@sudoplatform/sudo-common 7.1.3 → 8.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/bin/outdated-with-suppression.sh +203 -0
  2. package/bin/suppress-audit.sh +15 -0
  3. package/bin/suppress-outdated.sh +60 -0
  4. package/bin/yarn-audit-with-suppression.sh +19 -0
  5. package/cjs/configurationManager/defaultConfigurationManager.js +122 -0
  6. package/cjs/configurationManager/defaultConfigurationManager.js.map +1 -0
  7. package/cjs/errors/error.js +442 -0
  8. package/cjs/errors/error.js.map +1 -0
  9. package/cjs/index.js +13 -0
  10. package/cjs/index.js.map +1 -0
  11. package/cjs/logging/bunyanLogger.js +36 -0
  12. package/cjs/logging/bunyanLogger.js.map +1 -0
  13. package/cjs/logging/logger.js +77 -0
  14. package/cjs/logging/logger.js.map +1 -0
  15. package/cjs/sudoKeyArchive/index.js +8 -0
  16. package/cjs/sudoKeyArchive/index.js.map +1 -0
  17. package/cjs/sudoKeyArchive/keyArchive.js +84 -0
  18. package/cjs/sudoKeyArchive/keyArchive.js.map +1 -0
  19. package/cjs/sudoKeyArchive/keyInfo.js +17 -0
  20. package/cjs/sudoKeyArchive/keyInfo.js.map +1 -0
  21. package/cjs/sudoKeyArchive/keyType.js +39 -0
  22. package/cjs/sudoKeyArchive/keyType.js.map +1 -0
  23. package/cjs/sudoKeyArchive/sudoKeyArchive.js +373 -0
  24. package/cjs/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
  25. package/cjs/sudoKeyManager/index.js +8 -0
  26. package/cjs/sudoKeyManager/index.js.map +1 -0
  27. package/cjs/sudoKeyManager/keyData.js +46 -0
  28. package/cjs/sudoKeyManager/keyData.js.map +1 -0
  29. package/cjs/sudoKeyManager/publicKey.js +9 -0
  30. package/cjs/sudoKeyManager/publicKey.js.map +1 -0
  31. package/cjs/sudoKeyManager/sudoCryptoProvider.js +12 -0
  32. package/cjs/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
  33. package/cjs/sudoKeyManager/sudoKeyManager.js +140 -0
  34. package/cjs/sudoKeyManager/sudoKeyManager.js.map +1 -0
  35. package/cjs/types/types.js +45 -0
  36. package/cjs/types/types.js.map +1 -0
  37. package/cjs/utils/base64.js +71 -0
  38. package/cjs/utils/base64.js.map +1 -0
  39. package/cjs/utils/buffer.js +37 -0
  40. package/cjs/utils/buffer.js.map +1 -0
  41. package/cjs/utils/stream.js +70 -0
  42. package/cjs/utils/stream.js.map +1 -0
  43. package/lib/configurationManager/defaultConfigurationManager.js +106 -156
  44. package/lib/configurationManager/defaultConfigurationManager.js.map +1 -0
  45. package/lib/errors/error.js +226 -438
  46. package/lib/errors/error.js.map +1 -0
  47. package/lib/index.js +10 -109
  48. package/lib/index.js.map +1 -0
  49. package/lib/logging/bunyanLogger.js +29 -41
  50. package/lib/logging/bunyanLogger.js.map +1 -0
  51. package/lib/logging/logger.js +66 -92
  52. package/lib/logging/logger.js.map +1 -0
  53. package/lib/sudoKeyArchive/index.js +5 -57
  54. package/lib/sudoKeyArchive/index.js.map +1 -0
  55. package/lib/sudoKeyArchive/keyArchive.js +69 -96
  56. package/lib/sudoKeyArchive/keyArchive.js.map +1 -0
  57. package/lib/sudoKeyArchive/keyInfo.js +11 -49
  58. package/lib/sudoKeyArchive/keyInfo.js.map +1 -0
  59. package/lib/sudoKeyArchive/keyType.js +27 -37
  60. package/lib/sudoKeyArchive/keyType.js.map +1 -0
  61. package/lib/sudoKeyArchive/sudoKeyArchive.js +351 -444
  62. package/lib/sudoKeyArchive/sudoKeyArchive.js.map +1 -0
  63. package/lib/sudoKeyManager/index.js +5 -57
  64. package/lib/sudoKeyManager/index.js.map +1 -0
  65. package/lib/sudoKeyManager/keyData.js +38 -33
  66. package/lib/sudoKeyManager/keyData.js.map +1 -0
  67. package/lib/sudoKeyManager/publicKey.js +5 -12
  68. package/lib/sudoKeyManager/publicKey.js.map +1 -0
  69. package/lib/sudoKeyManager/sudoCryptoProvider.js +8 -26
  70. package/lib/sudoKeyManager/sudoCryptoProvider.js.map +1 -0
  71. package/lib/sudoKeyManager/sudoKeyManager.js +135 -173
  72. package/lib/sudoKeyManager/sudoKeyManager.js.map +1 -0
  73. package/lib/types/types.js +27 -33
  74. package/lib/types/types.js.map +1 -0
  75. package/lib/utils/base64.js +63 -93
  76. package/lib/utils/base64.js.map +1 -0
  77. package/lib/utils/buffer.js +28 -46
  78. package/lib/utils/buffer.js.map +1 -0
  79. package/lib/utils/stream.js +63 -0
  80. package/lib/utils/stream.js.map +1 -0
  81. package/package.json +45 -28
  82. package/{lib → types}/configurationManager/defaultConfigurationManager.d.ts +0 -0
  83. package/{lib → types}/errors/error.d.ts +0 -0
  84. package/{lib → types}/index.d.ts +1 -0
  85. package/{lib → types}/logging/bunyanLogger.d.ts +0 -0
  86. package/{lib → types}/logging/logger.d.ts +0 -0
  87. package/{lib → types}/sudoKeyArchive/index.d.ts +0 -0
  88. package/{lib → types}/sudoKeyArchive/keyArchive.d.ts +8 -8
  89. package/{lib → types}/sudoKeyArchive/keyInfo.d.ts +0 -0
  90. package/{lib → types}/sudoKeyArchive/keyType.d.ts +0 -0
  91. package/{lib → types}/sudoKeyArchive/sudoKeyArchive.d.ts +0 -0
  92. package/{lib → types}/sudoKeyManager/index.d.ts +0 -0
  93. package/{lib → types}/sudoKeyManager/keyData.d.ts +0 -0
  94. package/{lib → types}/sudoKeyManager/publicKey.d.ts +0 -0
  95. package/{lib → types}/sudoKeyManager/sudoCryptoProvider.d.ts +0 -0
  96. package/{lib → types}/sudoKeyManager/sudoKeyManager.d.ts +0 -0
  97. package/{lib → types}/types/types.d.ts +1 -1
  98. package/{lib → types}/utils/base64.d.ts +0 -0
  99. package/{lib → types}/utils/buffer.d.ts +0 -0
  100. package/types/utils/stream.d.ts +6 -0
@@ -0,0 +1,84 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.isUnrecognizedKeyArchive = exports.isInsecureKeyArchive = exports.isSecureKeyArchive = exports.KeyArchiveCodec = exports.SecureKeyArchiveCodec = exports.UnrecognizedKeyArchiveCodec = exports.SecureKeyArchiveType = exports.InsecureKeyArchiveCodec = exports.InsecureKeyArchiveType = exports.CURRENT_ARCHIVE_VERSION = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const t = tslib_1.__importStar(require("io-ts"));
6
+ const keyInfo_1 = require("./keyInfo");
7
+ exports.CURRENT_ARCHIVE_VERSION = 3;
8
+ const CommonKeyArchiveRequiredProps = {
9
+ /**
10
+ * Version this archive format.
