@ternent/seal 0.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +258 -0
- package/bin/seal +6 -0
- package/dist/artifact.js +256 -0
- package/dist/artifact.js.map +1 -0
- package/dist/chunks/utils.es-ad8f1dc4.js +54 -0
- package/dist/chunks/utils.es-ad8f1dc4.js.map +1 -0
- package/dist/cli.js +441 -0
- package/dist/cli.js.map +1 -0
- package/dist/crypto.js +41 -0
- package/dist/crypto.js.map +1 -0
- package/dist/errors.js +65 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -0
- package/dist/manifest.js +82 -0
- package/dist/manifest.js.map +1 -0
- package/dist/proof.js +237 -0
- package/dist/proof.js.map +1 -0
- package/package.json +59 -0
package/dist/cli.js
ADDED
|
@@ -0,0 +1,441 @@
|
|
|
1
|
+
import { stat, readFile, readdir, mkdir, writeFile } from "node:fs/promises";
|
|
2
|
+
import { resolve, basename, join, relative, dirname } from "node:path";
|
|
3
|
+
import { fileURLToPath } from "node:url";
|
|
4
|
+
import { createSealHash, createSealProof, createSealPublicKeyArtifact, parseSealProofJson, verifySealProofAgainstBytes } from "./proof.js";
|
|
5
|
+
import { SEAL_MANIFEST_VERSION, SEAL_MANIFEST_TYPE, stringifySealManifest, parseSealManifestJson } from "./manifest.js";
|
|
6
|
+
import { createSealMnemonicIdentity, createSealIdentity, exportIdentityJson } from "./crypto.js";
|
|
7
|
+
import { createSealArtifact, parseSealArtifactJson, verifySealArtifact } from "./artifact.js";
|
|
8
|
+
import { parseIdentity } from "@ternent/identity";
|
|
9
|
+
import { EXIT_SUCCESS, EXIT_HASH_MISMATCH, EXIT_SIGNATURE_INVALID, SealCliError, EXIT_FAILURE, EXIT_INVALID_PROOF, EXIT_KEY_CONFIG, getExitCode } from "./errors.js";
|
|
10
|
+
import "./chunks/utils.es-ad8f1dc4.js";
|
|
11
|
+
import "@ternent/armour";
|
|
12
|
+
function normalizeRelativePath(value) {
|
|
13
|
+
return value.split("\\").join("/");
|
|
14
|
+
}
|
|
15
|
+
async function collectFiles(rootPath, currentPath, files) {
|
|
16
|
+
const entries = await readdir(currentPath, { withFileTypes: true });
|
|
17
|
+
const sorted = entries.filter((entry) => entry.name !== ".DS_Store").sort((a, b) => a.name.localeCompare(b.name));
|
|
18
|
+
for (const entry of sorted) {
|
|
19
|
+
const entryPath = join(currentPath, entry.name);
|
|
20
|
+
if (entry.isDirectory()) {
|
|
21
|
+
await collectFiles(rootPath, entryPath, files);
|
|
22
|
+
continue;
|
|
23
|
+
}
|
|
24
|
+
if (!entry.isFile()) {
|
|
25
|
+
continue;
|
|
26
|
+
}
|
|
27
|
+
const bytes = await readFile(entryPath);
|
|
28
|
+
const relativePath = normalizeRelativePath(relative(rootPath, entryPath));
|
|
29
|
+
files[relativePath] = await createSealHash(bytes);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
async function createManifestArtifact(inputPath) {
|
|
33
|
+
const resolvedInput = resolve(inputPath);
|
|
34
|
+
const inputStat = await stat(resolvedInput);
|
|
35
|
+
const root = basename(resolvedInput);
|
|
36
|
+
const files = {};
|
|
37
|
+
if (inputStat.isDirectory()) {
|
|
38
|
+
await collectFiles(resolvedInput, resolvedInput, files);
|
|
39
|
+
} else if (inputStat.isFile()) {
|
|
40
|
+
const bytes = await readFile(resolvedInput);
|
|
41
|
+
files[root] = await createSealHash(bytes);
|
|
42
|
+
} else {
|
|
43
|
+
throw new Error("Manifest input must be a file or directory.");
|
|
44
|
+
}
|
|
45
|
+
const manifest = {
|
|
46
|
+
version: SEAL_MANIFEST_VERSION,
|
|
47
|
+
type: SEAL_MANIFEST_TYPE,
|
|
48
|
+
root,
|
|
49
|
+
files: Object.fromEntries(
|
|
50
|
+
Object.entries(files).sort(([left], [right]) => left.localeCompare(right))
|
|
51
|
+
)
|
|
52
|
+
};
|
|
53
|
+
return {
|
|
54
|
+
manifest,
|
|
55
|
+
content: `${stringifySealManifest(manifest)}
|
|
56
|
+
`
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
function formatMnemonicBackup(input) {
|
|
60
|
+
const lines = ["Seal seed phrase backup", "", "Mnemonic:", input.mnemonic];
|
|
61
|
+
if (String(input.passphrase || "").trim()) {
|
|
62
|
+
lines.push("", "Passphrase:", String(input.passphrase));
|
|
63
|
+
}
|
|
64
|
+
lines.push(
|
|
65
|
+
"",
|
|
66
|
+
"Store this file securely. Anyone with this recovery material can recreate the signer."
|
|
67
|
+
);
|
|
68
|
+
return `${lines.join("\n")}
|
|
69
|
+
`;
|
|
70
|
+
}
|
|
71
|
+
async function createIdentityArtifact(input = {}) {
|
|
72
|
+
const useMnemonic = Boolean(input.withMnemonic) || input.words === 12 || input.words === 24 || Boolean(input.passphrase);
|
|
73
|
+
const created = useMnemonic ? await createSealMnemonicIdentity({
|
|
74
|
+
words: input.words,
|
|
75
|
+
passphrase: input.passphrase
|
|
76
|
+
}) : {
|
|
77
|
+
identity: await createSealIdentity(),
|
|
78
|
+
mnemonic: null
|
|
79
|
+
};
|
|
80
|
+
return {
|
|
81
|
+
identity: created.identity,
|
|
82
|
+
content: exportIdentityJson(created.identity),
|
|
83
|
+
mnemonic: created.mnemonic,
|
|
84
|
+
mnemonicContent: created.mnemonic ? formatMnemonicBackup({
|
|
85
|
+
mnemonic: created.mnemonic,
|
|
86
|
+
passphrase: input.passphrase
|
|
87
|
+
}) : null
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
async function createProofArtifact(params) {
|
|
91
|
+
const bytes = await readFile(params.inputPath);
|
|
92
|
+
const raw = new TextDecoder().decode(bytes);
|
|
93
|
+
const parsedManifest = parseSealManifestJson(raw);
|
|
94
|
+
const proof = await createSealProof({
|
|
95
|
+
signer: {
|
|
96
|
+
identity: params.identity
|
|
97
|
+
},
|
|
98
|
+
subject: {
|
|
99
|
+
kind: parsedManifest.ok ? "manifest" : "file",
|
|
100
|
+
path: basename(params.inputPath),
|
|
101
|
+
hash: await createSealHash(bytes)
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
return {
|
|
105
|
+
proof,
|
|
106
|
+
content: `${JSON.stringify(proof, null, 2)}
|
|
107
|
+
`
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
async function createRecipientArtifact(params) {
|
|
111
|
+
const bytes = await readFile(params.inputPath);
|
|
112
|
+
const artifact = await createSealArtifact({
|
|
113
|
+
signer: {
|
|
114
|
+
identity: params.identity
|
|
115
|
+
},
|
|
116
|
+
subjectPath: basename(params.inputPath),
|
|
117
|
+
payload: bytes,
|
|
118
|
+
recipients: params.recipients
|
|
119
|
+
});
|
|
120
|
+
return {
|
|
121
|
+
artifact,
|
|
122
|
+
content: `${JSON.stringify(artifact, null, 2)}
|
|
123
|
+
`
|
|
124
|
+
};
|
|
125
|
+
}
|
|
126
|
+
async function createPublicKeyArtifact(params) {
|
|
127
|
+
return createSealPublicKeyArtifact(params);
|
|
128
|
+
}
|
|
129
|
+
async function verifyProofArtifact(params) {
|
|
130
|
+
const rawProof = await readFile(params.proofPath, "utf8");
|
|
131
|
+
const parsed = parseSealProofJson(rawProof);
|
|
132
|
+
if (!parsed.ok || !parsed.proof) {
|
|
133
|
+
throw new Error(parsed.errors.join(" "));
|
|
134
|
+
}
|
|
135
|
+
const subjectBytes = await readFile(params.inputPath);
|
|
136
|
+
const result = await verifySealProofAgainstBytes(parsed.proof, subjectBytes);
|
|
137
|
+
return {
|
|
138
|
+
proof: parsed.proof,
|
|
139
|
+
result
|
|
140
|
+
};
|
|
141
|
+
}
|
|
142
|
+
async function verifyArtifactProof(params) {
|
|
143
|
+
const rawArtifact = await readFile(params.artifactPath, "utf8");
|
|
144
|
+
const parsed = parseSealArtifactJson(rawArtifact);
|
|
145
|
+
if (!parsed.ok || !parsed.artifact) {
|
|
146
|
+
throw new Error(parsed.errors.join(" "));
|
|
147
|
+
}
|
|
148
|
+
return {
|
|
149
|
+
artifact: parsed.artifact,
|
|
150
|
+
result: await verifySealArtifact(parsed.artifact)
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
