyArchiveDecodingError.html +0 -168
  170. package/github/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
  171. package/github/docs/classes/KeyArchiveMissingError.html +0 -168
  172. package/github/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
  173. package/github/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
  174. package/github/docs/classes/KeyArchiveTypeError.html +0 -168
  175. package/github/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
  176. package/github/docs/classes/KeyArchiveVersionError.html +0 -168
  177. package/github/docs/classes/KeyNotFoundError.html +0 -168
  178. package/github/docs/classes/KeyStoreNotExportableError.html +0 -168
  179. package/github/docs/classes/LimitExceededError.html +0 -164
  180. package/github/docs/classes/NoEntitlementsError.html +0 -163
  181. package/github/docs/classes/NotAuthorizedError.html +0 -169
  182. package/github/docs/classes/NotRegisteredError.html +0 -168
  183. package/github/docs/classes/NotSignedInError.html +0 -164
  184. package/github/docs/classes/OperationNotImplementedError.html +0 -168
  185. package/github/docs/classes/RegisterError.html +0 -169
  186. package/github/docs/classes/RequestFailedError.html +0 -189
  187. package/github/docs/classes/ServiceError.html +0 -170
  188. package/github/docs/classes/SignOutError.html +0 -168
  189. package/github/docs/classes/SudoCryptoProviderDefaults.html +0 -106
  190. package/github/docs/classes/UnknownGraphQLError.html +0 -169
  191. package/github/docs/classes/UnrecognizedAlgorithmError.html +0 -168
  192. package/github/docs/classes/UserNotConfirmedError.html +0 -164
  193. package/github/docs/classes/VersionMismatchError.html +0 -166
  194. package/github/docs/enums/CachePolicy.html +0 -72
  195. package/github/docs/enums/EncryptionAlgorithm.html +0 -80
  196. package/github/docs/enums/KeyArchiveKeyType.html +0 -86
  197. package/github/docs/enums/KeyDataKeyFormat.html +0 -92
  198. package/github/docs/enums/KeyDataKeyType.html +0 -85
  199. package/github/docs/enums/ListOperationResultStatus.html +0 -85
  200. package/github/docs/enums/PublicKeyFormat.html +0 -68
  201. package/github/docs/functions/isAppSyncNetworkError.html +0 -147
  202. package/github/docs/functions/isInsecureKeyArchive.html +0 -147
  203. package/github/docs/functions/isSecureKeyArchive.html +0 -147
  204. package/github/docs/functions/isUnrecognizedKeyArchive.html +0 -147
  205. package/github/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
  206. package/github/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
  207. package/github/docs/functions/mapGraphQLToClientError.html +0 -154
  208. package/github/docs/functions/mapNetworkErrorToClientError.html +0 -154
  209. package/github/docs/index.html +0 -146
  210. package/github/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
  211. package/github/docs/interfaces/BooleanFilter.html +0 -75
  212. package/github/docs/interfaces/ConfigurationManager.html +0 -200
  213. package/github/docs/interfaces/KeyData.html +0 -106
  214. package/github/docs/interfaces/ListOperationFailureResult.html +0 -76
  215. package/github/docs/interfaces/ListOperationPartialResult.html +0 -102
  216. package/github/docs/interfaces/ListOperationSuccessResult.html +0 -90
  217. package/github/docs/interfaces/ListOutput.html +0 -80
  218. package/github/docs/interfaces/Logger.html +0 -251
  219. package/github/docs/interfaces/Owner.html +0 -72
  220. package/github/docs/interfaces/PublicKey.html +0 -72
  221. package/github/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
  222. package/github/docs/interfaces/StringFilter.html +0 -82
  223. package/github/docs/interfaces/SudoCryptoProvider.html +0 -907
  224. package/github/docs/interfaces/SudoKeyArchive.html +0 -257
  225. package/github/docs/interfaces/SudoKeyManager.html +0 -890
  226. package/github/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
