@workit-poa/hedera-kms-wallet 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +21 -0
- package/LICENSE +21 -0
- package/README.md +228 -0
- package/dist/hederaClient.d.ts +50 -0
- package/dist/hederaClient.d.ts.map +1 -0
- package/dist/hederaClient.js +136 -0
- package/dist/hederaClient.js.map +1 -0
- package/dist/hederaKeyCodec.d.ts +10 -0
- package/dist/hederaKeyCodec.d.ts.map +1 -0
- package/dist/hederaKeyCodec.js +140 -0
- package/dist/hederaKeyCodec.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +22 -0
- package/dist/index.js.map +1 -0
- package/dist/kmsKeyManager.d.ts +103 -0
- package/dist/kmsKeyManager.d.ts.map +1 -0
- package/dist/kmsKeyManager.js +496 -0
- package/dist/kmsKeyManager.js.map +1 -0
- package/dist/kmsSigner.d.ts +18 -0
- package/dist/kmsSigner.d.ts.map +1 -0
- package/dist/kmsSigner.js +71 -0
- package/dist/kmsSigner.js.map +1 -0
- package/dist/walletProvisioning.d.ts +66 -0
- package/dist/walletProvisioning.d.ts.map +1 -0
- package/dist/walletProvisioning.js +276 -0
- package/dist/walletProvisioning.js.map +1 -0
- package/package.json +62 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"kmsSigner.d.ts","sourceRoot":"","sources":["../src/kmsSigner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAG3C,OAAO,EAAqB,KAAK,cAAc,EAAkC,MAAM,iBAAiB,CAAC;AAEzG,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,SAAS,CAAC;IAC3B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,OAAO,EAAE,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,2BAA2B;IAC1C,GAAG,EAAE,SAAS,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,cAAc,CAAC;CAC9B;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,2BAA2B,GAAG,OAAO,CAAC,eAAe,CAAC,CAqEzG"}
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.createKmsHederaSigner = createKmsHederaSigner;
|
|
4
|
+
const client_kms_1 = require("@aws-sdk/client-kms");
|
|
5
|
+
const sdk_1 = require("@hashgraph/sdk");
|
|
6
|
+
const sha3_1 = require("@noble/hashes/sha3");
|
|
7
|
+
const hederaKeyCodec_1 = require("./hederaKeyCodec");
|
|
8
|
+
const kmsKeyManager_1 = require("./kmsKeyManager");
|
|
9
|
+
async function createKmsHederaSigner(params) {
|
|
10
|
+
const { kms, keyId, auditLogger } = params;
|
|
11
|
+
const normalizedKeyId = keyId.trim();
|
|
12
|
+
if (!normalizedKeyId) {
|
|
13
|
+
throw new Error("keyId is required");
|
|
14
|
+
}
|
|
15
|
+
const validatedKey = await (0, kmsKeyManager_1.validateKmsSecp256k1SigningKey)(kms, normalizedKeyId, auditLogger);
|
|
16
|
+
const spkiBytes = await (0, kmsKeyManager_1.getPublicKeyBytes)(kms, normalizedKeyId, auditLogger);
|
|
17
|
+
const uncompressedPublicKey = (0, hederaKeyCodec_1.spkiToUncompressedPublicKey)(spkiBytes);
|
|
18
|
+
const compressedPublicKey = (0, hederaKeyCodec_1.compressPublicKey)(uncompressedPublicKey);
|
|
19
|
+
const hederaPublicKey = sdk_1.PublicKey.fromBytesECDSA(compressedPublicKey);
|
|
20
|
+
const sign = async (message) => {
|
|
21
|
+
// Hedera secp256k1 signatures are verified against keccak256(message).
|
|
22
|
+
// KMS can't do keccak internally, so we provide the digest directly.
