@sudoplatform/sudo-common 7.1.2 → 7.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (310) hide show
  1. package/lib/configurationManager/defaultConfigurationManager.js +3 -5
  2. package/package.json +2 -3
  3. package/.babelrc +0 -10
  4. package/.eslintrc.js +0 -91
  5. package/.gitignore +0 -14
  6. package/.gitlab-ci.yml +0 -101
  7. package/.npmignore +0 -1
  8. package/.prettierignore +0 -3
  9. package/.prettierrc.js +0 -7
  10. package/.publisher.json +0 -7
  11. package/.vscode/settings.json +0 -5
  12. package/.yarn/releases/yarn-1.22.19.cjs +0 -147529
  13. package/.yarnrc +0 -5
  14. package/bin/outdated-with-suppression.sh +0 -203
  15. package/bin/suppress-audit.sh +0 -15
  16. package/bin/suppress-outdated.sh +0 -60
  17. package/bin/yarn-audit-with-suppression.sh +0 -19
  18. package/dependencies-report.json +0 -640
  19. package/docs/.nojekyll +0 -1
  20. package/docs/assets/highlight.css +0 -57
  21. package/docs/assets/main.js +0 -54
  22. package/docs/assets/search.js +0 -1
  23. package/docs/assets/style.css +0 -1224
  24. package/docs/assets/widgets.png +0 -0
  25. package/docs/assets/widgets@2x.png +0 -0
  26. package/docs/classes/AccountLockedError.html +0 -163
  27. package/docs/classes/AuthenticationError.html +0 -169
  28. package/docs/classes/Base64.html +0 -245
  29. package/docs/classes/Buffer.html +0 -158
  30. package/docs/classes/ConfigurationNotSetError.html +0 -164
  31. package/docs/classes/ConfigurationSetNotFoundError.html +0 -168
  32. package/docs/classes/DecodeError.html +0 -168
  33. package/docs/classes/DefaultConfigurationManager.html +0 -213
  34. package/docs/classes/DefaultLogger.html +0 -291
  35. package/docs/classes/DefaultSudoKeyArchive.html +0 -363
  36. package/docs/classes/DefaultSudoKeyManager.html +0 -814
  37. package/docs/classes/FatalError.html +0 -169
  38. package/docs/classes/IllegalArgumentError.html +0 -168
  39. package/docs/classes/IllegalStateError.html +0 -169
  40. package/docs/classes/InsufficientEntitlementsError.html +0 -164
  41. package/docs/classes/InvalidOwnershipProofError.html +0 -163
  42. package/docs/classes/InvalidTokenError.html +0 -163
  43. package/docs/classes/KeyArchiveDecodingError.html +0 -168
  44. package/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
  45. package/docs/classes/KeyArchiveMissingError.html +0 -168
  46. package/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
  47. package/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
  48. package/docs/classes/KeyArchiveTypeError.html +0 -168
  49. package/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
  50. package/docs/classes/KeyArchiveVersionError.html +0 -168
  51. package/docs/classes/KeyNotFoundError.html +0 -168
  52. package/docs/classes/KeyStoreNotExportableError.html +0 -168
  53. package/docs/classes/LimitExceededError.html +0 -164
  54. package/docs/classes/NoEntitlementsError.html +0 -163
  55. package/docs/classes/NotAuthorizedError.html +0 -169
  56. package/docs/classes/NotRegisteredError.html +0 -168
  57. package/docs/classes/NotSignedInError.html +0 -164
  58. package/docs/classes/OperationNotImplementedError.html +0 -168
  59. package/docs/classes/RegisterError.html +0 -169
  60. package/docs/classes/RequestFailedError.html +0 -189
  61. package/docs/classes/ServiceError.html +0 -170
  62. package/docs/classes/SignOutError.html +0 -168
  63. package/docs/classes/SudoCryptoProviderDefaults.html +0 -106
  64. package/docs/classes/UnknownGraphQLError.html +0 -169
  65. package/docs/classes/UnrecognizedAlgorithmError.html +0 -168
  66. package/docs/classes/UserNotConfirmedError.html +0 -164
  67. package/docs/classes/VersionMismatchError.html +0 -166
  68. package/docs/enums/CachePolicy.html +0 -72
  69. package/docs/enums/EncryptionAlgorithm.html +0 -80
  70. package/docs/enums/KeyArchiveKeyType.html +0 -86
  71. package/docs/enums/KeyDataKeyFormat.html +0 -92
  72. package/docs/enums/KeyDataKeyType.html +0 -85
  73. package/docs/enums/ListOperationResultStatus.html +0 -85
  74. package/docs/enums/PublicKeyFormat.html +0 -68
  75. package/docs/functions/isAppSyncNetworkError.html +0 -147
  76. package/docs/functions/isInsecureKeyArchive.html +0 -147
  77. package/docs/functions/isSecureKeyArchive.html +0 -147
  78. package/docs/functions/isUnrecognizedKeyArchive.html +0 -147
  79. package/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
  80. package/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
  81. package/docs/functions/mapGraphQLToClientError.html +0 -154
  82. package/docs/functions/mapNetworkErrorToClientError.html +0 -154
  83. package/docs/index.html +0 -146
  84. package/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
  85. package/docs/interfaces/BooleanFilter.html +0 -75
  86. package/docs/interfaces/ConfigurationManager.html +0 -200
  87. package/docs/interfaces/KeyData.html +0 -106
  88. package/docs/interfaces/ListOperationFailureResult.html +0 -76