11
+ */
12
+ Version: t.literal(exports.CURRENT_ARCHIVE_VERSION),
13
+ /**
14
+ * Metainfo user is able to associate with the archive.
15
+ */
16
+ MetaInfo: t.record(t.string, t.string),
17
+ };
18
+ exports.InsecureKeyArchiveType = 'Insecure';
19
+ const InsecureKeyArchiveRequiredProps = {
20
+ ...CommonKeyArchiveRequiredProps,
21
+ /**
22
+ * Discriminant for InsecureKeyArchive type.
23
+ */
24
+ Type: t.literal(exports.InsecureKeyArchiveType),
25
+ /**
26
+ * Array of exported keys in clear text.
27
+ */
28
+ Keys: t.array(keyInfo_1.KeyArchiveKeyInfoCodec),
29
+ };
30
+ exports.InsecureKeyArchiveCodec = t.type(InsecureKeyArchiveRequiredProps, 'InsecureKeyArchive');
31
+ exports.SecureKeyArchiveType = 'Secure';
32
+ const SecureKeyArchiveRequiredProps = {
33
+ ...CommonKeyArchiveRequiredProps,
34
+ /**
35
+ * Discriminant for SecureKeyArchive type.
36
+ */
37
+ Type: t.literal(exports.SecureKeyArchiveType),
38
+ /**
39
+ * Format is:
40
+ *
41
+ * base64(gzip(encrypt(stringify(array of KeyArchiveKeyInfo)))
42
+ *
43
+ * Encrypt is 256-bit AES-CBC using symmetric key derived from
44
+ * password and IV specified by IV property.
45
+ */
46
+ Keys: t.string,
47
+ /**
48
+ * Rounds of PBKDF2 applied to password to derive symmetric key.
49
+ */
50
+ Rounds: t.number,
51
+ /**
52
+ * Salt passed to PBKDF2 to derive symmetric key.
53
+ */
54
+ Salt: t.string,
55
+ /**
56
+ * IV used for AES encryption of keys.
57
+ */
58
+ IV: t.string,
59
+ };
60
+ const UnrecognizedKeyArchiveProps = {
61
+ Version: t.number,
62
+ Type: t.string,
63
+ };
64
+ exports.UnrecognizedKeyArchiveCodec = t.partial(UnrecognizedKeyArchiveProps);
65
+ exports.SecureKeyArchiveCodec = t.type(SecureKeyArchiveRequiredProps, 'SecureKeyArchive');
66
+ exports.KeyArchiveCodec = t.union([
67
+ exports.SecureKeyArchiveCodec,
68
+ exports.InsecureKeyArchiveCodec,
69
+ // Leave UnrecognizedKeyArchiveCodec last so it's tried last
70
+ exports.UnrecognizedKeyArchiveCodec,
71
+ ], 'KeyArchive');
72
+ function isSecureKeyArchive(keyArchive) {
73
+ return keyArchive.Type === exports.SecureKeyArchiveType;
74
+ }
75
+ exports.isSecureKeyArchive = isSecureKeyArchive;
76
+ function isInsecureKeyArchive(keyArchive) {
77
+ return keyArchive.Type === exports.InsecureKeyArchiveType;
78
+ }
79
+ exports.isInsecureKeyArchive = isInsecureKeyArchive;
80
+ function isUnrecognizedKeyArchive(keyArchive) {
81
+ return !isSecureKeyArchive(keyArchive) && !isInsecureKeyArchive(keyArchive);
82
+ }
83
+ exports.isUnrecognizedKeyArchive = isUnrecognizedKeyArchive;
84
+ //# sourceMappingURL=keyArchive.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyArchive.js","sourceRoot":"","sources":["../../src/sudoKeyArchive/keyArchive.ts"],"names":[],"mappings":";;;;AAAA,iDAA0B;AAC1B,uCAAkD;AAErC,QAAA,uBAAuB,GAAG,CAAC,CAAA;AAExC,MAAM,6BAA6B,GAAG;IACpC;;OAEG;IACH,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,+BAAuB,CAAC;IAE3C;;OAEG;IACH,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;CACvC,CAAA;AAEY,QAAA,sBAAsB,GAAG,UAAU,CAAA;AAEhD,MAAM,+BAA+B,GAAG;IACtC,GAAG,6BAA6B;IAChC;;OAEG;IACH,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,8BAAsB,CAAC;IAEvC;;OAEG;IACH,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,gCAAsB,CAAC;CACtC,CAAA;AAEY,QAAA,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAC3C,+BAA+B,EAC/B,oBAAoB,CACrB,CAAA;AAIY,QAAA,oBAAoB,GAAG,QAAQ,CAAA;AAE5C,MAAM,6BAA6B,GAAG;IACpC,GAAG,6BAA6B;IAChC;;OAEG;IACH,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,4BAAoB,CAAC;IAErC;;;;;;;OAOG;IACH,IAAI,EAAE,CAAC,CAAC,MAAM;IAEd;;OAEG;IACH,MAAM,EAAE,CAAC,CAAC,MAAM;IAEhB;;OAEG;IACH,IAAI,EAAE,CAAC,CAAC,MAAM;IAEd;;OAEG;IACH,EAAE,EAAE,CAAC,CAAC,MAAM;CACb,CAAA;AAED,MAAM,2BAA2B,GAAG;IAClC,OAAO,EAAE,CAAC,CAAC,MAAM;IACjB,IAAI,EAAE,CAAC,CAAC,MAAM;CACf,CAAA;AAEY,QAAA,2BAA2B,GAAG,CAAC,CAAC,OAAO,CAClD,2BAA2B,CAC5B,CAAA;AAKY,QAAA,qBAAqB,GAAG,CAAC,CAAC,IAAI,CACzC,6BAA6B,EAC7B,kBAAkB,CACnB,CAAA;AAGY,QAAA,eAAe,GAAG,CAAC,CAAC,KAAK,CACpC;IACE,6BAAqB;IACrB,+BAAuB;IAEvB,4DAA4D;IAC5D,mCAA2B;CAC5B,EACD,YAAY,CACb,CAAA;AAID,SAAgB,kBAAkB,CAChC,UAAsB;IAEtB,OAAO,UAAU,CAAC,IAAI,KAAK,4BAAoB,CAAA;AACjD,CAAC;AAJD,gDAIC;AAED,SAAgB,oBAAoB,CAClC,UAAsB;IAEtB,OAAO,UAAU,CAAC,IAAI,KAAK,8BAAsB,CAAA;AACnD,CAAC;AAJD,oDAIC;AAED,SAAgB,wBAAwB,CACtC,UAAsB;IAEtB,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;AAC7E,CAAC;AAJD,4DAIC"}
@@ -0,0 +1,17 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.KeyArchiveKeyInfoArrayCodec = exports.KeyArchiveKeyInfoCodec = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const t = tslib_1.__importStar(require("io-ts"));
6
+ const keyType_1 = require("./keyType");
7
+ const KeyArchiveKeyInfoRequiredProps = {
8
+ Name: t.string,
9
+ Type: keyType_1.KeyArchiveKeyTypeCodec,
10
+ Data: t.string,
11
+ Synchronizable: t.boolean,
12
+ Exportable: t.boolean,
13
+ NameSpace: t.string,
14
+ };
15
+ exports.KeyArchiveKeyInfoCodec = t.type(KeyArchiveKeyInfoRequiredProps, 'KeyArchiveKeyInfo');
16
+ exports.KeyArchiveKeyInfoArrayCodec = t.array(exports.KeyArchiveKeyInfoCodec, 'KeyArchiveKeyInfoArray');