|
|
23
|
+
const digest = Buffer.from((0, sha3_1.keccak_256)(message));
|
|
24
|
+
const response = await kms
|
|
25
|
+
.send(new client_kms_1.SignCommand({
|
|
26
|
+
KeyId: normalizedKeyId,
|
|
27
|
+
Message: digest,
|
|
28
|
+
MessageType: "DIGEST",
|
|
29
|
+
SigningAlgorithm: "ECDSA_SHA_256"
|
|
30
|
+
}))
|
|
31
|
+
.catch(error => {
|
|
32
|
+
auditLogger?.({
|
|
33
|
+
operation: "Sign",
|
|
34
|
+
status: "failure",
|
|
35
|
+
timestamp: new Date().toISOString(),
|
|
36
|
+
keyId: normalizedKeyId,
|
|
37
|
+
keyArn: validatedKey.keyArn,
|
|
38
|
+
detail: error instanceof Error ? error.message : String(error)
|
|
39
|
+
});
|
|
40
|
+
throw error;
|
|
41
|
+
});
|
|
42
|
+
if (!response.Signature) {
|
|
43
|
+
auditLogger?.({
|
|
44
|
+
operation: "Sign",
|
|
45
|
+
status: "failure",
|
|
46
|
+
timestamp: new Date().toISOString(),
|
|
47
|
+
keyId: normalizedKeyId,
|
|
48
|
+
keyArn: validatedKey.keyArn,
|
|
49
|
+
detail: "KMS Sign did not return signature bytes"
|
|
50
|
+
});
|
|
51
|
+
throw new Error("KMS Sign did not return signature bytes");
|
|
52
|
+
}
|
|
53
|
+
auditLogger?.({
|
|
54
|
+
operation: "Sign",
|
|
55
|
+
status: "success",
|
|
56
|
+
timestamp: new Date().toISOString(),
|
|
57
|
+
keyId: normalizedKeyId,
|
|
58
|
+
keyArn: validatedKey.keyArn
|
|
59
|
+
});
|
|
60
|
+
return (0, hederaKeyCodec_1.kmsDerSignatureToHederaRaw64)(response.Signature);
|
|
61
|
+
};
|
|
62
|
+
return {
|
|
63
|
+
keyId: normalizedKeyId,
|
|
64
|
+
keyArn: validatedKey.keyArn,
|
|
65
|
+
hederaPublicKey,
|
|
66
|
+
uncompressedPublicKey,
|
|
67
|
+
compressedPublicKey,
|
|
68
|
+
sign
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=kmsSigner.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"kmsSigner.js","sourceRoot":"","sources":["../src/kmsSigner.ts"],"names":[],"mappings":";;AAqBA,sDAqEC;AA1FD,oDAA6D;AAC7D,wCAA2C;AAC3C,6CAAgD;AAChD,qDAAgH;AAChH,mDAAyG;AAiBlG,KAAK,UAAU,qBAAqB,CAAC,MAAmC;IAC7E,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAC3C,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,IAAA,8CAA8B,EAAC,GAAG,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC;IAC7F,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,EAAC,GAAG,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC;IAC7E,MAAM,qBAAqB,GAAG,IAAA,4CAA2B,EAAC,SAAS,CAAC,CAAC;IACrE,MAAM,mBAAmB,GAAG,IAAA,kCAAiB,EAAC,qBAAqB,CAAC,CAAC;IACrE,MAAM,eAAe,GAAG,eAAS,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;IAEtE,MAAM,IAAI,GAAG,KAAK,EAAE,OAAmB,EAAuB,EAAE;QAC9D,uEAAuE;QACvE,qEAAqE;QACrE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAA,iBAAU,EAAC,OAAO,CAAC,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,MAAM,GAAG;aACvB,IAAI,CACH,IAAI,wBAAW,CAAC;YACd,KAAK,EAAE,eAAe;YACtB,OAAO,EAAE,MAAM;YACf,WAAW,EAAE,QAAQ;YACrB,gBAAgB,EAAE,eAAe;SAClC,CAAC,CACH;aACA,KAAK,CAAC,KAAK,CAAC,EAAE;YACb,WAAW,EAAE,CAAC;gBACZ,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC/D,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEL,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,WAAW,EAAE,CAAC;gBACZ,SAAS,EAAE,MAAM;gBACjB,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,MAAM,EAAE,yCAAyC;aAClD,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QACD,WAAW,EAAE,CAAC;YACZ,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,YAAY,CAAC,MAAM;SAC5B,CAAC,CAAC;QAEH,OAAO,IAAA,6CAA4B,EAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC1D,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,eAAe;QACtB,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,eAAe;QACf,qBAAqB;QACrB,mBAAmB;QACnB,IAAI;KACL,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import { type KmsAuditLogger, type KmsKeyPolicyBindings } from "./kmsKeyManager";
|
|
2
|
+
import { type HederaNetwork } from "./hederaClient";
|
|
3
|
+
export interface ProvisionHederaAccountForUserParams {
|
|
4
|
+
userId: string;
|
|
5
|
+
awsRegion?: string;
|
|
6
|
+
hederaNetwork?: HederaNetwork;
|
|
7
|
+
operatorId?: string;
|
|
8
|
+
operatorKey?: string;
|
|
9
|
+
initialHbar?: number;
|
|
10
|
+
aliasPrefix?: string;
|
|
11
|
+
keyDescriptionPrefix?: string;
|
|
12
|
+
existingKeyId?: string;
|
|
13
|
+
allowKeyCreation?: boolean;
|
|
14
|