  89. package/docs/interfaces/ListOperationPartialResult.html +0 -102
  90. package/docs/interfaces/ListOperationSuccessResult.html +0 -90
  91. package/docs/interfaces/ListOutput.html +0 -80
  92. package/docs/interfaces/Logger.html +0 -251
  93. package/docs/interfaces/Owner.html +0 -72
  94. package/docs/interfaces/PublicKey.html +0 -72
  95. package/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
  96. package/docs/interfaces/StringFilter.html +0 -82
  97. package/docs/interfaces/SudoCryptoProvider.html +0 -865
  98. package/docs/interfaces/SudoKeyArchive.html +0 -257
  99. package/docs/interfaces/SudoKeyManager.html +0 -848
  100. package/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
  101. package/docs/interfaces/ValidationResult.html +0 -83
  102. package/docs/modules.html +0 -248
  103. package/docs/types/AppSyncError.html +0 -138
  104. package/docs/types/AppSyncNetworkError.html +0 -138
  105. package/docs/types/InsecureKeyArchive.html +0 -138
  106. package/docs/types/KeyArchive.html +0 -138
  107. package/docs/types/KeyArchiveKeyInfo.html +0 -154
  108. package/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
  109. package/docs/types/ListOperationResult.html +0 -148
  110. package/docs/types/SecureKeyArchive.html +0 -138
  111. package/docs/types/Subset.html +0 -144
  112. package/docs/types/UnrecognizedKeyArchive.html +0 -138
  113. package/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
  114. package/docs/variables/InsecureKeyArchiveCodec.html +0 -138
  115. package/docs/variables/InsecureKeyArchiveType.html +0 -138
  116. package/docs/variables/KeyArchiveCodec.html +0 -138
  117. package/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
  118. package/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
  119. package/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
  120. package/docs/variables/SecureKeyArchiveCodec.html +0 -138
  121. package/docs/variables/SecureKeyArchiveType.html +0 -138
  122. package/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
  123. package/github/.babelrc +0 -10
  124. package/github/.eslintrc.js +0 -91
  125. package/github/.gitignore +0 -14
  126. package/github/.gitlab-ci.yml +0 -101
  127. package/github/.npmignore +0 -1
  128. package/github/.prettierignore +0 -3
  129. package/github/.prettierrc.js +0 -7
  130. package/github/.publisher.json +0 -7
  131. package/github/.vscode/settings.json +0 -5
  132. package/github/.yarn/releases/yarn-1.22.19.cjs +0 -147529
  133. package/github/.yarnrc +0 -5
  134. package/github/CHANGELOG.md +0 -51
  135. package/github/README.md +0 -8
  136. package/github/bin/outdated-with-suppression.sh +0 -203
  137. package/github/bin/suppress-audit.sh +0 -15
  138. package/github/bin/suppress-outdated.sh +0 -60
  139. package/github/bin/yarn-audit-with-suppression.sh +0 -19
  140. package/github/docs/.nojekyll +0 -1
  141. package/github/docs/assets/highlight.css +0 -57
  142. package/github/docs/assets/main.js +0 -54
  143. package/github/docs/assets/search.js +0 -1
  144. package/github/docs/assets/style.css +0 -1224
  145. package/github/docs/assets/widgets.png +0 -0
  146. package/github/docs/assets/widgets@2x.png +0 -0
  147. package/github/docs/classes/AccountLockedError.html +0 -163
  148. package/github/docs/classes/AuthenticationError.html +0 -169
  149. package/github/docs/classes/Base64.html +0 -245
  150. package/github/docs/classes/Buffer.html +0 -158
  151. package/github/docs/classes/ConfigurationNotSetError.html +0 -164
  152. package/github/docs/classes/ConfigurationSetNotFoundError.html +0 -168
  153. package/github/docs/classes/DecodeError.html +0 -168
  154. package/github/docs/classes/DefaultConfigurationManager.html +0 -213
  155. package/github/docs/classes/DefaultLogger.html +0 -291
  156. package/github/docs/classes/DefaultSudoKeyArchive.html +0 -363
  157. package/github/docs/classes/DefaultSudoKeyManager.html +0 -814
  158. package/github/docs/classes/FatalError.html +0 -169
  159. package/github/docs/classes/IllegalArgumentError.html +0 -168
  160. package/github/docs/classes/IllegalStateError.html +0 -169
  161. package/github/docs/classes/InsufficientEntitlementsError.html +0 -164
  162. package/github/docs/classes/InvalidOwnershipProofError.html +0 -163
  163. package/github/docs/classes/InvalidTokenError.html +0 -163
  164. package/github/docs/classes/KeyArchiveDecodingError.html +0 -168
  165. package/github/docs/classes/KeyArchiveIncorrectPasswordError.html +0 -168
  166. package/github/docs/classes/KeyArchiveMissingError.html +0 -168
  167. package/github/docs/classes/KeyArchiveNoPasswordRequiredError.html +0 -168
  168. package/github/docs/classes/KeyArchivePasswordRequiredError.html +0 -168
  169. package/github/docs/classes/KeyArchiveTypeError.html +0 -168
  170. package/github/docs/classes/KeyArchiveUnknownKeyTypeError.html +0 -168
  171. package/github/docs/classes/KeyArchiveVersionError.html +0 -168