  227. package/github/docs/interfaces/ValidationResult.html +0 -83
  228. package/github/docs/modules.html +0 -248
  229. package/github/docs/types/AppSyncError.html +0 -138
  230. package/github/docs/types/AppSyncNetworkError.html +0 -138
  231. package/github/docs/types/InsecureKeyArchive.html +0 -138
  232. package/github/docs/types/KeyArchive.html +0 -138
  233. package/github/docs/types/KeyArchiveKeyInfo.html +0 -154
  234. package/github/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
  235. package/github/docs/types/ListOperationResult.html +0 -148
  236. package/github/docs/types/SecureKeyArchive.html +0 -138
  237. package/github/docs/types/Subset.html +0 -144
  238. package/github/docs/types/UnrecognizedKeyArchive.html +0 -138
  239. package/github/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
  240. package/github/docs/variables/InsecureKeyArchiveCodec.html +0 -138
  241. package/github/docs/variables/InsecureKeyArchiveType.html +0 -138
  242. package/github/docs/variables/KeyArchiveCodec.html +0 -138
  243. package/github/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
  244. package/github/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
  245. package/github/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
  246. package/github/docs/variables/SecureKeyArchiveCodec.html +0 -138
  247. package/github/docs/variables/SecureKeyArchiveType.html +0 -138
  248. package/github/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
  249. package/github/jest.config.json +0 -14
  250. package/github/package.json +0 -91
  251. package/github/src/configurationManager/defaultConfigurationManager.ts +0 -281
  252. package/github/src/errors/error.ts +0 -469
  253. package/github/src/index.ts +0 -8
  254. package/github/src/logging/bunyanLogger.ts +0 -47
  255. package/github/src/logging/logger.ts +0 -164
  256. package/github/src/sudoKeyArchive/index.ts +0 -4
  257. package/github/src/sudoKeyArchive/keyArchive.ts +0 -120
  258. package/github/src/sudoKeyArchive/keyInfo.ts +0 -47
  259. package/github/src/sudoKeyArchive/keyType.ts +0 -50
  260. package/github/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
  261. package/github/src/sudoKeyManager/index.ts +0 -4
  262. package/github/src/sudoKeyManager/keyData.ts +0 -60
  263. package/github/src/sudoKeyManager/publicKey.ts +0 -9
  264. package/github/src/sudoKeyManager/sudoCryptoProvider.ts +0 -434
  265. package/github/src/sudoKeyManager/sudoKeyManager.ts +0 -635
  266. package/github/src/types/types.ts +0 -129
  267. package/github/src/utils/base64.ts +0 -21
  268. package/github/src/utils/buffer.ts +0 -39
  269. package/github/test/integration/defaultConfigurationManager.spec.ts +0 -85
  270. package/github/test/matchers.ts +0 -122
  271. package/github/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
  272. package/github/test/unit/errors/error.spec.ts +0 -115
  273. package/github/test/unit/keyType.spec.ts +0 -54
  274. package/github/test/unit/logging/logger.spec.ts +0 -182
  275. package/github/test/unit/sudoKeyArchive.spec.ts +0 -1609
  276. package/github/test/unit/sudoKeyManager.spec.ts +0 -1086
  277. package/github/test/unit/utils/base64.spec.ts +0 -30
  278. package/github/test/unit/utils/buffer.spec.ts +0 -45
  279. package/github/test/unit/utils/listOperationResult.spec.ts +0 -84
  280. package/github/tsconfig.json +0 -20
  281. package/github/tsconfig.test.json +0 -7
  282. package/github/yarn.lock +0 -5922
  283. package/jest.config.json +0 -14
  284. package/src/configurationManager/defaultConfigurationManager.ts +0 -281
  285. package/src/errors/error.ts +0 -469
  286. package/src/index.ts +0 -8
  287. package/src/logging/bunyanLogger.ts +0 -47
  288. package/src/logging/logger.ts +0 -164
  289. package/src/sudoKeyArchive/index.ts +0 -4
  290. package/src/sudoKeyArchive/keyArchive.ts +0 -120
  291. package/src/sudoKeyArchive/keyInfo.ts +0 -47