+
keyPolicy?: Record<string, unknown>;
|
|
15
|
+
policyBindings?: KmsKeyPolicyBindings;
|
|
16
|
+
allowUnsafeDefaultKeyPolicy?: boolean;
|
|
17
|
+
auditLogger?: KmsAuditLogger;
|
|
18
|
+
}
|
|
19
|
+
export interface ProvisionedHederaWallet {
|
|
20
|
+
accountId: string;
|
|
21
|
+
keyId: string;
|
|
22
|
+
keyArn?: string;
|
|
23
|
+
aliasName?: string;
|
|
24
|
+
publicKeyCompressedHex: string;
|
|
25
|
+
publicKeyUncompressedHex: string;
|
|
26
|
+
publicKeyFingerprint: string;
|
|
27
|
+
rotationEnabled: boolean;
|
|
28
|
+
rotationNote?: string;
|
|
29
|
+
}
|
|
30
|
+
export interface RotateHederaAccountKmsKeyParams {
|
|
31
|
+
userId: string;
|
|
32
|
+
accountId: string;
|
|
33
|
+
currentKeyId: string;
|
|
34
|
+
replacementKeyId?: string;
|
|
35
|
+
awsRegion?: string;
|
|
36
|
+
hederaNetwork?: HederaNetwork;
|
|
37
|
+
operatorId?: string;
|
|
38
|
+
operatorKey?: string;
|
|
39
|
+
aliasPrefix?: string;
|
|
40
|
+
keyDescriptionPrefix?: string;
|
|
41
|
+
keyPolicy?: Record<string, unknown>;
|
|
42
|
+
policyBindings?: KmsKeyPolicyBindings;
|
|
43
|
+
allowUnsafeDefaultKeyPolicy?: boolean;
|
|
44
|
+
auditLogger?: KmsAuditLogger;
|
|
45
|
+
}
|
|
46
|
+
export interface RotatedHederaWalletKey {
|
|
47
|
+
accountId: string;
|
|
48
|
+
previousKeyId: string;
|
|
49
|
+
previousKeyArn: string;
|
|
50
|
+
previousPublicKeyCompressedHex: string;
|
|
51
|
+
previousPublicKeyFingerprint: string;
|
|
52
|
+
keyId: string;
|
|
53
|
+
keyArn?: string;
|
|
54
|
+
aliasName?: string;
|
|
55
|
+
publicKeyCompressedHex: string;
|
|
56
|
+
publicKeyUncompressedHex: string;
|
|
57
|
+
publicKeyFingerprint: string;
|
|
58
|
+
rotationEnabled: boolean;
|
|
59
|
+
rotationNote?: string;
|
|
60
|
+
transactionId: string;
|
|
61
|
+
receiptStatus: string;
|
|
62
|
+
mirrorLink: string;
|
|
63
|
+
}
|
|
64
|
+
export declare function provisionHederaAccountForUser(params: ProvisionHederaAccountForUserParams): Promise<ProvisionedHederaWallet>;
|
|
65
|
+
export declare function rotateHederaAccountKmsKey(params: RotateHederaAccountKmsKeyParams): Promise<RotatedHederaWalletKey>;
|
|
66
|
+
//# sourceMappingURL=walletProvisioning.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"walletProvisioning.d.ts","sourceRoot":"","sources":["../src/walletProvisioning.ts"],"names":[],"mappings":"AAGA,OAAO,EAIL,KAAK,cAAc,EACnB,KAAK,oBAAoB,EAC1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAKL,KAAK,aAAa,EACnB,MAAM,gBAAgB,CAAC;AAGxB,MAAM,WAAW,mCAAmC;IAClD,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,cAAc,CAAC,EAAE,oBAAoB,CAAC;IACtC,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,WAAW,CAAC,EAAE,cAAc,CAAC;CAC9B;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,wBAAwB,EAAE,MAAM,CAAC;IACjC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,+BAA+B;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,cAAc,CAAC,EAAE,oBAAoB,CAAC;IACtC,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,WAAW,CAAC,EAAE,cAAc,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,8BAA8B,EAAE,MAAM,CAAC;IACvC,4BAA4B,EAAE,MAAM,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,wBAAwB,EAAE,MAAM,CAAC;IACjC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,eAAe,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAoBD,wBAAsB,6BAA6B,CACjD,MAAM,EAAE,mCAAmC,GAC1C,OAAO,CAAC,uBAAuB,CAAC,CA4IlC;AAED,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,+BAA+B,GACtC,OAAO,CAAC,sBAAsB,CAAC,CA+JjC"}
|
|
@@ -0,0 +1,276 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.provisionHederaAccountForUser = provisionHederaAccountForUser;
|
|
4
|
+
exports.rotateHederaAccountKmsKey = rotateHederaAccountKmsKey;
|
|
5
|
+
const node_crypto_1 = require("node:crypto");
|
|
6
|
+
const client_kms_1 = require("@aws-sdk/client-kms");
|
|
7
|
+
const sdk_1 = require("@hashgraph/sdk");
|
|
8
|
+
const kmsKeyManager_1 = require("./kmsKeyManager");
|
|
9
|
+
const hederaClient_1 = require("./hederaClient");
|
|
10
|
+
const kmsSigner_1 = require("./kmsSigner");
|
|
11
|
+
function fingerprintFromPublicKey(publicKeyCompressed) {
|
|
12
|
+
return (0, node_crypto_1.createHash)("sha256").update(publicKeyCompressed).digest("hex");
|
|
13
|
+
