@virtru/dsp-sdk 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. package/CHANGELOG.md +15 -1
  2. package/README.md +81 -3
  3. package/dist/src/fips.d.ts +7 -0
  4. package/dist/src/fips.js +12 -0
  5. package/dist/src/lib/dsp.d.ts +17 -1
  6. package/dist/src/lib/dsp.js +28 -5
  7. package/package.json +25 -4
  8. package/.prettierrc +0 -3
  9. package/.rush/temp/chunked-rush-logs/dsp-sdk._phase_build.chunks.jsonl +0 -12
  10. package/.rush/temp/chunked-rush-logs/dsp-sdk._phase_test.chunks.jsonl +0 -383
  11. package/.rush/temp/package-deps__phase_build.json +0 -76
  12. package/.rush/temp/shrinkwrap-deps.json +0 -1262
  13. package/CHANGELOG.json +0 -299
  14. package/buf.gen.yaml +0 -17
  15. package/buf.yaml +0 -4
  16. package/config/jest.config.json +0 -6
  17. package/config/rig.json +0 -8
  18. package/dist/tests/dsp-client.test.d.ts +0 -1
  19. package/dist/tests/dsp-client.test.js +0 -73
  20. package/dist/tests/dsp.test.d.ts +0 -1
  21. package/dist/tests/dsp.test.js +0 -92
  22. package/dist/tests/fips-crypto.unit.test.d.ts +0 -1
  23. package/dist/tests/fips-crypto.unit.test.js +0 -258
  24. package/dist/tests/mocks/create-export-artifacts.d.ts +0 -2
  25. package/dist/tests/mocks/create-export-artifacts.js +0 -13
  26. package/dist/tests/mocks/tagging-pdp-tag.d.ts +0 -2
  27. package/dist/tests/mocks/tagging-pdp-tag.js +0 -11
  28. package/dist/tests/mocks/well-known-configuration.d.ts +0 -2
  29. package/dist/tests/mocks/well-known-configuration.js +0 -12
  30. package/dist/tests/setup-msw.d.ts +0 -9
  31. package/dist/tests/setup-msw.js +0 -30
  32. package/dist/tests/setup-unit.d.ts +0 -7
  33. package/dist/tests/setup-unit.js +0 -70
  34. package/eslint.config.mjs +0 -28
  35. package/lib-commonjs/src/gen/buf/validate/validate_pb.js +0 -487
  36. package/lib-commonjs/src/gen/config/v1/config_pb.js +0 -142
  37. package/lib-commonjs/src/gen/config/v1/kas_config_pb.js +0 -72
  38. package/lib-commonjs/src/gen/config/v1/meta_pb.js +0 -36
  39. package/lib-commonjs/src/gen/config/v1/outlook_config_pb.js +0 -67
  40. package/lib-commonjs/src/gen/config/v1/secureviewer_config_pb.js +0 -67
  41. package/lib-commonjs/src/gen/config/v1/tagging_pb.js +0 -246
  42. package/lib-commonjs/src/gen/google/api/annotations_pb.js +0 -33
  43. package/lib-commonjs/src/gen/google/api/http_pb.js +0 -44
  44. package/lib-commonjs/src/gen/policyimportexport/v1/policy_import_export_pb.js +0 -93
  45. package/lib-commonjs/src/gen/shared/v1/shared_pb.js +0 -95
  46. package/lib-commonjs/src/gen/tagging/pdp/v2/tagging_pb.js +0 -277
  47. package/lib-commonjs/src/gen/version/v1/version_pb.js +0 -40
  48. package/lib-commonjs/src/gen/virtru/common/common_pb.js +0 -76
  49. package/lib-commonjs/src/gen/virtru/policy/certificates/v1/certificates_pb.js +0 -77
  50. package/lib-commonjs/src/gen/virtru/policy/objects_pb.js +0 -143
  51. package/lib-commonjs/src/index.js +0 -48
  52. package/lib-commonjs/src/lib/client.js +0 -66
  53. package/lib-commonjs/src/lib/consts.js +0 -10
  54. package/lib-commonjs/src/lib/dsp.js +0 -49
  55. package/lib-commonjs/src/lib/fips-crypto/asymmetric.js +0 -126