  292. package/src/sudoKeyArchive/keyType.ts +0 -50
  293. package/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
  294. package/src/sudoKeyManager/index.ts +0 -4
  295. package/src/sudoKeyManager/keyData.ts +0 -60
  296. package/src/sudoKeyManager/publicKey.ts +0 -9
  297. package/src/sudoKeyManager/sudoCryptoProvider.ts +0 -434
  298. package/src/sudoKeyManager/sudoKeyManager.ts +0 -635
  299. package/src/types/types.ts +0 -129
  300. package/src/utils/base64.ts +0 -21
  301. package/src/utils/buffer.ts +0 -39
  302. package/test/integration/defaultConfigurationManager.spec.ts +0 -85
  303. package/test/matchers.ts +0 -122
  304. package/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
  305. package/test/unit/errors/error.spec.ts +0 -115
  306. package/test/unit/keyType.spec.ts +0 -54
  307. package/test/unit/logging/logger.spec.ts +0 -182
  308. package/test/unit/sudoKeyArchive.spec.ts +0 -1609
  309. package/test/unit/sudoKeyManager.spec.ts +0 -1086
  310. package/test/unit/utils/base64.spec.ts +0 -30
  311. package/test/unit/utils/buffer.spec.ts +0 -45
  312. package/test/unit/utils/listOperationResult.spec.ts +0 -84
  313. package/tsconfig.json +0 -20
  314. package/tsconfig.test.json +0 -7
  315. package/yarn.lock +0 -5922
@@ -1,591 +0,0 @@
1
- import { gunzipSync, gzipSync } from 'fflate'
2
- import { isLeft } from 'fp-ts/lib/Either'
3
-
4
- import {
5
- IllegalArgumentError,
6
- KeyArchiveDecodingError,
7
- KeyArchiveIncorrectPasswordError,
8
- KeyArchiveMissingError,
9
- KeyArchiveNoPasswordRequiredError,
10
- KeyArchivePasswordRequiredError,
11
- KeyArchiveTypeError,
12
- KeyArchiveUnknownKeyTypeError,
13
- KeyArchiveVersionError,
14
- KeyNotFoundError,
15
- } from '../errors/error'
16
- import { KeyData, KeyDataKeyType } from '../sudoKeyManager'
17
- import { SudoCryptoProviderDefaults } from '../sudoKeyManager/sudoCryptoProvider'
18
- import { SudoKeyManager } from '../sudoKeyManager/sudoKeyManager'
19
- import { Base64 } from '../utils/base64'
20
- import { Buffer as BufferUtil } from '../utils/buffer'
21
- import {
22
- CURRENT_ARCHIVE_VERSION,
23
- InsecureKeyArchive,
24
- InsecureKeyArchiveType,
25
- isSecureKeyArchive,
26
- isUnrecognizedKeyArchive,
27
- KeyArchive,
28
- KeyArchiveCodec,
29
- SecureKeyArchive,
30
- SecureKeyArchiveType,
31
- } from './keyArchive'
32
- import { KeyArchiveKeyInfo, KeyArchiveKeyInfoArrayCodec } from './keyInfo'
33
- import { KeyArchiveKeyType } from './keyType'
34
-
35
- export interface SudoKeyArchive {
36
- /**
37
- * Loads keys from the secure store into the archive.
38
- */
39
- loadKeys(): Promise<void>
40
-
41
- /**
42
- * Saves the keys in this archive to the secure store.
43
- */
44
- saveKeys(): Promise<void>
45
-
46
- /**
47
- * Archives and encrypts the keys loaded into this archive.
48
- *
49
- * @param password
50
- * The password to use to encrypt the archive. Or undefined if no password.
51
- * Choice to have no password must be explicit.
52
- *
53
- * @returns Binary archive data.
54
- */
55
- archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer>
56
-
57
- /**
58
- * Decrypts and unarchives the keys in this archive.
59
- *
60
- * @param password
61
- * The password to use to decrypt the archive if its a secure archive
62
- * otherwise must be undefined.
63
- *
64
- * @throws {@link KeyArchiveDecodingError}
65
- * If the archive is unable to be decoding according to the
66
- * required structure.
67
- *
68
- * @throws {@link KeyArchiveIncorrectPasswordError}
69
- * If the archive is a secure archive and the password is unable to be
70
- * used to decrypt the encrypted keys.
71
- *
72
- * @throws {@link KeyArchivePasswordRequiredError}
73
- * If the archive is a secure archive but no password is provided.
74
- *
75
- * @throws {@link KeyArchiveNoPasswordRequiredError}
76
- * If the archive is an insecure archive but a password is provided.