  172. package/github/docs/classes/KeyNotFoundError.html +0 -168
  173. package/github/docs/classes/KeyStoreNotExportableError.html +0 -168
  174. package/github/docs/classes/LimitExceededError.html +0 -164
  175. package/github/docs/classes/NoEntitlementsError.html +0 -163
  176. package/github/docs/classes/NotAuthorizedError.html +0 -169
  177. package/github/docs/classes/NotRegisteredError.html +0 -168
  178. package/github/docs/classes/NotSignedInError.html +0 -164
  179. package/github/docs/classes/OperationNotImplementedError.html +0 -168
  180. package/github/docs/classes/RegisterError.html +0 -169
  181. package/github/docs/classes/RequestFailedError.html +0 -189
  182. package/github/docs/classes/ServiceError.html +0 -170
  183. package/github/docs/classes/SignOutError.html +0 -168
  184. package/github/docs/classes/SudoCryptoProviderDefaults.html +0 -106
  185. package/github/docs/classes/UnknownGraphQLError.html +0 -169
  186. package/github/docs/classes/UnrecognizedAlgorithmError.html +0 -168
  187. package/github/docs/classes/UserNotConfirmedError.html +0 -164
  188. package/github/docs/classes/VersionMismatchError.html +0 -166
  189. package/github/docs/enums/CachePolicy.html +0 -72
  190. package/github/docs/enums/EncryptionAlgorithm.html +0 -80
  191. package/github/docs/enums/KeyArchiveKeyType.html +0 -86
  192. package/github/docs/enums/KeyDataKeyFormat.html +0 -92
  193. package/github/docs/enums/KeyDataKeyType.html +0 -85
  194. package/github/docs/enums/ListOperationResultStatus.html +0 -85
  195. package/github/docs/enums/PublicKeyFormat.html +0 -68
  196. package/github/docs/functions/isAppSyncNetworkError.html +0 -147
  197. package/github/docs/functions/isInsecureKeyArchive.html +0 -147
  198. package/github/docs/functions/isSecureKeyArchive.html +0 -147
  199. package/github/docs/functions/isUnrecognizedKeyArchive.html +0 -147
  200. package/github/docs/functions/keyArchiveInfoFromKeyData.html +0 -147
  201. package/github/docs/functions/keyArchiveKeyTypeFromKeyDataKeyType.html +0 -147
  202. package/github/docs/functions/mapGraphQLToClientError.html +0 -154
  203. package/github/docs/functions/mapNetworkErrorToClientError.html +0 -154
  204. package/github/docs/index.html +0 -146
  205. package/github/docs/interfaces/AsymmetricEncryptionOptions.html +0 -68
  206. package/github/docs/interfaces/BooleanFilter.html +0 -75
  207. package/github/docs/interfaces/ConfigurationManager.html +0 -200
  208. package/github/docs/interfaces/KeyData.html +0 -106
  209. package/github/docs/interfaces/ListOperationFailureResult.html +0 -76
  210. package/github/docs/interfaces/ListOperationPartialResult.html +0 -102
  211. package/github/docs/interfaces/ListOperationSuccessResult.html +0 -90
  212. package/github/docs/interfaces/ListOutput.html +0 -80
  213. package/github/docs/interfaces/Logger.html +0 -251
  214. package/github/docs/interfaces/Owner.html +0 -72
  215. package/github/docs/interfaces/PublicKey.html +0 -72
  216. package/github/docs/interfaces/ServiceCompatibilityInfo.html +0 -110
  217. package/github/docs/interfaces/StringFilter.html +0 -82
  218. package/github/docs/interfaces/SudoCryptoProvider.html +0 -865
  219. package/github/docs/interfaces/SudoKeyArchive.html +0 -257
  220. package/github/docs/interfaces/SudoKeyManager.html +0 -848
  221. package/github/docs/interfaces/SymmetricEncryptionOptions.html +0 -75
  222. package/github/docs/interfaces/ValidationResult.html +0 -83
  223. package/github/docs/modules.html +0 -248
  224. package/github/docs/types/AppSyncError.html +0 -138
  225. package/github/docs/types/AppSyncNetworkError.html +0 -138
  226. package/github/docs/types/InsecureKeyArchive.html +0 -138
  227. package/github/docs/types/KeyArchive.html +0 -138
  228. package/github/docs/types/KeyArchiveKeyInfo.html +0 -154
  229. package/github/docs/types/KeyArchiveKeyInfoDecoded.html +0 -138
  230. package/github/docs/types/ListOperationResult.html +0 -148
  231. package/github/docs/types/SecureKeyArchive.html +0 -138
  232. package/github/docs/types/Subset.html +0 -144
  233. package/github/docs/types/UnrecognizedKeyArchive.html +0 -138
  234. package/github/docs/variables/CURRENT_ARCHIVE_VERSION.html +0 -138
  235. package/github/docs/variables/InsecureKeyArchiveCodec.html +0 -138
  236. package/github/docs/variables/InsecureKeyArchiveType.html +0 -138
  237. package/github/docs/variables/KeyArchiveCodec.html +0 -138
  238. package/github/docs/variables/KeyArchiveKeyInfoArrayCodec.html +0 -138
  239. package/github/docs/variables/KeyArchiveKeyInfoCodec.html +0 -138
  240. package/github/docs/variables/KeyArchiveKeyTypeCodec.html +0 -138
  241. package/github/docs/variables/SecureKeyArchiveCodec.html +0 -138
  242. package/github/docs/variables/SecureKeyArchiveType.html +0 -138
  243. package/github/docs/variables/UnrecognizedKeyArchiveCodec.html +0 -138
  244. package/github/jest.config.json +0 -14