  56. package/lib-commonjs/src/lib/fips-crypto/key-format.js +0 -243
  57. package/lib-commonjs/src/lib/fips-crypto/keys.js +0 -134
  58. package/lib-commonjs/src/lib/fips-crypto/primitives.js +0 -112
  59. package/lib-commonjs/src/lib/fips-crypto/symmetric.js +0 -162
  60. package/lib-commonjs/src/lib/fips-crypto-service.js +0 -57
  61. package/lib-commonjs/src/lib/utils.js +0 -401
  62. package/lib-commonjs/tests/dsp-client.test.js +0 -75
  63. package/lib-commonjs/tests/dsp.test.js +0 -94
  64. package/lib-commonjs/tests/fips-crypto.unit.test.js +0 -260
  65. package/lib-commonjs/tests/mocks/create-export-artifacts.js +0 -17
  66. package/lib-commonjs/tests/mocks/tagging-pdp-tag.js +0 -15
  67. package/lib-commonjs/tests/mocks/well-known-configuration.js +0 -16
  68. package/lib-commonjs/tests/setup-msw.js +0 -33
  69. package/lib-commonjs/tests/setup-unit.js +0 -72
  70. package/public/virtru.wasm +0 -0
  71. package/src/gen/buf/validate/validate_pb.ts +0 -4879
  72. package/src/gen/config/formatters/testdata/v1/test_pb.ts +0 -287
  73. package/src/gen/config/v1/config_connect.ts +0 -111
  74. package/src/gen/config/v1/config_pb.ts +0 -439
  75. package/src/gen/config/v1/kas_config_pb.ts +0 -183
  76. package/src/gen/config/v1/meta_pb.ts +0 -72
  77. package/src/gen/config/v1/outlook_config_pb.ts +0 -242
  78. package/src/gen/config/v1/secureviewer_config_pb.ts +0 -161
  79. package/src/gen/config/v1/tagging_pb.ts +0 -456
  80. package/src/gen/google/api/annotations_pb.ts +0 -43
  81. package/src/gen/google/api/http_pb.ts +0 -486
  82. package/src/gen/helloworld/v1/helloworld_connect.ts +0 -49
  83. package/src/gen/helloworld/v1/helloworld_pb.ts +0 -104
  84. package/src/gen/kas/nanotdf/v1/nanotdf_rewrap_connect.ts +0 -39
  85. package/src/gen/kas/nanotdf/v1/nanotdf_rewrap_pb.ts +0 -207
  86. package/src/gen/policyimportexport/v1/policy_import_export_connect.ts +0 -56
  87. package/src/gen/policyimportexport/v1/policy_import_export_pb.ts +0 -332
  88. package/src/gen/shared/v1/shared_connect.ts +0 -61
  89. package/src/gen/shared/v1/shared_pb.ts +0 -240
  90. package/src/gen/shared/v2/shared_connect.ts +0 -39
  91. package/src/gen/shared/v2/shared_pb.ts +0 -122
  92. package/src/gen/tagging/pdp/v2/externalprocessors/processor_connect.ts +0 -156
  93. package/src/gen/tagging/pdp/v2/externalprocessors/processor_pb.ts +0 -709
  94. package/src/gen/tagging/pdp/v2/stanag/stanag_pb.ts +0 -953
  95. package/src/gen/tagging/pdp/v2/tagging_connect.ts +0 -73
  96. package/src/gen/tagging/pdp/v2/tagging_pb.ts +0 -1064
  97. package/src/gen/version/v1/version_connect.ts +0 -31
  98. package/src/gen/version/v1/version_pb.ts +0 -143
  99. package/src/gen/virtru/common/common_pb.ts +0 -201
  100. package/src/gen/virtru/policy/certificates/v1/certificates_connect.ts +0 -44
  101. package/src/gen/virtru/policy/certificates/v1/certificates_pb.ts +0 -305
  102. package/src/gen/virtru/policy/objects_pb.ts +0 -253
  103. package/src/gen/web-admin/v1/config_connect.ts +0 -52
  104. package/src/gen/web-admin/v1/config_pb.ts +0 -173
  105. package/src/index.ts +0 -62
  106. package/src/lib/client.ts +0 -90