17
+ //# sourceMappingURL=keyInfo.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyInfo.js","sourceRoot":"","sources":["../../src/sudoKeyArchive/keyInfo.ts"],"names":[],"mappings":";;;;AAAA,iDAA0B;AAE1B,uCAAkD;AAElD,MAAM,8BAA8B,GAAG;IACrC,IAAI,EAAE,CAAC,CAAC,MAAM;IACd,IAAI,EAAE,gCAAsB;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM;IACd,cAAc,EAAE,CAAC,CAAC,OAAO;IACzB,UAAU,EAAE,CAAC,CAAC,OAAO;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM;CACpB,CAAA;AAEY,QAAA,sBAAsB,GAAG,CAAC,CAAC,IAAI,CAC1C,8BAA8B,EAC9B,mBAAmB,CACpB,CAAA;AAEY,QAAA,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAChD,8BAAsB,EACtB,wBAAwB,CACzB,CAAA"}
@@ -0,0 +1,39 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.KeyArchiveKeyTypeCodec = exports.KeyArchiveKeyType = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const t = tslib_1.__importStar(require("io-ts"));
6
+ /**
7
+ * Key types supported in key archives
8
+ *
9
+ * These form part of the interoperable secure key archive format.
10
+ */
11
+ var KeyArchiveKeyType;
12
+ (function (KeyArchiveKeyType) {
13
+ // Byte array of secret data - to be stored and retrievable using *Password
14
+ // methods on key managers
15
+ KeyArchiveKeyType["Password"] = "password";
16
+ // PKCS8 PrivateKey encoded RSA private key
17
+ KeyArchiveKeyType["PrivateKey"] = "privateKey";
18
+ // SPKI encoded RSA public key
19
+ KeyArchiveKeyType["PublicKey"] = "publicKey";
20
+ // Byte array of AES symmetric key
21
+ KeyArchiveKeyType["SymmetricKey"] = "symmetricKey";
22
+ })(KeyArchiveKeyType = exports.KeyArchiveKeyType || (exports.KeyArchiveKeyType = {}));
23
+ // Android is tolerating the following case insensitive alias key type
24
+ // names so we will do the same
25
+ const keyArchiveKeyTypeAlternatives = {
26
+ password: KeyArchiveKeyType.Password,
27
+ privatekey: KeyArchiveKeyType.PrivateKey,
28
+ private_key: KeyArchiveKeyType.PrivateKey,
29
+ publickey: KeyArchiveKeyType.PublicKey,
30
+ public_key: KeyArchiveKeyType.PublicKey,
31
+ symmetrickey: KeyArchiveKeyType.SymmetricKey,
32
+ symmetric_key: KeyArchiveKeyType.SymmetricKey,
33
+ };
34
+ const failureMessage = `Key type is not one of: ${Object.keys(keyArchiveKeyTypeAlternatives).join(',')}`; // eslint-disable-line tree-shaking/no-side-effects-in-initialization
35
+ const isKeyArchiveKeyType = (u) => t.string.is(u) && keyArchiveKeyTypeAlternatives[u.toLowerCase()] !== undefined;
36
+ exports.KeyArchiveKeyTypeCodec = new t.Type('KeyArchiveKeyType', isKeyArchiveKeyType, (u, c) => isKeyArchiveKeyType(u)
37
+ ? t.success(keyArchiveKeyTypeAlternatives[u.toLowerCase()])
38
+ : t.failure(u, c, failureMessage), t.identity);
39
+ //# sourceMappingURL=keyType.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyType.js","sourceRoot":"","sources":["../../src/sudoKeyArchive/keyType.ts"],"names":[],"mappings":";;;;AAAA,iDAA0B;AAE1B;;;;GAIG;AACH,IAAY,iBAaX;AAbD,WAAY,iBAAiB;IAC3B,2EAA2E;IAC3E,0BAA0B;IAC1B,0CAAqB,CAAA;IAErB,2CAA2C;IAC3C,8CAAyB,CAAA;IAEzB,8BAA8B;IAC9B,4CAAuB,CAAA;IAEvB,kCAAkC;IAClC,kDAA6B,CAAA;AAC/B,CAAC,EAbW,iBAAiB,GAAjB,yBAAiB,KAAjB,yBAAiB,QAa5B;AAED,sEAAsE;AACtE,+BAA+B;AAC/B,MAAM,6BAA6B,GAAsC;IACvE,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;IACpC,UAAU,EAAE,iBAAiB,CAAC,UAAU;IACxC,WAAW,EAAE,iBAAiB,CAAC,UAAU;IACzC,SAAS,EAAE,iBAAiB,CAAC,SAAS;IACtC,UAAU,EAAE,iBAAiB,CAAC,SAAS;IACvC,YAAY,EAAE,iBAAiB,CAAC,YAAY;IAC5C,aAAa,EAAE,iBAAiB,CAAC,YAAY;CAC9C,CAAA;AAED,MAAM,cAAc,GAAG,2BAA2B,MAAM,CAAC,IAAI,CAC3D,6BAA6B,CAC9B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA,CAAC,qEAAqE;AAEnF,MAAM,mBAAmB,GAAG,CAAC,CAAU,EAA0B,EAAE,CACjE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,6BAA6B,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,SAAS,CAAA;AAEnE,QAAA,sBAAsB,GAAG,IAAI,CAAC,CAAC,IAAI,CAC9C,mBAAmB,EACnB,mBAAmB,EACnB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,mBAAmB,CAAC,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,cAAc,CAAC,EACrC,CAAC,CAAC,QAAQ,CACX,CAAA"}
@@ -0,0 +1,373 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.keyArchiveKeyTypeFromKeyDataKeyType = exports.keyArchiveInfoFromKeyData = exports.DefaultSudoKeyArchive = void 0;
4
+ const fflate_1 = require("fflate");
5
+ const Either_1 = require("fp-ts/lib/Either");
6
+ const error_1 = require("../errors/error");
7
+ const sudoKeyManager_1 = require("../sudoKeyManager");
8
+ const sudoCryptoProvider_1 = require("../sudoKeyManager/sudoCryptoProvider");
9
+ const base64_1 = require("../utils/base64");
10
+ const buffer_1 = require("../utils/buffer");
11
+ const keyArchive_1 = require("./keyArchive");
12
+ const keyInfo_1 = require("./keyInfo");
13
+ const keyType_1 = require("./keyType");
14
+ class DefaultSudoKeyArchive {
15
+ /**
16
+ * Construct SudoKeyArchive
17
+ *
18
+ *
19
+ * @param keyManagers
20
+ * Key manager or array of key managers to either restore archive in to
21
+ * or construct archive from
22
+ *
23
+ * @param archiveData
24
+ * Array buffer of binary archive data to restore.
