@sudoplatform/sudo-common 7.0.2 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cjs/configurationManager/defaultConfigurationManager.d.ts +123 -0
- package/cjs/configurationManager/defaultConfigurationManager.js +122 -0
- package/cjs/configurationManager/defaultConfigurationManager.js.map +1 -0
- package/cjs/errors/error.d.ts +263 -0
- package/cjs/errors/error.js +442 -0
- package/cjs/errors/error.js.map +1 -0
- package/cjs/index.d.ts +9 -0
- package/cjs/index.js +13 -0
- package/cjs/index.js.map +1 -0
- package/cjs/logging/bunyanLogger.d.ts +8 -0
- package/cjs/logging/bunyanLogger.js +36 -0
- package/cjs/logging/bunyanLogger.js.map +1 -0
- package/cjs/logging/logger.d.ts +87 -0
- package/cjs/logging/logger.js +77 -0
- package/cjs/logging/logger.js.map +1 -0
- package/cjs/sudoKeyArchive/index.d.ts +4 -0
- package/cjs/sudoKeyArchive/index.js +8 -0
- package/cjs/sudoKeyArchive/index.js.map +1 -0
- package/cjs/sudoKeyArchive/keyArchive.d.ts +137 -0
- package/cjs/sudoKeyArchive/keyArchive.js +84 -0
- package/cjs/sudoKeyArchive/keyArchive.js.map +1 -0
- package/cjs/sudoKeyArchive/keyInfo.d.ts +41 -0
- package/cjs/sudoKeyArchive/keyInfo.js +17 -0
- package/cjs/sudoKeyArchive/keyInfo.js.map +1 -0
- package/cjs/sudoKeyArchive/keyType.d.ts +13 -0
- package/cjs/sudoKeyArchive/keyType.js +39 -0
- package/cjs/sudoKeyArchive/keyType.js.map +1 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.d.ts +190 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.js +373 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
- package/cjs/sudoKeyManager/index.d.ts +4 -0
- package/cjs/sudoKeyManager/index.js +8 -0
- package/cjs/sudoKeyManager/index.js.map +1 -0
- package/cjs/sudoKeyManager/keyData.d.ts +56 -0
- package/cjs/sudoKeyManager/keyData.js +46 -0
- package/cjs/sudoKeyManager/keyData.js.map +1 -0
- package/cjs/sudoKeyManager/publicKey.d.ts +8 -0
- package/cjs/sudoKeyManager/publicKey.js +9 -0
- package/cjs/sudoKeyManager/publicKey.js.map +1 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.d.ts +324 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.js +12 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
- package/cjs/sudoKeyManager/sudoKeyManager.d.ts +344 -0
- package/cjs/sudoKeyManager/sudoKeyManager.js +140 -0
- package/cjs/sudoKeyManager/sudoKeyManager.js.map +1 -0
- package/cjs/types/types.d.ts +115 -0
- package/cjs/types/types.js +45 -0
- package/cjs/types/types.js.map +1 -0
- package/cjs/utils/base64.d.ts +44 -0
- package/cjs/utils/base64.js +71 -0
- package/cjs/utils/base64.js.map +1 -0
- package/cjs/utils/buffer.d.ts +13 -0
- package/cjs/utils/buffer.js +37 -0
- package/cjs/utils/buffer.js.map +1 -0
- package/cjs/utils/stream.d.ts +6 -0
- package/cjs/utils/stream.js +70 -0
- package/cjs/utils/stream.js.map +1 -0
- package/lib/configurationManager/defaultConfigurationManager.js +106 -158
- package/lib/configurationManager/defaultConfigurationManager.js.map +1 -0
- package/lib/errors/error.js +226 -438
- package/lib/errors/error.js.map +1 -0
- package/lib/index.d.ts +1 -0
- package/lib/index.js +10 -109
- package/lib/index.js.map +1 -0
- package/lib/logging/bunyanLogger.js +29 -41
- package/lib/logging/bunyanLogger.js.map +1 -0
- package/lib/logging/logger.js +66 -92
- package/lib/logging/logger.js.map +1 -0
- package/lib/sudoKeyArchive/index.js +5 -57
- package/lib/sudoKeyArchive/index.js.map +1 -0
- package/lib/sudoKeyArchive/keyArchive.d.ts +8 -8
- package/lib/sudoKeyArchive/keyArchive.js +69 -96
- package/lib/sudoKeyArchive/keyArchive.js.map +1 -0
- package/lib/sudoKeyArchive/keyInfo.js +11 -49
- package/lib/sudoKeyArchive/keyInfo.js.map +1 -0
- package/lib/sudoKeyArchive/keyType.js +27 -37
- package/lib/sudoKeyArchive/keyType.js.map +1 -0
- package/lib/sudoKeyArchive/sudoKeyArchive.js +351 -444
- package/lib/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
- package/lib/sudoKeyManager/index.js +5 -57
- package/lib/sudoKeyManager/index.js.map +1 -0
- package/lib/sudoKeyManager/keyData.js +38 -33
- package/lib/sudoKeyManager/keyData.js.map +1 -0
- package/lib/sudoKeyManager/publicKey.js +5 -12
- package/lib/sudoKeyManager/publicKey.js.map +1 -0
- package/lib/sudoKeyManager/sudoCryptoProvider.js +8 -26
- package/lib/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
- package/lib/sudoKeyManager/sudoKeyManager.js +135 -173
- package/lib/sudoKeyManager/sudoKeyManager.js.map +1 -0
- package/lib/types/types.js +27 -33
- package/lib/types/types.js.map +1 -0
- package/lib/utils/base64.d.ts +35 -0
- package/lib/utils/base64.js +63 -28
- package/lib/utils/base64.js.map +1 -0
- package/lib/utils/buffer.js +28 -46
- package/lib/utils/buffer.js.map +1 -0
- package/lib/utils/stream.d.ts +6 -0
- package/lib/utils/stream.js +63 -0
- package/lib/utils/stream.js.map +1 -0
- package/package.json +36 -29
- package/.babelrc +0 -10
- package/.eslintrc.js +0 -91
- package/.gitignore +0 -14
- package/.gitlab-ci.yml +0 -101
- package/.npmignore +0 -1
- package/.prettierignore +0 -3
- package/.prettierrc.js +0 -7
- package/.publisher.json +0 -7
- package/.vscode/settings.json +0 -5
- package/.yarn/releases/yarn-1.22.19.cjs +0 -147529
- package/.yarnrc +0 -5
- package/dependencies-report.json +0 -640
- package/docs/.nojekyll +0 -1
- package/docs/assets/highlight.css +0 -57
- package/docs/assets/main.js +0 -54
- package/docs/assets/search.js +0 -1
- package/docs/assets/style.css +0 -1224
- package/docs/assets/widgets.png +0 -0
- package/docs/assets/widgets@2x.png +0 -0
- package/docs/classes/AccountLockedError.html +0 -163
- package/docs/classes/AuthenticationError.html +0 -169
- package/docs/classes/Base64.html +0 -134
- package/docs/classes/Buffer.html +0 -158
- package/docs/classes/ConfigurationNotSetError.html +0 -164
- package/docs/classes/ConfigurationSetNotFoundError.html +0 -168
- package/docs/classes/DecodeError.html +0 -168
- package/docs/classes/DefaultConfigurationManager.html +0 -213
- package/docs/classes/DefaultLogger.html +0 -291
- package/docs/classes/DefaultSudoKeyArchive.html +0 -363
- package/docs/classes/DefaultSudoKeyManager.html +0 -814
- package/docs/classes/FatalError.html +0 -169
- package/docs/classes/IllegalArgumentError.html +0 -168
- package/docs/classes/IllegalStateError.html +0 -169
- package/docs/classes/InsufficientEntitlementsError.html +0 -164
- package/docs/classes/InvalidOwnershipProofError.html +0 -163
- package/docs/classes/InvalidTokenError.html +0 -163
- package/docs/classes/KeyArchiveDecodingError.html +0 -168