  107. package/src/lib/consts.ts +0 -8
  108. package/src/lib/dsp.ts +0 -65
  109. package/src/lib/fips-crypto/asymmetric.ts +0 -162
  110. package/src/lib/fips-crypto/key-format.ts +0 -287
  111. package/src/lib/fips-crypto/keys.ts +0 -190
  112. package/src/lib/fips-crypto/primitives.ts +0 -197
  113. package/src/lib/fips-crypto/symmetric.ts +0 -213
  114. package/src/lib/fips-crypto-service.ts +0 -58
  115. package/src/lib/utils.test.ts +0 -415
  116. package/src/lib/utils.ts +0 -525
  117. package/src/vite-env.d.ts +0 -7
  118. package/temp/build/lint/_eslint-5eVG3S6w.json +0 -38
  119. package/temp/test/jest/haste-map-b055a9550e6d9f9b43d8ad29b1607278-49d19aee56a0732eca9c014a51272338-8710993d07b75a801b0956e67ffc46fa +0 -0
  120. package/tests/dsp-client.test.ts +0 -95
  121. package/tests/dsp.test.ts +0 -119
  122. package/tests/fips-crypto.unit.test.ts +0 -412
  123. package/tests/mocks/create-export-artifacts.ts +0 -16
  124. package/tests/mocks/tagging-pdp-tag.ts +0 -13
  125. package/tests/mocks/well-known-configuration.ts +0 -15
  126. package/tests/setup-msw.ts +0 -35
  127. package/tests/setup-unit.ts +0 -108
  128. package/tsconfig.json +0 -32
  129. package/update-protos.sh +0 -63
  130. package/vitest.config.ts +0 -48
@@ -1,173 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- // @generated by protoc-gen-es v2.3.0 with parameter "target=ts"
8
- // @generated from file web-admin/v1/config.proto (package webadmin.v1, syntax proto3)
9
- /* eslint-disable */
10
-
11
- import type {
12
- GenFile,
13
- GenMessage,
14
- GenService,
15
- } from '@bufbuild/protobuf/codegenv1';
16
- import {
17
- fileDesc,
18
- messageDesc,
19
- serviceDesc,
20
- } from '@bufbuild/protobuf/codegenv1';
21
- import type { Timestamp } from '@bufbuild/protobuf/wkt';
22
- import { file_google_protobuf_timestamp } from '@bufbuild/protobuf/wkt';
23
- import type { Message } from '@bufbuild/protobuf';
24
-
25
- /**
26
- * Describes the file web-admin/v1/config.proto.
27
- */
28
- export const file_web_admin_v1_config: GenFile =
29
- /*@__PURE__*/
30
- fileDesc(
31
- 'Chl3ZWItYWRtaW4vdjEvY29uZmlnLnByb3RvEgt3ZWJhZG1pbi52MSInCgpDb25maWdJdGVtEgoKAmlkGAEgASgJEg0KBXZhbHVlGAIgASgMIhYKFExpc3RBbGxDb25maWdSZXF1ZXN0IkEKFUxpc3RBbGxDb25maWdSZXNwb25zZRIoCgdjb25maWdzGAEgAygLMhcud2ViYWRtaW4udjEuQ29uZmlnSXRlbSJNChdIYXNDb25maWdDaGFuZ2VzUmVxdWVzdBIyCg5sYXN0X2xvYWRlZF9hdBgBIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAiLwoYSGFzQ29uZmlnQ2hhbmdlc1Jlc3BvbnNlEhMKC2hhc19jaGFuZ2VzGAEgASgIMswBCg1Db25maWdTZXJ2aWNlElgKDUxpc3RBbGxDb25maWcSIS53ZWJhZG1pbi52MS5MaXN0QWxsQ29uZmlnUmVxdWVzdBoiLndlYmFkbWluLnYxLkxpc3RBbGxDb25maWdSZXNwb25zZSIAEmEKEEhhc0NvbmZpZ0NoYW5nZXMSJC53ZWJhZG1pbi52MS5IYXNDb25maWdDaGFuZ2VzUmVxdWVzdBolLndlYmFkbWluLnYxLkhhc0NvbmZpZ0NoYW5nZXNSZXNwb25zZSIAQr0BCg9jb20ud2ViYWRtaW4udjFCC0NvbmZpZ1Byb3RvUAFaUGdpdGh1Yi5jb20vdmlydHJ1LWNvcnAvZGF0YS1zZWN1cml0eS1wbGF0Zm9ybS9zZGsvdjIvZ2VuL3dlYi1hZG1pbi92MTt3ZWJhZG1pbnYxogIDV1hYqgILV2ViYWRtaW4uVjHKAgtXZWJhZG1pblxWMeICF1dlYmFkbWluXFYxXEdQQk1ldGFkYXRh6gIMV2ViYWRtaW46OlYxYgZwcm90bzM',
32
- [file_google_protobuf_timestamp]
33
- );
34
-
35
- /**
36
- * A single configuration item.