async function resolveSealIdentityFromEnv(env) {
|
|
154
|
+
const identityJson = String(env.SEAL_IDENTITY || "").trim();
|
|
155
|
+
if (identityJson) {
|
|
156
|
+
return parseIdentity(identityJson);
|
|
157
|
+
}
|
|
158
|
+
const identityFile = String(env.SEAL_IDENTITY_FILE || "").trim();
|
|
159
|
+
if (identityFile) {
|
|
160
|
+
return parseIdentity(await readFile(identityFile, "utf8"));
|
|
161
|
+
}
|
|
162
|
+
throw new Error("Missing SEAL_IDENTITY or SEAL_IDENTITY_FILE environment variable.");
|
|
163
|
+
}
|
|
164
|
+
function parseArgs(argv) {
|
|
165
|
+
const result = { _: [], flags: {} };
|
|
166
|
+
for (let index = 0; index < argv.length; index += 1) {
|
|
167
|
+
const arg = argv[index];
|
|
168
|
+
if (!arg.startsWith("--")) {
|
|
169
|
+
result._.push(arg);
|
|
170
|
+
continue;
|
|
171
|
+
}
|
|
172
|
+
const [rawKey, inlineValue] = arg.slice(2).split("=");
|
|
173
|
+
const key = rawKey.trim();
|
|
174
|
+
const next = argv[index + 1];
|
|
175
|
+
const hasNextValue = inlineValue === void 0 && next && !next.startsWith("--");
|
|
176
|
+
const value = inlineValue ?? (hasNextValue ? next : void 0);
|
|
177
|
+
if (hasNextValue) {
|
|
178
|
+
index += 1;
|
|
179
|
+
}
|
|
180
|
+
if (value === void 0) {
|
|
181
|
+
result.flags[key] = true;
|
|
182
|
+
continue;
|
|
183
|
+
}
|
|
184
|
+
const existing = result.flags[key];
|
|
185
|
+
if (existing === void 0) {
|
|
186
|
+
result.flags[key] = value;
|
|
187
|
+
continue;
|
|
188
|
+
}
|
|
189
|
+
if (Array.isArray(existing)) {
|
|
190
|
+
existing.push(value);
|
|
191
|
+
result.flags[key] = existing;
|
|
192
|
+
continue;
|
|
193
|
+
}
|
|
194
|
+
result.flags[key] = [String(existing), value];
|
|
195
|
+
}
|
|
196
|
+
return result;
|
|
197
|
+
}
|
|
198
|
+
function getFlag(flags, key) {
|
|
199
|
+
const value = flags[key];
|
|
200
|
+
if (Array.isArray(value)) {
|
|
201
|
+
return value[value.length - 1];
|
|
202
|
+
}
|
|
203
|
+
return typeof value === "string" ? value : void 0;
|
|
204
|
+
}
|
|
205
|
+
function getFlags(flags, key) {
|
|
206
|
+
const value = flags[key];
|
|
207
|
+
if (Array.isArray(value)) {
|
|
208
|
+
return value.map(String);
|
|
209
|
+
}
|
|
210
|
+
if (typeof value === "string") {
|
|
211
|
+
return [value];
|
|
212
|
+
}
|
|
213
|
+
return [];
|
|
214
|
+
}
|
|
215
|
+
function hasFlag(flags, key) {
|
|
216
|
+
return flags[key] === true;
|
|
217
|
+
}
|
|
218
|
+
function requireFlag(flags, key) {
|
|
219
|
+
const value = getFlag(flags, key);
|
|
220
|
+
if (!value) {
|
|
221
|
+
throw new SealCliError(`Missing --${key}`, EXIT_FAILURE);
|
|
222
|
+
}
|
|
223
|
+
return value;
|
|
224
|
+
}
|
|
225
|
+
function parseMnemonicWordCount(flags) {
|
|
226
|
+
const words = getFlag(flags, "words");
|
|
227
|
+
if (!words) {
|
|
228
|
+
return void 0;
|
|
229
|
+
}
|
|
230
|
+
if (words === "12" || words === "24") {
|
|
231
|
+
return Number(words);
|
|
232
|
+
}
|
|
233
|
+
throw new SealCliError("Mnemonic word count must be 12 or 24.", EXIT_FAILURE);
|
|
234
|
+
}
|
|
235
|
+
async function writeOutputFile(filePath, content) {
|
|
236
|
+
const resolvedPath = resolve(filePath);
|
|
237
|
+
await mkdir(dirname(resolvedPath), { recursive: true });
|
|
238
|
+
await writeFile(resolvedPath, content, "utf8");
|
|
239
|
+
}
|
|
240
|
+
function outputResult(writer, json, quiet, value) {
|
|
241
|
+
if (quiet) {
|
|
242
|
+
return;
|
|
243
|
+
}
|
|
244
|
+
if (typeof value === "string") {
|
|
245
|
+
writer.stdout(`${value}
|
|
246
|
+
`);
|
|
247
|
+
return;
|
|
248
|
+
}
|
|
249
|
+
if (json) {
|
|
250
|
+
writer.stdout(`${JSON.stringify(value, null, 2)}
|
|
251
|
+
`);
|
|
252
|
+
return;
|
|
253
|
+
}
|
|
254
|
+
writer.stdout(`${JSON.stringify(value, null, 2)}
|
|
255
|
+
`);
|
|
256
|
+
}
|
|
257
|
+
function outputError(writer, json, error) {
|
|
258
|
+
const exitCode = getExitCode(error);
|
|
259
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
260
|
+
if (json) {
|
|
261
|
+
writer.stderr(`${JSON.stringify({ error: message, exitCode }, null, 2)}
|
|
262
|
+
`);
|
|
263
|
+
} else {
|
|
264
|
+
writer.stderr(`${message}
|
|
265
|
+
`);
|
|
266
|
+
}
|
|
267
|
+
return exitCode;
|
|
268
|
+
}
|
|
269
|
+
async function runCli(argv, params = {}) {
|
|
270
|
+
const parsed = parseArgs(argv);
|
|
271
|
+
const env = params.env ?? process.env;
|
|
272
|
+
const writer = params.writer ?? {
|
|
273
|
+
stdout: (value) => process.stdout.write(value),
|
|
274
|
+
stderr: (value) => process.stderr.write(value)
|
|
275
|
+
};
|
|
276
|
+
const json = hasFlag(parsed.flags, "json");
|
|
277
|
+
const quiet = hasFlag(parsed.flags, "quiet");
|
|
278
|
+
try {
|
|
279
|
+
const [command, subcommand] = parsed._;
|
|
280
|
+
if (command === "identity" && subcommand === "create") {
|
|
281
|
+
const mnemonicOutPath = getFlag(parsed.flags, "mnemonic-out");
|
|
282
|
+
const artifact = await createIdentityArtifact({
|
|
283
|
+
withMnemonic: Boolean(mnemonicOutPath),
|
|
284
|
+
words: parseMnemonicWordCount(parsed.flags),
|
|
285
|
+
passphrase: getFlag(parsed.flags, "passphrase")
|
|
286
|
+
});
|
|
287
|
+
const outPath = getFlag(parsed.flags, "out");
|
|
288
|
+
if (outPath) {
|
|
289
|
+
await writeOutputFile(outPath, artifact.content);
|
|
290
|
+
}
|
|
291
|
+
if (mnemonicOutPath) {
|
|
292
|
+
await writeOutputFile(mnemonicOutPath, artifact.mnemonicContent || "");
|
|
293
|
+
}
|
|
294
|
+
if (outPath) {
|
|
295
|
+
outputResult(
|
|
296
|
+
writer,
|
|
297
|
+
json,
|
|
298
|
+
quiet,
|
|
299
|
+
json ? artifact.mnemonic ? {
|
|
300
|
+
identity: artifact.identity,
|
|
301
|
+
mnemonic: artifact.mnemonic,
|
|
302
|
+
mnemonicFile: mnemonicOutPath || null
|
|
303
|
+
} : artifact.identity : outPath
|
|
304
|
+
);
|
|
305
|
+
} else {
|
|
306
|
+
outputResult(
|
|
307
|
+
writer,
|
|
308
|
+
true,
|
|
309
|
+
quiet,
|
|
310
|
+
artifact.mnemonic ? {
|
|
311
|
+
identity: artifact.identity,
|
|
312
|
+
mnemonic: artifact.mnemonic,
|
|
313
|
+
mnemonicFile: mnemonicOutPath || null
|
|
314
|
+
} : artifact.identity
|
|
315
|
+
);
|
|
316
|
+
}
|
|
317
|
+
return EXIT_SUCCESS;
|
|
318
|
+
}
|
|
319
|
+
if (command === "manifest" && subcommand === "create") {
|
|
320
|
+
const artifact = await createManifestArtifact(requireFlag(parsed.flags, "input"));
|
|
321
|
+
const outPath = getFlag(parsed.flags, "out");
|
|
322
|
+
if (outPath) {
|
|
323
|
+
await writeOutputFile(outPath, artifact.content);
|
|
324
|
+
outputResult(writer, json, quiet, json ? artifact.manifest : outPath);
|
|
325
|
+
} else {
|
|
326
|
+
outputResult(writer, true, quiet, artifact.manifest);
|
|
327
|
+
}
|
|
328
|
+
return EXIT_SUCCESS;
|
|
329
|
+
}
|
|
330
|
+
if (command === "sign") {
|
|
331
|
+
const identity = await resolveSealIdentityFromEnv(env);
|
|
332
|
+
const recipients = getFlags(parsed.flags, "recipient");
|
|
333
|
+
const inputPath = requireFlag(parsed.flags, "input");
|
|
334
|
+
const outPath = getFlag(parsed.flags, "out");
|
|
335
|
+
if (recipients.length > 0) {
|
|
336
|
+
const artifact = await createRecipientArtifact({
|
|
337
|
+
inputPath,
|
|
338
|
+
identity,
|
|
339
|
+
recipients
|
|
340
|
+
});
|
|
341
|
+
if (outPath) {
|
|
342
|
+
await writeOutputFile(outPath, artifact.content);
|
|
343
|
+
outputResult(writer, json, quiet, json ? artifact.artifact : outPath);
|
|
344
|
+
} else {
|
|
345
|
+
outputResult(writer, true, quiet, artifact.artifact);
|
|
346
|
+
}
|
|
347
|
+
} else {
|
|
348
|
+
const artifact = await createProofArtifact({
|
|
349
|
+