- package/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
- package/docs/classes/KeyArchiveMissingError.html +0 -168
- package/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
- package/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
- package/docs/classes/KeyArchiveTypeError.html +0 -168
- package/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
- package/docs/classes/KeyArchiveVersionError.html +0 -168
- package/docs/classes/KeyNotFoundError.html +0 -168
- package/docs/classes/KeyStoreNotExportableError.html +0 -168
- package/docs/classes/LimitExceededError.html +0 -164
- package/docs/classes/NoEntitlementsError.html +0 -163
- package/docs/classes/NotAuthorizedError.html +0 -169
- package/docs/classes/NotRegisteredError.html +0 -168
- package/docs/classes/NotSignedInError.html +0 -164
- package/docs/classes/OperationNotImplementedError.html +0 -168
- package/docs/classes/RegisterError.html +0 -169
- package/docs/classes/RequestFailedError.html +0 -189
- package/docs/classes/ServiceError.html +0 -170
- package/docs/classes/SignOutError.html +0 -168
- package/docs/classes/SudoCryptoProviderDefaults.html +0 -106
- package/docs/classes/UnknownGraphQLError.html +0 -169
- package/docs/classes/UnrecognizedAlgorithmError.html +0 -168
- package/docs/classes/UserNotConfirmedError.html +0 -164
- package/docs/classes/VersionMismatchError.html +0 -166
- package/docs/enums/CachePolicy.html +0 -72
- package/docs/enums/EncryptionAlgorithm.html +0 -80
- package/docs/enums/KeyArchiveKeyType.html +0 -86
- package/docs/enums/KeyDataKeyFormat.html +0 -92
- package/docs/enums/KeyDataKeyType.html +0 -85
- package/docs/enums/ListOperationResultStatus.html +0 -85
- package/docs/enums/PublicKeyFormat.html +0 -68
- package/docs/functions/isAppSyncNetworkError.html +0 -147
- package/docs/functions/isInsecureKeyArchive.html +0 -147
- package/docs/functions/isSecureKeyArchive.html +0 -147
- package/docs/functions/isUnrecognizedKeyArchive.html +0 -147
- package/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
- package/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
- package/docs/functions/mapGraphQLToClientError.html +0 -154
- package/docs/functions/mapNetworkErrorToClientError.html +0 -154
- package/docs/index.html +0 -146
- package/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
- package/docs/interfaces/BooleanFilter.html +0 -75
- package/docs/interfaces/ConfigurationManager.html +0 -200
- package/docs/interfaces/KeyData.html +0 -106
- package/docs/interfaces/ListOperationFailureResult.html +0 -76
- package/docs/interfaces/ListOperationPartialResult.html +0 -102
- package/docs/interfaces/ListOperationSuccessResult.html +0 -90
- package/docs/interfaces/ListOutput.html +0 -80
- package/docs/interfaces/Logger.html +0 -251
- package/docs/interfaces/Owner.html +0 -72
- package/docs/interfaces/PublicKey.html +0 -72
- package/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
- package/docs/interfaces/StringFilter.html +0 -82
- package/docs/interfaces/SudoCryptoProvider.html +0 -865
- package/docs/interfaces/SudoKeyArchive.html +0 -257
- package/docs/interfaces/SudoKeyManager.html +0 -848
- package/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
- package/docs/interfaces/ValidationResult.html +0 -83
- package/docs/modules.html +0 -248
- package/docs/types/AppSyncError.html +0 -138
- package/docs/types/AppSyncNetworkError.html +0 -138
- package/docs/types/InsecureKeyArchive.html +0 -138
- package/docs/types/KeyArchive.html +0 -138
- package/docs/types/KeyArchiveKeyInfo.html +0 -154
- package/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
- package/docs/types/ListOperationResult.html +0 -148
- package/docs/types/SecureKeyArchive.html +0 -138
- package/docs/types/Subset.html +0 -144
- package/docs/types/UnrecognizedKeyArchive.html +0 -138
- package/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
- package/docs/variables/InsecureKeyArchiveCodec.html +0 -138
- package/docs/variables/InsecureKeyArchiveType.html +0 -138
- package/docs/variables/KeyArchiveCodec.html +0 -138
- package/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
- package/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
- package/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
- package/docs/variables/SecureKeyArchiveCodec.html +0 -138
- package/docs/variables/SecureKeyArchiveType.html +0 -138
- package/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
- package/github/.babelrc +0 -10
- package/github/.eslintrc.js +0 -91
- package/github/.gitignore +0 -14
- package/github/.gitlab-ci.yml +0 -101
- package/github/.npmignore +0 -1
- package/github/.prettierignore +0 -3
- package/github/.prettierrc.js +0 -7
- package/github/.publisher.json +0 -7
- package/github/.vscode/settings.json +0 -5
- package/github/.yarn/releases/yarn-1.22.19.cjs +0 -147529
- package/github/.yarnrc +0 -5
- package/github/CHANGELOG.md +0 -51
- package/github/README.md +0 -8
- package/github/bin/outdated-with-suppression.sh +0 -203
- package/github/bin/suppress-audit.sh +0 -15
- package/github/bin/suppress-outdated.sh +0 -60
- package/github/bin/yarn-audit-with-suppression.sh +0 -19
- package/github/docs/.nojekyll +0 -1
- package/github/docs/assets/highlight.css +0 -57
- package/github/docs/assets/main.js +0 -54
- package/github/docs/assets/search.js +0 -1
- package/github/docs/assets/style.css +0 -1224
- package/github/docs/assets/widgets.png +0 -0
- package/github/docs/assets/widgets@2x.png +0 -0
- package/github/docs/classes/AccountLockedError.html +0 -163
- package/github/docs/classes/AuthenticationError.html +0 -169
- package/github/docs/classes/Base64.html +0 -134
- package/github/docs/classes/Buffer.html +0 -158
- package/github/docs/classes/ConfigurationNotSetError.html +0 -164
- package/github/docs/classes/ConfigurationSetNotFoundError.html +0 -168
- package/github/docs/classes/DecodeError.html +0 -168
- package/github/docs/classes/DefaultConfigurationManager.html +0 -213
- package/github/docs/classes/DefaultLogger.html +0 -291
- package/github/docs/classes/DefaultSudoKeyArchive.html +0 -363
- package/github/docs/classes/DefaultSudoKeyManager.html +0 -814
- package/github/docs/classes/FatalError.html +0 -169
- package/github/docs/classes/IllegalArgumentError.html +0 -168
- package/github/docs/classes/IllegalStateError.html +0 -169
- package/github/docs/classes/InsufficientEntitlementsError.html +0 -164
- package/github/docs/classes/InvalidOwnershipProofError.html +0 -163
