@sudoplatform/sudo-common 7.1.3 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/outdated-with-suppression.sh +203 -0
- package/bin/suppress-audit.sh +15 -0
- package/bin/suppress-outdated.sh +60 -0
- package/bin/yarn-audit-with-suppression.sh +19 -0
- package/cjs/configurationManager/defaultConfigurationManager.d.ts +123 -0
- package/cjs/configurationManager/defaultConfigurationManager.js +122 -0
- package/cjs/configurationManager/defaultConfigurationManager.js.map +1 -0
- package/cjs/errors/error.d.ts +263 -0
- package/cjs/errors/error.js +442 -0
- package/cjs/errors/error.js.map +1 -0
- package/cjs/index.d.ts +9 -0
- package/cjs/index.js +13 -0
- package/cjs/index.js.map +1 -0
- package/cjs/logging/bunyanLogger.d.ts +8 -0
- package/cjs/logging/bunyanLogger.js +36 -0
- package/cjs/logging/bunyanLogger.js.map +1 -0
- package/cjs/logging/logger.d.ts +87 -0
- package/cjs/logging/logger.js +77 -0
- package/cjs/logging/logger.js.map +1 -0
- package/cjs/sudoKeyArchive/index.d.ts +4 -0
- package/cjs/sudoKeyArchive/index.js +8 -0
- package/cjs/sudoKeyArchive/index.js.map +1 -0
- package/cjs/sudoKeyArchive/keyArchive.d.ts +137 -0
- package/cjs/sudoKeyArchive/keyArchive.js +84 -0
- package/cjs/sudoKeyArchive/keyArchive.js.map +1 -0
- package/cjs/sudoKeyArchive/keyInfo.d.ts +41 -0
- package/cjs/sudoKeyArchive/keyInfo.js +17 -0
- package/cjs/sudoKeyArchive/keyInfo.js.map +1 -0
- package/cjs/sudoKeyArchive/keyType.d.ts +13 -0
- package/cjs/sudoKeyArchive/keyType.js +39 -0
- package/cjs/sudoKeyArchive/keyType.js.map +1 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.d.ts +190 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.js +373 -0
- package/cjs/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
- package/cjs/sudoKeyManager/index.d.ts +4 -0
- package/cjs/sudoKeyManager/index.js +8 -0
- package/cjs/sudoKeyManager/index.js.map +1 -0
- package/cjs/sudoKeyManager/keyData.d.ts +56 -0
- package/cjs/sudoKeyManager/keyData.js +46 -0
- package/cjs/sudoKeyManager/keyData.js.map +1 -0
- package/cjs/sudoKeyManager/publicKey.d.ts +8 -0
- package/cjs/sudoKeyManager/publicKey.js +9 -0
- package/cjs/sudoKeyManager/publicKey.js.map +1 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.d.ts +324 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.js +12 -0
- package/cjs/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
- package/cjs/sudoKeyManager/sudoKeyManager.d.ts +344 -0
- package/cjs/sudoKeyManager/sudoKeyManager.js +140 -0
- package/cjs/sudoKeyManager/sudoKeyManager.js.map +1 -0
- package/cjs/types/types.d.ts +115 -0
- package/cjs/types/types.js +45 -0
- package/cjs/types/types.js.map +1 -0
- package/cjs/utils/base64.d.ts +44 -0
- package/cjs/utils/base64.js +71 -0
- package/cjs/utils/base64.js.map +1 -0
- package/cjs/utils/buffer.d.ts +13 -0
- package/cjs/utils/buffer.js +37 -0
- package/cjs/utils/buffer.js.map +1 -0
- package/cjs/utils/stream.d.ts +6 -0
- package/cjs/utils/stream.js +70 -0
- package/cjs/utils/stream.js.map +1 -0
- package/lib/configurationManager/defaultConfigurationManager.js +106 -156
- package/lib/configurationManager/defaultConfigurationManager.js.map +1 -0
- package/lib/errors/error.js +226 -438
- package/lib/errors/error.js.map +1 -0
- package/lib/index.d.ts +1 -0
- package/lib/index.js +10 -109
- package/lib/index.js.map +1 -0
- package/lib/logging/bunyanLogger.js +29 -41
- package/lib/logging/bunyanLogger.js.map +1 -0
- package/lib/logging/logger.js +66 -92
- package/lib/logging/logger.js.map +1 -0
- package/lib/sudoKeyArchive/index.js +5 -57
- package/lib/sudoKeyArchive/index.js.map +1 -0
- package/lib/sudoKeyArchive/keyArchive.d.ts +8 -8
- package/lib/sudoKeyArchive/keyArchive.js +69 -96
- package/lib/sudoKeyArchive/keyArchive.js.map +1 -0
- package/lib/sudoKeyArchive/keyInfo.js +11 -49
- package/lib/sudoKeyArchive/keyInfo.js.map +1 -0
- package/lib/sudoKeyArchive/keyType.js +27 -37
- package/lib/sudoKeyArchive/keyType.js.map +1 -0
- package/lib/sudoKeyArchive/sudoKeyArchive.js +351 -444
- package/lib/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
- package/lib/sudoKeyManager/index.js +5 -57
- package/lib/sudoKeyManager/index.js.map +1 -0
- package/lib/sudoKeyManager/keyData.js +38 -33
- package/lib/sudoKeyManager/keyData.js.map +1 -0
- package/lib/sudoKeyManager/publicKey.js +5 -12
- package/lib/sudoKeyManager/publicKey.js.map +1 -0
- package/lib/sudoKeyManager/sudoCryptoProvider.js +8 -26
- package/lib/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
- package/lib/sudoKeyManager/sudoKeyManager.js +135 -173
- package/lib/sudoKeyManager/sudoKeyManager.js.map +1 -0
- package/lib/types/types.js +27 -33
- package/lib/types/types.js.map +1 -0
- package/lib/utils/base64.js +63 -93
- package/lib/utils/base64.js.map +1 -0
- package/lib/utils/buffer.js +28 -46
- package/lib/utils/buffer.js.map +1 -0
- package/lib/utils/stream.d.ts +6 -0
- package/lib/utils/stream.js +63 -0
- package/lib/utils/stream.js.map +1 -0
- package/package.json +35 -27
|
@@ -0,0 +1,190 @@
|
|
|
1
|
+
import { KeyData, KeyDataKeyType } from '../sudoKeyManager';
|
|
2
|
+
import { SudoKeyManager } from '../sudoKeyManager/sudoKeyManager';
|
|
3
|
+
import { KeyArchiveKeyInfo } from './keyInfo';
|
|
4
|
+
import { KeyArchiveKeyType } from './keyType';
|
|
5
|
+
export interface SudoKeyArchive {
|
|
6
|
+
/**
|
|
7
|
+
* Loads keys from the secure store into the archive.