77
- */
78
- unarchive(password: ArrayBuffer | undefined): Promise<void>
79
-
80
- /**
81
- * Resets the archive by clearing loaded keys and archive data.
82
- */
83
- reset(): void
84
-
85
- /**
86
- * Determines whether or not the archive contains the key with the
87
- * specified name and type. The archive must be unarchived before the
88
- * key can be searched.
89
- *
90
- * @param namespace the namespace of the key
91
- * @param name the key name.
92
- * @param type the key type.
93
- *
94
- * @return true if the specified key exists in the archive.
95
- */
96
- containsKey(namespace: string, name: string, type: KeyArchiveKeyType): boolean
97
-
98
- /**
99
- * Retrieves the specified key data from the archive. The archive must
100
- * be unarchived before the key data can be retrieved.
101
- *
102
- * @param namespace the namespace of the key
103
- * @param name the key name
104
- * @param type the key type
105
- *
106
- * @return a byte array containing the specified key data or null if it was not found.
107
- *
108
- * @throws {@link KeyNotFoundError}
109
- * If key is not present in the archive.
110
- */
111
- getKeyData(
112
- namespace: string,
113
- name: string,
114
- type: KeyArchiveKeyType,
115
- ): ArrayBuffer
116
-
117
- /** @return the key types to exclude from the archive in an unmodifiable set. */
118
- getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType>
119
-
120
- /** @return the key names to exclude from the archive in an unmodifiable set. */
121
- getExcludedKeys(): ReadonlySet<string>
122
-
123
- /** @return the meta-information associated with this archive in an unmodifiable map. */
124
- getMetaInfo(): ReadonlyMap<string, string>
125
- }
126
-
127
- export type KeyArchiveKeyInfoDecoded = KeyArchiveKeyInfo & {
128
- Decoded: ArrayBuffer
129
- }
130
-
131
- export class DefaultSudoKeyArchive implements SudoKeyArchive {
132
- /**
133
- * Version 2 format is not gzipped is what's currently generated
134
- * by iOS and Android. We may want to add support for importing
135
- * such archives.
136
- */
137
- public static readonly PREGZIP_ARCHIVE_VERSION = 2
138
-
139
- /**
140
- * Version 3 format permits both secure and insecure key archives.
141
- *
142
- * Insecure key archives are used where the archive will be stored
143
- * in an otherwise known secure way e.g. via secure-vault-service
144
- * where the encryption of the archive would then be handled by
145
- * clients of that service.
146
- *
147
- * Secure key archives are password protected (via PBKDF2) a la version
148
- * 2 format.
149
- *
150
- * Insecure format detail is:
151
- *
152
- * gzip(JSON.stringify(InsecureKeyArchive))
153
- *
154
- * Secure format detail is:
155
- *
156
- * gzip(JSON.stringify(SecureKeyArchive))
157
- *
158
- * where Keys property of SecureKeyArchive is:
159
- *
160
- * base64(encrypt(gzip(JSON.stringify(array of keys))))
161
- *
162
- * Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
163
- * and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
164
- * salted with SecureKeyArchive.Salt.
165
- */
166
- public static readonly CURRENT_ARCHIVE_VERSION = CURRENT_ARCHIVE_VERSION
167
-
168
- private readonly defaultKeyManager: SudoKeyManager
169
- private readonly keyManagers: Record<string, SudoKeyManager> = {}
170
- private keyArchive: SecureKeyArchive | InsecureKeyArchive | undefined
171
- private readonly excludedKeys: Set<string> = new Set<string>()
172
- private readonly excludedKeyTypes: Set<KeyArchiveKeyType> =
173
- new Set<KeyArchiveKeyType>()
174
- private readonly metaInfo: Map<string, string> = new Map<string, string>()
175
-
176
- private readonly keys: Map<string, KeyArchiveKeyInfoDecoded> = new Map<
177
- string,
178
- KeyArchiveKeyInfoDecoded
179
- >()
180
-
181
- /**
182
- * Construct SudoKeyArchive
183
- *
184
- *
185
- * @param keyManagers
186
- * Key manager or array of key managers to either restore archive in to
187
- * or construct archive from
188
- *
189
- * @param archiveData
190
- * Array buffer of binary archive data to restore.