- package/github/docs/classes/InvalidTokenError.html +0 -163
- package/github/docs/classes/KeyArchiveDecodingError.html +0 -168
- package/github/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
- package/github/docs/classes/KeyArchiveMissingError.html +0 -168
- package/github/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
- package/github/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
- package/github/docs/classes/KeyArchiveTypeError.html +0 -168
- package/github/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
- package/github/docs/classes/KeyArchiveVersionError.html +0 -168
- package/github/docs/classes/KeyNotFoundError.html +0 -168
- package/github/docs/classes/KeyStoreNotExportableError.html +0 -168
- package/github/docs/classes/LimitExceededError.html +0 -164
- package/github/docs/classes/NoEntitlementsError.html +0 -163
- package/github/docs/classes/NotAuthorizedError.html +0 -169
- package/github/docs/classes/NotRegisteredError.html +0 -168
- package/github/docs/classes/NotSignedInError.html +0 -164
- package/github/docs/classes/OperationNotImplementedError.html +0 -168
- package/github/docs/classes/RegisterError.html +0 -169
- package/github/docs/classes/RequestFailedError.html +0 -189
- package/github/docs/classes/ServiceError.html +0 -170
- package/github/docs/classes/SignOutError.html +0 -168
- package/github/docs/classes/SudoCryptoProviderDefaults.html +0 -106
- package/github/docs/classes/UnknownGraphQLError.html +0 -169
- package/github/docs/classes/UnrecognizedAlgorithmError.html +0 -168
- package/github/docs/classes/UserNotConfirmedError.html +0 -164
- package/github/docs/classes/VersionMismatchError.html +0 -166
- package/github/docs/enums/CachePolicy.html +0 -72
- package/github/docs/enums/EncryptionAlgorithm.html +0 -80
- package/github/docs/enums/KeyArchiveKeyType.html +0 -86
- package/github/docs/enums/KeyDataKeyFormat.html +0 -92
- package/github/docs/enums/KeyDataKeyType.html +0 -85
- package/github/docs/enums/ListOperationResultStatus.html +0 -85
- package/github/docs/enums/PublicKeyFormat.html +0 -68
- package/github/docs/functions/isAppSyncNetworkError.html +0 -147
- package/github/docs/functions/isInsecureKeyArchive.html +0 -147
- package/github/docs/functions/isSecureKeyArchive.html +0 -147
- package/github/docs/functions/isUnrecognizedKeyArchive.html +0 -147
- package/github/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
- package/github/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
- package/github/docs/functions/mapGraphQLToClientError.html +0 -154
- package/github/docs/functions/mapNetworkErrorToClientError.html +0 -154
- package/github/docs/index.html +0 -146
- package/github/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
- package/github/docs/interfaces/BooleanFilter.html +0 -75
- package/github/docs/interfaces/ConfigurationManager.html +0 -200
- package/github/docs/interfaces/KeyData.html +0 -106
- package/github/docs/interfaces/ListOperationFailureResult.html +0 -76
- package/github/docs/interfaces/ListOperationPartialResult.html +0 -102
- package/github/docs/interfaces/ListOperationSuccessResult.html +0 -90
- package/github/docs/interfaces/ListOutput.html +0 -80
- package/github/docs/interfaces/Logger.html +0 -251
- package/github/docs/interfaces/Owner.html +0 -72
- package/github/docs/interfaces/PublicKey.html +0 -72
- package/github/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
- package/github/docs/interfaces/StringFilter.html +0 -82
- package/github/docs/interfaces/SudoCryptoProvider.html +0 -865
- package/github/docs/interfaces/SudoKeyArchive.html +0 -257
- package/github/docs/interfaces/SudoKeyManager.html +0 -848
- package/github/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
- package/github/docs/interfaces/ValidationResult.html +0 -83
- package/github/docs/modules.html +0 -248
- package/github/docs/types/AppSyncError.html +0 -138
- package/github/docs/types/AppSyncNetworkError.html +0 -138
- package/github/docs/types/InsecureKeyArchive.html +0 -138
- package/github/docs/types/KeyArchive.html +0 -138
- package/github/docs/types/KeyArchiveKeyInfo.html +0 -154
- package/github/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
- package/github/docs/types/ListOperationResult.html +0 -148
- package/github/docs/types/SecureKeyArchive.html +0 -138
- package/github/docs/types/Subset.html +0 -144
- package/github/docs/types/UnrecognizedKeyArchive.html +0 -138
- package/github/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
- package/github/docs/variables/InsecureKeyArchiveCodec.html +0 -138
- package/github/docs/variables/InsecureKeyArchiveType.html +0 -138
- package/github/docs/variables/KeyArchiveCodec.html +0 -138
- package/github/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
- package/github/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
- package/github/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
- package/github/docs/variables/SecureKeyArchiveCodec.html +0 -138
- package/github/docs/variables/SecureKeyArchiveType.html +0 -138
- package/github/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
- package/github/jest.config.json +0 -14
- package/github/package.json +0 -91
- package/github/src/configurationManager/defaultConfigurationManager.ts +0 -281
- package/github/src/errors/error.ts +0 -469
- package/github/src/index.ts +0 -8
- package/github/src/logging/bunyanLogger.ts +0 -47
- package/github/src/logging/logger.ts +0 -164
- package/github/src/sudoKeyArchive/index.ts +0 -4
- package/github/src/sudoKeyArchive/keyArchive.ts +0 -120
- package/github/src/sudoKeyArchive/keyInfo.ts +0 -47
- package/github/src/sudoKeyArchive/keyType.ts +0 -50
- package/github/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
- package/github/src/sudoKeyManager/index.ts +0 -4
- package/github/src/sudoKeyManager/keyData.ts +0 -60
- package/github/src/sudoKeyManager/publicKey.ts +0 -9
- package/github/src/sudoKeyManager/sudoCryptoProvider.ts +0 -416
- package/github/src/sudoKeyManager/sudoKeyManager.ts +0 -609
- package/github/src/types/types.ts +0 -129
- package/github/src/utils/base64.ts +0 -21
- package/github/src/utils/buffer.ts +0 -39
- package/github/test/integration/defaultConfigurationManager.spec.ts +0 -85
- package/github/test/matchers.ts +0 -122
- package/github/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
- package/github/test/unit/errors/error.spec.ts +0 -115
- package/github/test/unit/keyType.spec.ts +0 -54