}
|
|
14
|
+
function emitWalletAuditEvent(auditLogger, event) {
|
|
15
|
+
if (!auditLogger) {
|
|
16
|
+
return;
|
|
17
|
+
}
|
|
18
|
+
auditLogger({
|
|
19
|
+
...event,
|
|
20
|
+
timestamp: new Date().toISOString()
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
async function provisionHederaAccountForUser(params) {
|
|
24
|
+
const { userId, awsRegion = process.env.AWS_REGION, hederaNetwork = process.env.HEDERA_NETWORK ?? "testnet", operatorId = process.env.OPERATOR_ID || process.env.HEDERA_OPERATOR_ID, operatorKey = process.env.OPERATOR_KEY || process.env.HEDERA_OPERATOR_KEY, initialHbar, aliasPrefix = process.env.HEDERA_KMS_ALIAS_PREFIX || "alias/workit-user", keyDescriptionPrefix = process.env.HEDERA_KMS_KEY_DESCRIPTION_PREFIX || "Workit Hedera key for user", existingKeyId, allowKeyCreation = false, keyPolicy, policyBindings, allowUnsafeDefaultKeyPolicy = false, auditLogger } = params;
|
|
25
|
+
const normalizedUserId = userId.trim();
|
|
26
|
+
if (!normalizedUserId) {
|
|
27
|
+
throw new Error("userId is required");
|
|
28
|
+
}
|
|
29
|
+
if (!awsRegion)
|
|
30
|
+
throw new Error("Missing AWS_REGION");
|
|
31
|
+
if (!operatorId || !operatorKey) {
|
|
32
|
+
throw new Error("Missing operator credentials: OPERATOR_ID/OPERATOR_KEY (or HEDERA_OPERATOR_ID/HEDERA_OPERATOR_KEY)");
|
|
33
|
+
}
|
|
34
|
+
if (initialHbar !== undefined && (!Number.isFinite(initialHbar) || initialHbar < 0)) {
|
|
35
|
+
throw new Error("initialHbar must be a non-negative number when provided");
|
|
36
|
+
}
|
|
37
|
+
const normalizedExistingKeyId = existingKeyId?.trim();
|
|
38
|
+
if (!normalizedExistingKeyId && !allowKeyCreation) {
|
|
39
|
+
throw new Error("existingKeyId is required unless allowKeyCreation=true. " +
|
|
40
|
+
"Provision keys in an admin workflow and pass existingKeyId for runtime flows.");
|
|
41
|
+
}
|
|
42
|
+
if (!normalizedExistingKeyId && !policyBindings) {
|
|
43
|
+
throw new Error("policyBindings is required when creating a new key.");
|
|
44
|
+
}
|
|
45
|
+
if (keyPolicy) {
|
|
46
|
+
throw new Error("keyPolicy is no longer supported. Use policyBindings.");
|
|
47
|
+
}
|
|
48
|
+
if (allowUnsafeDefaultKeyPolicy) {
|
|
49
|
+
throw new Error("allowUnsafeDefaultKeyPolicy is no longer supported. Use policyBindings.");
|
|
50
|
+
}
|
|
51
|
+
const kms = new client_kms_1.KMSClient({ region: awsRegion });
|
|
52
|
+
let hederaClient;
|
|
53
|
+
let selectedKeyId;
|
|
54
|
+
let selectedKeyArn;
|
|
55
|
+
try {
|
|
56
|
+
const createdKey = normalizedExistingKeyId
|
|
57
|
+
? {
|
|
58
|
+
keyId: normalizedExistingKeyId,
|
|
59
|
+
keyArn: undefined,
|
|
60
|
+
aliasName: undefined,
|
|
61
|
+
rotationEnabled: false,
|
|
62
|
+
rotationNote: "Existing key id was provided; rotation state should be managed externally."
|
|
63
|
+
}
|
|
64
|
+
: await (0, kmsKeyManager_1.createUserKmsKey)({
|
|
65
|
+
kms,
|
|
66
|
+
userId: normalizedUserId,
|
|
67
|
+
descriptionPrefix: keyDescriptionPrefix,
|
|
68
|
+
aliasPrefix,
|
|
69
|
+
policyBindings,
|
|
70
|
+
auditLogger
|
|
71
|
+
});
|
|
72
|
+
selectedKeyId = createdKey.keyId;
|
|
73
|
+
selectedKeyArn = createdKey.keyArn;
|
|
74
|
+
await (0, kmsKeyManager_1.assertKmsKeyOwnershipForUser)({
|
|
75
|
+
kms,
|
|
76
|
+
keyId: createdKey.keyId,
|
|
77
|
+
userId: normalizedUserId,
|
|
78
|
+
auditLogger
|
|
79
|
+
});
|
|
80
|
+
const signer = await (0, kmsSigner_1.createKmsHederaSigner)({
|
|
81
|
+
kms,
|
|
82
|
+
keyId: createdKey.keyId,
|
|
83
|
+
auditLogger
|
|
84
|
+
});
|
|
85
|
+
hederaClient = (0, hederaClient_1.createHederaClient)({
|
|
86
|
+
network: hederaNetwork,
|
|
87
|
+
operatorId,
|
|
88
|
+
operatorKey
|
|
89
|
+
});
|
|
90
|
+
let accountCreateTx = new sdk_1.AccountCreateTransaction().setKey(signer.hederaPublicKey);
|
|
91
|
+
if (initialHbar !== undefined && initialHbar > 0) {
|
|
92
|
+
accountCreateTx = accountCreateTx.setInitialBalance(new sdk_1.Hbar(initialHbar));
|
|
93
|
+
}
|
|
94
|
+
accountCreateTx = await accountCreateTx.freezeWith(hederaClient);
|
|
95
|
+
await (0, hederaClient_1.addKmsSignatureToFrozenTransaction)(accountCreateTx, signer);
|
|
96
|
+