inputPath,
|
|
350
|
+
identity
|
|
351
|
+
});
|
|
352
|
+
if (outPath) {
|
|
353
|
+
await writeOutputFile(outPath, artifact.content);
|
|
354
|
+
outputResult(writer, json, quiet, json ? artifact.proof : outPath);
|
|
355
|
+
} else {
|
|
356
|
+
outputResult(writer, true, quiet, artifact.proof);
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
|
+
return EXIT_SUCCESS;
|
|
360
|
+
}
|
|
361
|
+
if (command === "verify") {
|
|
362
|
+
const artifactPath = getFlag(parsed.flags, "artifact");
|
|
363
|
+
if (artifactPath) {
|
|
364
|
+
const { result: result2 } = await verifyArtifactProof({ artifactPath });
|
|
365
|
+
outputResult(
|
|
366
|
+
writer,
|
|
367
|
+
json,
|
|
368
|
+
quiet,
|
|
369
|
+
json ? result2 : [
|
|
370
|
+
`valid=${result2.valid}`,
|
|
371
|
+
`hashMatch=${result2.hashMatch}`,
|
|
372
|
+
`signatureValid=${result2.signatureValid}`,
|
|
373
|
+
`encrypted=${result2.encrypted}`,
|
|
374
|
+
`payloadScheme=${result2.payloadScheme}`,
|
|
375
|
+
`payloadMode=${result2.payloadMode}`,
|
|
376
|
+
`keyId=${result2.keyId}`,
|
|
377
|
+
`algorithm=${result2.algorithm}`,
|
|
378
|
+
`subjectHash=${result2.subjectHash}`
|
|
379
|
+
].join("\n")
|
|
380
|
+
);
|
|
381
|
+
if (!result2.hashMatch) {
|
|
382
|
+
return EXIT_HASH_MISMATCH;
|
|
383
|
+
}
|
|
384
|
+
if (!result2.signatureValid) {
|
|
385
|
+
return EXIT_SIGNATURE_INVALID;
|
|
386
|
+
}
|
|
387
|
+
return EXIT_SUCCESS;
|
|
388
|
+
}
|
|
389
|
+
const proofPath = requireFlag(parsed.flags, "proof");
|
|
390
|
+
const inputPath = requireFlag(parsed.flags, "input");
|
|
391
|
+
const { result } = await verifyProofArtifact({ proofPath, inputPath });
|
|
392
|
+
outputResult(
|
|
393
|
+
writer,
|
|
394
|
+
json,
|
|
395
|
+
quiet,
|
|
396
|
+
json ? result : [
|
|
397
|
+
`valid=${result.valid}`,
|
|
398
|
+
`hashMatch=${result.hashMatch}`,
|
|
399
|
+
`signatureValid=${result.signatureValid}`,
|
|
400
|
+
`keyId=${result.keyId}`,
|
|
401
|
+
`algorithm=${result.algorithm}`,
|
|
402
|
+
`subjectHash=${result.subjectHash}`
|
|
403
|
+
].join("\n")
|
|
404
|
+
);
|
|
405
|
+
if (!result.hashMatch) {
|
|
406
|
+
return EXIT_HASH_MISMATCH;
|
|
407
|
+
}
|
|
408
|
+
if (!result.signatureValid) {
|
|
409
|
+
return EXIT_SIGNATURE_INVALID;
|
|
410
|
+
}
|
|
411
|
+
return EXIT_SUCCESS;
|
|
412
|
+
}
|
|
413
|
+
if (command === "public-key") {
|
|
414
|
+
const artifact = await createPublicKeyArtifact({
|
|
415
|
+
identity: await resolveSealIdentityFromEnv(env)
|
|
416
|
+
});
|
|
417
|
+
outputResult(writer, true, quiet, artifact);
|
|
418
|
+
return EXIT_SUCCESS;
|
|
419
|
+
}
|
|
420
|
+
throw new SealCliError(
|
|
421
|
+
"Usage: seal identity create [--out <path>] [--words 12|24] [--passphrase <value>] [--mnemonic-out <path>] [--json] [--quiet]\n seal manifest create --input <path> [--out <path>] [--json] [--quiet]\n seal sign --input <path> [--recipient <age...>] [--out <path>] [--json] [--quiet]\n seal verify --proof <proof.json> --input <path> [--json] [--quiet]\n seal verify --artifact <artifact.json> [--json] [--quiet]\n seal public-key [--json] [--quiet]",
|
|
422
|
+
EXIT_FAILURE
|
|
423
|
+
);
|
|
424
|
+
} catch (error) {
|
|
425
|
+
if (error instanceof Error && error.message.includes("Proof")) {
|
|
426
|
+
return outputError(writer, json, new SealCliError(error.message, EXIT_INVALID_PROOF));
|
|
427
|
+
}
|
|
428
|
+
if (error instanceof Error && (error.message.includes("public key") || error.message.includes("SEAL_IDENTITY") || error.message.includes("identity"))) {
|
|
429
|
+
return outputError(writer, json, new SealCliError(error.message, EXIT_KEY_CONFIG));
|
|
430
|
+
}
|
|
431
|
+
return outputError(writer, json, error);
|
|
432
|
+
}
|
|
433
|
+
}
|
|
434
|
+
const isDirectRun = typeof process !== "undefined" && process.argv[1] && fileURLToPath(import.meta.url) === resolve(process.argv[1]);
|
|
435
|
+
if (isDirectRun) {
|
|
436
|
+
runCli(process.argv.slice(2)).then((exitCode) => {
|
|
437
|
+
process.exitCode = exitCode;
|
|
438
|
+
});
|
|
439
|
+
}
|
|
440
|
+
export { runCli };
|
|
441
|
+
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cli.js","sources":["../src/commands/manifest.ts","../src/commands/identity.ts","../src/commands/sign.ts","../src/commands/publicKey.ts","../src/commands/verify.ts","../src/node.ts","../src/cli.ts"],"sourcesContent":["import { readdir, readFile, stat } from \"node:fs/promises\";\nimport { basename, join, relative, resolve } from \"node:path\";\nimport { createSealHash } from \"../proof\";\nimport {\n SEAL_MANIFEST_TYPE,\n SEAL_MANIFEST_VERSION,\n stringifySealManifest,\n type SealManifestV1,\n} from \"../manifest\";\n\nfunction normalizeRelativePath(value: string): string {\n return value.split(\"\\\\\").join(\"/\");\n}\n\nasync function collectFiles(\n rootPath: string,\n currentPath: string,\n files: Record<string, SealManifestV1[\"files\"][string]>,\n): Promise<void> {\n const entries = await readdir(currentPath, { withFileTypes: true });\n const sorted = entries\n .filter((entry) => entry.name !== \".DS_Store\")\n .sort((a, b) => a.name.localeCompare(b.name));\n\n for (const entry of sorted) {\n const entryPath = join(currentPath, entry.name);\n if (entry.isDirectory()) {\n await collectFiles(rootPath, entryPath, files);\n continue;\n }\n if (!entry.isFile()) {\n continue;\n }\n const bytes = await readFile(entryPath);\n const relativePath = normalizeRelativePath(relative(rootPath, entryPath));\n files[relativePath] = await createSealHash(bytes);\n }\n}\n\nexport async function createManifestArtifact(inputPath: string): Promise<{\n manifest: SealManifestV1;\n content: string;\n}> {\n const resolvedInput = resolve(inputPath);\n const inputStat = await stat(resolvedInput);\n const root = basename(resolvedInput);\n const files: SealManifestV1[\"files\"] = {};\n\n if (inputStat.isDirectory()) {\n await collectFiles(resolvedInput, resolvedInput, files);\n } else if (inputStat.isFile()) {\n const bytes = await readFile(resolvedInput);\n files[root] = await createSealHash(bytes);\n } else {\n throw new Error(\"Manifest input must be a file or directory.\");\n }\n\n const manifest: SealManifestV1 = {\n version: SEAL_MANIFEST_VERSION,\n type: SEAL_MANIFEST_TYPE,\n root,\n files: Object.fromEntries(\n Object.entries(files).sort(([left], [right]) => left.localeCompare(right)),\n ),\n };\n\n return {\n manifest,\n content: `${stringifySealManifest(manifest)}\\n`,\n };\n}\n","import { createSealIdentity, createSealMnemonicIdentity, exportIdentityJson } from \"../crypto\";\n\nfunction formatMnemonicBackup(input: { mnemonic: string; passphrase?: string }): string {\n const lines = [\"Seal seed phrase backup\", \"\", \"Mnemonic:\", input.mnemonic];\n if (String(input.passphrase || \"\").trim()) {\n lines.push(\"\", \"Passphrase:\", String(input.passphrase));\n }\n lines.push(\n \"\",\n \"Store this file securely. Anyone with this recovery material can recreate the signer.