  245. package/github/package.json +0 -91
  246. package/github/src/configurationManager/defaultConfigurationManager.ts +0 -281
  247. package/github/src/errors/error.ts +0 -469
  248. package/github/src/index.ts +0 -8
  249. package/github/src/logging/bunyanLogger.ts +0 -47
  250. package/github/src/logging/logger.ts +0 -164
  251. package/github/src/sudoKeyArchive/index.ts +0 -4
  252. package/github/src/sudoKeyArchive/keyArchive.ts +0 -120
  253. package/github/src/sudoKeyArchive/keyInfo.ts +0 -47
  254. package/github/src/sudoKeyArchive/keyType.ts +0 -50
  255. package/github/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
  256. package/github/src/sudoKeyManager/index.ts +0 -4
  257. package/github/src/sudoKeyManager/keyData.ts +0 -60
  258. package/github/src/sudoKeyManager/publicKey.ts +0 -9
  259. package/github/src/sudoKeyManager/sudoCryptoProvider.ts +0 -416
  260. package/github/src/sudoKeyManager/sudoKeyManager.ts +0 -609
  261. package/github/src/types/types.ts +0 -129
  262. package/github/src/utils/base64.ts +0 -75
  263. package/github/src/utils/buffer.ts +0 -39
  264. package/github/test/integration/defaultConfigurationManager.spec.ts +0 -85
  265. package/github/test/matchers.ts +0 -122
  266. package/github/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
  267. package/github/test/unit/errors/error.spec.ts +0 -115
  268. package/github/test/unit/keyType.spec.ts +0 -54
  269. package/github/test/unit/logging/logger.spec.ts +0 -182
  270. package/github/test/unit/sudoKeyArchive.spec.ts +0 -1609
  271. package/github/test/unit/sudoKeyManager.spec.ts +0 -1045
  272. package/github/test/unit/utils/base64.spec.ts +0 -45
  273. package/github/test/unit/utils/buffer.spec.ts +0 -45
  274. package/github/test/unit/utils/listOperationResult.spec.ts +0 -84
  275. package/github/tsconfig.json +0 -20
  276. package/github/tsconfig.test.json +0 -7
  277. package/github/yarn.lock +0 -5922
  278. package/jest.config.json +0 -14
  279. package/src/configurationManager/defaultConfigurationManager.ts +0 -281
  280. package/src/errors/error.ts +0 -469
  281. package/src/index.ts +0 -8
  282. package/src/logging/bunyanLogger.ts +0 -47
  283. package/src/logging/logger.ts +0 -164
  284. package/src/sudoKeyArchive/index.ts +0 -4
  285. package/src/sudoKeyArchive/keyArchive.ts +0 -120
  286. package/src/sudoKeyArchive/keyInfo.ts +0 -47
  287. package/src/sudoKeyArchive/keyType.ts +0 -50
  288. package/src/sudoKeyArchive/sudoKeyArchive.ts +0 -591
  289. package/src/sudoKeyManager/index.ts +0 -4
  290. package/src/sudoKeyManager/keyData.ts +0 -60
  291. package/src/sudoKeyManager/publicKey.ts +0 -9
  292. package/src/sudoKeyManager/sudoCryptoProvider.ts +0 -416
  293. package/src/sudoKeyManager/sudoKeyManager.ts +0 -609
  294. package/src/types/types.ts +0 -129
  295. package/src/utils/base64.ts +0 -75
  296. package/src/utils/buffer.ts +0 -39
  297. package/test/integration/defaultConfigurationManager.spec.ts +0 -85
  298. package/test/matchers.ts +0 -122
  299. package/test/unit/configurationManager/defaultConfigurationManager.spec.ts +0 -506
  300. package/test/unit/errors/error.spec.ts +0 -115
  301. package/test/unit/keyType.spec.ts +0 -54
  302. package/test/unit/logging/logger.spec.ts +0 -182
  303. package/test/unit/sudoKeyArchive.spec.ts +0 -1609
  304. package/test/unit/sudoKeyManager.spec.ts +0 -1045
  305. package/test/unit/utils/base64.spec.ts +0 -45
  306. package/test/unit/utils/buffer.spec.ts +0 -45
  307. package/test/unit/utils/listOperationResult.spec.ts +0 -84
  308. package/tsconfig.json +0 -20
  309. package/tsconfig.test.json +0 -7
  310. package/yarn.lock +0 -5922
@@ -1,591 +0,0 @@
1
- import { gunzipSync, gzipSync } from 'fflate'
2
- import { isLeft } from 'fp-ts/lib/Either'
3
-
4
- import {
5
- IllegalArgumentError,
6
- KeyArchiveDecodingError,
7
- KeyArchiveIncorrectPasswordError,
8
- KeyArchiveMissingError,
9
- KeyArchiveNoPasswordRequiredError,
10
- KeyArchivePasswordRequiredError,
11
- KeyArchiveTypeError,
12
- KeyArchiveUnknownKeyTypeError,
13
- KeyArchiveVersionError,
14
- KeyNotFoundError,
15
- } from '../errors/error'
16
- import { KeyData, KeyDataKeyType } from '../sudoKeyManager'
17
- import { SudoCryptoProviderDefaults } from '../sudoKeyManager/sudoCryptoProvider'
18
- import { SudoKeyManager } from '../sudoKeyManager/sudoKeyManager'
19
- import { Base64 } from '../utils/base64'
20
- import { Buffer as BufferUtil } from '../utils/buffer'
21
- import {
22
- CURRENT_ARCHIVE_VERSION,
23
- InsecureKeyArchive,
24
- InsecureKeyArchiveType,
25
- isSecureKeyArchive,
26
- isUnrecognizedKeyArchive,
27
- KeyArchive,
28
- KeyArchiveCodec,
29
- SecureKeyArchive,
30
- SecureKeyArchiveType,
31
- } from './keyArchive'
32
- import { KeyArchiveKeyInfo, KeyArchiveKeyInfoArrayCodec } from './keyInfo'
33
- import { KeyArchiveKeyType } from './keyType'
34
-
35
- export interface SudoKeyArchive {
36
- /**
37
- * Loads keys from the secure store into the archive.