const { receipt } = await (0, hederaClient_1.executeSignedTransaction)(hederaClient, accountCreateTx);
|
|
97
|
+
const accountId = receipt.accountId?.toString();
|
|
98
|
+
if (!accountId) {
|
|
99
|
+
throw new Error("Hedera account creation did not return an account id");
|
|
100
|
+
}
|
|
101
|
+
const result = {
|
|
102
|
+
accountId,
|
|
103
|
+
keyId: createdKey.keyId,
|
|
104
|
+
keyArn: createdKey.keyArn ?? signer.keyArn,
|
|
105
|
+
aliasName: createdKey.aliasName,
|
|
106
|
+
publicKeyCompressedHex: signer.compressedPublicKey.toString("hex"),
|
|
107
|
+
publicKeyUncompressedHex: signer.uncompressedPublicKey.toString("hex"),
|
|
108
|
+
publicKeyFingerprint: fingerprintFromPublicKey(signer.compressedPublicKey),
|
|
109
|
+
rotationEnabled: createdKey.rotationEnabled,
|
|
110
|
+
rotationNote: createdKey.rotationNote
|
|
111
|
+
};
|
|
112
|
+
emitWalletAuditEvent(auditLogger, {
|
|
113
|
+
operation: "ProvisionAccount",
|
|
114
|
+
status: "success",
|
|
115
|
+
userId: normalizedUserId,
|
|
116
|
+
accountId,
|
|
117
|
+
keyId: result.keyId,
|
|
118
|
+
keyArn: result.keyArn,
|
|
119
|
+
network: hederaNetwork
|
|
120
|
+
});
|
|
121
|
+
return result;
|
|
122
|
+
}
|
|
123
|
+
catch (error) {
|
|
124
|
+
emitWalletAuditEvent(auditLogger, {
|
|
125
|
+
operation: "ProvisionAccount",
|
|
126
|
+
status: "failure",
|
|
127
|
+
userId: normalizedUserId,
|
|
128
|
+
keyId: selectedKeyId,
|
|
129
|
+
keyArn: selectedKeyArn,
|
|
130
|
+
network: hederaNetwork,
|
|
131
|
+
detail: error instanceof Error ? error.message : String(error)
|
|
132
|
+
});
|
|
133
|
+
throw error;
|
|
134
|
+
}
|
|
135
|
+
finally {
|
|
136
|
+
kms.destroy();
|
|
137
|
+
hederaClient?.close();
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
async function rotateHederaAccountKmsKey(params) {
|
|
141
|
+
const { userId, accountId, currentKeyId, replacementKeyId, awsRegion = process.env.AWS_REGION, hederaNetwork = process.env.HEDERA_NETWORK ?? "testnet", operatorId = process.env.OPERATOR_ID || process.env.HEDERA_OPERATOR_ID, operatorKey = process.env.OPERATOR_KEY || process.env.HEDERA_OPERATOR_KEY, aliasPrefix = process.env.HEDERA_KMS_ALIAS_PREFIX || "alias/workit-user", keyDescriptionPrefix = process.env.HEDERA_KMS_KEY_DESCRIPTION_PREFIX || "Workit Hedera key for user", keyPolicy, policyBindings, allowUnsafeDefaultKeyPolicy = false, auditLogger } = params;
|
|
142
|
+
const normalizedUserId = userId.trim();
|
|
143
|
+
if (!normalizedUserId) {
|
|
144
|
+
throw new Error("userId is required");
|
|
145
|
+
}
|
|
146
|
+
const normalizedAccountId = accountId.trim();
|
|
147
|
+
if (!normalizedAccountId) {
|
|
148
|
+
throw new Error("accountId is required");
|
|
149
|
+
}
|
|
150
|
+
const normalizedCurrentKeyId = currentKeyId.trim();
|
|
151
|
+
if (!normalizedCurrentKeyId) {
|
|
152
|
+
throw new Error("currentKeyId is required");
|
|
153
|
+
}
|
|
154
|
+
if (!awsRegion)
|
|
155
|
+
throw new Error("Missing AWS_REGION");
|
|
156
|
+
if (!operatorId || !operatorKey) {
|
|
157
|
+
throw new Error("Missing operator credentials: OPERATOR_ID/OPERATOR_KEY (or HEDERA_OPERATOR_ID/HEDERA_OPERATOR_KEY)");
|
|
158
|
+
}
|
|
159
|
+
const normalizedReplacementKeyId = replacementKeyId?.trim();
|
|
160
|
+
if (!normalizedReplacementKeyId && !policyBindings) {
|
|
161
|
+
throw new Error("policyBindings is required when creating a replacement key.");
|
|
162
|
+
}
|
|
163
|
+
if (keyPolicy) {
|
|
164
|
+
throw new Error("keyPolicy is no longer supported. Use policyBindings.");
|
|
165
|
+
}
|
|
166
|
+
if (allowUnsafeDefaultKeyPolicy) {
|
|
167
|
+
throw new Error("allowUnsafeDefaultKeyPolicy is no longer supported. Use policyBindings.");
|
|
168
|
+
}
|
|
169
|
+
const kms = new client_kms_1.KMSClient({ region: awsRegion });
|
|
170
|
+
let hederaClient;
|
|
171
|
+
let nextKeyId;
|
|
172
|
+
let nextKeyArn;
|
|
173
|
+
try {
|
|
174
|
+
const replacementKey = normalizedReplacementKeyId
|
|
175
|
+
? {
|
|
176
|
+
keyId: normalizedReplacementKeyId,
|
|
177
|
+
keyArn: undefined,
|
|
178
|
+
aliasName: undefined,
|
|
179
|
+
rotationEnabled: false,
|
|
180
|
+
rotationNote: "Replacement key id was provided; key lifecycle and policy controls are managed externally."