\",\n );\n return `${lines.join(\"\\n\")}\\n`;\n}\n\nexport async function createIdentityArtifact(\n input: {\n withMnemonic?: boolean;\n words?: 12 | 24;\n passphrase?: string;\n } = {},\n): Promise<{\n identity: import(\"@ternent/identity\").SerializedIdentity;\n content: string;\n mnemonic: string | null;\n mnemonicContent: string | null;\n}> {\n const useMnemonic =\n Boolean(input.withMnemonic) ||\n input.words === 12 ||\n input.words === 24 ||\n Boolean(input.passphrase);\n const created = useMnemonic\n ? await createSealMnemonicIdentity({\n words: input.words,\n passphrase: input.passphrase,\n })\n : {\n identity: await createSealIdentity(),\n mnemonic: null,\n };\n return {\n identity: created.identity,\n content: exportIdentityJson(created.identity),\n mnemonic: created.mnemonic,\n mnemonicContent: created.mnemonic\n ? formatMnemonicBackup({\n mnemonic: created.mnemonic,\n passphrase: input.passphrase,\n })\n : null,\n };\n}\n","import { basename } from \"node:path\";\nimport { readFile } from \"node:fs/promises\";\nimport { createSealArtifact, type SealArtifactV1 } from \"../artifact\";\nimport { parseSealManifestJson } from \"../manifest\";\nimport { createSealProof, createSealHash, type SealProofV1 } from \"../proof\";\n\nexport async function createProofArtifact(params: {\n inputPath: string;\n identity: import(\"@ternent/identity\").SerializedIdentity;\n}): Promise<{\n proof: SealProofV1;\n content: string;\n}> {\n const bytes = await readFile(params.inputPath);\n const raw = new TextDecoder().decode(bytes);\n const parsedManifest = parseSealManifestJson(raw);\n const proof = await createSealProof({\n signer: {\n identity: params.identity,\n },\n subject: {\n kind: parsedManifest.ok ? \"manifest\" : \"file\",\n path: basename(params.inputPath),\n hash: await createSealHash(bytes),\n },\n });\n\n return {\n proof,\n content: `${JSON.stringify(proof, null, 2)}\\n`,\n };\n}\n\nexport async function createRecipientArtifact(params: {\n inputPath: string;\n identity: import(\"@ternent/identity\").SerializedIdentity;\n recipients: string[];\n}): Promise<{\n artifact: SealArtifactV1;\n content: string;\n}> {\n const bytes = await readFile(params.inputPath);\n const artifact = await createSealArtifact({\n signer: {\n identity: params.identity,\n },\n subjectPath: basename(params.inputPath),\n payload: bytes,\n recipients: params.recipients,\n });\n\n return {\n artifact,\n content: `${JSON.stringify(artifact, null, 2)}\\n`,\n };\n}\n","import { createSealPublicKeyArtifact } from \"../proof\";\n\nexport async function createPublicKeyArtifact(params: {\n identity: import(\"@ternent/identity\").SerializedIdentity;\n}) {\n return createSealPublicKeyArtifact(params);\n}\n","import { readFile } from \"node:fs/promises\";\nimport {\n parseSealArtifactJson,\n verifySealArtifact,\n type SealArtifactV1,\n type VerifySealArtifactResult,\n} from \"../artifact\";\nimport { parseSealProofJson, verifySealProofAgainstBytes, type SealProofV1 } from \"../proof\";\n\nexport type VerifyArtifactResult = {\n valid: boolean;\n hashMatch: boolean;\n signatureValid: boolean;\n keyId: string;\n algorithm: \"Ed25519\";\n subjectHash: `sha256:${string}`;\n};\n\nexport async function verifyProofArtifact(params: {\n proofPath: string;\n inputPath: string;\n}): Promise<{\n proof: SealProofV1;\n result: VerifyArtifactResult;\n}> {\n const rawProof = await readFile(params.proofPath, \"utf8\");\n const parsed = parseSealProofJson(rawProof);\n if (!parsed.ok || !parsed.proof) {\n throw new Error(parsed.errors.join(\" \"));\n }\n\n const subjectBytes = await readFile(params.inputPath);\n const result = await verifySealProofAgainstBytes(parsed.proof, subjectBytes);\n return {\n proof: parsed.proof,\n result,\n };\n}\n\nexport async function verifyArtifactProof(params: { artifactPath: string }): Promise<{\n artifact: SealArtifactV1;\n result: VerifySealArtifactResult;\n}> {\n const rawArtifact = await readFile(params.artifactPath, \"utf8\");\n const parsed = parseSealArtifactJson(rawArtifact);\n if (!parsed.ok || !parsed.artifact) {\n throw new Error(parsed.errors.join(\" \"));\n }\n\n return {\n artifact: parsed.artifact,\n result: await verifySealArtifact(parsed.artifact),\n };\n}\n","import { readFile } from \"node:fs/promises\";\nimport { parseIdentity, type SerializedIdentity } from \"@ternent/identity\";\n\nexport async function resolveSealIdentityFromEnv(\n env: Record<string, string | undefined>,\n): Promise<SerializedIdentity> {\n const identityJson = String(env.SEAL_IDENTITY || \"\").trim();\n if (identityJson) {\n return parseIdentity(identityJson);\n }\n\n const identityFile = String(env.SEAL_IDENTITY_FILE || \"\").trim();\n if (identityFile) {\n return parseIdentity(await readFile(identityFile, \"utf8\"));\n }\n\n throw new Error(\"Missing SEAL_IDENTITY or SEAL_IDENTITY_FILE environment variable.\");\n}\n","import { mkdir, writeFile } from \"node:fs/promises\";\nimport { dirname, resolve } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { createManifestArtifact } from \"./commands/manifest\";\nimport { createIdentityArtifact } from \"./commands/identity\";\nimport { createProofArtifact, createRecipientArtifact } from \"./commands/sign\";\nimport { createPublicKeyArtifact } from \"./commands/publicKey\";\nimport { verifyArtifactProof, verifyProofArtifact } from \"./commands/verify\";\nimport { resolveSealIdentityFromEnv } from \"./node\";\nimport {\n EXIT_FAILURE,\n EXIT_HASH_MISMATCH,\n EXIT_INVALID_PROOF,\n EXIT_KEY_CONFIG,\n EXIT_SIGNATURE_INVALID,\n EXIT_SUCCESS,\n SealCliError,\n getExitCode,\n} from \"./errors\";\n\ntype ProcessEnvLike = Record<string, string | undefined>;\n\ndeclare const process: {\n argv: string[];\n env: ProcessEnvLike;\n stdout: { write: (value: string) => void };\n stderr: { write: (value: string) => void };\n exitCode?: number;\n};\n\ntype ParsedArgs = {\n _: string[];\n flags: Record<string, string | boolean | string[]>;\n};\n\ntype OutputWriter = {\n stdout: (value: string) => void;\n stderr: (value: string) => void;\n};\n\nfunction parseArgs(argv: string[]): ParsedArgs {\n const result: ParsedArgs = { _: [], flags: {} };\n for (let index = 0; index < argv.length; index += 1) {\n const arg = argv[index];\n if (!arg.startsWith(\"--\")) {\n result._.push(arg);\n continue;\n }\n\n const [rawKey, inlineValue] = arg.slice(2).split(\"=\");\n const key = rawKey.trim();\n const next = argv[index + 1];\n const hasNextValue = inlineValue === undefined && next && !next.startsWith(\"--\");\n const value = inlineValue ?? (hasNextValue ? next : undefined);\n\n if (hasNextValue) {\n index += 1;\n }\n\n if (value === undefined) {\n result.flags[key] = true;\n continue;\n }\n\n const existing = result.flags[key];\n if (existing === undefined) {\n result.flags[key] = value;\n continue;\n }\n\n if (Array.isArray(existing)) {\n existing.push(value);\n result.flags[key] = existing;\n continue;\n }\n\n result.flags[key] = [String(existing), value];\n }\n\n return result;\n}\n\nfunction getFlag(flags: ParsedArgs[\"flags\"], key: string): string | undefined {\n const value = flags[key];\n if (Array.isArray(value)) {\n return value[value.length - 1];\n }\n return typeof value === \"string\" ? value : undefined;\n}\n\nfunction getFlags(flags: ParsedArgs[\"flags\"], key: string): string[] {\n const value = flags[key];\n if (Array.isArray(value)) {\n return value.map(String);\n }\n if (typeof value === \"string\") {\n return [value];\n }\n return [];\n}\n\nfunction hasFlag(flags: ParsedArgs[\"flags\"], key: string): boolean {\n return flags[key] === true;\n}\n\nfunction requireFlag(flags: ParsedArgs[\"flags\"], key: string): string {\n const value = getFlag(flags, key);\n if (!value) {\n throw new SealCliError(`Missing --${key}`, EXIT_FAILURE);\n }\n return value;\n}\n\nfunction parseMnemonicWordCount(flags: ParsedArgs[\"flags\"]): 12 | 24 | undefined {\n const words = getFlag(flags, \"words\");\n if (!words) {\n return undefined;\n }\n if (words === \"12\" || words === \"24\") {\n return Number(words) as 12 | 24;\n }\n throw new SealCliError(\"Mnemonic word count must be 12 or 24.