38
- */
39
- loadKeys(): Promise<void>
40
-
41
- /**
42
- * Saves the keys in this archive to the secure store.
43
- */
44
- saveKeys(): Promise<void>
45
-
46
- /**
47
- * Archives and encrypts the keys loaded into this archive.
48
- *
49
- * @param password
50
- * The password to use to encrypt the archive. Or undefined if no password.
51
- * Choice to have no password must be explicit.
52
- *
53
- * @returns Binary archive data.
54
- */
55
- archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer>
56
-
57
- /**
58
- * Decrypts and unarchives the keys in this archive.
59
- *
60
- * @param password
61
- * The password to use to decrypt the archive if its a secure archive
62
- * otherwise must be undefined.
63
- *
64
- * @throws {@link KeyArchiveDecodingError}
65
- * If the archive is unable to be decoding according to the
66
- * required structure.
67
- *
68
- * @throws {@link KeyArchiveIncorrectPasswordError}
69
- * If the archive is a secure archive and the password is unable to be
70
- * used to decrypt the encrypted keys.
71
- *
72
- * @throws {@link KeyArchivePasswordRequiredError}
73
- * If the archive is a secure archive but no password is provided.
74
- *
75
- * @throws {@link KeyArchiveNoPasswordRequiredError}
76
- * If the archive is an insecure archive but a password is provided.
77
- */
78
- unarchive(password: ArrayBuffer | undefined): Promise<void>
79
-
80
- /**
81
- * Resets the archive by clearing loaded keys and archive data.
82
- */
83
- reset(): void
84
-
85
- /**
86
- * Determines whether or not the archive contains the key with the
87
- * specified name and type. The archive must be unarchived before the
88
- * key can be searched.
89
- *
90
- * @param namespace the namespace of the key
91
- * @param name the key name.
92
- * @param type the key type.
93
- *
94
- * @return true if the specified key exists in the archive.
95
- */
96
- containsKey(namespace: string, name: string, type: KeyArchiveKeyType): boolean
97
-
98
- /**
99
- * Retrieves the specified key data from the archive. The archive must
100
- * be unarchived before the key data can be retrieved.
101
- *
102
- * @param namespace the namespace of the key
103
- * @param name the key name
104
- * @param type the key type
105
- *
106
- * @return a byte array containing the specified key data or null if it was not found.
107
- *
108
- * @throws {@link KeyNotFoundError}
109
- * If key is not present in the archive.
110
- */
111
- getKeyData(
112
- namespace: string,
113
- name: string,
114
- type: KeyArchiveKeyType,
115
- ): ArrayBuffer
116
-
117
- /** @return the key types to exclude from the archive in an unmodifiable set. */
118
- getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType>
119
-
120
- /** @return the key names to exclude from the archive in an unmodifiable set. */
121
- getExcludedKeys(): ReadonlySet<string>
122
-
123
- /** @return the meta-information associated with this archive in an unmodifiable map. */
124
- getMetaInfo(): ReadonlyMap<string, string>
125
- }
126
-
127
- export type KeyArchiveKeyInfoDecoded = KeyArchiveKeyInfo & {
128
- Decoded: ArrayBuffer
129
- }
130
-
131
- export class DefaultSudoKeyArchive implements SudoKeyArchive {
132
- /**
133
- * Version 2 format is not gzipped is what's currently generated
134
- * by iOS and Android. We may want to add support for importing
135
- * such archives.
136
- */
137
- public static readonly PREGZIP_ARCHIVE_VERSION = 2
138
-
139
- /**
140
- * Version 3 format permits both secure and insecure key archives.
141
- *
142
- * Insecure key archives are used where the archive will be stored
143
- * in an otherwise known secure way e.g. via secure-vault-service
144
- * where the encryption of the archive would then be handled by
145
- * clients of that service.
146
- *
147
- * Secure key archives are password protected (via PBKDF2) a la version
148
- * 2 format.
149
- *
150
- * Insecure format detail is:
151
- *
152
- * gzip(JSON.stringify(InsecureKeyArchive))
153
- *
154
- * Secure format detail is:
155
- *
156
- * gzip(JSON.stringify(SecureKeyArchive))
157
- *
158
- * where Keys property of SecureKeyArchive is:
159
- *
160
- * base64(encrypt(gzip(JSON.stringify(array of keys))))
161
- *
162
- * Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
163
- * and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
164
- * salted with SecureKeyArchive.Salt.
165
- */
166
- public static readonly CURRENT_ARCHIVE_VERSION = CURRENT_ARCHIVE_VERSION
167
-
168
- private readonly defaultKeyManager: SudoKeyManager
169
- private readonly keyManagers: Record<string, SudoKeyManager> = {}
170
- private keyArchive: SecureKeyArchive | InsecureKeyArchive | undefined
171
- private readonly excludedKeys: Set<string> = new Set<string>()
172
- private readonly excludedKeyTypes: Set<KeyArchiveKeyType> =
173
- new Set<KeyArchiveKeyType>()
174
- private readonly metaInfo: Map<string, string> = new Map<string, string>()
175
-
176
- private readonly keys: Map<string, KeyArchiveKeyInfoDecoded> = new Map<
177
- string,
178
- KeyArchiveKeyInfoDecoded
179
- >()
180
-
181
- /**
182
- * Construct SudoKeyArchive
183
- *
184
- *
185
- * @param keyManagers
186
- * Key manager or array of key managers to either restore archive in to
187
- * or construct archive from
188
- *
189
- * @param archiveData
190
- * Array buffer of binary archive data to restore.