37
- *
38
- * @generated from message webadmin.v1.ConfigItem
39
- */
40
- export type ConfigItem = Message<'webadmin.v1.ConfigItem'> & {
41
- /**
42
- * The dot-separated key for the config value (e.g. auth.enabled).
43
- *
44
- * @generated from field: string id = 1;
45
- */
46
- id: string;
47
-
48
- /**
49
- * JSONB representation of the configuration value, returned as bytes.
50
- *
51
- * @generated from field: bytes value = 2;
52
- */
53
- value: Uint8Array;
54
- };
55
-
56
- /**
57
- * Describes the message webadmin.v1.ConfigItem.
58
- * Use `create(ConfigItemSchema)` to create a new message.
59
- */
60
- export const ConfigItemSchema: GenMessage<ConfigItem> =
61
- /*@__PURE__*/
62
- messageDesc(file_web_admin_v1_config, 0);
63
-
64
- /**
65
- * Request for ListAllConfig.
66
- *
67
- * @generated from message webadmin.v1.ListAllConfigRequest
68
- */
69
- export type ListAllConfigRequest =
70
- Message<'webadmin.v1.ListAllConfigRequest'> & {};
71
-
72
- /**
73
- * Describes the message webadmin.v1.ListAllConfigRequest.
74
- * Use `create(ListAllConfigRequestSchema)` to create a new message.
75
- */
76
- export const ListAllConfigRequestSchema: GenMessage<ListAllConfigRequest> =
77
- /*@__PURE__*/
78
- messageDesc(file_web_admin_v1_config, 1);
79
-
80
- /**
81
- * Response for ListAllConfig.
82
- *
83
- * @generated from message webadmin.v1.ListAllConfigResponse
84
- */
85
- export type ListAllConfigResponse =
86
- Message<'webadmin.v1.ListAllConfigResponse'> & {
87
- /**
88
- * @generated from field: repeated webadmin.v1.ConfigItem configs = 1;
89
- */
90
- configs: ConfigItem[];
91
- };
92
-
93
- /**
94
- * Describes the message webadmin.v1.ListAllConfigResponse.
95
- * Use `create(ListAllConfigResponseSchema)` to create a new message.
96
- */
97
- export const ListAllConfigResponseSchema: GenMessage<ListAllConfigResponse> =
98
- /*@__PURE__*/
99
- messageDesc(file_web_admin_v1_config, 2);
100
-
101
- /**
102
- * Request for HasConfigChanges.
103
- *
104
- * @generated from message webadmin.v1.HasConfigChangesRequest
105
- */
106
- export type HasConfigChangesRequest =
107
- Message<'webadmin.v1.HasConfigChangesRequest'> & {
108
- /**
109
- * The timestamp to check against. The service will return true if any
110
- * config has an `updated_at` value greater than this.
111
- *
112
- * @generated from field: google.protobuf.Timestamp last_loaded_at = 1;
113
- */
114
- lastLoadedAt?: Timestamp;
115
- };
116
-
117
- /**
118
- * Describes the message webadmin.v1.HasConfigChangesRequest.
119
- * Use `create(HasConfigChangesRequestSchema)` to create a new message.
120
- */
121
- export const HasConfigChangesRequestSchema: GenMessage<HasConfigChangesRequest> =
122
- /*@__PURE__*/
123
- messageDesc(file_web_admin_v1_config, 3);
124
-
125
- /**
126
- * Response for HasConfigChanges.