\", EXIT_FAILURE);\n}\n\nasync function writeOutputFile(filePath: string, content: string): Promise<void> {\n const resolvedPath = resolve(filePath);\n await mkdir(dirname(resolvedPath), { recursive: true });\n await writeFile(resolvedPath, content, \"utf8\");\n}\n\nfunction outputResult(writer: OutputWriter, json: boolean, quiet: boolean, value: unknown): void {\n if (quiet) {\n return;\n }\n\n if (typeof value === \"string\") {\n writer.stdout(`${value}\\n`);\n return;\n }\n\n if (json) {\n writer.stdout(`${JSON.stringify(value, null, 2)}\\n`);\n return;\n }\n\n writer.stdout(`${JSON.stringify(value, null, 2)}\\n`);\n}\n\nfunction outputError(writer: OutputWriter, json: boolean, error: unknown): number {\n const exitCode = getExitCode(error);\n const message = error instanceof Error ? error.message : String(error);\n if (json) {\n writer.stderr(`${JSON.stringify({ error: message, exitCode }, null, 2)}\\n`);\n } else {\n writer.stderr(`${message}\\n`);\n }\n return exitCode;\n}\n\nexport async function runCli(\n argv: string[],\n params: {\n env?: ProcessEnvLike;\n writer?: OutputWriter;\n } = {},\n): Promise<number> {\n const parsed = parseArgs(argv);\n const env = params.env ?? process.env;\n const writer: OutputWriter = params.writer ?? {\n stdout: (value) => process.stdout.write(value),\n stderr: (value) => process.stderr.write(value),\n };\n const json = hasFlag(parsed.flags, \"json\");\n const quiet = hasFlag(parsed.flags, \"quiet\");\n\n try {\n const [command, subcommand] = parsed._;\n\n if (command === \"identity\" && subcommand === \"create\") {\n const mnemonicOutPath = getFlag(parsed.flags, \"mnemonic-out\");\n const artifact = await createIdentityArtifact({\n withMnemonic: Boolean(mnemonicOutPath),\n words: parseMnemonicWordCount(parsed.flags),\n passphrase: getFlag(parsed.flags, \"passphrase\"),\n });\n const outPath = getFlag(parsed.flags, \"out\");\n if (outPath) {\n await writeOutputFile(outPath, artifact.content);\n }\n if (mnemonicOutPath) {\n await writeOutputFile(mnemonicOutPath, artifact.mnemonicContent || \"\");\n }\n\n if (outPath) {\n outputResult(\n writer,\n json,\n quiet,\n json\n ? artifact.mnemonic\n ? {\n identity: artifact.identity,\n mnemonic: artifact.mnemonic,\n mnemonicFile: mnemonicOutPath || null,\n }\n : artifact.identity\n : outPath,\n );\n } else {\n outputResult(\n writer,\n true,\n quiet,\n artifact.mnemonic\n ? {\n identity: artifact.identity,\n mnemonic: artifact.mnemonic,\n mnemonicFile: mnemonicOutPath || null,\n }\n : artifact.identity,\n );\n }\n return EXIT_SUCCESS;\n }\n\n if (command === \"manifest\" && subcommand === \"create\") {\n const artifact = await createManifestArtifact(requireFlag(parsed.flags, \"input\"));\n const outPath = getFlag(parsed.flags, \"out\");\n if (outPath) {\n await writeOutputFile(outPath, artifact.content);\n outputResult(writer, json, quiet, json ? artifact.manifest : outPath);\n } else {\n outputResult(writer, true, quiet, artifact.manifest);\n }\n return EXIT_SUCCESS;\n }\n\n if (command === \"sign\") {\n const identity = await resolveSealIdentityFromEnv(env);\n const recipients = getFlags(parsed.flags, \"recipient\");\n const inputPath = requireFlag(parsed.flags, \"input\");\n const outPath = getFlag(parsed.flags, \"out\");\n if (recipients.length > 0) {\n const artifact = await createRecipientArtifact({\n inputPath,\n identity,\n recipients,\n });\n if (outPath) {\n await writeOutputFile(outPath, artifact.content);\n outputResult(writer, json, quiet, json ? artifact.artifact : outPath);\n } else {\n outputResult(writer, true, quiet, artifact.artifact);\n }\n } else {\n const artifact = await createProofArtifact({\n inputPath,\n identity,\n });\n if (outPath) {\n await writeOutputFile(outPath, artifact.content);\n outputResult(writer, json, quiet, json ? artifact.proof : outPath);\n } else {\n outputResult(writer, true, quiet, artifact.proof);\n }\n }\n return EXIT_SUCCESS;\n }\n\n if (command === \"verify\") {\n const artifactPath = getFlag(parsed.flags, \"artifact\");\n if (artifactPath) {\n const { result } = await verifyArtifactProof({ artifactPath });\n outputResult(\n writer,\n json,\n quiet,\n json\n ? result\n : [\n `valid=${result.valid}`,\n `hashMatch=${result.hashMatch}`,\n `signatureValid=${result.signatureValid}`,\n `encrypted=${result.encrypted}`,\n `payloadScheme=${result.payloadScheme}`,\n `payloadMode=${result.payloadMode}`,\n `keyId=${result.keyId}`,\n `algorithm=${result.algorithm}`,\n `subjectHash=${result.subjectHash}`,\n ].join(\"\\n\"),\n );\n\n if (!result.hashMatch) {\n return EXIT_HASH_MISMATCH;\n }\n if (!result.signatureValid) {\n return EXIT_SIGNATURE_INVALID;\n }\n return EXIT_SUCCESS;\n }\n\n const proofPath = requireFlag(parsed.flags, \"proof\");\n const inputPath = requireFlag(parsed.flags, \"input\");\n const { result } = await verifyProofArtifact({ proofPath, inputPath });\n outputResult(\n writer,\n json,\n quiet,\n json\n ? result\n : [\n `valid=${result.valid}`,\n `hashMatch=${result.hashMatch}`,\n `signatureValid=${result.signatureValid}`,\n `keyId=${result.keyId}`,\n `algorithm=${result.algorithm}`,\n `subjectHash=${result.subjectHash}`,\n ].join(\"\\n\"),\n );\n\n if (!result.hashMatch) {\n return EXIT_HASH_MISMATCH;\n }\n if (!result.signatureValid) {\n return EXIT_SIGNATURE_INVALID;\n }\n return EXIT_SUCCESS;\n }\n\n if (command === \"public-key\") {\n const artifact = await createPublicKeyArtifact({\n identity: await resolveSealIdentityFromEnv(env),\n });\n outputResult(writer, true, quiet, artifact);\n return EXIT_SUCCESS;\n }\n\n throw new SealCliError(\n \"Usage: seal identity create [--out <path>] [--words 12|24] [--passphrase <value>] [--mnemonic-out <path>] [--json] [--quiet]\\n\" +\n \" seal manifest create --input <path> [--out <path>] [--json] [--quiet]\\n\" +\n \" seal sign --input <path> [--recipient <age...>] [--out <path>] [--json] [--quiet]\\n\" +\n \" seal verify --proof <proof.json> --input <path> [--json] [--quiet]\\n\" +\n \" seal verify --artifact <artifact.json> [--json] [--quiet]\\n\" +\n \" seal public-key [--json] [--quiet]\",\n EXIT_FAILURE,\n );\n } catch (error) {\n if (error instanceof Error && error.message.includes(\"Proof\")) {\n return outputError(writer, json, new SealCliError(error.message, EXIT_INVALID_PROOF));\n }\n if (\n error instanceof Error &&\n (error.message.includes(\"public key\") ||\n error.message.includes(\"SEAL_IDENTITY\") ||\n error.message.includes(\"identity\"))\n ) {\n return outputError(writer, json, new SealCliError(error.message, EXIT_KEY_CONFIG));\n }\n return outputError(writer, json, error);\n }\n}\n\nconst isDirectRun =\n typeof process !