191
- *
192
- * @param excludedKeys
193
- * Set of key names to exclude from archive or restore operation.
194
- * Default: None
195
- *
196
- * @param excludedKeyTypes
197
- * Set of key types to exclude from archive or restore operation.
198
- * Default: {@link KeyArchiveKeyType.PublicKey}
199
- *
200
- * @param metaInfo
201
- * Meta information to include with the key archive
202
- *
203
- * @throws {@link IllegalArgumentError}
204
- * If no key managers are provided
205
- *
206
- * @throws {@link IllegalArgumentError}
207
- * If multiple key managers are provided with the same namespace
208
- *
209
- * @throws {@link KeyArchiveDecodingError}
210
- * If archiveData is provided and its binary data cannot be decoded
211
- *
212
- * @throws {@link KeyArchiveTypeError}
213
- * If archiveData is provided and decodes to an unsupported archive
214
- * type.
215
- *
216
- * @throws {@link KeyArchiveVersionError}
217
- * If archiveData is provided and decodes to an unsupported archive
218
- * version.
219
- */
220
- public constructor(
221
- keyManagers: SudoKeyManager | SudoKeyManager[],
222
- options?: {
223
- archiveData?: ArrayBuffer
224
- excludedKeys?: ReadonlySet<string>
225
- excludedKeyTypes?: ReadonlySet<KeyArchiveKeyType>
226
- metaInfo?: ReadonlyMap<string, string>
227
- },
228
- ) {
229
- if (Array.isArray(keyManagers)) {
230
- if (keyManagers.length === 0) {
231
- throw new IllegalArgumentError('Must provide at least one key manager')
232
- }
233
-
234
- keyManagers.forEach((keyManager) => {
235
- if (this.keyManagers[keyManager.namespace]) {
236
- throw new IllegalArgumentError(
237
- `Multiple key managers provided with namespace ${keyManager.namespace}`,
238
- )
239
- }
240
- this.keyManagers[keyManager.namespace] = keyManager
241
- })
242
- this.defaultKeyManager = keyManagers[0]
243
- } else {
244
- this.keyManagers[keyManagers.namespace] = keyManagers
245
- this.defaultKeyManager = keyManagers
246
- }
247
-
248
- if (options?.archiveData) {
249
- this.keyArchive = this.loadArchive(options.archiveData)
250
- }
251
-
252
- // We take copies of the input parameters so we own the data
253
- if (options?.excludedKeys) {
254
- options?.excludedKeys.forEach((excludedKey) =>
255
- this.excludedKeys.add(excludedKey),
256
- )
257
- }
258
-
259
- if (options?.excludedKeyTypes) {
260
- options?.excludedKeyTypes.forEach((excludedKeyType) =>
261
- this.excludedKeyTypes.add(excludedKeyType),
262
- )
263
- }
264
-
265
- if (options?.metaInfo?.size) {
266
- for (const [key, value] of options?.metaInfo?.entries()) {
267
- this.metaInfo.set(key, value)
268
- }
269
- }
270
- }
271
-
272
- /**
273
- * Reads the binary data and converts it to JSON and then deserialises it
274
- * into a KeyArchive
275
- */
276
- private loadArchive(
277
- archiveData: ArrayBuffer,
278
- ): SecureKeyArchive | InsecureKeyArchive {
279
- let unzipped: Uint8Array
280
-
281
- try {
282
- unzipped = gunzipSync(new Uint8Array(archiveData))
283
- } catch (err) {
284
- throw new KeyArchiveDecodingError()
285
- }
286
-
287
- let keyArchive: KeyArchive
288
- try {
289
- const decoded = KeyArchiveCodec.decode(
290
- JSON.parse(BufferUtil.toString(unzipped)),
291
- )
292
- if (isLeft(decoded)) {
293
- throw new KeyArchiveDecodingError()
294
- }
295
- keyArchive = decoded.right
296
- } catch (err) {
297
- throw new KeyArchiveDecodingError()
298
- }
299
- if (isUnrecognizedKeyArchive(keyArchive)) {
300
- if (
301
- keyArchive.Type &&
302
- keyArchive.Type !== SecureKeyArchiveType &&
303
- keyArchive.Type !== InsecureKeyArchiveType
304
- ) {
305
- throw new KeyArchiveTypeError(keyArchive.Type)
306
- }
307
-
308
- // Only support DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION for now.