- package/github/test/unit/logging/logger.spec.ts +0 -182
- package/github/test/unit/sudoKeyArchive.spec.ts +0 -1609
- package/github/test/unit/sudoKeyManager.spec.ts +0 -1045
- package/github/test/unit/utils/base64.spec.ts +0 -30
- package/github/test/unit/utils/buffer.spec.ts +0 -45
- package/github/test/unit/utils/listOperationResult.spec.ts +0 -84
- package/github/tsconfig.json +0 -20
- package/github/tsconfig.test.json +0 -7
- package/github/yarn.lock +0 -5922
- package/jest.config.json +0 -14
- package/src/configurationManager/defaultConfigurationManager.ts +0 -281
- package/src/errors/error.ts +0 -469
- package/src/index.ts +0 -8
- package/src/logging/bunyanLogger.ts +0 -47
- package/src/logging/logger.ts +0 -164
- package/src/sudoKeyArchive/index.ts +0 -4
- package/src/sudoKeyArchive/keyArchive.ts +0 -120
- package/src/sudoKeyArchive/keyInfo.ts +0 -47
- package/src/sudoKeyArchive/keyType.ts +0 -50
- package/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
- package/src/sudoKeyManager/index.ts +0 -4
- package/src/sudoKeyManager/keyData.ts +0 -60
- package/src/sudoKeyManager/publicKey.ts +0 -9
- package/src/sudoKeyManager/sudoCryptoProvider.ts +0 -416
- package/src/sudoKeyManager/sudoKeyManager.ts +0 -609
- package/src/types/types.ts +0 -129
- package/src/utils/base64.ts +0 -21
- package/src/utils/buffer.ts +0 -39
- package/test/integration/defaultConfigurationManager.spec.ts +0 -85
- package/test/matchers.ts +0 -122
- package/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
- package/test/unit/errors/error.spec.ts +0 -115
- package/test/unit/keyType.spec.ts +0 -54
- package/test/unit/logging/logger.spec.ts +0 -182
- package/test/unit/sudoKeyArchive.spec.ts +0 -1609
- package/test/unit/sudoKeyManager.spec.ts +0 -1045
- package/test/unit/utils/base64.spec.ts +0 -30
- package/test/unit/utils/buffer.spec.ts +0 -45
- package/test/unit/utils/listOperationResult.spec.ts +0 -84
- package/tsconfig.json +0 -20
- package/tsconfig.test.json +0 -7
- package/yarn.lock +0 -5922
|
@@ -1,460 +1,367 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
}
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
* Meta information to include with the key archive
|
|
88
|
-
*
|
|
89
|
-
* @throws {@link IllegalArgumentError}
|
|
90
|
-
* If no key managers are provided
|
|
91
|
-
*
|
|
92
|
-
* @throws {@link IllegalArgumentError}
|
|
93
|
-
* If multiple key managers are provided with the same namespace
|
|
94
|
-
*
|
|
95
|
-
* @throws {@link KeyArchiveDecodingError}
|
|
96
|
-
* If archiveData is provided and its binary data cannot be decoded
|
|
97
|
-
*
|
|
98
|
-
* @throws {@link KeyArchiveTypeError}
|
|
99
|
-
* If archiveData is provided and decodes to an unsupported archive
|
|
100
|
-
* type.
|
|
101
|
-
*
|
|
102
|
-
* @throws {@link KeyArchiveVersionError}
|
|
103
|
-
* If archiveData is provided and decodes to an unsupported archive
|
|
104
|
-
* version.
|
|
105
|
-
*/
|
|
106
|
-
constructor(keyManagers, options) {
|
|
107
|
-
var _options$metaInfo;
|
|
108
|
-
|
|
109
|
-
_defineProperty(this, "defaultKeyManager", void 0);
|
|
110
|
-
|
|
111
|
-
_defineProperty(this, "keyManagers", {});
|
|
112
|
-
|
|
113
|
-
_defineProperty(this, "keyArchive", void 0);
|
|
114
|
-
|
|
115
|
-
_defineProperty(this, "excludedKeys", new Set());
|
|
116
|
-
|
|
117
|
-
_defineProperty(this, "excludedKeyTypes", new Set());
|
|
118
|
-
|
|
119
|
-
_defineProperty(this, "metaInfo", new Map());
|
|
120
|
-
|
|
121
|
-
_defineProperty(this, "keys", new Map());
|
|
122
|
-
|
|
123
|
-
if (Array.isArray(keyManagers)) {
|
|
124
|
-
if (keyManagers.length === 0) {
|
|
125
|
-
throw new _error.IllegalArgumentError('Must provide at least one key manager');
|
|
126
|
-
}
|
|
127
|
-
|
|
128
|
-
keyManagers.forEach(keyManager => {
|
|
129
|
-
if (this.keyManagers[keyManager.namespace]) {
|
|
130
|
-
throw new _error.IllegalArgumentError(`Multiple key managers provided with namespace ${keyManager.namespace}`);
|
|
1
|
+
import { gunzipSync, gzipSync } from 'fflate';
|
|
2
|
+
import { isLeft } from 'fp-ts/lib/Either';
|
|
3
|
+
import { IllegalArgumentError, KeyArchiveDecodingError, KeyArchiveIncorrectPasswordError, KeyArchiveMissingError, KeyArchiveNoPasswordRequiredError, KeyArchivePasswordRequiredError, KeyArchiveTypeError, KeyArchiveUnknownKeyTypeError, KeyArchiveVersionError, KeyNotFoundError, } from '../errors/error';
|
|
4
|
+
import { KeyDataKeyType } from '../sudoKeyManager';
|
|
5
|
+
import { SudoCryptoProviderDefaults } from '../sudoKeyManager/sudoCryptoProvider';
|
|
6
|
+
import { Base64 } from '../utils/base64';
|
|
7
|
+
import { Buffer as BufferUtil } from '../utils/buffer';
|
|
8
|
+
import { CURRENT_ARCHIVE_VERSION, InsecureKeyArchiveType, isSecureKeyArchive, isUnrecognizedKeyArchive, KeyArchiveCodec, SecureKeyArchiveType, } from './keyArchive';
|
|
9
|
+
import { KeyArchiveKeyInfoArrayCodec } from './keyInfo';
|
|
10
|
+
import { KeyArchiveKeyType } from './keyType';
|
|
11
|
+
export class DefaultSudoKeyArchive {
|
|
12
|
+
/**
|
|
13
|
+
* Construct SudoKeyArchive
|
|
14
|
+
*
|
|
15
|
+
*
|
|
16
|
+
* @param keyManagers
|
|
17
|
+
* Key manager or array of key managers to either restore archive in to
|
|
18
|
+
* or construct archive from
|
|
19
|
+
*
|
|
20
|
+
* @param archiveData
|
|
21
|
+
* Array buffer of binary archive data to restore.
|
|
22
|
+
*
|
|
23
|
+
* @param excludedKeys
|
|
24
|
+
* Set of key names to exclude from archive or restore operation.
|
|
25
|
+
* Default: None
|
|
26
|
+
*
|
|
27
|
+
* @param excludedKeyTypes
|
|
28
|
+
* Set of key types to exclude from archive or restore operation.
|
|
29
|
+
* Default: {@link KeyArchiveKeyType.PublicKey}
|
|
30
|
+
*
|
|
31
|
+
* @param metaInfo
|
|
32
|
+
* Meta information to include with the key archive
|
|
33
|
+
*
|
|
34
|
+
* @throws {@link IllegalArgumentError}
|
|
35
|
+
* If no key managers are provided
|
|
36
|
+
*
|
|
37
|
+
* @throws {@link IllegalArgumentError}
|
|
38
|
+
* If multiple key managers are provided with the same namespace
|
|
39
|
+
*
|
|
40
|
+
* @throws {@link KeyArchiveDecodingError}
|
|
41
|
+
* If archiveData is provided and its binary data cannot be decoded
|
|
42
|
+
*
|
|
43
|
+
* @throws {@link KeyArchiveTypeError}
|
|
44
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
45
|
+
* type.
|
|
46
|
+
*
|
|
47
|
+
* @throws {@link KeyArchiveVersionError}
|
|
48
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
49
|
+
* version.