25
+ *
26
+ * @param excludedKeys
27
+ * Set of key names to exclude from archive or restore operation.
28
+ * Default: None
29
+ *
30
+ * @param excludedKeyTypes
31
+ * Set of key types to exclude from archive or restore operation.
32
+ * Default: {@link KeyArchiveKeyType.PublicKey}
33
+ *
34
+ * @param metaInfo
35
+ * Meta information to include with the key archive
36
+ *
37
+ * @throws {@link IllegalArgumentError}
38
+ * If no key managers are provided
39
+ *
40
+ * @throws {@link IllegalArgumentError}
41
+ * If multiple key managers are provided with the same namespace
42
+ *
43
+ * @throws {@link KeyArchiveDecodingError}
44
+ * If archiveData is provided and its binary data cannot be decoded
45
+ *
46
+ * @throws {@link KeyArchiveTypeError}
47
+ * If archiveData is provided and decodes to an unsupported archive
48
+ * type.
49
+ *
50
+ * @throws {@link KeyArchiveVersionError}
51
+ * If archiveData is provided and decodes to an unsupported archive
52
+ * version.
53
+ */
54
+ constructor(keyManagers, options) {
55
+ this.keyManagers = {};
56
+ this.excludedKeys = new Set();
57
+ this.excludedKeyTypes = new Set();
58
+ this.metaInfo = new Map();
59
+ this.keys = new Map();
60
+ if (Array.isArray(keyManagers)) {
61
+ if (keyManagers.length === 0) {
62
+ throw new error_1.IllegalArgumentError('Must provide at least one key manager');
63
+ }
64
+ keyManagers.forEach((keyManager) => {
65
+ if (this.keyManagers[keyManager.namespace]) {
66
+ throw new error_1.IllegalArgumentError(`Multiple key managers provided with namespace ${keyManager.namespace}`);
67
+ }
68
+ this.keyManagers[keyManager.namespace] = keyManager;
69
+ });
70
+ this.defaultKeyManager = keyManagers[0];
71
+ }
72
+ else {
73
+ this.keyManagers[keyManagers.namespace] = keyManagers;
74
+ this.defaultKeyManager = keyManagers;
75
+ }
76
+ if (options?.archiveData) {
77
+ this.keyArchive = this.loadArchive(options.archiveData);
78
+ }
79
+ // We take copies of the input parameters so we own the data
80
+ if (options?.excludedKeys) {
81
+ options?.excludedKeys.forEach((excludedKey) => this.excludedKeys.add(excludedKey));
82
+ }
83
+ if (options?.excludedKeyTypes) {
84
+ options?.excludedKeyTypes.forEach((excludedKeyType) => this.excludedKeyTypes.add(excludedKeyType));
85
+ }
86
+ if (options?.metaInfo?.size) {
87
+ for (const [key, value] of options?.metaInfo?.entries()) {
88
+ this.metaInfo.set(key, value);
89
+ }
90
+ }
91
+ }
92
+ /**
93
+ * Reads the binary data and converts it to JSON and then deserialises it
94
+ * into a KeyArchive
95
+ */
96
+ loadArchive(archiveData) {
97
+ let unzipped;
98
+ try {
99
+ unzipped = (0, fflate_1.gunzipSync)(new Uint8Array(archiveData));
100
+ }
101
+ catch (err) {
102
+ throw new error_1.KeyArchiveDecodingError();
103
+ }
104
+ let keyArchive;
105
+ try {
106
+ const decoded = keyArchive_1.KeyArchiveCodec.decode(JSON.parse(buffer_1.Buffer.toString(unzipped)));
107
+ if ((0, Either_1.isLeft)(decoded)) {
108
+ throw new error_1.KeyArchiveDecodingError();
109
+ }
110
+ keyArchive = decoded.right;
111
+ }
112
+ catch (err) {
113
+ throw new error_1.KeyArchiveDecodingError();
114
+ }
115
+ if ((0, keyArchive_1.isUnrecognizedKeyArchive)(keyArchive)) {
116
+ if (keyArchive.Type &&
117
+ keyArchive.Type !== keyArchive_1.SecureKeyArchiveType &&
118
+ keyArchive.Type !== keyArchive_1.InsecureKeyArchiveType) {
119
+ throw new error_1.KeyArchiveTypeError(keyArchive.Type);
120
+ }
121
+ // Only support DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION for now.