|
|
181
|
+
}
|
|
182
|
+
: await (0, kmsKeyManager_1.createUserKmsKey)({
|
|
183
|
+
kms,
|
|
184
|
+
userId: normalizedUserId,
|
|
185
|
+
descriptionPrefix: keyDescriptionPrefix,
|
|
186
|
+
aliasPrefix,
|
|
187
|
+
policyBindings,
|
|
188
|
+
auditLogger
|
|
189
|
+
});
|
|
190
|
+
nextKeyId = replacementKey.keyId;
|
|
191
|
+
nextKeyArn = replacementKey.keyArn;
|
|
192
|
+
await (0, kmsKeyManager_1.assertKmsKeyOwnershipForUser)({
|
|
193
|
+
kms,
|
|
194
|
+
keyId: normalizedCurrentKeyId,
|
|
195
|
+
userId: normalizedUserId,
|
|
196
|
+
auditLogger
|
|
197
|
+
});
|
|
198
|
+
await (0, kmsKeyManager_1.assertKmsKeyOwnershipForUser)({
|
|
199
|
+
kms,
|
|
200
|
+
keyId: replacementKey.keyId,
|
|
201
|
+
userId: normalizedUserId,
|
|
202
|
+
auditLogger
|
|
203
|
+
});
|
|
204
|
+
const currentSigner = await (0, kmsSigner_1.createKmsHederaSigner)({
|
|
205
|
+
kms,
|
|
206
|
+
keyId: normalizedCurrentKeyId,
|
|
207
|
+
auditLogger
|
|
208
|
+
});
|
|
209
|
+
const replacementSigner = await (0, kmsSigner_1.createKmsHederaSigner)({
|
|
210
|
+
kms,
|
|
211
|
+
keyId: replacementKey.keyId,
|
|
212
|
+
auditLogger
|
|
213
|
+
});
|
|
214
|
+
hederaClient = (0, hederaClient_1.createHederaClient)({
|
|
215
|
+
network: hederaNetwork,
|
|
216
|
+
operatorId,
|
|
217
|
+
operatorKey
|
|
218
|
+
});
|
|
219
|
+
let accountUpdateTx = new sdk_1.AccountUpdateTransaction()
|
|
220
|
+
.setAccountId(sdk_1.AccountId.fromString(normalizedAccountId))
|
|
221
|
+
.setKey(replacementSigner.hederaPublicKey);
|
|
222
|
+
accountUpdateTx = await accountUpdateTx.freezeWith(hederaClient);
|
|
223
|
+
// Hedera key updates are explicitly co-signed by both the current and replacement keys.
|
|
224
|
+
await (0, hederaClient_1.addKmsSignatureToFrozenTransaction)(accountUpdateTx, currentSigner);
|
|
225
|
+
await (0, hederaClient_1.addKmsSignatureToFrozenTransaction)(accountUpdateTx, replacementSigner);
|
|
226
|
+
const { response, receipt } = await (0, hederaClient_1.executeSignedTransaction)(hederaClient, accountUpdateTx);
|
|
227
|
+
const transactionId = response.transactionId.toString();
|
|
228
|
+
const result = {
|
|
229
|
+
accountId: normalizedAccountId,
|
|
230
|
+
previousKeyId: currentSigner.keyId,
|
|
231
|
+
previousKeyArn: currentSigner.keyArn,
|
|
232
|
+
previousPublicKeyCompressedHex: currentSigner.compressedPublicKey.toString("hex"),
|
|
233
|
+
previousPublicKeyFingerprint: fingerprintFromPublicKey(currentSigner.compressedPublicKey),
|
|
234
|
+
keyId: replacementKey.keyId,
|
|
235
|
+
keyArn: replacementKey.keyArn ?? replacementSigner.keyArn,
|
|
236
|
+
aliasName: replacementKey.aliasName,
|
|
237
|
+
publicKeyCompressedHex: replacementSigner.compressedPublicKey.toString("hex"),
|
|
238
|
+
publicKeyUncompressedHex: replacementSigner.uncompressedPublicKey.toString("hex"),
|
|
239
|
+
publicKeyFingerprint: fingerprintFromPublicKey(replacementSigner.compressedPublicKey),
|
|
240
|
+
rotationEnabled: replacementKey.rotationEnabled,
|
|
241
|
+
rotationNote: replacementKey.rotationNote,
|
|
242
|
+
transactionId,
|
|
243
|
+
receiptStatus: receipt.status.toString(),
|
|
244
|
+
mirrorLink: (0, hederaClient_1.mirrorLinkForTransaction)(hederaNetwork, transactionId)
|
|
245
|
+
};
|
|
246
|
+
emitWalletAuditEvent(auditLogger, {
|
|
247
|
+
operation: "RotateAccountKey",
|
|
248
|
+
status: "success",
|
|
249
|
+
userId: normalizedUserId,
|
|
250
|
+
accountId: normalizedAccountId,
|
|
251
|
+
keyId: result.keyId,
|
|
252
|
+
keyArn: result.keyArn,
|
|
253
|
+
transactionId: result.transactionId,
|
|
254
|
+
network: hederaNetwork
|
|
255
|
+
});
|
|
256
|
+
return result;
|
|
257
|
+
}
|
|
258
|
+
catch (error) {
|
|
259
|
+
emitWalletAuditEvent(auditLogger, {
|
|
260
|
+
operation: "RotateAccountKey",
|
|
261
|
+
status: "failure",
|
|
262
|
+
userId: normalizedUserId,
|
|
263
|
+
accountId: normalizedAccountId,
|
|
264
|
+
keyId: nextKeyId ?? normalizedCurrentKeyId,
|
|
265
|
+
keyArn: nextKeyArn,
|
|
266
|
+
network: hederaNetwork,
|
|
267
|
+
detail: error instanceof Error ? error.message : String(error)
|
|
268
|
+
});
|
|
269
|
+
throw error;
|
|
270
|
+
}