|
|
50
|
+
*/
|
|
51
|
+
constructor(keyManagers, options) {
|
|
52
|
+
this.keyManagers = {};
|
|
53
|
+
this.excludedKeys = new Set();
|
|
54
|
+
this.excludedKeyTypes = new Set();
|
|
55
|
+
this.metaInfo = new Map();
|
|
56
|
+
this.keys = new Map();
|
|
57
|
+
if (Array.isArray(keyManagers)) {
|
|
58
|
+
if (keyManagers.length === 0) {
|
|
59
|
+
throw new IllegalArgumentError('Must provide at least one key manager');
|
|
60
|
+
}
|
|
61
|
+
keyManagers.forEach((keyManager) => {
|
|
62
|
+
if (this.keyManagers[keyManager.namespace]) {
|
|
63
|
+
throw new IllegalArgumentError(`Multiple key managers provided with namespace ${keyManager.namespace}`);
|
|
64
|
+
}
|
|
65
|
+
this.keyManagers[keyManager.namespace] = keyManager;
|
|
66
|
+
});
|
|
67
|
+
this.defaultKeyManager = keyManagers[0];
|
|
68
|
+
}
|
|
69
|
+
else {
|
|
70
|
+
this.keyManagers[keyManagers.namespace] = keyManagers;
|
|
71
|
+
this.defaultKeyManager = keyManagers;
|
|
72
|
+
}
|
|
73
|
+
if (options?.archiveData) {
|
|
74
|
+
this.keyArchive = this.loadArchive(options.archiveData);
|
|
75
|
+
}
|
|
76
|
+
// We take copies of the input parameters so we own the data
|
|
77
|
+
if (options?.excludedKeys) {
|
|
78
|
+
options?.excludedKeys.forEach((excludedKey) => this.excludedKeys.add(excludedKey));
|
|
79
|
+
}
|
|
80
|
+
if (options?.excludedKeyTypes) {
|
|
81
|
+
options?.excludedKeyTypes.forEach((excludedKeyType) => this.excludedKeyTypes.add(excludedKeyType));
|
|
82
|
+
}
|
|
83
|
+
if (options?.metaInfo?.size) {
|
|
84
|
+
for (const [key, value] of options?.metaInfo?.entries()) {
|
|
85
|
+
this.metaInfo.set(key, value);
|
|
86
|
+
}
|
|
131
87
|
}
|
|
132
|
-
|
|
133
|
-
this.keyManagers[keyManager.namespace] = keyManager;
|
|
134
|
-
});
|
|
135
|
-
this.defaultKeyManager = keyManagers[0];
|
|
136
|
-
} else {
|
|
137
|
-
this.keyManagers[keyManagers.namespace] = keyManagers;
|
|
138
|
-
this.defaultKeyManager = keyManagers;
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
if (options !== null && options !== void 0 && options.archiveData) {
|
|
142
|
-
this.keyArchive = this.loadArchive(options.archiveData);
|
|
143
|
-
} // We take copies of the input parameters so we own the data
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
if (options !== null && options !== void 0 && options.excludedKeys) {
|
|
147
|
-
options === null || options === void 0 ? void 0 : options.excludedKeys.forEach(excludedKey => this.excludedKeys.add(excludedKey));
|
|
148
|
-
}
|
|
149
|
-
|
|
150
|
-
if (options !== null && options !== void 0 && options.excludedKeyTypes) {
|
|
151
|
-
options === null || options === void 0 ? void 0 : options.excludedKeyTypes.forEach(excludedKeyType => this.excludedKeyTypes.add(excludedKeyType));
|
|
152
|
-
}
|
|
153
|
-
|
|
154
|
-
if (options !== null && options !== void 0 && (_options$metaInfo = options.metaInfo) !== null && _options$metaInfo !== void 0 && _options$metaInfo.size) {
|
|
155
|
-
for (const [key, value] of options === null || options === void 0 ? void 0 : (_options$metaInfo2 = options.metaInfo) === null || _options$metaInfo2 === void 0 ? void 0 : _options$metaInfo2.entries()) {
|
|
156
|
-
var _options$metaInfo2;
|
|
157
|
-
|
|
158
|
-
this.metaInfo.set(key, value);
|
|
159
|
-
}
|
|
160
88
|
}
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
89
|
+
/**
|
|
90
|
+
* Reads the binary data and converts it to JSON and then deserialises it
|
|
91
|
+
* into a KeyArchive
|
|
92
|
+
*/
|
|
93
|
+
loadArchive(archiveData) {
|
|
94
|
+
let unzipped;
|
|
95
|
+
try {
|
|
96
|
+
unzipped = gunzipSync(new Uint8Array(archiveData));
|
|
97
|
+
}
|
|
98
|
+
catch (err) {
|
|
99
|
+
throw new KeyArchiveDecodingError();
|
|
100
|
+
}
|
|
101
|
+
let keyArchive;
|
|
102
|
+
try {
|
|
103
|
+
const decoded = KeyArchiveCodec.decode(JSON.parse(BufferUtil.toString(unzipped)));
|
|
104
|
+
if (isLeft(decoded)) {
|
|
105
|
+
throw new KeyArchiveDecodingError();
|
|
106
|
+
}
|
|
107
|
+
keyArchive = decoded.right;
|
|
108
|
+
}
|
|
109
|
+
catch (err) {
|
|
110
|
+
throw new KeyArchiveDecodingError();
|
|
111
|
+
}
|
|
112
|
+
if (isUnrecognizedKeyArchive(keyArchive)) {
|
|
113
|
+
if (keyArchive.Type &&
|
|
114
|
+
keyArchive.Type !== SecureKeyArchiveType &&
|
|
115
|
+
keyArchive.Type !== InsecureKeyArchiveType) {
|
|
116
|
+
throw new KeyArchiveTypeError(keyArchive.Type);
|
|
117
|
+
}
|
|
118
|
+
// Only support DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION for now.