|
|
8
|
+
*/
|
|
9
|
+
loadKeys(): Promise<void>;
|
|
10
|
+
/**
|
|
11
|
+
* Saves the keys in this archive to the secure store.
|
|
12
|
+
*/
|
|
13
|
+
saveKeys(): Promise<void>;
|
|
14
|
+
/**
|
|
15
|
+
* Archives and encrypts the keys loaded into this archive.
|
|
16
|
+
*
|
|
17
|
+
* @param password
|
|
18
|
+
* The password to use to encrypt the archive. Or undefined if no password.
|
|
19
|
+
* Choice to have no password must be explicit.
|
|
20
|
+
*
|
|
21
|
+
* @returns Binary archive data.
|
|
22
|
+
*/
|
|
23
|
+
archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer>;
|
|
24
|
+
/**
|
|
25
|
+
* Decrypts and unarchives the keys in this archive.
|
|
26
|
+
*
|
|
27
|
+
* @param password
|
|
28
|
+
* The password to use to decrypt the archive if its a secure archive
|
|
29
|
+
* otherwise must be undefined.
|
|
30
|
+
*
|
|
31
|
+
* @throws {@link KeyArchiveDecodingError}
|
|
32
|
+
* If the archive is unable to be decoding according to the
|
|
33
|
+
* required structure.
|
|
34
|
+
*
|
|
35
|
+
* @throws {@link KeyArchiveIncorrectPasswordError}
|
|
36
|
+
* If the archive is a secure archive and the password is unable to be
|
|
37
|
+
* used to decrypt the encrypted keys.
|
|
38
|
+
*
|
|
39
|
+
* @throws {@link KeyArchivePasswordRequiredError}
|
|
40
|
+
* If the archive is a secure archive but no password is provided.
|
|
41
|
+
*
|
|
42
|
+
* @throws {@link KeyArchiveNoPasswordRequiredError}
|
|
43
|
+
* If the archive is an insecure archive but a password is provided.
|
|
44
|
+
*/
|
|
45
|
+
unarchive(password: ArrayBuffer | undefined): Promise<void>;
|
|
46
|
+
/**
|
|
47
|
+
* Resets the archive by clearing loaded keys and archive data.
|
|
48
|
+
*/
|
|
49
|
+
reset(): void;
|
|
50
|
+
/**
|
|
51
|
+
* Determines whether or not the archive contains the key with the
|
|
52
|
+
* specified name and type. The archive must be unarchived before the
|
|
53
|
+
* key can be searched.
|
|
54
|
+
*
|
|
55
|
+
* @param namespace the namespace of the key
|
|
56
|
+
* @param name the key name.
|
|
57
|
+
* @param type the key type.
|
|
58
|
+
*
|
|
59
|
+
* @return true if the specified key exists in the archive.
|
|
60
|
+
*/
|
|
61
|
+
containsKey(namespace: string, name: string, type: KeyArchiveKeyType): boolean;
|
|
62
|
+
/**
|
|
63
|
+
* Retrieves the specified key data from the archive. The archive must
|
|
64
|
+
* be unarchived before the key data can be retrieved.
|
|
65
|
+
*
|
|
66
|
+
* @param namespace the namespace of the key
|
|
67
|
+
* @param name the key name
|
|
68
|
+
* @param type the key type
|
|
69
|
+
*
|
|
70
|
+
* @return a byte array containing the specified key data or null if it was not found.
|
|
71
|
+
*
|
|
72
|
+
* @throws {@link KeyNotFoundError}
|
|
73
|
+
* If key is not present in the archive.
|
|
74
|
+
*/
|
|
75
|
+
getKeyData(namespace: string, name: string, type: KeyArchiveKeyType): ArrayBuffer;
|
|
76
|
+
/** @return the key types to exclude from the archive in an unmodifiable set. */
|
|
77
|
+
getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType>;
|
|
78
|
+
/** @return the key names to exclude from the archive in an unmodifiable set. */
|
|
79
|
+
getExcludedKeys(): ReadonlySet<string>;
|
|
80
|
+
/** @return the meta-information associated with this archive in an unmodifiable map. */
|
|
81
|
+
getMetaInfo(): ReadonlyMap<string, string>;
|
|
82
|
+
}
|
|
83
|
+
export declare type KeyArchiveKeyInfoDecoded = KeyArchiveKeyInfo & {
|
|
84
|
+
Decoded: ArrayBuffer;
|
|
85
|
+
};
|
|
86
|
+
export declare class DefaultSudoKeyArchive implements SudoKeyArchive {
|
|
87
|
+
/**
|
|
88
|
+
* Version 2 format is not gzipped is what's currently generated
|
|
89
|
+
* by iOS and Android. We may want to add support for importing
|
|
90
|
+
* such archives.
|
|
91
|
+
*/
|
|
92
|
+
static readonly PREGZIP_ARCHIVE_VERSION = 2;
|
|
93
|
+
/**
|
|
94
|
+
* Version 3 format permits both secure and insecure key archives.
|
|
95
|
+
*
|
|
96
|
+
* Insecure key archives are used where the archive will be stored
|
|
97
|
+
* in an otherwise known secure way e.g. via secure-vault-service
|
|
98
|
+
* where the encryption of the archive would then be handled by
|
|
99
|
+
* clients of that service.
|
|
100
|
+
*
|
|
101
|
+
* Secure key archives are password protected (via PBKDF2) a la version
|
|
102
|
+
* 2 format.
|
|
103
|
+
*
|
|
104
|
+
* Insecure format detail is:
|
|
105
|
+
*
|
|
106
|
+
* gzip(JSON.stringify(InsecureKeyArchive))
|
|
107
|
+
*
|
|
108
|
+
* Secure format detail is:
|
|
109
|
+
*
|
|
110
|
+
* gzip(JSON.stringify(SecureKeyArchive))
|
|
111
|
+
*
|
|
112
|
+
* where Keys property of SecureKeyArchive is:
|
|
113
|
+
*
|
|
114
|
+
* base64(encrypt(gzip(JSON.stringify(array of keys))))
|
|
115
|
+
*
|
|
116
|
+
* Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
|
|
117
|
+
* and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
|
|
118
|
+
* salted with SecureKeyArchive.Salt.