|
|
271
|
+
finally {
|
|
272
|
+
kms.destroy();
|
|
273
|
+
hederaClient?.close();
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
//# sourceMappingURL=walletProvisioning.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"walletProvisioning.js","sourceRoot":"","sources":["../src/walletProvisioning.ts"],"names":[],"mappings":";;AAsGA,sEA8IC;AAED,8DAiKC;AAvZD,6CAAyC;AACzC,oDAAgD;AAChD,wCAAqG;AACrG,mDAMyB;AACzB,iDAMwB;AACxB,2CAAoD;AAmEpD,SAAS,wBAAwB,CAAC,mBAA+B;IAC/D,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,oBAAoB,CAC3B,WAAuC,EACvC,KAAuC;IAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;IAED,WAAW,CAAC;QACV,GAAG,KAAK;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,6BAA6B,CACjD,MAA2C;IAE3C,MAAM,EACJ,MAAM,EACN,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,EAClC,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,cAA4C,IAAI,SAAS,EACtF,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EACtE,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EACzE,WAAW,EACX,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,mBAAmB,EACxE,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,4BAA4B,EACpG,aAAa,EACb,gBAAgB,GAAG,KAAK,EACxB,SAAS,EACT,cAAc,EACd,2BAA2B,GAAG,KAAK,EACnC,WAAW,EACZ,GAAG,MAAM,CAAC;IACX,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,oGAAoG,CAAC,CAAC;IACxH,CAAC;IACD,IAAI,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC,EAAE,CAAC;QACpF,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,uBAAuB,GAAG,aAAa,EAAE,IAAI,EAAE,CAAC;IACtD,IAAI,CAAC,uBAAuB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,0DAA0D;YACxD,+EAA+E,CAClF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,uBAAuB,IAAI,CAAC,cAAc,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,2BAA2B,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IACjD,IAAI,YAA+D,CAAC;IACpE,IAAI,aAAiC,CAAC;IACtC,IAAI,cAAkC,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,uBAAuB;YACxC,CAAC,CAAC;gBACE,KAAK,EAAE,uBAAuB;gBAC9B,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,SAAS;gBACpB,eAAe,EAAE,KAAK;gBACtB,YAAY,EAAE,4EAA4E;aAC3F;YACH,CAAC,CAAC,MAAM,IAAA,gCAAgB,EAAC;gBACrB,GAAG;gBACH,MAAM,EAAE,gBAAgB;gBACxB,iBAAiB,EAAE,oBAAoB;gBACvC,WAAW;gBACX,cAAc;gBACd,WAAW;aACZ,CAAC,CAAC;QACP,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;QACjC,cAAc,GAAG,UAAU,CAAC,MAAM,CAAC;QAEnC,MAAM,IAAA,4CAA4B,EAAC;YACjC,GAAG;YACH,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,MAAM,EAAE,gBAAgB;YACxB,WAAW;SACZ,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAqB,EAAC;YACzC,GAAG;YACH,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,WAAW;SACZ,CAAC,CAAC;QACH,YAAY,GAAG,IAAA,iCAAkB,EAAC;YAChC,OAAO,EAAE,aAAa;YACtB,UAAU;YACV,WAAW;SACZ,CAAC,CAAC;QAEH,IAAI,eAAe,GAAG,IAAI,8BAAwB,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACpF,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;YACjD,eAAe,GAAG,eAAe,CAAC,iBAAiB,CAAC,IAAI,UAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7E,CAAC;QACD,eAAe,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAEjE,MAAM,IAAA,iDAAkC,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAClE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,uCAAwB,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAClF,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC;QAEhD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,MAAM,GAAG;YACb,SAAS;YACT,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;YAC1C,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,sBAAsB,EAAE,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC;YAClE,wBAAwB,EAAE,MAAM,CAAC,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtE,oBAAoB,EAAE,wBAAwB,CAAC,MAAM,CAAC,mBAAmB,CAAC;YAC1E,eAAe,EAAE,UAAU,CAAC,eAAe;YAC3C,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC;QACF,oBAAoB,CAAC,WAAW,EAAE;YAChC,SAAS,EAAE,kBAAkB;YAC7B,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,gBAAgB;YACxB,SAAS;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,oBAAoB,CAAC,WAAW,EAAE;YAChC,SAAS,EAAE,kBAAkB;YAC7B,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,gBAAgB;YACxB,KAAK,EAAE,aAAa;YACpB,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,aAAa;YACtB,