127
- *
128
- * @generated from message webadmin.v1.HasConfigChangesResponse
129
- */
130
- export type HasConfigChangesResponse =
131
- Message<'webadmin.v1.HasConfigChangesResponse'> & {
132
- /**
133
- * @generated from field: bool has_changes = 1;
134
- */
135
- hasChanges: boolean;
136
- };
137
-
138
- /**
139
- * Describes the message webadmin.v1.HasConfigChangesResponse.
140
- * Use `create(HasConfigChangesResponseSchema)` to create a new message.
141
- */
142
- export const HasConfigChangesResponseSchema: GenMessage<HasConfigChangesResponse> =
143
- /*@__PURE__*/
144
- messageDesc(file_web_admin_v1_config, 4);
145
-
146
- /**
147
- * The ConfigService provides an interface for managing and retrieving
148
- * platform configuration values stored in the database.
149
- *
150
- * @generated from service webadmin.v1.ConfigService
151
- */
152
- export const ConfigService: GenService<{
153
- /**
154
- * ListAllConfig retrieves all configuration key-value pairs.
155
- *
156
- * @generated from rpc webadmin.v1.ConfigService.ListAllConfig
157
- */
158
- listAllConfig: {
159
- methodKind: 'unary';
160
- input: typeof ListAllConfigRequestSchema;
161
- output: typeof ListAllConfigResponseSchema;
162
- };
163
- /**
164
- * HasConfigChanges checks if any configuration was updated after a given timestamp.
165
- *
166
- * @generated from rpc webadmin.v1.ConfigService.HasConfigChanges
167
- */
168
- hasConfigChanges: {
169
- methodKind: 'unary';
170
- input: typeof HasConfigChangesRequestSchema;
171
- output: typeof HasConfigChangesResponseSchema;
172
- };
173
- }> = /*@__PURE__*/ serviceDesc(file_web_admin_v1_config, 0);
package/src/index.ts DELETED
@@ -1,62 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- /**
8
- * Exports Connect RPC and Connect Web RPC
9
- */
10
- export {
11
- platformConnect as dspConnect,
12
- platformConnectWeb as dspConnectWeb,
13
- } from '@opentdf/sdk/platform';
14
-
15
- /**
16
- * Exports the platform client
17
- */
18
- export {
19
- type DSPClientServicesV1 as DSPServicesV1,
20
- type DSPClientServicesV2 as DSPServicesV2,
21
- type DSPClientOptions,
22
- DSPClient,
23
- } from './lib/client';
24
- export { PlatformClient } from '@opentdf/sdk/platform';
25
- export {
26
- createAuthInterceptor,
27
- type Interceptor,
28
- createAuthProvider,
29
- createOpenTDFClient,
30
- getObligations,
31
- getUserEntitlements,
32
- flattenObligations,
33
- getTrustedCertificates,
34
- validateJWSCertificateChain,
35
- type JWSValidationResult,
36
- type ObligationFeatureMap,
37
- type SupportedObligations,
38
- type GetUserEntitlementsResponse,
39
- } from './lib/utils';
40
-
41
- /**
42
- * Exports the DSP wrapper of OpenTDF
43
- */
44
- export { DSP, createDSP } from './lib/dsp';
45
-
46
- /**
47
- * Exports components of OpenTDF
48
- */
49
-
50
- export {
51
- version,
52
- clientType,
53
- tdfSpecVersion,
54
- type DecoratedStream,
55
- type CreateZTDFOptions,
56
- } from '@opentdf/sdk';
57
-
58
- // export AuthProvider during transition period
59
- // TODO: remove this export once the SDK is updated to deprecate the AuthProvider
60
- export { AuthProviders, type AuthProvider } from '@opentdf/sdk';
61
-
62
- export * as singlecontainer from '@opentdf/sdk/singlecontainer';
package/src/lib/client.ts DELETED
@@ -1,90 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- // export client service definitions
8
-
9
- // export Connect RPC framework
10
- import type { AuthProvider } from '@opentdf/sdk';
11
- import {
12
- type Client,
13
- createClient,
14
- type Interceptor,
15
- } from '@connectrpc/connect';
16