|
|
119
|
+
*/
|
|
120
|
+
static readonly CURRENT_ARCHIVE_VERSION = 3;
|
|
121
|
+
private readonly defaultKeyManager;
|
|
122
|
+
private readonly keyManagers;
|
|
123
|
+
private keyArchive;
|
|
124
|
+
private readonly excludedKeys;
|
|
125
|
+
private readonly excludedKeyTypes;
|
|
126
|
+
private readonly metaInfo;
|
|
127
|
+
private readonly keys;
|
|
128
|
+
/**
|
|
129
|
+
* Construct SudoKeyArchive
|
|
130
|
+
*
|
|
131
|
+
*
|
|
132
|
+
* @param keyManagers
|
|
133
|
+
* Key manager or array of key managers to either restore archive in to
|
|
134
|
+
* or construct archive from
|
|
135
|
+
*
|
|
136
|
+
* @param archiveData
|
|
137
|
+
* Array buffer of binary archive data to restore.
|
|
138
|
+
*
|
|
139
|
+
* @param excludedKeys
|
|
140
|
+
* Set of key names to exclude from archive or restore operation.
|
|
141
|
+
* Default: None
|
|
142
|
+
*
|
|
143
|
+
* @param excludedKeyTypes
|
|
144
|
+
* Set of key types to exclude from archive or restore operation.
|
|
145
|
+
* Default: {@link KeyArchiveKeyType.PublicKey}
|
|
146
|
+
*
|
|
147
|
+
* @param metaInfo
|
|
148
|
+
* Meta information to include with the key archive
|
|
149
|
+
*
|
|
150
|
+
* @throws {@link IllegalArgumentError}
|
|
151
|
+
* If no key managers are provided
|
|
152
|
+
*
|
|
153
|
+
* @throws {@link IllegalArgumentError}
|
|
154
|
+
* If multiple key managers are provided with the same namespace
|
|
155
|
+
*
|
|
156
|
+
* @throws {@link KeyArchiveDecodingError}
|
|
157
|
+
* If archiveData is provided and its binary data cannot be decoded
|
|
158
|
+
*
|
|
159
|
+
* @throws {@link KeyArchiveTypeError}
|
|
160
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
161
|
+
* type.
|
|
162
|
+
*
|
|
163
|
+
* @throws {@link KeyArchiveVersionError}
|
|
164
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
165
|
+
* version.
|
|
166
|
+
*/
|
|
167
|
+
constructor(keyManagers: SudoKeyManager | SudoKeyManager[], options?: {
|
|
168
|
+
archiveData?: ArrayBuffer;
|
|
169
|
+
excludedKeys?: ReadonlySet<string>;
|
|
170
|
+
excludedKeyTypes?: ReadonlySet<KeyArchiveKeyType>;
|
|
171
|
+
metaInfo?: ReadonlyMap<string, string>;
|
|
172
|
+
});
|
|
173
|
+
/**
|
|
174
|
+
* Reads the binary data and converts it to JSON and then deserialises it
|
|
175
|
+
* into a KeyArchive
|
|
176
|
+
*/
|
|
177
|
+
private loadArchive;
|
|
178
|
+
loadKeys(): Promise<void>;
|
|
179
|
+
saveKeys(): Promise<void>;
|
|
180
|
+
archive(password: ArrayBuffer | undefined): Promise<ArrayBuffer>;
|
|
181
|
+
unarchive(password: ArrayBuffer | undefined): Promise<void>;
|
|
182
|
+
reset(): void;
|
|
183
|
+
containsKey(namespace: string, name: string, type: KeyArchiveKeyType): boolean;
|
|
184
|
+
getKeyData(namespace: string, name: string, type: KeyArchiveKeyType): ArrayBuffer;
|
|
185
|
+
getExcludedKeys(): ReadonlySet<string>;
|
|
186
|
+
getExcludedKeyTypes(): ReadonlySet<KeyArchiveKeyType>;
|
|
187
|
+
getMetaInfo(): ReadonlyMap<string, string>;
|
|
188
|
+
}
|
|
189
|
+
export declare function keyArchiveInfoFromKeyData(keyData: KeyData): KeyArchiveKeyInfoDecoded;
|
|
190
|
+
export declare function keyArchiveKeyTypeFromKeyDataKeyType(keyDataKeyType: KeyDataKeyType): KeyArchiveKeyType;
|
|
@@ -0,0 +1,373 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.keyArchiveKeyTypeFromKeyDataKeyType = exports.keyArchiveInfoFromKeyData = exports.DefaultSudoKeyArchive = void 0;
|
|
4
|
+
const fflate_1 = require("fflate");
|
|
5
|
+
const Either_1 = require("fp-ts/lib/Either");
|
|
6
|
+
const error_1 = require("../errors/error");
|
|
7
|
+
const sudoKeyManager_1 = require("../sudoKeyManager");
|
|
8
|
+
const sudoCryptoProvider_1 = require("../sudoKeyManager/sudoCryptoProvider");
|
|
9
|
+
const base64_1 = require("../utils/base64");
|
|
10
|
+
const buffer_1 = require("../utils/buffer");
|
|
11
|
+
const keyArchive_1 = require("./keyArchive");
|
|
12
|
+
const keyInfo_1 = require("./keyInfo");
|
|
13
|
+
const keyType_1 = require("./keyType");
|
|
14
|
+
class DefaultSudoKeyArchive {
|
|
15
|
+
/**
|
|
16
|
+
* Construct SudoKeyArchive
|
|
17
|
+
*
|
|
18
|
+
*
|
|
19
|
+
* @param keyManagers
|
|
20
|
+
* Key manager or array of key managers to either restore archive in to
|
|
21
|
+
* or construct archive from
|
|
22
|
+
*
|
|
23
|
+
* @param archiveData
|
|
24
|
+
* Array buffer of binary archive data to restore.
|
|
25
|
+
*
|
|
26
|
+
* @param excludedKeys
|
|
27
|
+
* Set of key names to exclude from archive or restore operation.
|
|
28
|
+
* Default: None
|
|
29
|
+
*
|
|
30
|
+
* @param excludedKeyTypes
|
|
31
|
+
* Set of key types to exclude from archive or restore operation.
|
|
32
|
+
* Default: {@link KeyArchiveKeyType.PublicKey}
|
|
33
|
+
*
|
|
34
|
+
* @param metaInfo
|
|
35
|
+
* Meta information to include with the key archive
|
|
36
|
+
*
|
|
37
|
+
* @throws {@link IllegalArgumentError}
|
|
38
|
+
* If no key managers are provided
|
|
39
|
+
*
|
|
40
|
+
* @throws {@link IllegalArgumentError}
|
|
41
|
+
* If multiple key managers are provided with the same namespace
|
|
42
|
+
*
|
|
43
|
+
* @throws {@link KeyArchiveDecodingError}
|
|
44
|
+
* If archiveData is provided and its binary data cannot be decoded
|
|
45
|
+
*
|
|
46
|
+
* @throws {@link KeyArchiveTypeError}
|
|
47
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
48
|
+
* type.