|
|
119
|
+
if (keyArchive.Version !== undefined &&
|
|
120
|
+
keyArchive.Version !== DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION) {
|
|
121
|
+
throw new KeyArchiveVersionError(keyArchive.Version);
|
|
122
|
+
}
|
|
123
|
+
throw new KeyArchiveDecodingError();
|
|
124
|
+
}
|
|
125
|
+
return keyArchive;
|
|
175
126
|
}
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
throw new _error.KeyArchiveDecodingError();
|
|
127
|
+
async loadKeys() {
|
|
128
|
+
for (const keyManager of Object.values(this.keyManagers)) {
|
|
129
|
+
await keyManager.exportKeys().then((exported) => {
|
|
130
|
+
exported.forEach((data) => {
|
|
131
|
+
const keyArchiveInfoDecoded = keyArchiveInfoFromKeyData(data);
|
|
132
|
+
if (!this.excludedKeyTypes.has(keyArchiveInfoDecoded.Type) &&
|
|
133
|
+
!this.excludedKeys.has(data.name)) {
|
|
134
|
+
this.keys.set(`${keyArchiveInfoDecoded.NameSpace}:${keyArchiveInfoDecoded.Type}:${keyArchiveInfoDecoded.Name}`, keyArchiveInfoDecoded);
|
|
135
|
+
}
|
|
136
|
+
});
|
|
137
|
+
});
|
|
138
|
+
}
|
|
189
139
|
}
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
140
|
+
async saveKeys() {
|
|
141
|
+
for (const info of this.keys.values()) {
|
|
142
|
+
const keyManager = this.keyManagers[info.NameSpace];
|
|
143
|
+
if (!keyManager)
|
|
144
|
+
continue;
|
|
145
|
+
if (this.excludedKeyTypes.has(info.Type))
|
|
146
|
+
continue;
|
|
147
|
+
if (this.excludedKeys.has(info.Name))
|
|
148
|
+
continue;
|
|
149
|
+
const keyData = info.Decoded;
|
|
150
|
+
switch (info.Type) {
|
|
151
|
+
case KeyArchiveKeyType.Password:
|
|
152
|
+
await keyManager.addPassword(keyData, info.Name);
|
|
153
|
+
break;
|
|
154
|
+
case KeyArchiveKeyType.PrivateKey:
|
|
155
|
+
await keyManager.addPrivateKey(keyData, info.Name);
|
|
156
|
+
break;
|
|
157
|
+
case KeyArchiveKeyType.PublicKey:
|
|
158
|
+
await keyManager.addPublicKey(keyData, info.Name);
|
|
159
|
+
break;
|
|
160
|
+
case KeyArchiveKeyType.SymmetricKey:
|
|
161
|
+
await keyManager.addSymmetricKey(keyData, info.Name);
|
|
162
|
+
break;
|
|
163
|
+
default:
|
|
164
|
+
throw new KeyArchiveUnknownKeyTypeError(`Key archive key type ${info.Type} is not recognized`);
|
|
165
|
+
}
|
|
166
|
+
}
|
|
202
167
|
}
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
168
|
+
async archive(password) {
|
|
169
|
+
const keys = [];
|
|
170
|
+
for (const key of this.keys.values()) {
|
|
171
|
+
keys.push({
|
|
172
|
+
NameSpace: key.NameSpace,
|
|
173
|
+
Name: key.Name,
|
|
174
|
+
Data: key.Data,
|
|
175
|
+
Type: key.Type,
|
|
176
|
+
Synchronizable: key.Synchronizable,
|
|
177
|
+
Exportable: key.Exportable,
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
let keyArchive;
|
|
181
|
+
if (!password) {
|
|
182
|
+
const insecureKeyArchive = {
|
|
183
|
+
Type: 'Insecure',
|
|
184
|
+
MetaInfo: {},
|
|
185
|
+
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
186
|
+
Keys: keys,
|
|
187
|
+
};
|
|
188
|
+
keyArchive = insecureKeyArchive;
|
|
189
|
+
}
|
|
190
|
+
else {
|
|
191
|
+
const salt = await this.defaultKeyManager.generateRandomData(SudoCryptoProviderDefaults.pbkdfSaltSize);
|
|
192
|
+
const b64Salt = Base64.encode(salt);
|
|
193
|
+
const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, {
|
|
194
|
+
rounds: SudoCryptoProviderDefaults.pbkdfRounds,
|
|
195
|
+
});
|
|
196
|
+
const serializedKeys = JSON.stringify(keys);
|
|
197
|
+
const compressedSerializedKeys = gzipSync(BufferUtil.fromString(serializedKeys), {
|
|
198
|
+
level: 9,
|
|
199
|
+
});
|
|
200
|
+
// Don't strictly need a randomly generated IV here but no harm either
|
|
201
|
+
const iv = await this.defaultKeyManager.generateRandomData(SudoCryptoProviderDefaults.aesIVSize);
|
|
202
|
+
const encryptedKeys = await this.defaultKeyManager.encryptWithSymmetricKey(key, compressedSerializedKeys, { iv });
|
|
203
|
+
const secureKeyArchive = {
|
|
204
|
+
Type: 'Secure',
|
|
205
|
+
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
206
|
+
MetaInfo: {},
|
|
207
|
+
Salt: b64Salt,
|
|
208
|
+
Rounds: SudoCryptoProviderDefaults.pbkdfRounds,
|
|
209
|
+
Keys: Base64.encode(encryptedKeys),
|
|
210
|
+
IV: Base64.encode(iv),
|
|
211
|
+
};
|
|
212
|
+
keyArchive = secureKeyArchive;
|
|
213
|
+
}
|
|
214
|
+
for (const [key, value] of this.metaInfo.entries()) {
|
|
215
|
+
keyArchive.MetaInfo[key] = value;
|
|
216
|
+
}
|
|
217
|
+
const archiveString = JSON.stringify(keyArchive);
|
|
218
|
+
// While this double Gzips the SecureKeyArchive, it allows us to roughly
|
|
219
|
+
// recover the space consumed by Base64 encoding the cipher text. Otherwise
|
|
220
|
+
// we would end up having a fully binary data structure for the archive.
|
|
221
|
+
// If the time to compute becomes prohibitive we can look at a binary, non-JSON
|
|
222
|
+
// base format for the archive.
|
|
223
|
+
const archiveGzipped = gzipSync(BufferUtil.fromString(archiveString), {
|
|
224
|
+
level: 9,
|
|
216
225
|
});
|
|
217
|
-
|
|
226
|
+
return Promise.resolve(archiveGzipped);
|
|
218
227
|
}
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
228
|
+
async unarchive(password) {
|
|
229
|
+
if (!this.keyArchive) {
|
|
230
|
+
throw new KeyArchiveMissingError();
|
|
231
|
+
}
|
|
232
|
+
let keys;
|
|
233
|
+
if (isSecureKeyArchive(this.keyArchive)) {
|
|
234
|
+
if (!password) {
|
|
235
|
+
throw new KeyArchivePasswordRequiredError();
|
|
236
|
+
}
|
|
237
|
+
let iv;
|
|
238
|
+
let encryptedKeys;
|
|
239
|
+
let key;
|
|
240
|
+
try {
|
|
241
|
+
const salt = Base64.decode(this.keyArchive.Salt);
|
|
242
|
+
iv = Base64.decode(this.keyArchive.IV);
|
|
243
|
+
encryptedKeys = Base64.decode(this.keyArchive.Keys);
|
|
244
|
+