122
+ if (keyArchive.Version !== undefined &&
123
+ keyArchive.Version !== DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION) {
124
+ throw new error_1.KeyArchiveVersionError(keyArchive.Version);
125
+ }
126
+ throw new error_1.KeyArchiveDecodingError();
127
+ }
128
+ return keyArchive;
129
+ }
130
+ async loadKeys() {
131
+ for (const keyManager of Object.values(this.keyManagers)) {
132
+ await keyManager.exportKeys().then((exported) => {
133
+ exported.forEach((data) => {
134
+ const keyArchiveInfoDecoded = keyArchiveInfoFromKeyData(data);
135
+ if (!this.excludedKeyTypes.has(keyArchiveInfoDecoded.Type) &&
136
+ !this.excludedKeys.has(data.name)) {
137
+ this.keys.set(`${keyArchiveInfoDecoded.NameSpace}:${keyArchiveInfoDecoded.Type}:${keyArchiveInfoDecoded.Name}`, keyArchiveInfoDecoded);
138
+ }
139
+ });
140
+ });
141
+ }
142
+ }
143
+ async saveKeys() {
144
+ for (const info of this.keys.values()) {
145
+ const keyManager = this.keyManagers[info.NameSpace];
146
+ if (!keyManager)
147
+ continue;
148
+ if (this.excludedKeyTypes.has(info.Type))
149
+ continue;
150
+ if (this.excludedKeys.has(info.Name))
151
+ continue;
152
+ const keyData = info.Decoded;
153
+ switch (info.Type) {
154
+ case keyType_1.KeyArchiveKeyType.Password:
155
+ await keyManager.addPassword(keyData, info.Name);
156
+ break;
157
+ case keyType_1.KeyArchiveKeyType.PrivateKey:
158
+ await keyManager.addPrivateKey(keyData, info.Name);
159
+ break;
160
+ case keyType_1.KeyArchiveKeyType.PublicKey:
161
+ await keyManager.addPublicKey(keyData, info.Name);
162
+ break;
163
+ case keyType_1.KeyArchiveKeyType.SymmetricKey:
164
+ await keyManager.addSymmetricKey(keyData, info.Name);
165
+ break;
166
+ default:
167
+ throw new error_1.KeyArchiveUnknownKeyTypeError(`Key archive key type ${info.Type} is not recognized`);
168
+ }
169
+ }
170
+ }
171
+ async archive(password) {
172
+ const keys = [];
173
+ for (const key of this.keys.values()) {
174
+ keys.push({
175
+ NameSpace: key.NameSpace,
176
+ Name: key.Name,
177
+ Data: key.Data,
178
+ Type: key.Type,
179
+ Synchronizable: key.Synchronizable,
180
+ Exportable: key.Exportable,
181
+ });
182
+ }
183
+ let keyArchive;
184
+ if (!password) {
185
+ const insecureKeyArchive = {
186
+ Type: 'Insecure',
187
+ MetaInfo: {},
188
+ Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
189
+ Keys: keys,
190
+ };
191
+ keyArchive = insecureKeyArchive;
192
+ }
193
+ else {
194
+ const salt = await this.defaultKeyManager.generateRandomData(sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfSaltSize);
195
+ const b64Salt = base64_1.Base64.encode(salt);
196
+ const key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, {
197
+ rounds: sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfRounds,
198
+ });
199
+ const serializedKeys = JSON.stringify(keys);
200
+ const compressedSerializedKeys = (0, fflate_1.gzipSync)(buffer_1.Buffer.fromString(serializedKeys), {
201
+ level: 9,
202
+ });
203
+ // Don't strictly need a randomly generated IV here but no harm either
204
+ const iv = await this.defaultKeyManager.generateRandomData(sudoCryptoProvider_1.SudoCryptoProviderDefaults.aesIVSize);
205
+ const encryptedKeys = await this.defaultKeyManager.encryptWithSymmetricKey(key, compressedSerializedKeys, { iv });
206
+ const secureKeyArchive = {
207
+ Type: 'Secure',
208
+ Version: DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION,
209
+ MetaInfo: {},
210
+ Salt: b64Salt,
211
+ Rounds: sudoCryptoProvider_1.SudoCryptoProviderDefaults.pbkdfRounds,
212
+ Keys: base64_1.Base64.encode(encryptedKeys),
213
+ IV: base64_1.Base64.encode(iv),
214
+ };
215
+ keyArchive = secureKeyArchive;
216
+ }
217
+ for (const [key, value] of this.metaInfo.entries()) {
218
+ keyArchive.MetaInfo[key] = value;
219
+ }
220
+ const archiveString = JSON.stringify(keyArchive);
221
+ // While this double Gzips the SecureKeyArchive, it allows us to roughly
222
+ // recover the space consumed by Base64 encoding the cipher text. Otherwise
223
+ // we would end up having a fully binary data structure for the archive.
224
+ // If the time to compute becomes prohibitive we can look at a binary, non-JSON
225
+ // base format for the archive.
226
+ const archiveGzipped = (0, fflate_1.gzipSync)(buffer_1.Buffer.fromString(archiveString), {
227
+ level: 9,
228
+ });
229
+ return Promise.resolve(archiveGzipped);
230
+ }
231
+ async unarchive(password) {
232
+ if (!this.keyArchive) {
233
+ throw new error_1.KeyArchiveMissingError();
234
+ }
235
+ let keys;
236
+ if ((0, keyArchive_1.isSecureKeyArchive)(this.keyArchive)) {
237
+ if (!password) {
238
+ throw new error_1.KeyArchivePasswordRequiredError();
239
+ }
240
+ let iv;
241
+ let encryptedKeys;
242
+ let key;
243
+ try {
244
+ const salt = base64_1.Base64.decode(this.keyArchive.Salt);
245
+ iv = base64_1.Base64.decode(this.keyArchive.IV);
246
+ encryptedKeys = base64_1.Base64.decode(this.keyArchive.Keys);
247
+ key = await this.defaultKeyManager.generateSymmetricKeyFromPassword(password, salt, { rounds: this.keyArchive.Rounds });
248
+ }
249
+ catch (err) {
250
+ throw new error_1.KeyArchiveDecodingError();
251
+ }
252
+ let compressedSerializedKeys;
253
+ try {
254
+ compressedSerializedKeys =
255
+ await this.defaultKeyManager.decryptWithSymmetricKey(key, encryptedKeys, { iv });
256
+ }
257
+ catch (err) {
258
+ throw new error_1.KeyArchiveIncorrectPasswordError();
259
+ }
260
+ try {
261
+ const serializedKeys = (0, fflate_1.gunzipSync)(new Uint8Array(compressedSerializedKeys));
262
+ const decoded = keyInfo_1.KeyArchiveKeyInfoArrayCodec.decode(JSON.parse(buffer_1.Buffer.toString(serializedKeys)));
263
+ if ((0, Either_1.isLeft)(decoded)) {
264
+ throw new error_1.KeyArchiveDecodingError();
265
+ }
266
+ keys = decoded.right;
267
+ }
268
+ catch (err) {
269
+ throw new error_1.KeyArchiveDecodingError();
270
+ }
271
+ }
272
+ else {
273
+ if (password) {
274
+ throw new error_1.KeyArchiveNoPasswordRequiredError();
275
+ }
276
+ keys = this.keyArchive.Keys;
277
+ }
278
+ keys.forEach((key) => {
279
+ const keyKey = `${key.NameSpace}:${key.Type}:${key.Name}`;
280
+ let decoded;
281
+ try {
282
+ decoded = base64_1.Base64.decode(key.Data);
283
+ }
284
+ catch (err) {
285
+ throw new error_1.KeyArchiveDecodingError(`Unable to decode key ${keyKey}`);
286
+ }
287
+ this.keys.set(keyKey, { ...key, Decoded: decoded });
288
+ });
289
+ }
290
+ reset() {
291
+ this.keys.clear();
292
+ }
293
+ containsKey(namespace, name, type) {
294
+ return this.keys.has(`${namespace}:${type}:${name}`);
295
+ }
296
+ getKeyData(namespace, name, type) {
297
+ const keyInfo = this.keys.get(`${namespace}:${type}:${name}`);
298
+ if (!keyInfo) {
299
+ throw new error_1.KeyNotFoundError();
300
+ }
301
+ return keyInfo.Decoded;
302
+ }
303
+ getExcludedKeys() {
304
+ return this.excludedKeys;
305
+ }
306
+ getExcludedKeyTypes() {
307
+ return this.excludedKeyTypes;
308
+ }
309
+ getMetaInfo() {
310
+ return this.metaInfo;
311
+ }
312
+ }
313
+ exports.DefaultSudoKeyArchive = DefaultSudoKeyArchive;
314
+ /**
315
+ * Version 2 format is not gzipped is what's currently generated
316
+ * by iOS and Android. We may want to add support for importing
317
+ * such archives.