|
|
49
|
+
*
|
|
50
|
+
* @throws {@link KeyArchiveVersionError}
|
|
51
|
+
* If archiveData is provided and decodes to an unsupported archive
|
|
52
|
+
* version.
|
|
53
|
+
*/
|
|
54
|
+
constructor(keyManagers, options) {
|
|
55
|
+
this.keyManagers = {};
|
|
56
|
+
this.excludedKeys = new Set();
|
|
57
|
+
this.excludedKeyTypes = new Set();
|
|
58
|
+
this.metaInfo = new Map();
|
|
59
|
+
this.keys = new Map();
|
|
60
|
+
if (Array.isArray(keyManagers)) {
|
|
61
|
+
if (keyManagers.length === 0) {
|
|
62
|
+
throw new error_1.IllegalArgumentError('Must provide at least one key manager');
|
|
63
|
+
}
|
|
64
|
+
keyManagers.forEach((keyManager) => {
|
|
65
|
+
if (this.keyManagers[keyManager.namespace]) {
|
|
66
|
+
throw new error_1.IllegalArgumentError(`Multiple key managers provided with namespace ${keyManager.namespace}`);
|
|
67
|
+
}
|
|
68
|
+
this.keyManagers[keyManager.namespace] = keyManager;
|
|
69
|
+
});
|
|
70
|
+
this.defaultKeyManager = keyManagers[0];
|
|
71
|
+
}
|
|
72
|
+
else {
|
|
73
|
+
this.keyManagers[keyManagers.namespace] = keyManagers;
|
|
74
|
+
this.defaultKeyManager = keyManagers;
|
|
75
|
+
}
|
|
76
|
+
if (options?.archiveData) {
|
|
77
|
+
this.keyArchive = this.loadArchive(options.archiveData);
|
|
78
|
+
}
|
|
79
|
+
// We take copies of the input parameters so we own the data
|
|
80
|
+
if (options?.excludedKeys) {
|
|
81
|
+
options?.excludedKeys.forEach((excludedKey) => this.excludedKeys.add(excludedKey));
|
|
82
|
+
}
|
|
83
|
+
if (options?.excludedKeyTypes) {
|
|
84
|
+
options?.excludedKeyTypes.forEach((excludedKeyType) => this.excludedKeyTypes.add(excludedKeyType));
|
|
85
|
+
}
|
|
86
|
+
if (options?.metaInfo?.size) {
|
|
87
|
+
for (const [key, value] of options?.metaInfo?.entries()) {
|
|
88
|
+
this.metaInfo.set(key, value);
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Reads the binary data and converts it to JSON and then deserialises it
|
|
94
|
+
* into a KeyArchive
|
|
95
|
+
*/
|
|
96
|
+
loadArchive(archiveData) {
|
|
97
|
+
let unzipped;
|
|
98
|
+
try {
|
|
99
|
+
unzipped = (0, fflate_1.gunzipSync)(new Uint8Array(archiveData));
|
|
100
|
+
}
|
|
101
|
+
catch (err) {
|
|
102
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
103
|
+
}
|
|
104
|
+
let keyArchive;
|
|
105
|
+
try {
|
|
106
|
+
const decoded = keyArchive_1.KeyArchiveCodec.decode(JSON.parse(buffer_1.Buffer.toString(unzipped)));
|
|
107
|
+
if ((0, Either_1.isLeft)(decoded)) {
|
|
108
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
109
|
+
}
|
|
110
|
+
keyArchive = decoded.right;
|
|
111
|
+
}
|
|
112
|
+
catch (err) {
|
|
113
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
114
|
+
}
|
|
115
|
+
if ((0, keyArchive_1.isUnrecognizedKeyArchive)(keyArchive)) {
|
|
116
|
+
if (keyArchive.Type &&
|
|
117
|
+
keyArchive.Type !== keyArchive_1.SecureKeyArchiveType &&
|
|
118
|
+
keyArchive.Type !== keyArchive_1.InsecureKeyArchiveType) {
|
|
119
|
+
throw new error_1.KeyArchiveTypeError(keyArchive.Type);
|
|
120
|
+
}
|
|
121
|
+
// Only support DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION for now.
|
|
122
|
+
if (keyArchive.Version !== undefined &&
|
|
123
|
+
keyArchive.Version !== DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION) {
|
|
124
|
+
throw new error_1.KeyArchiveVersionError(keyArchive.Version);
|
|
125
|
+
}
|
|
126
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
127
|
+
}
|
|
128
|
+
return keyArchive;
|
|
129
|
+
}
|
|
130
|
+
async loadKeys() {
|
|
131
|
+
for (const keyManager of Object.values(this.keyManagers)) {
|
|
132
|
+
await keyManager.exportKeys().then((exported) => {
|
|
133
|
+
exported.forEach((data) => {
|
|
134
|
+
const keyArchiveInfoDecoded = keyArchiveInfoFromKeyData(data);
|
|
135
|
+
if (!this.excludedKeyTypes.has(keyArchiveInfoDecoded.Type) &&
|
|
136
|
+
!this.excludedKeys.has(data.name)) {
|
|
137
|
+
this.keys.set(`${keyArchiveInfoDecoded.NameSpace}:${keyArchiveInfoDecoded.Type}:${keyArchiveInfoDecoded.Name}`, keyArchiveInfoDecoded);
|
|
138
|
+
}
|
|
139
|
+
});
|
|
140
|
+
});
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
async saveKeys() {
|
|
144
|
+
for (const info of this.keys.values()) {
|
|
145
|
+
const keyManager = this.keyManagers[info.NameSpace];
|
|
146
|
+
if (!keyManager)
|
|
147
|
+
continue;
|
|
148
|
+
if (this.excludedKeyTypes.has(info.Type))
|
|
149
|
+
continue;
|
|
150
|
+
if (this.excludedKeys.has(info.Name))
|
|
151
|
+
continue;
|
|
152
|
+
const keyData = info.Decoded;
|
|
153
|
+
switch (info.Type) {
|
|
154
|
+
case keyType_1.KeyArchiveKeyType.Password:
|
|
155
|
+
await keyManager.addPassword(keyData, info.Name);
|
|
156
|
+
break;
|
|
157
|
+
case keyType_1.KeyArchiveKeyType.PrivateKey:
|
|
158
|
+
await keyManager.addPrivateKey(keyData, info.Name);
|
|
159
|
+
break;
|
|
160
|
+
case keyType_1.KeyArchiveKeyType.PublicKey:
|
|
161
|
+
await keyManager.addPublicKey(keyData, info.Name);
|
|
162
|
+
break;
|
|
163
|
+
case keyType_1.KeyArchiveKeyType.SymmetricKey:
|
|
164
|
+
await keyManager.addSymmetricKey(keyData, info.Name);
|
|
165
|
+
break;
|
|
166
|
+
default:
|
|
167
|
+
throw new error_1.KeyArchiveUnknownKeyTypeError(`Key archive key type ${info.Type} is not recognized`);
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
async archive(password) {
|
|
172
|
+
const keys = [];
|
|
173
|
+
for (const key of this.keys.values()) {
|
|
174
|
+
keys.push({
|
|
175
|
+
NameSpace: key.NameSpace,
|
|
176
|
+
Name: key.Name,
|
|
177
|
+
Data: key.Data,
|
|
178
|
+
Type: key.Type,
|
|
179
|
+
Synchronizable: key.Synchronizable,
|
|
180
|
+
Exportable: key.Exportable,
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
let keyArchive;
|
|
184
|
+
if (!password) {
|
|
185
|
+
const insecureKeyArchive = {