== \"undefined\" &&\n process.argv[1] &&\n fileURLToPath(import.meta.url) === resolve(process.argv[1]);\n\nif (isDirectRun) {\n runCli(process.argv.slice(2)).then((exitCode) => {\n process.exitCode = exitCode;\n });\n}\n"],"names":["result"],"mappings":";;;;;;;;;;;AAUA,SAAS,sBAAsB,OAAuB;AACpD,SAAO,MAAM,MAAM,IAAI,EAAE,KAAK,GAAG;AACnC;AAEA,eAAe,aACb,UACA,aACA,OACe;AACf,QAAM,UAAU,MAAM,QAAQ,aAAa,EAAE,eAAe,MAAM;AAClE,QAAM,SAAS,QACZ,OAAO,CAAC,UAAU,MAAM,SAAS,WAAW,EAC5C,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAE9C,aAAW,SAAS,QAAQ;AAC1B,UAAM,YAAY,KAAK,aAAa,MAAM,IAAI;AAC1C,QAAA,MAAM,eAAe;AACjB,YAAA,aAAa,UAAU,WAAW,KAAK;AAC7C;AAAA,IACF;AACI,QAAA,CAAC,MAAM,UAAU;AACnB;AAAA,IACF;AACM,UAAA,QAAQ,MAAM,SAAS,SAAS;AACtC,UAAM,eAAe,sBAAsB,SAAS,UAAU,SAAS,CAAC;AAClE,UAAA,gBAAgB,MAAM,eAAe,KAAK;AAAA,EAClD;AACF;AAEA,eAAsB,uBAAuB,WAG1C;AACK,QAAA,gBAAgB,QAAQ,SAAS;AACjC,QAAA,YAAY,MAAM,KAAK,aAAa;AACpC,QAAA,OAAO,SAAS,aAAa;AACnC,QAAM,QAAiC,CAAA;AAEnC,MAAA,UAAU,eAAe;AACrB,UAAA,aAAa,eAAe,eAAe,KAAK;AAAA,EAAA,WAC7C,UAAU,UAAU;AACvB,UAAA,QAAQ,MAAM,SAAS,aAAa;AACpC,UAAA,QAAQ,MAAM,eAAe,KAAK;AAAA,EAAA,OACnC;AACC,UAAA,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AAEA,QAAM,WAA2B;AAAA,IAC/B,SAAS;AAAA,IACT,MAAM;AAAA,IACN;AAAA,IACA,OAAO,OAAO;AAAA,MACZ,OAAO,QAAQ,KAAK,EAAE,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,MAAM,KAAK,cAAc,KAAK,CAAC;AAAA,IAC3E;AAAA,EAAA;AAGK,SAAA;AAAA,IACL;AAAA,IACA,SAAS,GAAG,sBAAsB,QAAQ;AAAA;AAAA,EAAA;AAE9C;ACpEA,SAAS,qBAAqB,OAA0D;AACtF,QAAM,QAAQ,CAAC,2BAA2B,IAAI,aAAa,MAAM,QAAQ;AACzE,MAAI,OAAO,MAAM,cAAc,EAAE,EAAE,QAAQ;AACzC,UAAM,KAAK,IAAI,eAAe,OAAO,MAAM,UAAU,CAAC;AAAA,EACxD;AACM,QAAA;AAAA,IACJ;AAAA,IACA;AAAA,EAAA;AAEK,SAAA,GAAG,MAAM,KAAK,IAAI;AAAA;AAC3B;AAEsB,eAAA,uBACpB,QAII,IAMH;AACD,QAAM,cACJ,QAAQ,MAAM,YAAY,KAC1B,MAAM,UAAU,MAChB,MAAM,UAAU,MAChB,QAAQ,MAAM,UAAU;AACpB,QAAA,UAAU,cACZ,MAAM,2BAA2B;AAAA,IAC/B,OAAO,MAAM;AAAA,IACb,YAAY,MAAM;AAAA,EAAA,CACnB,IACD;AAAA,IACE,UAAU,MAAM,mBAAmB;AAAA,IACnC,UAAU;AAAA,EAAA;AAET,SAAA;AAAA,IACL,UAAU,QAAQ;AAAA,IAClB,SAAS,mBAAmB,QAAQ,QAAQ;AAAA,IAC5C,UAAU,QAAQ;AAAA,IAClB,iBAAiB,QAAQ,WACrB,qBAAqB;AAAA,MACnB,UAAU,QAAQ;AAAA,MAClB,YAAY,MAAM;AAAA,IACnB,CAAA,IACD;AAAA,EAAA;AAER;AC7CA,eAAsB,oBAAoB,QAMvC;AACD,QAAM,QAAQ,MAAM,SAAS,OAAO,SAAS;AAC7C,QAAM,MAAM,IAAI,YAAY,EAAE,OAAO,KAAK;AACpC,QAAA,iBAAiB,sBAAsB,GAAG;AAC1C,QAAA,QAAQ,MAAM,gBAAgB;AAAA,IAClC,QAAQ;AAAA,MACN,UAAU,OAAO;AAAA,IACnB;AAAA,IACA,SAAS;AAAA,MACP,MAAM,eAAe,KAAK,aAAa;AAAA,MACvC,MAAM,SAAS,OAAO,SAAS;AAAA,MAC/B,MAAM,MAAM,eAAe,KAAK;AAAA,IAClC;AAAA,EAAA,CACD;AAEM,SAAA;AAAA,IACL;AAAA,IACA,SAAS,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC;AAAA;AAAA,EAAA;AAE7C;AAEA,eAAsB,wBAAwB,QAO3C;AACD,QAAM,QAAQ,MAAM,SAAS,OAAO,SAAS;AACvC,QAAA,WAAW,MAAM,mBAAmB;AAAA,IACxC,QAAQ;AAAA,MACN,UAAU,OAAO;AAAA,IACnB;AAAA,IACA,aAAa,SAAS,OAAO,SAAS;AAAA,IACtC,SAAS;AAAA,IACT,YAAY,OAAO;AAAA,EAAA,CACpB;AAEM,SAAA;AAAA,IACL;AAAA,IACA,SAAS,GAAG,KAAK,UAAU,UAAU,MAAM,CAAC;AAAA;AAAA,EAAA;AAEhD;ACrDA,eAAsB,wBAAwB,QAE3C;AACD,SAAO,4BAA4B,MAAM;AAC3C;ACYA,eAAsB,oBAAoB,QAMvC;AACD,QAAM,WAAW,MAAM,SAAS,OAAO,WAAW,MAAM;AAClD,QAAA,SAAS,mBAAmB,QAAQ;AAC1C,MAAI,CAAC,OAAO,MAAM,CAAC,OAAO,OAAO;AAC/B,UAAM,IAAI,MAAM,OAAO,OAAO,KAAK,GAAG,CAAC;AAAA,EACzC;AAEA,QAAM,eAAe,MAAM,SAAS,OAAO,SAAS;AACpD,QAAM,SAAS,MAAM,4BAA4B,OAAO,OAAO,YAAY;AACpE,SAAA;AAAA,IACL,OAAO,OAAO;AAAA,IACd;AAAA,EAAA;AAEJ;AAEA,eAAsB,oBAAoB,QAGvC;AACD,QAAM,cAAc,MAAM,SAAS,OAAO,cAAc,MAAM;AACxD,QAAA,SAAS,sBAAsB,WAAW;AAChD,MAAI,CAAC,OAAO,MAAM,CAAC,OAAO,UAAU;AAClC,UAAM,IAAI,MAAM,OAAO,OAAO,KAAK,GAAG,CAAC;AAAA,EACzC;AAEO,SAAA;AAAA,IACL,UAAU,OAAO;AAAA,IACjB,QAAQ,MAAM,mBAAmB,OAAO,QAAQ;AAAA,EAAA;AAEpD;AClDA,eAAsB,2BACpB,KAC6B;AAC7B,QAAM,eAAe,OAAO,IAAI,iBAAiB,EAAE,EAAE;AACrD,MAAI,cAAc;AAChB,WAAO,cAAc,YAAY;AAAA,EACnC;AAEA,QAAM,eAAe,OAAO,IAAI,sBAAsB,EAAE,EAAE;AAC1D,MAAI,cAAc;AAChB,WAAO,cAAc,MAAM,SAAS,cAAc,MAAM,CAAC;AAAA,EAC3D;AAEM,QAAA,IAAI,MAAM,mEAAmE;AACrF;ACuBA,SAAS,UAAU,MAA4B;AAC7C,QAAM,SAAqB,EAAE,GAAG,CAAI,GAAA,OAAO,CAAG,EAAA;AAC9C,WAAS,QAAQ,GAAG,QAAQ,KAAK,QAAQ,SAAS,GAAG;AACnD,UAAM,MAAM,KAAK;AACjB,QAAI,CAAC,IAAI,WAAW,IAAI,GAAG;AAClB,aAAA,EAAE,KAAK,GAAG;AACjB;AAAA,IACF;AAEM,UAAA,CAAC,QAAQ,WAAW,IAAI,IAAI,MAAM,CAAC,EAAE,MAAM,GAAG;AAC9C,UAAA,MAAM,OAAO;AACb,UAAA,OAAO,KAAK,QAAQ;AAC1B,UAAM,eAAe,gBAAgB,UAAa,QAAQ,CAAC,KAAK,WAAW,IAAI;AACzE,UAAA,QAAQ,gBAAgB,eAAe,OAAO;AAEpD,QAAI,cAAc;AACP,eAAA;AAAA,IACX;AAEA,QAAI,UAAU,QAAW;AACvB,aAAO,MAAM,OAAO;AACpB;AAAA,IACF;AAEM,UAAA,WAAW,OAAO,MAAM;AAC9B,QAAI,aAAa,QAAW;AAC1B,aAAO,MAAM,OAAO;AACpB;AAAA,IACF;AAEI,QAAA,MAAM,QAAQ,QAAQ,GAAG;AAC3B,eAAS,KAAK,KAAK;AACnB,aAAO,MAAM,OAAO;AACpB;AAAA,IACF;AAEA,WAAO,MAAM,OAAO,CAAC,OAAO,QAAQ,GAAG,KAAK;AAAA,EAC9C;AAEO,SAAA;AACT;AAEA,SAAS,QAAQ,OAA4B,KAAiC;AAC5E,QAAM,QAAQ,MAAM;AAChB,MAAA,MAAM,QAAQ,KAAK,GAAG;AACjB,WAAA,MAAM,MAAM,SAAS;AAAA,EAC9B;AACO,SAAA,OAAO,UAAU,WAAW,QAAQ;AAC7C;AAEA,SAAS,SAAS,OAA4B,KAAuB;AACnE,QAAM,QAAQ,MAAM;AAChB,MAAA,MAAM,QAAQ,KAAK,GAAG;AACjB,WAAA,MAAM,IAAI,MAAM;AAAA,EACzB;AACI,MAAA,OAAO,UAAU,UAAU;AAC7B,WAAO,CAAC,KAAK;AAAA,EACf;AACA,SAAO;AACT;AAEA,SAAS,QAAQ,OAA4B,KAAsB;AACjE,SAAO,MAAM,SAAS;AACxB;AAEA,SAAS,YAAY,OAA4B,KAAqB;AAC9D,QAAA,QAAQ,QAAQ,OAAO,GAAG;AAChC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,aAAa,aAAa,OAAO,YAAY;AAAA,EACzD;AACO,SAAA;AACT;AAEA,SAAS,uBAAuB,OAAiD;AACzE,QAAA,QAAQ,QAAQ,OAAO,OAAO;AACpC,MAAI,CAAC,OAAO;AACH,WAAA;AAAA,EACT;AACI,MAAA,UAAU,QAAQ,UAAU,MAAM;AACpC,WAAO,OAAO,KAAK;AAAA,EACrB;AACM,QAAA,IAAI,aAAa,yCAAyC,YAAY;AAC9E;AAEA,eAAe,gBAAgB,UAAkB,SAAgC;AACzE,QAAA,eAAe,QAAQ,QAAQ;AACrC,QAAM,MAAM,QAAQ,YAAY,GAAG,EAAE,WAAW,MAAM;AAChD,QAAA,UAAU,cAAc,SAAS,MAAM;AAC/C;AAEA,SAAS,aAAa,QAAsB,MAAe,OAAgB,OAAsB;AAC/F,MAAI,OAAO;AACT;AAAA,EACF;AAEI,MAAA,OAAO,UAAU,UAAU;AAC7B,WAAO,OAAO,GAAG;AAAA,CAAS;AAC1B;AAAA,EACF;AAEA,MAAI,MAAM;AACR,WAAO,OAAO,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC;AAAA,CAAK;AACnD;AAAA,EACF;AAEA,SAAO,OAAO,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC;AAAA,CAAK;AACrD;AAEA,SAAS,YAAY,QAAsB,MAAe,OAAwB;AAC1E,QAAA,WAAW,YAAY,KAAK;AAClC,QAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,MAAI,MAAM;AACD,WAAA,OAAO,GAAG,KAAK,UAAU,EAAE,OAAO,SAAS,SAAA,GAAY,MAAM,CAAC;AAAA,CAAK;AAAA,EAAA,OACrE;AACL,WAAO,OAAO,GAAG;AAAA,CAAW;AAAA,EAC9B;AACO,SAAA;AACT;AAEA,eAAsB,OACpB,MACA,SAGI,IACa;AACX,QAAA,SAAS,UAAU,IAAI;AACvB,QAAA,MAAM,OAAO,OAAO,QAAQ;AAC5B,QAAA,SAAuB,OAAO,UAAU;AAAA,IAC5C,QAAQ,CAAC,UAAU,QAAQ,OAAO,MAAM,KAAK;AAAA,IAC7C,QAAQ,CAAC,UAAU,QAAQ,OAAO,MAAM,KAAK;AAAA,EAAA;AAE/C,QAAM,OAAO,QAAQ,OAAO,OAAO,MAAM;AACzC,QAAM,QAAQ,QAAQ,OAAO,OAAO,OAAO;AAEvC,MAAA;AACF,UAAM,CAAC,SAAS,UAAU,IAAI,OAAO;AAEjC,QAAA,YAAY,cAAc,eAAe,UAAU;AACrD,YAAM,kBAAkB,QAAQ,OAAO,OAAO,cAAc;AACtD,YAAA,WAAW,MAAM,uBAAuB;AAAA,QAC5C,cAAc,QAAQ,eAAe;AAAA,QACrC,OAAO,uBAAuB,OAAO,KAAK;AAAA,QAC1C,YAAY,QAAQ,OAAO,OAAO,YAAY;AAAA,MAAA,CAC/C;AACD,YAAM,UAAU,QAAQ,OAAO,OAAO,KAAK;AAC3C,UAAI,SAAS;AACL,cAAA,gBAAgB,SAAS,SAAS,OAAO;AAAA,MACjD;AACA,UAAI,iBAAiB;AACnB,cAAM,gBAAgB,iBAAiB,SAAS,mBAAmB,EAAE;AAAA,MACvE;AAEA,UAAI,SAAS;AACX;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA,OACI,SAAS,WACP;AAAA,YACE,UAAU,SAAS;AAAA,YACnB,UAAU,SAAS;AAAA,YACnB,cAAc,mBAAmB;AAAA,UAAA,IAEnC,SAAS,WACX;AAAA,QAAA;AAAA,MACN,OACK;AACL;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA,SAAS,WACL;AAAA,YACE,UAAU,SAAS;AAAA,YACnB,UAAU,SAAS;AAAA,YACnB,cAAc,mBAAmB;AAAA,cAEnC,SAAS;AAAA,QAAA;AAAA,MAEjB;AACO,aAAA;AAAA,IACT;AAEI,QAAA,YAAY,cAAc,eAAe,UAAU;AACrD,YAAM,WAAW,MAAM,uBAAuB,YAAY,OAAO,OAAO,OAAO,CAAC;AAChF,YAAM,UAAU,QAAQ,OAAO,OAAO,KAAK;AAC3C,UAAI,SAAS;AACL,cAAA,gBAAgB,SAAS,SAAS,OAAO;AAC/C,qBAAa,QAAQ,MAAM,OAAO,OAAO,SAAS,WAAW,OAAO;AAAA,MAAA,OAC/D;AACL,qBAAa,QAAQ,MAAM,OAAO,SAAS,QAAQ;AAAA,MACrD;AACO,aAAA;AAAA,IACT;AAEA,QAAI,YAAY,QAAQ;AAChB,YAAA,WAAW,MAAM,2BAA2B,GAAG;AACrD,YAAM,aAAa,SAAS,OAAO,OAAO,WAAW;AACrD,YAAM,YAAY,YAAY,OAAO,OAAO,OAAO;AACnD,YAAM,UAAU,QAAQ,OAAO,OAAO,KAAK;AACvC,UAAA,WAAW,SAAS,GAAG;AACnB,cAAA,WAAW,MAAM,wBAAwB;AAAA,UAC7C;AAAA,UACA;AAAA,UACA;AAAA,QAAA,CACD;AACD,YAAI,SAAS;AACL,gBAAA,gBAAgB,SAAS,SAAS,OAAO;AAC/C,uBAAa,QAAQ,MAAM,OAAO,OAAO,SAAS,WAAW,OAAO;AAAA,QAAA,OAC/D;AACL,uBAAa,QAAQ,MAAM,OAAO,SAAS,QAAQ;AAAA,QACrD;AAAA,MAAA,OACK;AACC,cAAA,WAAW,MAAM,oBAAoB;AAAA,UACzC;AAAA,UACA;AAAA,QAAA,CACD;AACD,YAAI,SAAS;AACL,gBAAA,gBAAgB,SAAS,SAAS,OAAO;AAC/C,uBAAa,QAAQ,MAAM,OAAO,OAAO,SAAS,QAAQ,OAAO;AAAA,QAAA,OAC5D;AACL,uBAAa,QAAQ,MAAM,OAAO,SAAS,KAAK;AAAA,QAClD;AAAA,MACF;AACO,aAAA;AAAA,IACT;AAEA,QAAI,YAAY,UAAU;AACxB,YAAM,eAAe,QAAQ,OAAO,OAAO,UAAU;AACrD,UAAI,cAAc;AACV,cAAA,EAAE,QAAAA