- import { createConnectTransport } from '@connectrpc/connect-web';
17
- import { ConfigService } from '../gen/config/v1/config_pb';
18
- import { PolicyArtifactService } from '../gen/policyimportexport/v1/policy_import_export_pb';
19
- import { SharedService } from '../gen/shared/v1/shared_pb';
20
- import { TaggingPDPService } from '../gen/tagging/pdp/v2/tagging_pb';
21
- import { VersionService } from '../gen/version/v1/version_pb';
22
- import { CertificateService } from '../gen/virtru/policy/certificates/v1/certificates_pb';
23
- import { createAuthInterceptor } from './utils';
24
-
25
- export interface DSPClientServicesV1 {
26
- configService: Client<typeof ConfigService>;
27
- policyArtifactService: Client<typeof PolicyArtifactService>;
28
- sharedService: Client<typeof SharedService>;
29
- versionService: Client<typeof VersionService>;
30
- certificateService: Client<typeof CertificateService>;
31
- }
32
-
33
- export interface DSPClientServicesV2 {
34
- taggingPDPService: Client<typeof TaggingPDPService>;
35
- }
36
-
37
- export interface DSPClientOptions {
38
- // Base URL of the DSP
39
- platformUrl: string;
40
- // List of interceptors to apply to rpc requests
41
- interceptors?: Interceptor[];
42
- // Auth provider for request signing
43
- authProvider?: AuthProvider;
44
- }
45
-
46
- /**
47
- * A client for interacting with the DSP using the Connect RPC framework.
48
- *
49
- * This client supports custom interceptors, which can be used to add
50
- * authentication headers or other custom logic to outgoing requests.
51
- *
52
- */
53
- export class DSPClient {
54
- readonly v1: DSPClientServicesV1;
55
- readonly v2: DSPClientServicesV2;
56
-
57
- constructor(options: DSPClientOptions) {
58
- const interceptors: Interceptor[] = [];
59
-
60
- if (!options.platformUrl) {
61
- throw new Error('platformUrl is required for DSP client');
62
- }
63
-
64
- if (options.authProvider) {
65
- const authInterceptor = createAuthInterceptor(options.authProvider);
66
- interceptors.push(authInterceptor);
67
- }
68
-
69
- if (options.interceptors?.length) {
70
- interceptors.push(...options.interceptors);
71
- }
72
-
73
- const transport = createConnectTransport({
74
- baseUrl: options.platformUrl,
75
- interceptors,
76
- });
77
-
78
- this.v1 = {
79
- configService: createClient(ConfigService, transport),
80
- policyArtifactService: createClient(PolicyArtifactService, transport),
81
- sharedService: createClient(SharedService, transport),
82
- versionService: createClient(VersionService, transport),
83
- certificateService: createClient(CertificateService, transport),
84
- };
85
-
86
- this.v2 = {
87
- taggingPDPService: createClient(TaggingPDPService, transport),
88
- };
89
- }
90
- }
package/src/lib/consts.ts DELETED
@@ -1,8 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- export const MAX_CERTS = 10; // reasonable upper bound for chain depth
8
- export const MAX_CERT_BYTES = 64 * 1024; // 64KB per certificate
package/src/lib/dsp.ts DELETED
@@ -1,65 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- import { OpenTDF, type OpenTDFOptions } from '@opentdf/sdk';
8
- import { PlatformClient, type PlatformServices } from '@opentdf/sdk/platform';
9
- import {
10
- DSPClient,
11
- type DSPClientServicesV1,
12
- type DSPClientServicesV2,
13
- } from './client';
14
- import type { Interceptor } from '@connectrpc/connect';
15
-
16
- export type DSPServicesV1 = DSPClientServicesV1 & PlatformServices;
17
- export type DSPServicesV2 = DSPClientServicesV2;
18
-
19
- export interface DSPOptions extends OpenTDFOptions {
20
- // This is the URL of the DSP server that the client will connect to.