|
|
186
|
+
Type: 'Insecure',
|
|
187
|
+
MetaInfo: {},
|
|
188
|
+
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
189
|
+
Keys: keys,
|
|
190
|
+
};
|
|
191
|
+
keyArchive = insecureKeyArchive;
|
|
192
|
+
}
|
|
193
|
+
else {
|
|
194
|
+
const salt = await this.defaultKeyManager.generateRandomData(sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfSaltSize);
|
|
195
|
+
const b64Salt = base64_1.Base64.encode(salt);
|
|
196
|
+
const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, {
|
|
197
|
+
rounds: sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfRounds,
|
|
198
|
+
});
|
|
199
|
+
const serializedKeys = JSON.stringify(keys);
|
|
200
|
+
const compressedSerializedKeys = (0, fflate_1.gzipSync)(buffer_1.Buffer.fromString(serializedKeys), {
|
|
201
|
+
level: 9,
|
|
202
|
+
});
|
|
203
|
+
// Don't strictly need a randomly generated IV here but no harm either
|
|
204
|
+
const iv = await this.defaultKeyManager.generateRandomData(sudoCryptoProvider_1.SudoCryptoProviderDefaults.aesIVSize);
|
|
205
|
+
const encryptedKeys = await this.defaultKeyManager.encryptWithSymmetricKey(key, compressedSerializedKeys, { iv });
|
|
206
|
+
const secureKeyArchive = {
|
|
207
|
+
Type: 'Secure',
|
|
208
|
+
Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
|
|
209
|
+
MetaInfo: {},
|
|
210
|
+
Salt: b64Salt,
|
|
211
|
+
Rounds: sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfRounds,
|
|
212
|
+
Keys: base64_1.Base64.encode(encryptedKeys),
|
|
213
|
+
IV: base64_1.Base64.encode(iv),
|
|
214
|
+
};
|
|
215
|
+
keyArchive = secureKeyArchive;
|
|
216
|
+
}
|
|
217
|
+
for (const [key, value] of this.metaInfo.entries()) {
|
|
218
|
+
keyArchive.MetaInfo[key] = value;
|
|
219
|
+
}
|
|
220
|
+
const archiveString = JSON.stringify(keyArchive);
|
|
221
|
+
// While this double Gzips the SecureKeyArchive, it allows us to roughly
|
|
222
|
+
// recover the space consumed by Base64 encoding the cipher text. Otherwise
|
|
223
|
+
// we would end up having a fully binary data structure for the archive.
|
|
224
|
+
// If the time to compute becomes prohibitive we can look at a binary, non-JSON
|
|
225
|
+
// base format for the archive.
|
|
226
|
+
const archiveGzipped = (0, fflate_1.gzipSync)(buffer_1.Buffer.fromString(archiveString), {
|
|
227
|
+
level: 9,
|
|
228
|
+
});
|
|
229
|
+
return Promise.resolve(archiveGzipped);
|
|
230
|
+
}
|
|
231
|
+
async unarchive(password) {
|
|
232
|
+
if (!this.keyArchive) {
|
|
233
|
+
throw new error_1.KeyArchiveMissingError();
|
|
234
|
+
}
|
|
235
|
+
let keys;
|
|
236
|
+
if ((0, keyArchive_1.isSecureKeyArchive)(this.keyArchive)) {
|
|
237
|
+
if (!password) {
|
|
238
|
+
throw new error_1.KeyArchivePasswordRequiredError();
|
|
239
|
+
}
|
|
240
|
+
let iv;
|
|
241
|
+
let encryptedKeys;
|
|
242
|
+
let key;
|
|
243
|
+
try {
|
|
244
|
+
const salt = base64_1.Base64.decode(this.keyArchive.Salt);
|
|
245
|
+
iv = base64_1.Base64.decode(this.keyArchive.IV);
|
|
246
|
+
encryptedKeys = base64_1.Base64.decode(this.keyArchive.Keys);
|
|
247
|
+
key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, { rounds: this.keyArchive.Rounds });
|
|
248
|
+
}
|
|
249
|
+
catch (err) {
|
|
250
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
251
|
+
}
|
|
252
|
+
let compressedSerializedKeys;
|
|
253
|
+
try {
|
|
254
|
+
compressedSerializedKeys =
|
|
255
|
+
await this.defaultKeyManager.decryptWithSymmetricKey(key, encryptedKeys, { iv });
|
|
256
|
+
}
|
|
257
|
+
catch (err) {
|
|
258
|
+
throw new error_1.KeyArchiveIncorrectPasswordError();
|
|
259
|
+
}
|
|
260
|
+
try {
|
|
261
|
+
const serializedKeys = (0, fflate_1.gunzipSync)(new Uint8Array(compressedSerializedKeys));
|
|
262
|
+
const decoded = keyInfo_1.KeyArchiveKeyInfoArrayCodec.decode(JSON.parse(buffer_1.Buffer.toString(serializedKeys)));
|
|
263
|
+
if ((0, Either_1.isLeft)(decoded)) {
|
|
264
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
265
|
+
}
|
|
266
|
+
keys = decoded.right;
|
|
267
|
+
}
|
|
268
|
+
catch (err) {
|
|
269
|
+
throw new error_1.KeyArchiveDecodingError();
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
else {
|
|
273
|
+
if (password) {
|
|
274
|
+
throw new error_1.KeyArchiveNoPasswordRequiredError();
|
|
275
|
+
}
|
|
276
|
+
keys = this.keyArchive.Keys;
|
|
277
|
+
}
|
|
278
|
+
keys.forEach((key) => {
|
|
279
|
+
const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`;
|
|
280
|
+
let decoded;
|
|
281
|
+
try {
|
|
282
|
+
decoded = base64_1.Base64.decode(key.Data);
|
|
283
|
+
}
|
|
284
|
+
catch (err) {
|
|
285
|
+
throw new error_1.KeyArchiveDecodingError(`Unable to decode key ${keyKey}`);
|
|
286
|
+
}
|
|
287
|
+
this.keys.set(keyKey, { ...key, Decoded: decoded });
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
reset() {
|
|
291
|
+
this.keys.clear();
|
|
292
|
+
}
|
|
293
|
+
containsKey(namespace, name, type) {
|
|
294
|
+
return this.keys.has(`${namespace}:${type}:${name}`);
|
|
295
|
+
}
|
|
296
|
+
getKeyData(namespace, name, type) {
|
|
297
|
+
const keyInfo = this.keys.get(`${namespace}:${type}:${name}`);
|
|
298
|
+
if (!keyInfo) {
|
|
299
|
+
throw new error_1.KeyNotFoundError();
|
|
300
|
+
}
|
|
301
|
+
return keyInfo.Decoded;
|
|
302
|
+
}
|
|
303
|
+
getExcludedKeys() {
|
|
304
|
+
return this.excludedKeys;
|
|
305
|
+
}
|
|
306
|
+
getExcludedKeyTypes() {
|
|
307
|
+
return this.excludedKeyTypes;
|
|
308
|
+
}
|
|
309
|
+
getMetaInfo() {
|
|
310
|
+
return this.metaInfo;
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
exports.DefaultSudoKeyArchive = DefaultSudoKeyArchive;
|
|
314
|
+
/**
|
|
315
|
+
* Version 2 format is not gzipped is what's currently generated
|
|
316
|
+
* by iOS and Android. We may want to add support for importing
|
|
317
|
+
* such archives.