,QAAO,IAAI,MAAM,oBAAoB,EAAE,cAAc;AAC7D;AAAA,UACE;AAAA,UACA;AAAA,UACA;AAAA,UACA,OACIA,UACA;AAAA,YACE,SAASA,QAAO;AAAA,YAChB,aAAaA,QAAO;AAAA,YACpB,kBAAkBA,QAAO;AAAA,YACzB,aAAaA,QAAO;AAAA,YACpB,iBAAiBA,QAAO;AAAA,YACxB,eAAeA,QAAO;AAAA,YACtB,SAASA,QAAO;AAAA,YAChB,aAAaA,QAAO;AAAA,YACpB,eAAeA,QAAO;AAAA,UAAA,EACtB,KAAK,IAAI;AAAA,QAAA;AAGb,YAAA,CAACA,QAAO,WAAW;AACd,iBAAA;AAAA,QACT;AACI,YAAA,CAACA,QAAO,gBAAgB;AACnB,iBAAA;AAAA,QACT;AACO,eAAA;AAAA,MACT;AAEA,YAAM,YAAY,YAAY,OAAO,OAAO,OAAO;AACnD,YAAM,YAAY,YAAY,OAAO,OAAO,OAAO;AAC7C,YAAA,EAAE,WAAW,MAAM,oBAAoB,EAAE,WAAW,WAAW;AACrE;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,QACA,OACI,SACA;AAAA,UACE,SAAS,OAAO;AAAA,UAChB,aAAa,OAAO;AAAA,UACpB,kBAAkB,OAAO;AAAA,UACzB,SAAS,OAAO;AAAA,UAChB,aAAa,OAAO;AAAA,UACpB,eAAe,OAAO;AAAA,QAAA,EACtB,KAAK,IAAI;AAAA,MAAA;AAGb,UAAA,CAAC,OAAO,WAAW;AACd,eAAA;AAAA,MACT;AACI,UAAA,CAAC,OAAO,gBAAgB;AACnB,eAAA;AAAA,MACT;AACO,aAAA;AAAA,IACT;AAEA,QAAI,YAAY,cAAc;AACtB,YAAA,WAAW,MAAM,wBAAwB;AAAA,QAC7C,UAAU,MAAM,2BAA2B,GAAG;AAAA,MAAA,CAC/C;AACY,mBAAA,QAAQ,MAAM,OAAO,QAAQ;AACnC,aAAA;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,MAMA;AAAA,IAAA;AAAA,WAEK;AACP,QAAI,iBAAiB,SAAS,MAAM,QAAQ,SAAS,OAAO,GAAG;AACtD,aAAA,YAAY,QAAQ,MAAM,IAAI,aAAa,MAAM,SAAS,kBAAkB,CAAC;AAAA,IACtF;AACA,QACE,iBAAiB,UAChB,MAAM,QAAQ,SAAS,YAAY,KAClC,MAAM,QAAQ,SAAS,eAAe,KACtC,MAAM,QAAQ,SAAS,UAAU,IACnC;AACO,aAAA,YAAY,QAAQ,MAAM,IAAI,aAAa,MAAM,SAAS,eAAe,CAAC;AAAA,IACnF;AACO,WAAA,YAAY,QAAQ,MAAM,KAAK;AAAA,EACxC;AACF;AAEA,MAAM,cACJ,OAAO,YAAY,eACnB,QAAQ,KAAK,MACb,cAAc,YAAY,GAAG,MAAM,QAAQ,QAAQ,KAAK,EAAE;AAE5D,IAAI,aAAa;AACR,SAAA,QAAQ,KAAK,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,aAAa;AAC/C,YAAQ,WAAW;AAAA,EAAA,CACpB;AACH;;"}
|
package/dist/crypto.js
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { createIdentity, createIdentityFromMnemonic, createMnemonicIdentity, serializeIdentity, parseIdentity, deriveKeyId, signUtf8, verifyUtf8 } from "@ternent/identity";
|
|
2
|
+
const SEAL_SIGNATURE_CONTEXT = "ternent-seal/v2";
|
|
3
|
+
async function createSealIdentity(createdAt = new Date().toISOString()) {
|
|
4
|
+
return createIdentity(createdAt);
|
|
5
|
+
}
|
|
6
|
+
async function createSealIdentityFromMnemonic(input) {
|
|
7
|
+
return createIdentityFromMnemonic(input);
|
|
8
|
+
}
|
|
9
|
+
async function createSealMnemonicIdentity(input = {}) {
|
|
10
|
+
return createMnemonicIdentity(input);
|
|
11
|
+
}
|
|
12
|
+
function exportIdentityJson(identity) {
|
|
13
|
+
return serializeIdentity(identity);
|
|
14
|
+
}
|
|
15
|
+
async function resolveSealSigner(input) {
|
|
16
|
+
const identity = parseIdentity(input.identity);
|
|
17
|
+
const keyId = await deriveKeyId(identity.publicKey);
|
|
18
|
+
if (keyId !== identity.keyId) {
|
|
19
|
+
throw new Error("Identity keyId does not match the signer public key.");
|
|
20
|
+
}
|
|
21
|
+
return {
|
|
22
|
+
identity,
|
|
23
|
+
publicKey: identity.publicKey,
|
|
24
|
+
keyId
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
async function signSealUtf8(identity, value) {
|
|
28
|
+
return signUtf8(identity, value, {
|
|
29
|
+
context: SEAL_SIGNATURE_CONTEXT
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
async function verifySealUtf8(signature, value, publicKey) {
|
|
33
|
+
return verifyUtf8(publicKey, value, signature, {
|
|
34
|
+
context: SEAL_SIGNATURE_CONTEXT
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
async function verifyPublicKeyKeyId(publicKey, keyId) {
|
|
38
|
+
return await deriveKeyId(publicKey) === keyId;
|
|
39
|
+
}
|
|
40
|
+
export { SEAL_SIGNATURE_CONTEXT, createSealIdentity, createSealIdentityFromMnemonic, createSealMnemonicIdentity, exportIdentityJson, resolveSealSigner, signSealUtf8, verifyPublicKeyKeyId, verifySealUtf8 };
|
|
41
|
+
//# sourceMappingURL=crypto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.js","sources":["../src/crypto.ts"],"sourcesContent":["import {\n createIdentity,\n createIdentityFromMnemonic,\n createMnemonicIdentity,\n deriveKeyId,\n parseIdentity,\n serializeIdentity,\n signUtf8,\n verifyUtf8,\n type SerializedIdentity,\n} from \"@ternent/identity\";\n\nexport type SealSignerInput = {\n identity: SerializedIdentity;\n};\n\nexport type ResolvedSealSigner = {\n identity: SerializedIdentity;\n publicKey: string;\n keyId: string;\n};\n\nexport const SEAL_SIGNATURE_CONTEXT = \"ternent-seal/v2\";\n\nexport async function createSealIdentity(\n createdAt = new Date().toISOString(),\n): Promise<SerializedIdentity> {\n return createIdentity(createdAt);\n}\n\nexport async function createSealIdentityFromMnemonic(input: {\n mnemonic: string;\n passphrase?: string;\n createdAt?: string;\n}): Promise<SerializedIdentity> {\n return createIdentityFromMnemonic(input);\n}\n\nexport async function createSealMnemonicIdentity(\n input: {\n words?: 12 | 24;\n passphrase?: string;\n createdAt?: string;\n } = {},\n): Promise<{ identity: SerializedIdentity; mnemonic: string }> {\n return createMnemonicIdentity(input);\n}\n\nexport function exportIdentityJson(identity: SerializedIdentity): string {\n return serializeIdentity(identity);\n}\n\nexport async function resolveSealSigner(input: SealSignerInput): Promise<ResolvedSealSigner> {\n const identity = parseIdentity(input.identity);\n const keyId = await deriveKeyId(identity.publicKey);\n if (keyId !== identity.keyId) {\n throw new Error(\"Identity keyId does not match the signer public key.\");\n }\n\n return {\n identity,\n publicKey: identity.publicKey,\n keyId,\n };\n}\n\nexport async function signSealUtf8(identity: SerializedIdentity, value: string): Promise<string> {\n return signUtf8(identity, value, {\n context: SEAL_SIGNATURE_CONTEXT,\n });\n}\n\nexport async function verifySealUtf8(\n signature: string,\n value: string,\n publicKey: string,\n): Promise<boolean> {\n return verifyUtf8(publicKey, value, signature, {\n context: SEAL_SIGNATURE_CONTEXT,\n });\n}\n\nexport async function verifyPublicKeyKeyId(publicKey: string, keyId: string): Promise<boolean> {\n return (await deriveKeyId(publicKey)) === keyId;\n}\n"],"names":[],"mappings":";AAsBO,MAAM,yBAAyB;AAEtC,eAAsB,mBACpB,YAAY,IAAI,KAAK,EAAE,eACM;AAC7B,SAAO,eAAe,SAAS;AACjC;AAEA,eAAsB,+BAA+B,OAIrB;AAC9B,SAAO,2BAA2B,KAAK;AACzC;AAEsB,eAAA,2BACpB,QAII,IACyD;AAC7D,SAAO,uBAAuB,KAAK;AACrC;AAEO,SAAS,mBAAmB,UAAsC;AACvE,SAAO,kBAAkB,QAAQ;AACnC;AAEA,eAAsB,kBAAkB,OAAqD;AACrF,QAAA,WAAW,cAAc,MAAM,QAAQ;AAC7C,QAAM,QAAQ,MAAM,YAAY,SAAS,SAAS;AAC9C,MAAA,UAAU,SAAS,OAAO;AACtB,UAAA,IAAI,MAAM,sDAAsD;AAAA,EACxE;AAEO,SAAA;AAAA,IACL;AAAA,IACA,WAAW,SAAS;AAAA,IACpB;AAAA,EAAA;AAEJ;AAEsB,eAAA,aAAa,UAA8B,OAAgC;AACxF,SAAA,SAAS,UAAU,OAAO;AAAA,IAC/B,SAAS;AAAA,EAAA,CACV;AACH;AAEsB,eAAA,eACpB,WACA,OACA,WACkB;AACX,SAAA,WAAW,WAAW,OAAO,WAAW;AAAA,IAC7C,SAAS;AAAA,EAAA,CACV;AACH;AAEsB,eAAA,qBAAqB,WAAmB,OAAiC;AACrF,SAAA,MAAM,YAAY,SAAS,MAAO;AAC5C;;"}
|
package/dist/errors.js
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { ArmourValidationError, ArmourError } from "@ternent/armour";
|
|
2
|
+
const EXIT_SUCCESS = 0;
|
|
3
|
+
const EXIT_FAILURE = 1;
|
|
4
|
+
const EXIT_HASH_MISMATCH = 2;
|
|
5
|
+
const EXIT_SIGNATURE_INVALID = 3;
|
|
6
|
+
const EXIT_INVALID_PROOF = 4;
|
|
7
|
+
const EXIT_KEY_CONFIG = 5;
|
|
8
|
+
class SealError extends Error {
|
|
9
|
+
code;
|
|
10
|
+
cause;
|
|
11
|
+
constructor(code, message, cause) {
|
|
12
|
+
super(message);
|
|
13
|
+
this.name = new.target.name;
|
|
14
|
+
this.code = code;
|
|
15
|
+
if (cause !== void 0) {
|
|
16
|
+
this.cause = cause;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