309
- if (
310
- keyArchive.Version !== undefined &&
311
- keyArchive.Version !== DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION
312
- ) {
313
- throw new KeyArchiveVersionError(keyArchive.Version)
314
- }
315
-
316
- throw new KeyArchiveDecodingError()
317
- }
318
-
319
- return keyArchive
320
- }
321
-
322
- async loadKeys(): Promise<void> {
323
- for (const keyManager of Object.values(this.keyManagers)) {
324
- await keyManager.exportKeys().then((exported) => {
325
- exported.forEach((data) => {
326
- const keyArchiveInfoDecoded = keyArchiveInfoFromKeyData(data)
327
- if (
328
- !this.excludedKeyTypes.has(keyArchiveInfoDecoded.Type) &&
329
- !this.excludedKeys.has(data.name)
330
- ) {
331
- this.keys.set(
332
- `${keyArchiveInfoDecoded.NameSpace}:${keyArchiveInfoDecoded.Type}:${keyArchiveInfoDecoded.Name}`,
333
- keyArchiveInfoDecoded,
334
- )
335
- }
336
- })
337
- })
338
- }
339
- }
340
-
341
- async saveKeys(): Promise<void> {
342
- for (const info of this.keys.values()) {
343
- const keyManager = this.keyManagers[info.NameSpace]
344
- if (!keyManager) continue
345
- if (this.excludedKeyTypes.has(info.Type)) continue
346
- if (this.excludedKeys.has(info.Name)) continue
347
-
348
- const keyData = info.Decoded
349
- switch (info.Type) {
350
- case KeyArchiveKeyType.Password:
351
- await keyManager.addPassword(keyData, info.Name)
352
- break
353
- case KeyArchiveKeyType.PrivateKey:
354
- await keyManager.addPrivateKey(keyData, info.Name)
355
- break
356
- case KeyArchiveKeyType.PublicKey:
357
- await keyManager.addPublicKey(keyData, info.Name)
358
- break
359
- case KeyArchiveKeyType.SymmetricKey:
360
- await keyManager.addSymmetricKey(keyData, info.Name)
361
- break
362
- default:
363
- throw new KeyArchiveUnknownKeyTypeError(
364
- `Key archive key type ${info.Type as string} is not recognized`,
365
- )
366
- }
367
- }
368
- }
369
-
370
- async archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer> {
371
- const keys: KeyArchiveKeyInfo[] = []
372
- for (const key of this.keys.values()) {
373
- keys.push({
374
- NameSpace: key.NameSpace,
375
- Name: key.Name,
376
- Data: key.Data,
377
- Type: key.Type,
378
- Synchronizable: key.Synchronizable,
379
- Exportable: key.Exportable,
380
- })
381
- }
382
-
383
- let keyArchive: SecureKeyArchive | InsecureKeyArchive
384
- if (!password) {
385
- const insecureKeyArchive: InsecureKeyArchive = {
386
- Type: 'Insecure',
387
- MetaInfo: {},
388
- Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
389
- Keys: keys,
390
- }
391
- keyArchive = insecureKeyArchive
392
- } else {
393
- const salt = await this.defaultKeyManager.generateRandomData(
394
- SudoCryptoProviderDefaults.pbkdfSaltSize,
395
- )
396
- const b64Salt = Base64.encode(salt)
397
- const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(
398
- password,
399
- salt,
400
- {
401
- rounds: SudoCryptoProviderDefaults.pbkdfRounds,
402
- },
403
- )
404
-
405
- const serializedKeys = JSON.stringify(keys)
406
- const compressedSerializedKeys = gzipSync(
407
- BufferUtil.fromString(serializedKeys),
408
- {
409
- level: 9,
410
- },
411
- )
412
-
413
- // Don't strictly need a randomly generated IV here but no harm either
414
- const iv = await this.defaultKeyManager.generateRandomData(
415
- SudoCryptoProviderDefaults.aesIVSize,
416
- )
417
- const encryptedKeys =
418
- await this.defaultKeyManager.encryptWithSymmetricKey(
419
- key,
420
- compressedSerializedKeys,
421
- { iv },
422
- )
423
- const secureKeyArchive: SecureKeyArchive = {
424
- Type: 'Secure',
425
- Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
426
- MetaInfo: {},
427
- Salt: b64Salt,
428
- Rounds: SudoCryptoProviderDefaults.pbkdfRounds,
429
- Keys: Base64.encode(encryptedKeys),
430
- IV: Base64.encode(iv),
431
- }
432
-
433
- keyArchive = secureKeyArchive
434
- }
435
-
436
- for (const [key, value] of this.metaInfo.entries()) {
437
- keyArchive.MetaInfo[key] = value
438
- }
439
-
440
- const archiveString = JSON.stringify(keyArchive)
441
-
442
- // While this double Gzips the SecureKeyArchive, it allows us to roughly
443
- // recover the space consumed by Base64 encoding the cipher text. Otherwise
444
- // we would end up having a fully binary data structure for the archive.
445
- // If the time to compute becomes prohibitive we can look at a binary, non-JSON
446
- // base format for the archive.
447
- const archiveGzipped = gzipSync(BufferUtil.fromString(archiveString), {
448
- level: 9,
449
- })
450
-
451
- return Promise.resolve(archiveGzipped)
452
- }
453
-
454
- async unarchive(password: ArrayBuffer | undefined): Promise<void> {
455
- if (!this.keyArchive) {
456
- throw new KeyArchiveMissingError()
457
- }
458
-
459
- let keys: KeyArchiveKeyInfo[]
460
-
461
- if (isSecureKeyArchive(this.keyArchive)) {
462
- if (!password) {
463
- throw new KeyArchivePasswordRequiredError()
464
- }
465
-
466
- let iv: ArrayBuffer
467
- let encryptedKeys: ArrayBuffer
468
- let key: ArrayBuffer
469
- try {
470
- const salt = Base64.decode(this.keyArchive.Salt)
471
- iv = Base64.decode(this.keyArchive.IV)
472
- encryptedKeys = Base64.decode(this.keyArchive.Keys)