key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, { rounds: this.keyArchive.Rounds });
|
|
245
|
+
}
|
|
246
|
+
catch (err) {
|
|
247
|
+
throw new KeyArchiveDecodingError();
|
|
248
|
+
}
|
|
249
|
+
let compressedSerializedKeys;
|
|
250
|
+
try {
|
|
251
|
+
compressedSerializedKeys =
|
|
252
|
+
await this.defaultKeyManager.decryptWithSymmetricKey(key, encryptedKeys, { iv });
|
|
253
|
+
}
|
|
254
|
+
catch (err) {
|
|
255
|
+
throw new KeyArchiveIncorrectPasswordError();
|
|
256
|
+
}
|
|
257
|
+
try {
|
|
258
|
+
const serializedKeys = gunzipSync(new Uint8Array(compressedSerializedKeys));
|
|
259
|
+
const decoded = KeyArchiveKeyInfoArrayCodec.decode(JSON.parse(BufferUtil.toString(serializedKeys)));
|
|
260
|
+
if (isLeft(decoded)) {
|
|
261
|
+
throw new KeyArchiveDecodingError();
|
|
262
|
+
}
|
|
263
|
+
keys = decoded.right;
|
|
264
|
+
}
|
|
265
|
+
catch (err) {
|
|
266
|
+
throw new KeyArchiveDecodingError();
|
|
267
|
+
}
|
|
268
|
+
}
|
|
269
|
+
else {
|
|
270
|
+
if (password) {
|
|
271
|
+
throw new KeyArchiveNoPasswordRequiredError();
|
|
272
|
+
}
|
|
273
|
+
keys = this.keyArchive.Keys;
|
|
274
|
+
}
|
|
275
|
+
keys.forEach((key) => {
|
|
276
|
+
const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`;
|
|
277
|
+
let decoded;
|
|
278
|
+
try {
|
|
279
|
+
decoded = Base64.decode(key.Data);
|
|
280
|
+
}
|
|
281
|
+
catch (err) {
|
|
282
|
+
throw new KeyArchiveDecodingError(`Unable to decode key ${keyKey}`);
|
|
283
|
+
}
|
|
284
|
+
this.keys.set(keyKey, { ...key, Decoded: decoded });
|
|
285
|
+
});
|
|
249
286
|
}
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
async archive(password) {
|
|
253
|
-
const keys = [];
|
|
254
|
-
|
|
255
|
-
for (const key of this.keys.values()) {
|
|
256
|
-
keys.push({
|
|
257
|
-
NameSpace: key.NameSpace,
|
|
258
|
-
Name: key.Name,
|
|
259
|
-
Data: key.Data,
|
|
260
|
-
Type: key.Type,
|
|
261
|
-
Synchronizable: key.Synchronizable,
|
|
262
|
-
Exportable: key.Exportable
|
|
263
|
-
});
|
|
287
|
+
reset() {
|
|
288
|
+
this.keys.clear();
|
|
264
289
|
}
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
if (!password) {
|
|
269
|
-
const insecureKeyArchive = {
|
|
270
|
-
Type: 'Insecure',
|
|
271
|
-
MetaInfo: {},
|
|
272
|
-
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
273
|
-
Keys: keys
|
|
274
|
-
};
|
|
275
|
-
keyArchive = insecureKeyArchive;
|
|
276
|
-
} else {
|
|
277
|
-
const salt = await this.defaultKeyManager.generateRandomData(_sudoCryptoProvider.SudoCryptoProviderDefaults.pbkdfSaltSize);
|
|
278
|
-
|
|
279
|
-
const b64Salt = _base.Base64.encode(salt);
|
|
280
|
-
|
|
281
|
-
const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, {
|
|
282
|
-
rounds: _sudoCryptoProvider.SudoCryptoProviderDefaults.pbkdfRounds
|
|
283
|
-
});
|
|
284
|
-
const serializedKeys = JSON.stringify(keys);
|
|
285
|
-
const compressedSerializedKeys = (0, _fflate.gzipSync)(_buffer.Buffer.fromString(serializedKeys), {
|
|
286
|
-
level: 9
|
|
287
|
-
}); // Don't strictly need a randomly generated IV here but no harm either
|
|
288
|
-
|
|
289
|
-
const iv = await this.defaultKeyManager.generateRandomData(_sudoCryptoProvider.SudoCryptoProviderDefaults.aesIVSize);
|
|
290
|
-
const encryptedKeys = await this.defaultKeyManager.encryptWithSymmetricKey(key, compressedSerializedKeys, {
|
|
291
|
-
iv
|
|
292
|
-
});
|
|
293
|
-
const secureKeyArchive = {
|
|
294
|
-
Type: 'Secure',
|
|
295
|
-
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
296
|
-
MetaInfo: {},
|
|
297
|
-
Salt: b64Salt,
|
|
298
|
-
Rounds: _sudoCryptoProvider.SudoCryptoProviderDefaults.pbkdfRounds,
|
|
299
|
-
Keys: _base.Base64.encode(encryptedKeys),
|
|
300
|
-
IV: _base.Base64.encode(iv)
|
|
301
|
-
};
|
|
302
|
-
keyArchive = secureKeyArchive;
|
|
290
|
+
containsKey(namespace, name, type) {
|
|
291
|
+
return this.keys.has(`${namespace}:${type}:${name}`);
|
|
303
292
|
}
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
293
|
+
getKeyData(namespace, name, type) {
|
|
294
|
+
const keyInfo = this.keys.get(`${namespace}:${type}:${name}`);
|
|
295
|
+
if (!keyInfo) {
|
|
296
|
+
throw new KeyNotFoundError();
|
|
297
|
+
}
|
|
298
|
+
return keyInfo.Decoded;
|
|
307
299
|
}
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
// recover the space consumed by Base64 encoding the cipher text. Otherwise
|
|
311
|
-
// we would end up having a fully binary data structure for the archive.
|
|
312
|
-
// If the time to compute becomes prohibitive we can look at a binary, non-JSON
|
|
313
|
-
// base format for the archive.
|
|
314
|
-
|
|
315
|
-
const archiveGzipped = (0, _fflate.gzipSync)(_buffer.Buffer.fromString(archiveString), {
|
|
316
|
-
level: 9
|
|
317
|
-
});
|
|
318
|
-
return Promise.resolve(archiveGzipped);
|
|
319
|
-
}
|
|
320
|
-
|
|
321
|
-
async unarchive(password) {
|
|
322
|
-
if (!this.keyArchive) {
|
|
323
|
-
throw new _error.KeyArchiveMissingError();
|
|
300
|
+
getExcludedKeys() {
|
|
301
|
+
return this.excludedKeys;
|
|
324
302
|
}
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
if ((0, _keyArchive.isSecureKeyArchive)(this.keyArchive)) {
|
|
329
|
-
if (!password) {
|
|
330
|
-
throw new _error.KeyArchivePasswordRequiredError();
|
|
331
|
-
}
|
|
332
|
-
|
|
333
|
-
let iv;
|
|
334
|
-
let encryptedKeys;
|
|
335
|
-
let key;
|
|
336
|
-
|
|
337
|
-
try {
|
|
338
|
-
const salt = _base.Base64.decode(this.keyArchive.Salt);
|
|
339
|
-
|
|
340
|
-
iv = _base.Base64.decode(this.keyArchive.IV);
|
|
341
|
-
encryptedKeys = _base.Base64.decode(this.keyArchive.Keys);
|
|
342
|
-
key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, {
|
|
343
|
-
rounds: this.keyArchive.Rounds
|
|
344
|
-
});
|
|
345
|
-
} catch (err) {
|
|
346
|
-
throw new _error.KeyArchiveDecodingError();