318
+ */
319
+ DefaultSudoKeyArchive.PREGZIP_ARCHIVE_VERSION = 2;
320
+ /**
321
+ * Version 3 format permits both secure and insecure key archives.
322
+ *
323
+ * Insecure key archives are used where the archive will be stored
324
+ * in an otherwise known secure way e.g. via secure-vault-service
325
+ * where the encryption of the archive would then be handled by
326
+ * clients of that service.
327
+ *
328
+ * Secure key archives are password protected (via PBKDF2) a la version
329
+ * 2 format.
330
+ *
331
+ * Insecure format detail is:
332
+ *
333
+ * gzip(JSON.stringify(InsecureKeyArchive))
334
+ *
335
+ * Secure format detail is:
336
+ *
337
+ * gzip(JSON.stringify(SecureKeyArchive))
338
+ *
339
+ * where Keys property of SecureKeyArchive is:
340
+ *
341
+ * base64(encrypt(gzip(JSON.stringify(array of keys))))
342
+ *
343
+ * Where encrypt operation is 256-bit AES CBC-mode with IV SecureKeyArchive.IV
344
+ * and key generated by SecureKeyArchive.Rounds of PBKDF2 on the password
345
+ * salted with SecureKeyArchive.Salt.
346
+ */
347
+ DefaultSudoKeyArchive.CURRENT_ARCHIVE_VERSION = keyArchive_1.CURRENT_ARCHIVE_VERSION;
348
+ function keyArchiveInfoFromKeyData(keyData) {
349
+ return {
350
+ NameSpace: keyData.namespace,
351
+ Name: keyData.name,
352
+ Type: keyArchiveKeyTypeFromKeyDataKeyType(keyData.type),
353
+ Data: base64_1.Base64.encode(keyData.data),
354
+ Decoded: keyData.data,
355
+ Synchronizable: false,
356
+ Exportable: true,
357
+ };
358
+ }
359
+ exports.keyArchiveInfoFromKeyData = keyArchiveInfoFromKeyData;
360
+ function keyArchiveKeyTypeFromKeyDataKeyType(keyDataKeyType) {
361
+ switch (keyDataKeyType) {
362
+ case sudoKeyManager_1.KeyDataKeyType.Password:
363
+ return keyType_1.KeyArchiveKeyType.Password;
364
+ case sudoKeyManager_1.KeyDataKeyType.RSAPrivateKey:
365
+ return keyType_1.KeyArchiveKeyType.PrivateKey;
366
+ case sudoKeyManager_1.KeyDataKeyType.RSAPublicKey:
367
+ return keyType_1.KeyArchiveKeyType.PublicKey;
368
+ case sudoKeyManager_1.KeyDataKeyType.SymmetricKey:
369
+ return keyType_1.KeyArchiveKeyType.SymmetricKey;
370
+ }
371
+ }
372
+ exports.keyArchiveKeyTypeFromKeyDataKeyType = keyArchiveKeyTypeFromKeyDataKeyType;
373
+ //# sourceMappingURL=sudoKeyArchive.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sudoKeyArchive.js","sourceRoot":"","sources":["../../src/sudoKeyArchive/sudoKeyArchive.ts"],"names":[],"mappings":";;;AAAA,mCAA6C;AAC7C,6CAAyC;AAEzC,2CAWwB;AACxB,sDAA2D;AAC3D,6EAAiF;AAEjF,4CAAwC;AACxC,4CAAsD;AACtD,6CAUqB;AACrB,uCAA0E;AAC1E,uCAA6C;AAkG7C,MAAa,qBAAqB;IAkDhC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,YACE,WAA8C,EAC9C,OAKC;QA1Dc,gBAAW,GAAmC,EAAE,CAAA;QAEhD,iBAAY,GAAgB,IAAI,GAAG,EAAU,CAAA;QAC7C,qBAAgB,GAC/B,IAAI,GAAG,EAAqB,CAAA;QACb,aAAQ,GAAwB,IAAI,GAAG,EAAkB,CAAA;QAEzD,SAAI,GAA0C,IAAI,GAAG,EAGnE,CAAA;QAkDD,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC9B,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC5B,MAAM,IAAI,4BAAoB,CAAC,uCAAuC,CAAC,CAAA;aACxE;YAED,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;gBACjC,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;oBAC1C,MAAM,IAAI,4BAAoB,CAC5B,iDAAiD,UAAU,CAAC,SAAS,EAAE,CACxE,CAAA;iBACF;gBACD,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,UAAU,CAAA;YACrD,CAAC,CAAC,CAAA;YACF,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;SACxC;aAAM;YACL,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,WAAW,CAAA;YACrD,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAA;SACrC;QAED,IAAI,OAAO,EAAE,WAAW,EAAE;YACxB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;SACxD;QAED,4DAA4D;QAC5D,IAAI,OAAO,EAAE,YAAY,EAAE;YACzB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,CAC5C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CACnC,CAAA;SACF;QAED,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,gBAAgB,CAAC,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE,CACpD,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,CAC3C,CAAA;SACF;QAED,IAAI,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;gBACvD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;aAC9B;SACF;IACH,CAAC;IAED;;;OAGG;IACK,WAAW,CACjB,WAAwB;QAExB,IAAI,QAAoB,CAAA;QAExB,IAAI;YACF,QAAQ,GAAG,IAAA,mBAAU,EAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;SACnD;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QAED,IAAI,UAAsB,CAAA;QAC1B,IAAI;YACF,MAAM,OAAO,GAAG,4BAAe,CAAC,MAAM,CACpC,IAAI,CAAC,KAAK,CAAC,eAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAC1C,CAAA;YACD,IAAI,IAAA,eAAM,EAAC,OAAO,CAAC,EAAE;gBACnB,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;YACD,UAAU,GAAG,OAAO,CAAC,KAAK,CAAA;SAC3B;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QACD,IAAI,IAAA,qCAAwB,EAAC,UAAU,CAAC,EAAE;YACxC,IACE,UAAU,CAAC,IAAI;gBACf,UAAU,CAAC,IAAI,KAAK,iCAAoB;gBACxC,UAAU,CAAC,IAAI,KAAK,mCAAsB,EAC1C;gBACA,MAAM,IAAI,2BAAmB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;aAC/C;YAED,sEAAsE;YACtE,IACE,UAAU,CAAC,OAAO,KAAK,SAAS;gBAChC,UAAU,CAAC,OAAO,KAAK,qBAAqB,CAAC,uBAAuB,EACpE;gBACA,MAAM,IAAI,8BAAsB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;aACrD;YAED,MAAM,IAAI,+BAAuB,EAAE,CAAA;SACpC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;YACxD,MAAM,UAAU,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC9C,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBACxB,MAAM,qBAAqB