21
- // PlatformUrl is required for DSP client
22
- platformUrl: string;
23
- // List interceptors to apply to rpc requests
24
- interceptors?: Interceptor[];
25
- }
26
-
27
- export class DSP extends OpenTDF {
28
- readonly services: {
29
- v1: DSPServicesV1;
30
- v2: DSPServicesV2;
31
- };
32
- constructor(options: DSPOptions) {
33
- super(options);
34
-
35
- if (!options.platformUrl) {
36
- throw new Error('platformUrl is required for DSP client');
37
- }
38
-
39
- const dspClient = new DSPClient({
40
- platformUrl: options.platformUrl,
41
- interceptors: options.interceptors,
42
- authProvider: options.authProvider,
43
- });
44
-
45
- const platformClient = new PlatformClient({
46
- platformUrl: options.platformUrl,
47
- interceptors: options.interceptors,
48
- authProvider: options.authProvider,
49
- });
50
-
51
- this.services = {
52
- v1: {
53
- ...platformClient.v1,
54
- ...dspClient.v1,
55
- },
56
- v2: {
57
- ...dspClient.v2,
58
- },
59
- };
60
- }
61
- }
62
-
63
- export function createDSP(options: DSPOptions): DSP {
64
- return new DSP(options);
65
- }
@@ -1,162 +0,0 @@
1
- /*
2
- * Copyright (c) Virtru Corporation. All rights reserved.
3
- *
4
- * Your use of this file is governed by the Virtu Terms of Service <https://www.virtru.com/terms-of-service/>.
5
- */
6
-
7
- import { Binary } from '@opentdf/sdk/singlecontainer';
8
- import {
9
- type AsymmetricSigningAlgorithm,
10
- type ECCurve,
11
- type HkdfParams,
12
- type KeyPair,
13
- type PrivateKey,
14
- type PublicKey,
15
- type SymmetricKey,
16
- } from '@opentdf/sdk/singlecontainer';
17
- import { ConfigurationError } from '@opentdf/sdk';
18
- import { getVirtruCrypto } from './primitives';
19
- import { isSymmetricKey, wrapKeyPair, unwrapPublicKey, unwrapPrivateKey, unwrapSymmetricKey } from './keys';
20
-
21
- // ─── Key Generation ───────────────────────────────────────────────────────────
22
-
23
- const ENC_DEC_METHODS = ['encrypt', 'decrypt'] as const;
24
- const SIGN_VERIFY_METHODS = ['sign', 'verify'] as const;
25
-
26
- const RSA_OAEP_PARAMS = {
27
- name: 'RSA-OAEP' as const,
28
- modulusLength: 2048,
29
- publicExponent: [1, 0, 1],
30
- hash: 'SHA-256' as const,
31
- };
32
-
33
- const RS256_PARAMS = {
34
- name: 'RSASSA-PKCS1-v1_5' as const,
35
- modulusLength: 2048,
36
- publicExponent: [1, 0, 1],
37
- hash: 'SHA-256' as const,
38
- };
39
-
40
- /**
41
- * Generate an RSA key pair for encryption/decryption (RSA-OAEP).
42
- *
43
- * VirtruCrypto generates a single combined keypair handle. Both the PublicKey
44
- * and PrivateKey opaque wrappers reference the same VirtruCryptoKey — the
45
- * handle already carries all necessary usages. No export/re-import needed.
46
- */
47
- export async function generateKeyPair(_size?: number): Promise<KeyPair> {
48
- const crypto = await getVirtruCrypto();
49
- const combined = await crypto.generateKey(RSA_OAEP_PARAMS, true, ENC_DEC_METHODS);
50
- return wrapKeyPair(combined, combined, 'rsa:2048');
51
- }
52
-
53
- /**
54
- * Generate an RSA key pair for signing/verification (RSASSA-PKCS1-v1_5).
55
- */
56
- export async function generateSigningKeyPair(): Promise<KeyPair> {
57
- const crypto = await getVirtruCrypto();
58
- const combined = await crypto.generateKey(RS256_PARAMS, true, SIGN_VERIFY_METHODS);
59
- return wrapKeyPair(combined, combined, 'rsa:2048');
60
- }
61
-
62
- // ─── RSA Encrypt / Decrypt ────────────────────────────────────────────────────
63
-
64
- /**
65
- * Encrypt with RSA-OAEP public key.
66
- * Accepts Binary payload or a SymmetricKey for key-wrapping.