|
|
347
|
-
}
|
|
348
|
-
|
|
349
|
-
let compressedSerializedKeys;
|
|
350
|
-
|
|
351
|
-
try {
|
|
352
|
-
compressedSerializedKeys = await this.defaultKeyManager.decryptWithSymmetricKey(key, encryptedKeys, {
|
|
353
|
-
iv
|
|
354
|
-
});
|
|
355
|
-
} catch (err) {
|
|
356
|
-
throw new _error.KeyArchiveIncorrectPasswordError();
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
try {
|
|
360
|
-
const serializedKeys = (0, _fflate.gunzipSync)(new Uint8Array(compressedSerializedKeys));
|
|
361
|
-
|
|
362
|
-
const decoded = _keyInfo.KeyArchiveKeyInfoArrayCodec.decode(JSON.parse(_buffer.Buffer.toString(serializedKeys)));
|
|
363
|
-
|
|
364
|
-
if ((0, _Either.isLeft)(decoded)) {
|
|
365
|
-
throw new _error.KeyArchiveDecodingError();
|
|
366
|
-
}
|
|
367
|
-
|
|
368
|
-
keys = decoded.right;
|
|
369
|
-
} catch (err) {
|
|
370
|
-
throw new _error.KeyArchiveDecodingError();
|
|
371
|
-
}
|
|
372
|
-
} else {
|
|
373
|
-
if (password) {
|
|
374
|
-
throw new _error.KeyArchiveNoPasswordRequiredError();
|
|
375
|
-
}
|
|
376
|
-
|
|
377
|
-
keys = this.keyArchive.Keys;
|
|
303
|
+
getExcludedKeyTypes() {
|
|
304
|
+
return this.excludedKeyTypes;
|
|
378
305
|
}
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`;
|
|
382
|
-
let decoded;
|
|
383
|
-
|
|
384
|
-
try {
|
|
385
|
-
decoded = _base.Base64.decode(key.Data);
|
|
386
|
-
} catch (err) {
|
|
387
|
-
throw new _error.KeyArchiveDecodingError(`Unable to decode key ${keyKey}`);
|
|
388
|
-
}
|
|
389
|
-
|
|
390
|
-
this.keys.set(keyKey, { ...key,
|
|
391
|
-
Decoded: decoded
|
|
392
|
-
});
|
|
393
|
-
});
|
|
394
|
-
}
|
|
395
|
-
|
|
396
|
-
reset() {
|
|
397
|
-
this.keys.clear();
|
|
398
|
-
}
|
|
399
|
-
|
|
400
|
-
containsKey(namespace, name, type) {
|
|
401
|
-
return this.keys.has(`${namespace}:${type}:${name}`);
|
|
402
|
-
}
|
|
403
|
-
|
|
404
|
-
getKeyData(namespace, name, type) {
|
|
405
|
-
const keyInfo = this.keys.get(`${namespace}:${type}:${name}`);
|
|
406
|
-
|
|
407
|
-
if (!keyInfo) {
|
|
408
|
-
throw new _error.KeyNotFoundError();
|
|
306
|
+
getMetaInfo() {
|
|
307
|
+
return this.metaInfo;
|
|
409
308
|
}
|
|
410
|
-
|
|
411
|
-
return keyInfo.Decoded;
|
|
412
|
-
}
|
|
413
|
-
|
|
414
|
-
getExcludedKeys() {
|
|
415
|
-
return this.excludedKeys;
|
|
416
|
-
}
|
|
417
|
-
|
|
418
|
-
getExcludedKeyTypes() {
|
|
419
|
-
return this.excludedKeyTypes;
|
|
420
|
-
}
|
|
421
|
-
|
|
422
|
-
getMetaInfo() {
|
|
423
|
-
return this.metaInfo;
|
|
424
|
-
}
|
|
425
|
-
|
|
426
309
|
}
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
310
|
+
/**
|
|
311
|
+
* Version 2 format is not gzipped is what's currently generated
|
|
312
|
+
* by iOS and Android. We may want to add support for importing
|
|
313
|
+
* such archives.
|
|
314
|
+
*/
|
|
315
|
+
DefaultSudoKeyArchive.PREGZIP_ARCHIVE_VERSION = 2;
|
|
316
|
+
/**
|
|
317
|
+
* Version 3 format permits both secure and insecure key archives.
|
|
318
|
+
*
|
|
319
|
+
* Insecure key archives are used where the archive will be stored
|
|
320
|
+
* in an otherwise known secure way e.g. via secure-vault-service
|
|
321
|
+
* where the encryption of the archive would then be handled by
|
|
322
|
+
* clients of that service.
|
|
323
|
+
*
|
|
324
|
+
* Secure key archives are password protected (via PBKDF2) a la version
|
|
325
|
+
* 2 format.
|
|
326
|
+
*
|
|
327
|
+
* Insecure format detail is:
|
|
328
|
+
*
|
|
329
|
+
* gzip(JSON.stringify(InsecureKeyArchive))
|
|
330
|
+
*
|
|
331
|
+
* Secure format detail is:
|
|
332
|
+
*
|
|
333
|
+
* gzip(JSON.stringify(SecureKeyArchive))
|
|
334
|
+
*
|
|
335
|
+
* where Keys property of SecureKeyArchive is:
|
|
336
|
+
*
|
|
337
|
+
* base64(encrypt(gzip(JSON.stringify(array of keys))))
|
|
338
|
+
*
|
|
339
|
+
* Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
|
|
340
|
+
* and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
|
|
341
|
+
* salted with SecureKeyArchive.Salt.
|
|
342
|
+
*/
|
|
343
|
+
DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION = CURRENT_ARCHIVE_VERSION;
|
|
344
|
+
export function keyArchiveInfoFromKeyData(keyData) {
|
|
345
|
+
return {
|
|
346
|
+
NameSpace: keyData.namespace,
|
|
347
|
+
Name: keyData.name,
|
|
348
|
+
Type: keyArchiveKeyTypeFromKeyDataKeyType(keyData.type),
|
|
349
|
+
Data: Base64.encode(keyData.data),
|
|
350
|
+
Decoded: keyData.data,
|
|
351
|
+
Synchronizable: false,
|
|
352
|
+
Exportable: true,
|
|
353
|
+
};
|
|
354
|
+
}
|
|
355
|
+
export function keyArchiveKeyTypeFromKeyDataKeyType(keyDataKeyType) {
|
|
356
|
+
switch (keyDataKeyType) {
|
|
357
|
+
case KeyDataKeyType.Password:
|
|
358
|
+
return KeyArchiveKeyType.Password;
|
|
359
|
+
case KeyDataKeyType.RSAPrivateKey:
|
|
360
|
+
return KeyArchiveKeyType.PrivateKey;
|
|
361
|
+
case KeyDataKeyType.RSAPublicKey:
|
|
362
|
+
return KeyArchiveKeyType.PublicKey;
|
|
363
|
+
case KeyDataKeyType.SymmetricKey:
|
|
364
|
+
return KeyArchiveKeyType.SymmetricKey;
|
|
365
|
+
}
|
|
444
366
|
}
|
|
445
|
-
|
|
446
|
-
function keyArchiveKeyTypeFromKeyDataKeyType(keyDataKeyType) {
|
|
447
|
-
switch (keyDataKeyType) {
|
|
448
|
-
case _sudoKeyManager.KeyDataKeyType.Password:
|
|
449
|
-
return _keyType.KeyArchiveKeyType.Password;
|
|
450
|
-
|
|
451
|
-
case _sudoKeyManager.KeyDataKeyType.RSAPrivateKey:
|
|
452
|
-
return _keyType.KeyArchiveKeyType.PrivateKey;
|
|
453
|
-
|
|
454
|
-
case _sudoKeyManager.KeyDataKeyType.RSAPublicKey:
|
|
455
|
-
return _keyType.KeyArchiveKeyType.PublicKey;
|
|
456
|
-
|
|
457
|
-
case _sudoKeyManager.KeyDataKeyType.SymmetricKey:
|
|
458
|
-
return _keyType.KeyArchiveKeyType.SymmetricKey;
|
|
459
|
-
}
|
|
460
|
-
}
|
|
367
|
+
//# sourceMappingURL=sudoKeyArchive.js.map
|