191
- *
192
- * @param excludedKeys
193
- * Set of key names to exclude from archive or restore operation.
194
- * Default: None
195
- *
196
- * @param excludedKeyTypes
197
- * Set of key types to exclude from archive or restore operation.
198
- * Default: {@link KeyArchiveKeyType.PublicKey}
199
- *
200
- * @param metaInfo
201
- * Meta information to include with the key archive
202
- *
203
- * @throws {@link IllegalArgumentError}
204
- * If no key managers are provided
205
- *
206
- * @throws {@link IllegalArgumentError}
207
- * If multiple key managers are provided with the same namespace
208
- *
209
- * @throws {@link KeyArchiveDecodingError}
210
- * If archiveData is provided and its binary data cannot be decoded
211
- *
212
- * @throws {@link KeyArchiveTypeError}
213
- * If archiveData is provided and decodes to an unsupported archive
214
- * type.
215
- *
216
- * @throws {@link KeyArchiveVersionError}
217
- * If archiveData is provided and decodes to an unsupported archive
218
- * version.
219
- */
220
- public constructor(
221
- keyManagers: SudoKeyManager | SudoKeyManager[],
222
- options?: {
223
- archiveData?: ArrayBuffer
224
- excludedKeys?: ReadonlySet<string>
225
- excludedKeyTypes?: ReadonlySet<KeyArchiveKeyType>
226
- metaInfo?: ReadonlyMap<string, string>
227
- },
228
- ) {
229
- if (Array.isArray(keyManagers)) {
230
- if (keyManagers.length === 0) {
231
- throw new IllegalArgumentError('Must provide at least one key manager')
232
- }
233
-
234
- keyManagers.forEach((keyManager) => {
235
- if (this.keyManagers[keyManager.namespace]) {
236
- throw new IllegalArgumentError(
237
- `Multiple key managers provided with namespace ${keyManager.namespace}`,
238
- )
239
- }
240
- this.keyManagers[keyManager.namespace] = keyManager
241
- })
242
- this.defaultKeyManager = keyManagers[0]
243
- } else {
244
- this.keyManagers[keyManagers.namespace] = keyManagers
245
- this.defaultKeyManager = keyManagers
246
- }
247
-
248
- if (options?.archiveData) {
249
- this.keyArchive = this.loadArchive(options.archiveData)
250
- }
251
-
252
- // We take copies of the input parameters so we own the data
253
- if (options?.excludedKeys) {
254
- options?.excludedKeys.forEach((excludedKey) =>
255
- this.excludedKeys.add(excludedKey),
256
- )
257
- }
258
-
259
- if (options?.excludedKeyTypes) {
260
- options?.excludedKeyTypes.forEach((excludedKeyType) =>
261
- this.excludedKeyTypes.add(excludedKeyType),
262
- )
263
- }
264
-
265
- if (options?.metaInfo?.size) {
266
- for (const [key, value] of options?.metaInfo?.entries()) {
267
- this.metaInfo.set(key, value)
268
- }
269
- }
270
- }
271
-
272
- /**
273
- * Reads the binary data and converts it to JSON and then deserialises it
274
- * into a KeyArchive
275
- */
276
- private loadArchive(
277
- archiveData: ArrayBuffer,
278
- ): SecureKeyArchive | InsecureKeyArchive {
279
- let unzipped: Uint8Array
280
-
281
- try {
282
- unzipped = gunzipSync(new Uint8Array(archiveData))
283
- } catch (err) {
284
- throw new KeyArchiveDecodingError()
285
- }
286
-
287
- let keyArchive: KeyArchive
288
- try {
289
- const decoded = KeyArchiveCodec.decode(
290
- JSON.parse(BufferUtil.toString(unzipped)),
291
- )
292
- if (isLeft(decoded)) {
293
- throw new KeyArchiveDecodingError()
294
- }
295
- keyArchive = decoded.right
296
- } catch (err) {
297
- throw new KeyArchiveDecodingError()
298
- }
299
- if (isUnrecognizedKeyArchive(keyArchive)) {
300
- if (
301
- keyArchive.Type &&
302
- keyArchive.Type !== SecureKeyArchiveType &&
303
- keyArchive.Type !== InsecureKeyArchiveType
304
- ) {
305
- throw new KeyArchiveTypeError(keyArchive.Type)
306
- }
307
-
308
- // Only support DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION for now.