class SealArtifactError extends SealError {
|
|
21
|
+
}
|
|
22
|
+
class SealCliError extends Error {
|
|
23
|
+
exitCode;
|
|
24
|
+
constructor(message, exitCode = EXIT_FAILURE) {
|
|
25
|
+
super(message);
|
|
26
|
+
this.name = "SealCliError";
|
|
27
|
+
this.exitCode = exitCode;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
function getExitCode(error) {
|
|
31
|
+
if (error instanceof SealCliError) {
|
|
32
|
+
return error.exitCode;
|
|
33
|
+
}
|
|
34
|
+
return EXIT_FAILURE;
|
|
35
|
+
}
|
|
36
|
+
function unsupportedEncryptionModeError(message = "Seal does not support this encryption mode.") {
|
|
37
|
+
return new SealArtifactError("SEAL_UNSUPPORTED_ENCRYPTION_MODE", message);
|
|
38
|
+
}
|
|
39
|
+
function toSealEncryptionError(error) {
|
|
40
|
+
if (error instanceof SealArtifactError) {
|
|
41
|
+
return error;
|
|
42
|
+
}
|
|
43
|
+
if (error instanceof ArmourValidationError && (error.code === "ARMOUR_EMPTY_RECIPIENTS" || error.code === "ARMOUR_INVALID_RECIPIENT")) {
|
|
44
|
+
return new SealArtifactError(
|
|
45
|
+
"SEAL_INVALID_RECIPIENT",
|
|
46
|
+
"Recipient must be a valid age recipient string.",
|
|
47
|
+
error
|
|
48
|
+
);
|
|
49
|
+
}
|
|
50
|
+
if (error instanceof ArmourError) {
|
|
51
|
+
return new SealArtifactError("SEAL_ENCRYPTION_FAILED", "Failed to encrypt payload.", error);
|
|
52
|
+
}
|
|
53
|
+
return new SealArtifactError("SEAL_ENCRYPTION_FAILED", "Failed to encrypt payload.", error);
|
|
54
|
+
}
|
|
55
|
+
function toSealDecryptionError(error) {
|
|
56
|
+
if (error instanceof SealArtifactError) {
|
|
57
|
+
return error;
|
|
58
|
+
}
|
|
59
|
+
if (error instanceof ArmourError) {
|
|
60
|
+
return new SealArtifactError("SEAL_DECRYPTION_FAILED", "Failed to decrypt payload.", error);
|
|
61
|
+
}
|
|
62
|
+
return new SealArtifactError("SEAL_DECRYPTION_FAILED", "Failed to decrypt payload.", error);
|
|
63
|
+
}
|
|
64
|
+
export { EXIT_FAILURE, EXIT_HASH_MISMATCH, EXIT_INVALID_PROOF, EXIT_KEY_CONFIG, EXIT_SIGNATURE_INVALID, EXIT_SUCCESS, SealArtifactError, SealCliError, SealError, getExitCode, toSealDecryptionError, toSealEncryptionError, unsupportedEncryptionModeError };
|
|
65
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sources":["../src/errors.ts"],"sourcesContent":["import { ArmourError, ArmourValidationError } from \"@ternent/armour\";\n\nexport const EXIT_SUCCESS = 0;\nexport const EXIT_FAILURE = 1;\nexport const EXIT_HASH_MISMATCH = 2;\nexport const EXIT_SIGNATURE_INVALID = 3;\nexport const EXIT_INVALID_PROOF = 4;\nexport const EXIT_KEY_CONFIG = 5;\n\nexport type SealErrorCode =\n | \"SEAL_INVALID_RECIPIENT\"\n | \"SEAL_ENCRYPTION_FAILED\"\n | \"SEAL_DECRYPTION_FAILED\"\n | \"SEAL_UNSUPPORTED_ENCRYPTION_MODE\";\n\nexport class SealError extends Error {\n readonly code: SealErrorCode;\n readonly cause?: unknown;\n\n constructor(code: SealErrorCode, message: string, cause?: unknown) {\n super(message);\n this.name = new.target.name;\n this.code = code;\n if (cause !== undefined) {\n this.cause = cause;\n }\n }\n}\n\nexport class SealArtifactError extends SealError {}\n\nexport class SealCliError extends Error {\n exitCode: number;\n\n constructor(message: string, exitCode = EXIT_FAILURE) {\n super(message);\n this.name = \"SealCliError\";\n this.exitCode = exitCode;\n }\n}\n\nexport function getExitCode(error: unknown): number {\n if (error instanceof SealCliError) {\n return error.exitCode;\n }\n return EXIT_FAILURE;\n}\n\nexport function unsupportedEncryptionModeError(\n message = \"Seal does not support this encryption mode.\",\n): SealArtifactError {\n return new SealArtifactError(\"SEAL_UNSUPPORTED_ENCRYPTION_MODE\", message);\n}\n\nexport function toSealEncryptionError(error: unknown): SealArtifactError {\n if (error instanceof SealArtifactError) {\n return error;\n }\n\n if (\n error instanceof ArmourValidationError &&\n (error.code === \"ARMOUR_EMPTY_RECIPIENTS\" || error.code === \"ARMOUR_INVALID_RECIPIENT\")\n ) {\n return new SealArtifactError(\n \"SEAL_INVALID_RECIPIENT\",\n \"Recipient must be a valid age recipient string.\",\n error,\n );\n }\n\n if (error instanceof ArmourError) {\n return new SealArtifactError(\"SEAL_ENCRYPTION_FAILED\", \"Failed to encrypt payload.\", error);\n }\n\n return new SealArtifactError(\"SEAL_ENCRYPTION_FAILED\", \"Failed to encrypt payload.\", error);\n}\n\nexport function toSealDecryptionError(error: unknown): SealArtifactError {\n if (error instanceof SealArtifactError) {\n return error;\n }\n\n if (error instanceof ArmourError) {\n return new SealArtifactError(\"SEAL_DECRYPTION_FAILED\", \"Failed to decrypt payload.\", error);\n }\n\n return new SealArtifactError(\"SEAL_DECRYPTION_FAILED\", \"Failed to decrypt payload.\", error);\n}\n"],"names":[],"mappings":";AAEO,MAAM,eAAe;AACrB,MAAM,eAAe;AACrB,MAAM,qBAAqB;AAC3B,MAAM,yBAAyB;AAC/B,MAAM,qBAAqB;AAC3B,MAAM,kBAAkB;AAQxB,MAAM,kBAAkB,MAAM;AAAA,EAC1B;AAAA,EACA;AAAA,EAET,YAAY,MAAqB,SAAiB,OAAiB;AACjE,UAAM,OAAO;AACb,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO;AACZ,QAAI,UAAU,QAAW;AACvB,WAAK,QAAQ;AAAA,IACf;AAAA,EACF;AACF;AAEO,MAAM,0BAA0B,UAAU;AAAC;AAE3C,MAAM,qBAAqB,MAAM;AAAA,EACtC;AAAA,EAEA,YAAY,SAAiB,WAAW,cAAc;AACpD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,WAAW;AAAA,EAClB;AACF;AAEO,SAAS,YAAY,OAAwB;AAClD,MAAI,iBAAiB,cAAc;AACjC,WAAO,MAAM;AAAA,EACf;AACO,SAAA;AACT;AAEgB,SAAA,+BACd,UAAU,+CACS;AACZ,SAAA,IAAI,kBAAkB,oCAAoC,OAAO;AAC1E;AAEO,SAAS,sBAAsB,OAAmC;AACvE,MAAI,iBAAiB,mBAAmB;AAC/B,WAAA;AAAA,EACT;AAEA,MACE,iBAAiB,0BAChB,MAAM,SAAS,6BAA6B,MAAM,SAAS,6BAC5D;AACA,WAAO,IAAI;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ;AAEA,MAAI,iBAAiB,aAAa;AAChC,WAAO,IAAI,kBAAkB,0BAA0B,8BAA8B,KAAK;AAAA,EAC5F;AAEA,SAAO,IAAI,kBAAkB,0BAA0B,8BAA8B,KAAK;AAC5F;AAEO,SAAS,sBAAsB,OAAmC;AACvE,MAAI,iBAAiB,mBAAmB;AAC/B,WAAA;AAAA,EACT;AAEA,MAAI,iBAAiB,aAAa;AAChC,WAAO,IAAI,kBAAkB,0BAA0B,8BAA8B,KAAK;AAAA,EAC5F;AAEA,SAAO,IAAI,kBAAkB,0BAA0B,8BAA8B,KAAK;AAC5F;;"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export { SEAL_PROOF_TYPE, SEAL_PROOF_VERSION, SEAL_PUBLIC_KEY_TYPE, SEAL_SIGNATURE_ALGORITHM, createSealHash, createSealProof, createSealPublicKeyArtifact, getSealProofSignableFields, getSealProofSigningPayload, parseSealProofJson, parseSealPublicKeyJson, validateSealProofShape, validateSealPublicKeyShape, verifySealProofAgainstBytes, verifySealProofSignature } from "./proof.js";
|
|
2
|
+
export { SEAL_ARTIFACT_MANIFEST_VERSION, SEAL_ARTIFACT_TYPE, SEAL_ARTIFACT_VERSION, createSealArtifact, decryptSealArtifactPayload, getSealArtifactUnsignedFields, parseSealArtifactJson, validateSealArtifactShape, verifySealArtifact } from "./artifact.js";
|
|
3
|
+
export { SEAL_MANIFEST_TYPE, SEAL_MANIFEST_VERSION, parseSealManifestJson, stringifySealManifest, validateSealManifestShape } from "./manifest.js";
|
|
4
|
+
export { SEAL_SIGNATURE_CONTEXT, createSealIdentity, createSealIdentityFromMnemonic, createSealMnemonicIdentity, exportIdentityJson, resolveSealSigner, signSealUtf8, verifyPublicKeyKeyId, verifySealUtf8 } from "./crypto.js";
|
|
5
|
+
export { EXIT_FAILURE, EXIT_HASH_MISMATCH, EXIT_INVALID_PROOF, EXIT_KEY_CONFIG, EXIT_SIGNATURE_INVALID, EXIT_SUCCESS, SealArtifactError, SealCliError, SealError, getExitCode, toSealDecryptionError, toSealEncryptionError, unsupportedEncryptionModeError } from "./errors.js";
|
|
6
|
+
import "./chunks/utils.es-ad8f1dc4.js";
|
|
7
|
+
import "@ternent/identity";
|
|
8
|
+
import "@ternent/armour";
|
|
9
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}
|