|
|
318
|
+
*/
|
|
319
|
+
DefaultSudoKeyArchive.PREGZIP_ARCHIVE_VERSION = 2;
|
|
320
|
+
/**
|
|
321
|
+
* Version 3 format permits both secure and insecure key archives.
|
|
322
|
+
*
|
|
323
|
+
* Insecure key archives are used where the archive will be stored
|
|
324
|
+
* in an otherwise known secure way e.g. via secure-vault-service
|
|
325
|
+
* where the encryption of the archive would then be handled by
|
|
326
|
+
* clients of that service.
|
|
327
|
+
*
|
|
328
|
+
* Secure key archives are password protected (via PBKDF2) a la version
|
|
329
|
+
* 2 format.
|
|
330
|
+
*
|
|
331
|
+
* Insecure format detail is:
|
|
332
|
+
*
|
|
333
|
+
* gzip(JSON.stringify(InsecureKeyArchive))
|
|
334
|
+
*
|
|
335
|
+
* Secure format detail is:
|
|
336
|
+
*
|
|
337
|
+
* gzip(JSON.stringify(SecureKeyArchive))
|
|
338
|
+
*
|
|
339
|
+
* where Keys property of SecureKeyArchive is:
|
|
340
|
+
*
|
|
341
|
+
* base64(encrypt(gzip(JSON.stringify(array of keys))))
|
|
342
|
+
*
|
|
343
|
+
* Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
|
|
344
|
+
* and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
|
|
345
|
+
* salted with SecureKeyArchive.Salt.
|
|
346
|
+
*/
|
|
347
|
+
DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION = keyArchive_1.CURRENT_ARCHIVE_VERSION;
|
|
348
|
+
function keyArchiveInfoFromKeyData(keyData) {
|
|
349
|
+
return {
|
|
350
|
+
NameSpace: keyData.namespace,
|
|
351
|
+
Name: keyData.name,
|
|
352
|
+
Type: keyArchiveKeyTypeFromKeyDataKeyType(keyData.type),
|
|
353
|
+
Data: base64_1.Base64.encode(keyData.data),
|
|
354
|
+
Decoded: keyData.data,
|
|
355
|
+
Synchronizable: false,
|
|
356
|
+
Exportable: true,
|
|
357
|
+
};
|
|
358
|
+
}
|
|
359
|
+
exports.keyArchiveInfoFromKeyData = keyArchiveInfoFromKeyData;
|
|
360
|
+
function keyArchiveKeyTypeFromKeyDataKeyType(keyDataKeyType) {
|
|
361
|
+
switch (keyDataKeyType) {
|
|
362
|
+
case sudoKeyManager_1.KeyDataKeyType.Password:
|
|
363
|
+
return keyType_1.KeyArchiveKeyType.Password;
|
|
364
|
+
case sudoKeyManager_1.KeyDataKeyType.RSAPrivateKey:
|
|
365
|
+
return keyType_1.KeyArchiveKeyType.PrivateKey;
|
|
366
|
+
case sudoKeyManager_1.KeyDataKeyType.RSAPublicKey:
|
|
367
|
+
return keyType_1.KeyArchiveKeyType.PublicKey;
|
|
368
|
+
case sudoKeyManager_1.KeyDataKeyType.SymmetricKey:
|
|
369
|
+
return keyType_1.KeyArchiveKeyType.SymmetricKey;
|
|
370
|
+
}
|
|
371
|
+
}
|
|
372
|
+
exports.keyArchiveKeyTypeFromKeyDataKeyType = keyArchiveKeyTypeFromKeyDataKeyType;
|
|
373
|
+
//# sourceMappingURL=sudoKeyArchive.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sudoKeyArchive.js","sourceRoot":"","sources":["../../src/sudoKeyArchive/sudoKeyArchive.ts"],"names":[],"mappings":";;;AAAA,mCAA6C;AAC7C,6CAAyC;AAEzC,2CAWwB;AACxB,sDAA2D;AAC3D,6EAAiF;AAEjF,4CAAwC;AACxC,4CAAsD;AACtD,6CAUqB;AACrB,uCAA0E;AAC1E,uCAA6C;AAkG7C,MAAa,qBAAqB;IAkDhC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,YACE,WAA8C,EAC9C,OAKC;QA1Dc,gBAAW,GAAmC,EAAE,CAAA;QAEhD,iBAAY,GAAgB,IAAI,GAAG,EAAU,CAAA;QAC7C,qBAAgB,GAC/B,IAAI,GAAG,EAAqB,CAAA;QACb,aAAQ,GAAwB,IAAI,GAAG,EAAkB,CAAA;QAEzD,SAAI,GAA0C,IAAI,GAAG,EAGnE,CAAA;QAkDD,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC9B,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC5B,MAAM,IAAI,4BAAoB,CAAC,uCAAuC,CAAC,CAAA;aACxE;YAED,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;gBACjC,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;oBAC1C,MAAM,IAAI,4BAAoB,CAC5B,iDAAiD,UAAU,CAAC,SAAS,EAAE,CACxE,CAAA;iBACF;gBACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,UAAU,CAAA;YACrD,CAAC,CAAC,CAAA;YACF,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;SACxC;aAAM;YACL,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,WAAW,CAAA;YACrD,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAA;SACrC;QAED,IAAI,OAAO,EAAE,WAAW,EAAE;YACxB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;SACxD;QAED,4DAA4D;QAC5D,IAAI,OAAO,EAAE,YAAY,EAAE;YACzB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,CAC5C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CACnC,CAAA;SACF;QAED,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE,CACpD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,CAC3C,CAAA;SACF;QAED,IAAI,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;gBACvD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;aAC9B;SACF;IACH,CAAC;IAED;;;OAGG;IACK,WAAW,CACjB,WAAwB;QAExB,IAAI,QAAoB,CAAA;QAExB,IAAI;YACF,QAAQ,GAAG,IAAA,mBAAU,EAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;SACnD;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QAED,IAAI,UAAsB,CAAA;QAC1B,IAAI;YACF,MAAM,OAAO,GAAG,4BAAe,CAAC,MAAM,CACpC,IAAI,CAAC,KAAK,CAAC,eAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAC1C,CAAA;YACD,IAAI,IAAA,eAAM,EAAC,OAAO,CAAC,EAAE;gBACnB,