309
- if (
310
- keyArchive.Version !== undefined &&
311
- keyArchive.Version !== DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION
312
- ) {
313
- throw new KeyArchiveVersionError(keyArchive.Version)
314
- }
315
-
316
- throw new KeyArchiveDecodingError()
317
- }
318
-
319
- return keyArchive
320
- }
321
-
322
- async loadKeys(): Promise<void> {
323
- for (const keyManager of Object.values(this.keyManagers)) {
324
- await keyManager.exportKeys().then((exported) => {
325
- exported.forEach((data) => {
326
- const keyArchiveInfoDecoded = keyArchiveInfoFromKeyData(data)
327
- if (
328
- !this.excludedKeyTypes.has(keyArchiveInfoDecoded.Type) &&
329
- !this.excludedKeys.has(data.name)
330
- ) {
331
- this.keys.set(
332
- `${keyArchiveInfoDecoded.NameSpace}:${keyArchiveInfoDecoded.Type}:${keyArchiveInfoDecoded.Name}`,
333
- keyArchiveInfoDecoded,
334
- )
335
- }
336
- })
337
- })
338
- }
339
- }
340
-
341
- async saveKeys(): Promise<void> {
342
- for (const info of this.keys.values()) {
343
- const keyManager = this.keyManagers[info.NameSpace]
344
- if (!keyManager) continue
345
- if (this.excludedKeyTypes.has(info.Type)) continue
346
- if (this.excludedKeys.has(info.Name)) continue
347
-
348
- const keyData = info.Decoded
349
- switch (info.Type) {
350
- case KeyArchiveKeyType.Password:
351
- await keyManager.addPassword(keyData, info.Name)
352
- break
353
- case KeyArchiveKeyType.PrivateKey:
354
- await keyManager.addPrivateKey(keyData, info.Name)
355
- break
356
- case KeyArchiveKeyType.PublicKey:
357
- await keyManager.addPublicKey(keyData, info.Name)
358
- break
359
- case KeyArchiveKeyType.SymmetricKey:
360
- await keyManager.addSymmetricKey(keyData, info.Name)
361
- break
362
- default:
363
- throw new KeyArchiveUnknownKeyTypeError(
364
- `Key archive key type ${info.Type as string} is not recognized`,
365
- )
366
- }
367
- }
368
- }
369
-
370
- async archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer> {
371
- const keys: KeyArchiveKeyInfo[] = []
372
- for (const key of this.keys.values()) {
373
- keys.push({
374
- NameSpace: key.NameSpace,
375
- Name: key.Name,
376
- Data: key.Data,
377
- Type: key.Type,
378
- Synchronizable: key.Synchronizable,
379
- Exportable: key.Exportable,
380
- })
381
- }
382
-
383
- let keyArchive: SecureKeyArchive | InsecureKeyArchive
384
- if (!password) {
385
- const insecureKeyArchive: InsecureKeyArchive = {
386
- Type: 'Insecure',
387
- MetaInfo: {},
388
- Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
389
- Keys: keys,
390
- }
391
- keyArchive = insecureKeyArchive
392
- } else {
393
- const salt = await this.defaultKeyManager.generateRandomData(
394
- SudoCryptoProviderDefaults.pbkdfSaltSize,
395
- )
396
- const b64Salt = Base64.encode(salt)
397
- const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(
398
- password,
399
- salt,
400
- {
401
- rounds: SudoCryptoProviderDefaults.pbkdfRounds,
402
- },
403
- )
404
-
405
- const serializedKeys = JSON.stringify(keys)
406
- const compressedSerializedKeys = gzipSync(
407
- BufferUtil.fromString(serializedKeys),
408
- {
409
- level: 9,
410
- },
411
- )
412
-
413
- // Don't strictly need a randomly generated IV here but no harm either
414
- const iv = await this.defaultKeyManager.generateRandomData(
415
- SudoCryptoProviderDefaults.aesIVSize,
416
- )
417
- const encryptedKeys =
418
- await this.defaultKeyManager.encryptWithSymmetricKey(
419
- key,
420
- compressedSerializedKeys,
421
- { iv },
422
- )
423
- const secureKeyArchive: SecureKeyArchive = {
424
- Type: 'Secure',
425
- Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
426
- MetaInfo: {},
427
- Salt: b64Salt,
428
- Rounds: SudoCryptoProviderDefaults.pbkdfRounds,
429
- Keys: Base64.encode(encryptedKeys),
430
- IV: Base64.encode(iv),
431
- }
432
-
433
- keyArchive = secureKeyArchive
434
- }
435
-
436
- for (const [key, value] of this.metaInfo.entries()) {
437
- keyArchive.MetaInfo[key] = value
438
- }
439
-
440
- const archiveString = JSON.stringify(keyArchive)
441
-
442
- // While this double Gzips the SecureKeyArchive, it allows us to roughly
443
- // recover the space consumed by Base64 encoding the cipher text. Otherwise
444
- // we would end up having a fully binary data structure for the archive.