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAA;oBAC7D,IACE,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,CAAC;wBACtD,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EACjC;wBACA,IAAI,CAAC,IAAI,CAAC,GAAG,CACX,GAAG,qBAAqB,CAAC,SAAS,IAAI,qBAAqB,CAAC,IAAI,IAAI,qBAAqB,CAAC,IAAI,EAAE,EAChG,qBAAqB,CACtB,CAAA;qBACF;gBACH,CAAC,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;SACH;IACH,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACnD,IAAI,CAAC,UAAU;gBAAE,SAAQ;YACzB,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAClD,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAQ;YAE9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;YAC5B,QAAQ,IAAI,CAAC,IAAI,EAAE;gBACjB,KAAK,2BAAiB,CAAC,QAAQ;oBAC7B,MAAM,UAAU,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBAChD,MAAK;gBACP,KAAK,2BAAiB,CAAC,UAAU;oBAC/B,MAAM,UAAU,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBAClD,MAAK;gBACP,KAAK,2BAAiB,CAAC,SAAS;oBAC9B,MAAM,UAAU,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBACjD,MAAK;gBACP,KAAK,2BAAiB,CAAC,YAAY;oBACjC,MAAM,UAAU,CAAC,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;oBACpD,MAAK;gBACP;oBACE,MAAM,IAAI,qCAA6B,CACrC,wBAAwB,IAAI,CAAC,IAAc,oBAAoB,CAChE,CAAA;aACJ;SACF;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAiC;QAC7C,MAAM,IAAI,GAAwB,EAAE,CAAA;QACpC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE;YACpC,IAAI,CAAC,IAAI,CAAC;gBACR,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,cAAc,EAAE,GAAG,CAAC,cAAc;gBAClC,UAAU,EAAE,GAAG,CAAC,UAAU;aAC3B,CAAC,CAAA;SACH;QAED,IAAI,UAAiD,CAAA;QACrD,IAAI,CAAC,QAAQ,EAAE;YACb,MAAM,kBAAkB,GAAuB;gBAC7C,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,qBAAqB,CAAC,uBAAuB;gBACtD,IAAI,EAAE,IAAI;aACX,CAAA;YACD,UAAU,GAAG,kBAAkB,CAAA;SAChC;aAAM;YACL,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAC1D,+CAA0B,CAAC,aAAa,CACzC,CAAA;YACD,MAAM,OAAO,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,gCAAgC,CACvE,QAAQ,EACR,IAAI,EACJ;gBACE,MAAM,EAAE,+CAA0B,CAAC,WAAW;aAC/C,CACF,CAAA;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;YAC3C,MAAM,wBAAwB,GAAG,IAAA,iBAAQ,EACvC,eAAU,CAAC,UAAU,CAAC,cAAc,CAAC,EACrC;gBACE,KAAK,EAAE,CAAC;aACT,CACF,CAAA;YAED,sEAAsE;YACtE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CACxD,+CAA0B,CAAC,SAAS,CACrC,CAAA;YACD,MAAM,aAAa,GACjB,MAAM,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAClD,GAAG,EACH,wBAAwB,EACxB,EAAE,EAAE,EAAE,CACP,CAAA;YACH,MAAM,gBAAgB,GAAqB;gBACzC,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,qBAAqB,CAAC,uBAAuB;gBACtD,QAAQ,EAAE,EAAE;gBACZ,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,+CAA0B,CAAC,WAAW;gBAC9C,IAAI,EAAE,eAAM,CAAC,MAAM,CAAC,aAAa,CAAC;gBAClC,EAAE,EAAE,eAAM,CAAC,MAAM,CAAC,EAAE,CAAC;aACtB,CAAA;YAED,UAAU,GAAG,gBAAgB,CAAA;SAC9B;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE;YAClD,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;SACjC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAEhD,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,+EAA+E;QAC/E,+BAA+B;QAC/B,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,eAAU,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;YACpE,KAAK,EAAE,CAAC;SACT,CAAC,CAAA;QAEF,OAAO,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAiC;QAC/C,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;YACpB,MAAM,IAAI,8BAAsB,EAAE,CAAA;SACnC;QAED,IAAI,IAAyB,CAAA;QAE7B,IAAI,IAAA,+BAAkB,EAAC,IAAI,CAAC,UAAU,CAAC,EAAE;YACvC,IAAI,CAAC,QAAQ,EAAE;gBACb,MAAM,IAAI,uCAA+B,EAAE,CAAA;aAC5C;YAED,IAAI,EAAe,CAAA;YACnB,IAAI,aAA0B,CAAA;YAC9B,IAAI,GAAgB,CAAA;YACpB,IAAI;gBACF,MAAM,IAAI,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBAChD,EAAE,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;gBACtC,aAAa,GAAG,eAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;gBACnD,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,gCAAgC,CACjE,QAAQ,EACR,IAAI,EACJ,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CACnC,CAAA;aACF;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;YAED,IAAI,wBAAqC,CAAA;YACzC,IAAI;gBACF,wBAAwB;oBACtB,MAAM,IAAI,CAAC,iBAAiB,CAAC,uBAAuB,CAClD,GAAG,EACH,aAAa,EACb,EAAE,EAAE,EAAE,CACP,CAAA;aACJ;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,wCAAgC,EAAE,CAAA;aAC7C;YACD,IAAI;gBACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAC/B,IAAI,UAAU,CAAC,wBAAwB,CAAC,CACzC,CAAA;gBACD,MAAM,OAAO,GAAG,qCAA2B,CAAC,MAAM,CAChD,IAAI,CAAC,KAAK,CAAC,eAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAChD,CAAA;gBACD,IAAI,IAAA,eAAM,EAAC,OAAO,CAAC,EAAE;oBACnB,MAAM,IAAI,+BAAuB,EAAE,CAAA;iBACpC;gBACD,IAAI,GAAG,OAAO,CAAC,KAAK,CAAA;aACrB;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,EAAE,CAAA;aACpC;SACF;aAAM;YACL,IAAI,QAAQ,EAAE;gBACZ,MAAM,IAAI,yCAAiC,EAAE,CAAA;aAC9C;YACD,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAA;SAC5B;QAED,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnB,MAAM,MAAM,GAAG,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAA;YACzD,IAAI,OAAoB,CAAA;YACxB,IAAI;gBACF,OAAO,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;aAClC;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,+BAAuB,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAA;aACpE;YACD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAA;QACrD,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAA;IACnB,CAAC;IAED,WAAW,CACT,SAAiB,EACjB,IAAY,EACZ,IAAuB;QAEvB,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