473
- key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(
474
- password,
475
- salt,
476
- { rounds: this.keyArchive.Rounds },
477
- )
478
- } catch (err) {
479
- throw new KeyArchiveDecodingError()
480
- }
481
-
482
- let compressedSerializedKeys: ArrayBuffer
483
- try {
484
- compressedSerializedKeys =
485
- await this.defaultKeyManager.decryptWithSymmetricKey(
486
- key,
487
- encryptedKeys,
488
- { iv },
489
- )
490
- } catch (err) {
491
- throw new KeyArchiveIncorrectPasswordError()
492
- }
493
- try {
494
- const serializedKeys = gunzipSync(
495
- new Uint8Array(compressedSerializedKeys),
496
- )
497
- const decoded = KeyArchiveKeyInfoArrayCodec.decode(
498
- JSON.parse(BufferUtil.toString(serializedKeys)),
499
- )
500
- if (isLeft(decoded)) {
501
- throw new KeyArchiveDecodingError()
502
- }
503
- keys = decoded.right
504
- } catch (err) {
505
- throw new KeyArchiveDecodingError()
506
- }
507
- } else {
508
- if (password) {
509
- throw new KeyArchiveNoPasswordRequiredError()
510
- }
511
- keys = this.keyArchive.Keys
512
- }
513
-
514
- keys.forEach((key) => {
515
- const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`
516
- let decoded: ArrayBuffer
517
- try {
518
- decoded = Base64.decode(key.Data)
519
- } catch (err) {
520
- throw new KeyArchiveDecodingError(`Unable to decode key ${keyKey}`)
521
- }
522
- this.keys.set(keyKey, { ...key, Decoded: decoded })
523
- })
524
- }
525
-
526
- reset(): void {
527
- this.keys.clear()
528
- }
529
-
530
- containsKey(
531
- namespace: string,
532
- name: string,
533
- type: KeyArchiveKeyType,
534
- ): boolean {
535
- return this.keys.has(`${namespace}:${type}:${name}`)
536
- }
537
-
538
- getKeyData(
539
- namespace: string,
540
- name: string,
541
- type: KeyArchiveKeyType,
542
- ): ArrayBuffer {
543
- const keyInfo = this.keys.get(`${namespace}:${type}:${name}`)
544
- if (!keyInfo) {
545
- throw new KeyNotFoundError()
546
- }
547
-
548
- return keyInfo.Decoded
549
- }
550
-
551
- getExcludedKeys(): ReadonlySet<string> {
552
- return this.excludedKeys
553
- }
554
-
555
- getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType> {
556
- return this.excludedKeyTypes
557
- }
558
-
559
- getMetaInfo(): ReadonlyMap<string, string> {
560
- return this.metaInfo
561
- }
562
- }
563
-
564
- export function keyArchiveInfoFromKeyData(
565
- keyData: KeyData,
566
- ): KeyArchiveKeyInfoDecoded {
567
- return {
568
- NameSpace: keyData.namespace,
569
- Name: keyData.name,
570
- Type: keyArchiveKeyTypeFromKeyDataKeyType(keyData.type),
571
- Data: Base64.encode(keyData.data),
572
- Decoded: keyData.data,
573
- Synchronizable: false,
574
- Exportable: true,
575
- }
576
- }
577
-
578
- export function keyArchiveKeyTypeFromKeyDataKeyType(
579
- keyDataKeyType: KeyDataKeyType,
580
- ): KeyArchiveKeyType {
581
- switch (keyDataKeyType) {
582
- case KeyDataKeyType.Password:
583
- return KeyArchiveKeyType.Password
584
- case KeyDataKeyType.RSAPrivateKey:
585
- return KeyArchiveKeyType.PrivateKey
586
- case KeyDataKeyType.RSAPublicKey:
587
- return KeyArchiveKeyType.PublicKey
588
- case KeyDataKeyType.SymmetricKey:
589
- return KeyArchiveKeyType.SymmetricKey
590
- }
591
- }
@@ -1,4 +0,0 @@
1
- export * from './keyData'
2
- export * from './publicKey'
3
- export * from './sudoCryptoProvider'
4
- export * from './sudoKeyManager'
@@ -1,60 +0,0 @@
1
- /**
2
- * Type of key
3
- */
4
- export enum KeyDataKeyType {
5
- SymmetricKey = 'SymmetricKey',
6
- RSAPublicKey = 'RSAPublicKey',
7
- RSAPrivateKey = 'RSAPrivateKey',
8
- Password = 'Password',
9
- }
10
-
11
- export enum KeyDataKeyFormat {
12
- /**
13
- * Raw key format.
14
- *
15
- * For SymmetricKey and Password types this means the raw bytes
16
- * of the key/password.
17
- *
18
- * For RSAPublicKey this means RSAPublicKey binary format.
19
- * For RSAPrivateKey this means RSAPrivateKey binary format.
20
- * "RSA PUBLIC KEY" or "RSA PRIVATE KEY" in PEM speak
21
- */
22
- Raw = 'Raw',
23
-
24
- /**
25
- * SPKI public key format.
26
- *
27
- * Applies to public keys (currently only RSAPublicKey)
28
- * and means they are formated using SPKI.
29
- *
30
- * "PUBLIC KEY" in PEM speak
31
- */
32
- SPKI = 'SPKI',
33
-
34
- /**
35
- * PKCS8 private key format.
36
- *
37
- * Applies to private keys (currently only RSAPrivateKey)
38
- * and means they are formated using unencrypted PKCS8.
39
- *
40
- * "PRIVATE KEY" in PEM speak
41
- */
42
- PKCS8 = 'PKCS8',
43
- }
44
-
45
- /**
46
- * Record of key in a key archive
47
- *
48
- * @property name name of the key within the namespace
49
- * @property namespace namespace of the key manager for this key
50
- * @property data raw binary data of the key
51
- * @property type type of the key
52
- * @property format format of the raw binary data
53
- */
54
- export interface KeyData {
55
- name: string
56
- namespace: string
57
- data: ArrayBuffer
58
- type: KeyDataKeyType
59
- format: KeyDataKeyFormat
60
- }
@@ -1,9 +0,0 @@
1
- export enum PublicKeyFormat {
2
- RSAPublicKey,
3
- SPKI,
4
- }
5
-
6
- export interface PublicKey {
7
- readonly keyData: ArrayBuffer
8
- readonly keyFormat: PublicKeyFormat
9
- }