445
- // If the time to compute becomes prohibitive we can look at a binary, non-JSON
446
- // base format for the archive.
447
- const archiveGzipped = gzipSync(BufferUtil.fromString(archiveString), {
448
- level: 9,
449
- })
450
-
451
- return Promise.resolve(archiveGzipped)
452
- }
453
-
454
- async unarchive(password: ArrayBuffer | undefined): Promise<void> {
455
- if (!this.keyArchive) {
456
- throw new KeyArchiveMissingError()
457
- }
458
-
459
- let keys: KeyArchiveKeyInfo[]
460
-
461
- if (isSecureKeyArchive(this.keyArchive)) {
462
- if (!password) {
463
- throw new KeyArchivePasswordRequiredError()
464
- }
465
-
466
- let iv: ArrayBuffer
467
- let encryptedKeys: ArrayBuffer
468
- let key: ArrayBuffer
469
- try {
470
- const salt = Base64.decode(this.keyArchive.Salt)
471
- iv = Base64.decode(this.keyArchive.IV)
472
- encryptedKeys = Base64.decode(this.keyArchive.Keys)
473
- key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(
474
- password,
475
- salt,
476
- { rounds: this.keyArchive.Rounds },
477
- )
478
- } catch (err) {
479
- throw new KeyArchiveDecodingError()
480
- }
481
-
482
- let compressedSerializedKeys: ArrayBuffer
483
- try {
484
- compressedSerializedKeys =
485
- await this.defaultKeyManager.decryptWithSymmetricKey(
486
- key,
487
- encryptedKeys,
488
- { iv },
489
- )
490
- } catch (err) {
491
- throw new KeyArchiveIncorrectPasswordError()
492
- }
493
- try {
494
- const serializedKeys = gunzipSync(
495
- new Uint8Array(compressedSerializedKeys),
496
- )
497
- const decoded = KeyArchiveKeyInfoArrayCodec.decode(
498
- JSON.parse(BufferUtil.toString(serializedKeys)),
499
- )
500
- if (isLeft(decoded)) {
501
- throw new KeyArchiveDecodingError()
502
- }
503
- keys = decoded.right
504
- } catch (err) {
505
- throw new KeyArchiveDecodingError()
506
- }
507
- } else {
508
- if (password) {
509
- throw new KeyArchiveNoPasswordRequiredError()
510
- }
511
- keys = this.keyArchive.Keys
512
- }
513
-
514
- keys.forEach((key) => {
515
- const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`
516
- let decoded: ArrayBuffer
517
- try {
518
- decoded = Base64.decode(key.Data)
519
- } catch (err) {
520
- throw new KeyArchiveDecodingError(`Unable to decode key ${keyKey}`)
521
- }
522
- this.keys.set(keyKey, { ...key, Decoded: decoded })
523
- })
524
- }
525
-
526
- reset(): void {
527
- this.keys.clear()
528
- }
529
-
530
- containsKey(
531
- namespace: string,
532
- name: string,
533
- type: KeyArchiveKeyType,
534
- ): boolean {
535
- return this.keys.has(`${namespace}:${type}:${name}`)
536
- }
537
-
538
- getKeyData(
539
- namespace: string,
540
- name: string,
541
- type: KeyArchiveKeyType,
542
- ): ArrayBuffer {
543
- const keyInfo = this.keys.get(`${namespace}:${type}:${name}`)
544
- if (!keyInfo) {
545
- throw new KeyNotFoundError()
546
- }
547
-
548
- return keyInfo.Decoded
549
- }
550
-
551
- getExcludedKeys(): ReadonlySet<string> {
552
- return this.excludedKeys
553
- }
554
-
555
- getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType> {