,UAAU,CACR,SAAiB,EACjB,IAAY,EACZ,IAAuB;QAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;QAC7D,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,wBAAgB,EAAE,CAAA;SAC7B;QAED,OAAO,OAAO,CAAC,OAAO,CAAA;IACxB,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAA;IAC1B,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAA;IAC9B,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;;AA9aH,sDA+aC;AA9aC;;;;GAIG;AACoB,6CAAuB,GAAG,CAAC,CAAA;AAElD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACoB,6CAAuB,GAAG,oCAAuB,CAAA;AA8Y1E,SAAgB,yBAAyB,CACvC,OAAgB;IAEhB,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,mCAAmC,CAAC,OAAO,CAAC,IAAI,CAAC;QACvD,IAAI,EAAE,eAAM,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,IAAI;QACrB,cAAc,EAAE,KAAK;QACrB,UAAU,EAAE,IAAI;KACjB,CAAA;AACH,CAAC;AAZD,8DAYC;AAED,SAAgB,mCAAmC,CACjD,cAA8B;IAE9B,QAAQ,cAAc,EAAE;QACtB,KAAK,+BAAc,CAAC,QAAQ;YAC1B,OAAO,2BAAiB,CAAC,QAAQ,CAAA;QACnC,KAAK,+BAAc,CAAC,aAAa;YAC/B,OAAO,2BAAiB,CAAC,UAAU,CAAA;QACrC,KAAK,+BAAc,CAAC,YAAY;YAC9B,OAAO,2BAAiB,CAAC,SAAS,CAAA;QACpC,KAAK,+BAAc,CAAC,YAAY;YAC9B,OAAO,2BAAiB,CAAC,YAAY,CAAA;KACxC;AACH,CAAC;AAbD,kFAaC"}
@@ -0,0 +1,8 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const tslib_1 = require("tslib");
4
+ tslib_1.__exportStar(require("./keyData"), exports);
5
+ tslib_1.__exportStar(require("./publicKey"), exports);
6
+ tslib_1.__exportStar(require("./sudoCryptoProvider"), exports);
7
+ tslib_1.__exportStar(require("./sudoKeyManager"), exports);
8
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sudoKeyManager/index.ts"],"names":[],"mappings":";;;AAAA,oDAAyB;AACzB,sDAA2B;AAC3B,+DAAoC;AACpC,2DAAgC"}
@@ -0,0 +1,46 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.KeyDataKeyFormat = exports.KeyDataKeyType = void 0;
4
+ /**
5
+ * Type of key
6
+ */
7
+ var KeyDataKeyType;
8
+ (function (KeyDataKeyType) {
9
+ KeyDataKeyType["SymmetricKey"] = "SymmetricKey";
10
+ KeyDataKeyType["RSAPublicKey"] = "RSAPublicKey";
11
+ KeyDataKeyType["RSAPrivateKey"] = "RSAPrivateKey";
12
+ KeyDataKeyType["Password"] = "Password";
13
+ })(KeyDataKeyType = exports.KeyDataKeyType || (exports.KeyDataKeyType = {}));
14
+ var KeyDataKeyFormat;
15
+ (function (KeyDataKeyFormat) {
16
+ /**
17
+ * Raw key format.
18
+ *
19
+ * For SymmetricKey and Password types this means the raw bytes
20
+ * of the key/password.
21
+ *
22
+ * For RSAPublicKey this means RSAPublicKey binary format.
23
+ * For RSAPrivateKey this means RSAPrivateKey binary format.
24
+ * "RSA PUBLIC KEY" or "RSA PRIVATE KEY" in PEM speak
25
+ */
26
+ KeyDataKeyFormat["Raw"] = "Raw";
27
+ /**
28
+ * SPKI public key format.
29
+ *
30
+ * Applies to public keys (currently only RSAPublicKey)
31
+ * and means they are formated using SPKI.
32
+ *
33
+ * "PUBLIC KEY" in PEM speak
34
+ */
35
+ KeyDataKeyFormat["SPKI"] = "SPKI";
36
+ /**
37
+ * PKCS8 private key format.
38
+ *
39
+ * Applies to private keys (currently only RSAPrivateKey)
40
+ * and means they are formated using unencrypted PKCS8.
41
+ *
42
+ * "PRIVATE KEY" in PEM speak
43
+ */
44
+ KeyDataKeyFormat["PKCS8"] = "PKCS8";
45
+ })(KeyDataKeyFormat = exports.KeyDataKeyFormat || (exports.KeyDataKeyFormat = {}));
46
+ //# sourceMappingURL=keyData.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keyData.js","sourceRoot":"","sources":["../../src/sudoKeyManager/keyData.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,IAAY,cAKX;AALD,WAAY,cAAc;IACxB,+CAA6B,CAAA;IAC7B,+CAA6B,CAAA;IAC7B,iDAA+B,CAAA;IAC/B,uCAAqB,CAAA;AACvB,CAAC,EALW,cAAc,GAAd,sBAAc,KAAd,sBAAc,QAKzB;AAED,IAAY,gBAgCX;AAhCD,WAAY,gBAAgB;IAC1B;;;;;;;;;OASG;IACH,+BAAW,CAAA;IAEX;;;;;;;OAOG;IACH,iCAAa,CAAA;IAEb;;;;;;;OAOG;IACH,mCAAe,CAAA;AACjB,CAAC,EAhCW,gBAAgB,GAAhB,wBAAgB,KAAhB,wBAAgB,QAgC3B"}
@@ -0,0 +1,9 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.PublicKeyFormat = void 0;
4
+ var PublicKeyFormat;
5
+ (function (PublicKeyFormat) {
6
+ PublicKeyFormat[PublicKeyFormat["RSAPublicKey"] = 0] = "RSAPublicKey";
7
+ PublicKeyFormat[PublicKeyFormat["SPKI"] = 1] = "SPKI";
8
+ })(PublicKeyFormat = exports.PublicKeyFormat || (exports.PublicKeyFormat = {}));
9
+ //# sourceMappingURL=publicKey.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"publicKey.js","sourceRoot":"","sources":["../../src/sudoKeyManager/publicKey.ts"],"names":[],"mappings":";;;AAAA,IAAY,eAGX;AAHD,WAAY,eAAe;IACzB,qEAAY,CAAA;IACZ,qDAAI,CAAA;AACN,CAAC,EAHW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAG1B"}
@@ -0,0 +1,12 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.SudoCryptoProviderDefaults = void 0;
4
+ class SudoCryptoProviderDefaults {
5
+ }
6
+ exports.SudoCryptoProviderDefaults = SudoCryptoProviderDefaults;
7
+ SudoCryptoProviderDefaults.aesIVSize = 16;
8
+ SudoCryptoProviderDefaults.aesKeySize = 256;
9
+ SudoCryptoProviderDefaults.rsaKeySize = 2048;
10
+ SudoCryptoProviderDefaults.pbkdfRounds = 10000;
11
+ SudoCryptoProviderDefaults.pbkdfSaltSize = 16;
12
+ //# sourceMappingURL=sudoCryptoProvider.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"sudoCryptoProvider.js","sourceRoot":"","sources":["../../src/sudoKeyManager/sudoCryptoProvider.ts"],"names":[],"mappings":";;;AAIA,MAAa,0BAA0B;;AAAvC,gEAMC;AALwB,oCAAS,GAAG,EAAE,CAAA;AACd,qCAAU,GAAG,GAAG,CAAA;AAChB,qCAAU,GAAG,IAAI,CAAA;AACjB,sCAAW,GAAG,KAAK,CAAA;AACnB,wCAAa,GAAG,EAAE,CAAA"}