67
- */
68
- export async function encryptWithPublicKey(
69
- payload: Binary | SymmetricKey,
70
- publicKey: PublicKey
71
- ): Promise<Binary> {
72
- const crypto = await getVirtruCrypto();
73
-
74
- let payloadBytes: Uint8Array;
75
- if (isSymmetricKey(payload)) {
76
- payloadBytes = await crypto.exportKey('raw', unwrapSymmetricKey(payload));
77
- } else {
78
- payloadBytes = new Uint8Array(payload.asArrayBuffer());
79
- }
80
-
81
- const vKey = unwrapPublicKey(publicKey);
82
- const encrypted = await crypto.encrypt(RSA_OAEP_PARAMS as any, vKey, payloadBytes);
83
- return Binary.fromArrayBuffer((encrypted as Uint8Array).buffer as ArrayBuffer);
84
- }
85
-
86
- /**
87
- * Decrypt with RSA-OAEP private key.
88
- */
89
- export async function decryptWithPrivateKey(
90
- encryptedPayload: Binary,
91
- privateKey: PrivateKey
92
- ): Promise<Binary> {
93
- const crypto = await getVirtruCrypto();
94
- const vKey = unwrapPrivateKey(privateKey);
95
- const payloadBytes = new Uint8Array(encryptedPayload.asArrayBuffer());
96
- const decrypted = await crypto.decrypt(RSA_OAEP_PARAMS as any, vKey, payloadBytes);
97
- return Binary.fromArrayBuffer((decrypted as Uint8Array).buffer as ArrayBuffer);
98
- }
99
-
100
- // ─── Sign / Verify ────────────────────────────────────────────────────────────
101
-
102
- /**
103
- * Sign data with an RSA private key (RS256 only).
104
- * VirtruCrypto requires pre-hashed data, so the data is SHA-256 hashed first.
105
- */
106
- export async function sign(
107
- data: Uint8Array,
108
- privateKey: PrivateKey,
109
- algorithm: AsymmetricSigningAlgorithm
110
- ): Promise<Uint8Array> {
111
- if (algorithm !== 'RS256') {
112
- throw new ConfigurationError(
113
- `Signing algorithm '${algorithm}' not supported in FIPS mode. Only RS256 is supported.`
114
- );
115
- }
116
- const crypto = await getVirtruCrypto();
117
- const vKey = unwrapPrivateKey(privateKey);
118
- // VirtruCrypto signs a pre-computed hash, not raw data
119
- const hash = await crypto.digest({ name: 'SHA-256' }, data);
120
- const sig = await crypto.sign(RS256_PARAMS, vKey, new Uint8Array(hash));
121
- return new Uint8Array(sig);
122
- }
123
-
124
- /**
125
- * Verify an RS256 signature.
126
- * VirtruCrypto requires pre-hashed data.
127
- */
128
- export async function verify(
129
- data: Uint8Array,
130
- signature: Uint8Array,
131
- publicKey: PublicKey,
132
- algorithm: AsymmetricSigningAlgorithm
133
- ): Promise<boolean> {
134
- if (algorithm !== 'RS256') {
135
- throw new ConfigurationError(
136
- `Verification algorithm '${algorithm}' not supported in FIPS mode. Only RS256 is supported.`
137
- );
138
- }
139
- const crypto = await getVirtruCrypto();
140
- const vKey = unwrapPublicKey(publicKey);
141
- const hash = await crypto.digest({ name: 'SHA-256' }, data);
142
- try {
143
- return await crypto.verify(RS256_PARAMS, vKey, signature, new Uint8Array(hash));
144
- } catch (e) {
145
- if (e === 'Signature verification error') return false;
146
- throw e;
147
- }
148
- }
149
-
150
- // ─── EC Stubs (unsupported in FIPS mode) ─────────────────────────────────────
151
-
152
- export async function generateECKeyPair(_curve?: ECCurve): Promise<KeyPair> {
153
- throw new ConfigurationError('EC key generation is not supported in FIPS mode.');
154
- }
155
-
156
- export async function deriveKeyFromECDH(
157
- _privateKey: PrivateKey,
158
- _publicKey: PublicKey,
159
- _hkdfParams: HkdfParams
160
- ): Promise<SymmetricKey> {
161
- throw new ConfigurationError('ECDH key derivation is not supported in FIPS mode.');
162
- }