556
- return this.excludedKeyTypes
557
- }
558
-
559
- getMetaInfo(): ReadonlyMap<string, string> {
560
- return this.metaInfo
561
- }
562
- }
563
-
564
- export function keyArchiveInfoFromKeyData(
565
- keyData: KeyData,
566
- ): KeyArchiveKeyInfoDecoded {
567
- return {
568
- NameSpace: keyData.namespace,
569
- Name: keyData.name,
570
- Type: keyArchiveKeyTypeFromKeyDataKeyType(keyData.type),
571
- Data: Base64.encode(keyData.data),
572
- Decoded: keyData.data,
573
- Synchronizable: false,
574
- Exportable: true,
575
- }
576
- }
577
-
578
- export function keyArchiveKeyTypeFromKeyDataKeyType(
579
- keyDataKeyType: KeyDataKeyType,
580
- ): KeyArchiveKeyType {
581
- switch (keyDataKeyType) {
582
- case KeyDataKeyType.Password:
583
- return KeyArchiveKeyType.Password
584
- case KeyDataKeyType.RSAPrivateKey:
585
- return KeyArchiveKeyType.PrivateKey
586
- case KeyDataKeyType.RSAPublicKey:
587
- return KeyArchiveKeyType.PublicKey
588
- case KeyDataKeyType.SymmetricKey:
589
- return KeyArchiveKeyType.SymmetricKey
590
- }
591
- }
@@ -1,4 +0,0 @@
1
- export * from './keyData'
2
- export * from './publicKey'
3
- export * from './sudoCryptoProvider'
4
- export * from './sudoKeyManager'
@@ -1,60 +0,0 @@
1
- /**
2
- * Type of key
3
- */
4
- export enum KeyDataKeyType {
5
- SymmetricKey = 'SymmetricKey',
6
- RSAPublicKey = 'RSAPublicKey',
7
- RSAPrivateKey = 'RSAPrivateKey',
8
- Password = 'Password',
9
- }
10
-
11
- export enum KeyDataKeyFormat {
12
- /**
13
- * Raw key format.
14
- *
15
- * For SymmetricKey and Password types this means the raw bytes
16
- * of the key/password.
17
- *
18
- * For RSAPublicKey this means RSAPublicKey binary format.
19
- * For RSAPrivateKey this means RSAPrivateKey binary format.
20
- * "RSA PUBLIC KEY" or "RSA PRIVATE KEY" in PEM speak
21
- */
22
- Raw = 'Raw',
23
-
24
- /**
25
- * SPKI public key format.
26
- *
27
- * Applies to public keys (currently only RSAPublicKey)
28
- * and means they are formated using SPKI.
29
- *
30
- * "PUBLIC KEY" in PEM speak
31
- */
32
- SPKI = 'SPKI',
33
-
34
- /**
35
- * PKCS8 private key format.
36
- *
37
- * Applies to private keys (currently only RSAPrivateKey)
38
- * and means they are formated using unencrypted PKCS8.
39
- *
40
- * "PRIVATE KEY" in PEM speak
41
- */
42
- PKCS8 = 'PKCS8',
43
- }
44
-
45
- /**
46
- * Record of key in a key archive
47
- *
48
- * @property name name of the key within the namespace
49
- * @property namespace namespace of the key manager for this key
50
- * @property data raw binary data of the key
51
- * @property type type of the key
52
- * @property format format of the raw binary data
53
- */
54
- export interface KeyData {
55
- name: string
56
- namespace: string
57
- data: ArrayBuffer
58
- type: KeyDataKeyType
59
- format: KeyDataKeyFormat
60
- }
@@ -1,9 +0,0 @@
1
- export enum PublicKeyFormat {
2
- RSAPublicKey,
3
- SPKI,
4
- }
5
-
6
- export interface PublicKey {
7
- readonly keyData: ArrayBuffer
8
- readonly keyFormat: PublicKeyFormat
9
- }