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;YACD,UAAU,GAAG,OAAO,CAAC,KAAK,CAAA;SAC3B;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QACD,IAAI,IAAA,qCAAwB,EAAC,UAAU,CAAC,EAAE;YACxC,IACE,UAAU,CAAC,IAAI;gBACf,UAAU,CAAC,IAAI,KAAK,iCAAoB;gBACxC,UAAU,CAAC,IAAI,KAAK,mCAAsB,EAC1C;gBACA,MAAM,IAAI,2BAAmB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;aAC/C;YAED,sEAAsE;YACtE,IACE,UAAU,CAAC,OAAO,KAAK,SAAS;gBAChC,UAAU,CAAC,OAAO,KAAK,qBAAqB,CAAC,uBAAuB,EACpE;gBACA,MAAM,IAAI,8BAAsB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;aACrD;YAED,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;YACxD,MAAM,UAAU,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC9C,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACxB,MAAM,qBAAqB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAA;oBAC7D,IACE,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC;wBACtD,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EACjC;wBACA,IAAI,CAAC,IAAI,CAAC,GAAG,CACX,GAAG,qBAAqB,CAAC,SAAS,IAAI,qBAAqB,CAAC,IAAI,IAAI,qBAAqB,CAAC,IAAI,EAAE,EAChG,qBAAqB,CACtB,CAAA;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;SACH;IACH,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACnD,IAAI,CAAC,UAAU;gBAAE,SAAQ;YACzB,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAClD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAE9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;YAC5B,QAAQ,IAAI,CAAC,IAAI,EAAE;gBACjB,KAAK,2BAAiB,CAAC,QAAQ;oBAC7B,MAAM,UAAU,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBAChD,MAAK;gBACP,KAAK,2BAAiB,CAAC,UAAU;oBAC/B,MAAM,UAAU,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBAClD,MAAK;gBACP,KAAK,2BAAiB,CAAC,SAAS;oBAC9B,MAAM,UAAU,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBACjD,MAAK;gBACP,KAAK,2BAAiB,CAAC,YAAY;oBACjC,MAAM,UAAU,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBACpD,MAAK;gBACP;oBACE,MAAM,IAAI,qCAA6B,CACrC,wBAAwB,IAAI,CAAC,IAAc,oBAAoB,CAChE,CAAA;aACJ;SACF;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAiC;QAC7C,MAAM,IAAI,GAAwB,EAAE,CAAA;QACpC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,cAAc,EAAE,GAAG,CAAC,cAAc;gBAClC,UAAU,EAAE,GAAG,CAAC,UAAU;aAC3B,CAAC,CAAA;SACH;QAED,IAAI,UAAiD,CAAA;QACrD,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,kBAAkB,GAAuB;gBAC7C,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,qBAAqB,CAAC,uBAAuB;gBACtD,IAAI,EAAE,IAAI;aACX,CAAA;YACD,UAAU,GAAG,kBAAkB,CAAA;SAChC;aAAM;YACL,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAC1D,+CAA0B,CAAC,aAAa,CACzC,CAAA;YACD,MAAM,OAAO,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,gCAAgC,CACvE,QAAQ,EACR,IAAI,EACJ;gBACE,MAAM,EAAE,+CAA0B,CAAC,WAAW;aAC/C,CACF,CAAA;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;YAC3C,MAAM,wBAAwB,GAAG,IAAA,iBAAQ,EACvC,eAAU,CAAC,UAAU,CAAC,cAAc,CAAC,EACrC;gBACE,KAAK,EAAE,CAAC;aACT,CACF,CAAA;YAED,sEAAsE;YACtE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CACxD,+CAA0B,CAAC,SAAS,CACrC,CAAA;YACD,MAAM,aAAa,GACjB,MAAM,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAClD,GAAG,EACH,wBAAwB,EACxB,EAAE,EAAE,EAAE,CACP,CAAA;YACH,MAAM,gBAAgB,GAAqB;gBACzC,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,qBAAqB,CAAC,uBAAuB;gBACtD,QAAQ,EAAE,EAAE;gBACZ,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,+CAA0B,CAAC,WAAW;gBAC9C,IAAI,EAAE,eAAM,CAAC,MAAM,CAAC,aAAa,CAAC;gBAClC,EAAE,EAAE,eAAM,CAAC,MAAM,CAAC,EAAE,CAAC;aACtB,CAAA;YAED,UAAU,GAAG,gBAAgB,CAAA;SAC9B;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE;YAClD,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;SACjC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAEhD,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,+EAA+E;QAC/E,+BAA+B;QAC/B,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,eAAU,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;YACpE,KAAK,EAAE,CAAC;SACT,CAAC,CAAA;QAEF,OAAO,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAiC;QAC/C,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACpB,MAAM,IAAI,8BAAsB,EAAE,CAAA;SACnC;QAED,IAAI,IAAyB,CAAA;QAE7B,IAAI,IAAA,+BAAkB,EAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACvC,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,uCAA+B,EAAE,CAAA;aAC5C;YAED,IAAI,EAAe,CAAA;YACnB,IAAI,aAA0B,CAAA;YAC9B,IAAI,GAAgB,CAAA;YACpB,IAAI;gBACF,MAAM,IAAI,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBAChD,EAAE,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBACtC,aAAa,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBACnD,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,gCAAgC,CACjE,QAAQ,EACR,IAAI,EACJ,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CACnC,CAAA;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;YAED,IAAI,wBAAqC,CAAA;YACzC,IAAI;gBACF,wBAAwB;oBACtB,MAAM,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAClD,GAAG,EACH,aAAa,EACb,EAAE,EAAE,EAAE,CACP,CAAA;aACJ;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,wCAAgC,EAAE,CAAA;aAC7C;YACD,IAAI;gBACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAC/B,IAAI,UAAU,CAAC,wBAAwB,CAAC,CACzC,CAAA;gBACD,MAAM,OAAO,GAAG,qCAA2B,CAAC,MAAM,CAChD,IAAI,CAAC,KAAK,CAAC,eAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAChD,CAAA;gBACD,IAAI,IAAA,eAAM,EAAC,OAAO,CAAC,EAAE;oBACnB,MAAM,IAAI,+BAAuB,EAAE,CAAA;iBACpC;gBACD,IAAI,GAAG,OAAO,CAAC,KAAK,CAAA;aACrB;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;SACF;aAAM;YACL,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,yCAAiC,EAAE,CAAA;aAC9C;YACD,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAA;SAC5B;QAED,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnB,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAA;YACzD,IAAI,OAAoB,CAAA;YACxB,IAAI;gBACF,OAAO,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;aAClC;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAA;aACpE;YACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAA;QACrD,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAA;IACnB,CAAC;IAED,WAAW,CACT,SAAiB,EACjB,IAAY,EACZ,IAAuB;QAEvB,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAY,EACZ,IAAuB;QAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;QAC7D,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,wBAAgB,EAAE,CAAA;SAC7B;QAED,OAAO,OAAO,CAAC,OAAO,CAAA;IACxB,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAA;IAC1B,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAA;IAC9B,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;;AA9aH,sDA+aC;AA9aC;;;;GAIG;AACoB,6CAAuB,GAAG,CAAC,CAAA;AAElD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACoB,6CAAuB,GAAG,oCAAuB,CAAA;AA8Y1E,SAAgB,yBAAyB,CACvC,OAAgB;IAEhB,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,mCAAmC,CAAC,OAAO,CAAC,IAAI,CAAC;QACvD,IAAI,EAAE,eAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,IAAI;QACrB,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;KACjB,CAAA;AACH,CAAC;AAZD,8DAYC;AAED,SAAgB,mCAAmC,CACjD,cAA8B;IAE9B,QAAQ,cAAc,EAAE;QACtB,KAAK,+BAAc,CAAC,QAAQ;YAC1B,OAAO,2BAAiB,CAAC,QAAQ,CAAA;QACnC,KAAK,+BAAc,CAAC,aAAa;YAC/B,OAAO,2BAAiB,CAAC,UAAU,CAAA;QACrC,KAAK,+BAAc,CAAC,YAAY;YAC9B,OAAO,2BAAiB,CAAC,SAAS,CAAA;QACpC,KAAK,+BAAc,CAAC,YAAY;YAC9B,OAAO,2BAAiB,CAAC,YAAY,CAAA;KACxC;AACH,CAAC;AAbD,kFAaC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const tslib_1 = require("tslib");
|
|
4
|
+
tslib_1.__exportStar(require("./keyData"), exports);
|
|
5
|
+
tslib_1.__exportStar(require("./publicKey"), exports);
|
|
6
|
+
tslib_1.__exportStar(require("./sudoCryptoProvider"), exports);
|
|
7
|
+
tslib_1.__exportStar(require("./sudoKeyManager"), exports);
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sudoKeyManager/index.ts"],"names":[],"mappings":";;;AAAA,oDAAyB;AACzB,sDAA2B;AAC3B,+DAAoC;AACpC,2DAAgC"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Type of key
|
|
3
|
+
*/
|
|
4
|
+
export declare enum KeyDataKeyType {
|
|
5
|
+
SymmetricKey = "SymmetricKey",
|
|
6
|
+
RSAPublicKey = "RSAPublicKey",
|
|
7
|
+
RSAPrivateKey = "RSAPrivateKey",
|
|
8
|
+
Password = "Password"
|
|
9
|
+
}
|
|
10
|
+
export declare enum KeyDataKeyFormat {
|
|
11
|
+
/**
|
|
12
|
+
* Raw key format.
|
|
13
|
+
*
|
|
14
|
+
* For SymmetricKey and Password types this means the raw bytes
|
|
15
|
+
* of the key/password.
|
|
16
|
+
*
|
|
17
|
+
* For RSAPublicKey this means RSAPublicKey binary format.
|
|
18
|
+
* For RSAPrivateKey this means RSAPrivateKey binary format.
|
|
19
|
+
* "RSA PUBLIC KEY" or "RSA PRIVATE KEY" in PEM speak
|
|
20
|
+
*/
|
|
21
|
+
Raw = "Raw",
|
|
22
|
+
/**
|
|
23
|
+
* SPKI public key format.
|
|
24
|
+
*
|
|
25
|
+
* Applies to public keys (currently only RSAPublicKey)
|
|
26
|
+
* and means they are formated using SPKI.
|
|
27
|
+
*
|
|
28
|
+
* "PUBLIC KEY" in PEM speak
|
|
29
|
+
*/
|
|
30
|
+
SPKI = "SPKI",
|
|
31
|
+
/**
|
|
32
|
+
* PKCS8 private key format.
|
|
33
|
+
*
|
|
34
|
+
* Applies to private keys (currently only RSAPrivateKey)
|
|
35
|
+
* and means they are formated using unencrypted PKCS8.
|
|
36
|
+
*
|
|
37
|
+
* "PRIVATE KEY" in PEM speak
|
|
38
|
+
*/
|
|
39
|
+
PKCS8 = "PKCS8"
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Record of key in a key archive
|
|
43
|
+
*
|
|
44
|
+
* @property name name of the key within the namespace
|
|
45
|
+
* @property namespace namespace of the key manager for this key
|
|
46
|
+
* @property data raw binary data of the key
|
|
47
|
+
* @property type type of the key
|
|
48
|
+
* @property format format of the raw binary data
|
|
49
|
+
*/
|
|
50
|
+
export interface KeyData {
|
|
51
|
+
name: string;
|
|
52
|
+
namespace: string;
|
|
53
|
+
data: ArrayBuffer;
|
|
54
|
+
type: KeyDataKeyType;
|
|
55
|
+
format: KeyDataKeyFormat;
|
|
56
|
+
}
|