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC/D,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,OAAO,EAAE,CAAC;QACd,YAAY,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAuC;IAEvC,MAAM,EACJ,MAAM,EACN,SAAS,EACT,YAAY,EACZ,gBAAgB,EAChB,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,EAClC,aAAa,GAAI,OAAO,CAAC,GAAG,CAAC,cAA4C,IAAI,SAAS,EACtF,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EACtE,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EACzE,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,mBAAmB,EACxE,oBAAoB,GAAG,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,4BAA4B,EACpG,SAAS,EACT,cAAc,EACd,2BAA2B,GAAG,KAAK,EACnC,WAAW,EACZ,GAAG,MAAM,CAAC;IAEX,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,mBAAmB,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAC7C,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,sBAAsB,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;IACnD,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,oGAAoG,CAAC,CAAC;IACxH,CAAC;IAED,MAAM,0BAA0B,GAAG,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAC5D,IAAI,CAAC,0BAA0B,IAAI,CAAC,cAAc,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,2BAA2B,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IACjD,IAAI,YAA+D,CAAC;IACpE,IAAI,SAA6B,CAAC;IAClC,IAAI,UAA8B,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,0BAA0B;YAC/C,CAAC,CAAC;gBACE,KAAK,EAAE,0BAA0B;gBACjC,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,SAAS;gBACpB,eAAe,EAAE,KAAK;gBACtB,YAAY,EAAE,4FAA4F;aAC3G;YACH,CAAC,CAAC,MAAM,IAAA,gCAAgB,EAAC;gBACrB,GAAG;gBACH,MAAM,EAAE,gBAAgB;gBACxB,iBAAiB,EAAE,oBAAoB;gBACvC,WAAW;gBACX,cAAc;gBACd,WAAW;aACZ,CAAC,CAAC;QACP,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC;QACjC,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC;QAEnC,MAAM,IAAA,4CAA4B,EAAC;YACjC,GAAG;YACH,KAAK,EAAE,sBAAsB;YAC7B,MAAM,EAAE,gBAAgB;YACxB,WAAW;SACZ,CAAC,CAAC;QACH,MAAM,IAAA,4CAA4B,EAAC;YACjC,GAAG;YACH,KAAK,EAAE,cAAc,CAAC,KAAK;YAC3B,MAAM,EAAE,gBAAgB;YACxB,WAAW;SACZ,CAAC,CAAC;QAEH,MAAM,aAAa,GAAG,MAAM,IAAA,iCAAqB,EAAC;YAChD,GAAG;YACH,KAAK,EAAE,sBAAsB;YAC7B,WAAW;SACZ,CAAC,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,IAAA,iCAAqB,EAAC;YACpD,GAAG;YACH,KAAK,EAAE,cAAc,CAAC,KAAK;YAC3B,WAAW;SACZ,CAAC,CAAC;QAEH,YAAY,GAAG,IAAA,iCAAkB,EAAC;YAChC,OAAO,EAAE,aAAa;YACtB,UAAU;YACV,WAAW;SACZ,CAAC,CAAC;QAEH,IAAI,eAAe,GAAG,IAAI,8BAAwB,EAAE;aACjD,YAAY,CAAC,eAAS,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;aACvD,MAAM,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAC7C,eAAe,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QAEjE,wFAAwF;QACxF,MAAM,IAAA,iDAAkC,EAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QACzE,MAAM,IAAA,iDAAkC,EAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;QAE7E,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,uCAAwB,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC5F,MAAM,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QAExD,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,mBAAmB;YAC9B,aAAa,EAAE,aAAa,CAAC,KAAK;YAClC,cAAc,EAAE,aAAa,CAAC,MAAM;YACpC,8BAA8B,EAAE,aAAa,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjF,4BAA4B,EAAE,wBAAwB,CAAC,aAAa,CAAC,mBAAmB,CAAC;YACzF,KAAK,EAAE,cAAc,CAAC,KAAK;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM,IAAI,iBAAiB,CAAC,MAAM;YACzD,SAAS,EAAE,cAAc,CAAC,SAAS;YACnC,sBAAsB,EAAE,iBAAiB,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC7E,wBAAwB,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjF,oBAAoB,EAAE,wBAAwB,CAAC,iBAAiB,CAAC,mBAAmB,CAAC;YACrF,eAAe,EAAE,cAAc,CAAC,eAAe;YAC/C,YAAY,EAAE,cAAc,CAAC,YAAY;YACzC,aAAa;YACb,aAAa,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE;YACxC,UAAU,EAAE,IAAA,uCAAwB,EAAC,aAAa,EAAE,aAAa,CAAC;SACnE,CAAC;QACF,oBAAoB,CAAC,WAAW,EAAE;YAChC,SAAS,EAAE,kBAAkB;YAC7B,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,gBAAgB;YACxB,SAAS,EAAE,mBAAmB;YAC9B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,oBAAoB,CAAC,WAAW,EAAE;YAChC,SAAS,EAAE,kBAAkB;YAC7B,MAAM,EAAE,SAAS;YACjB,MAAM,EAAE,gBAAgB;YACxB,SAAS,EAAE,mBAAmB;YAC9B,KAAK,EAAE,SAAS,IAAI,sBAAsB;YAC1C,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,aAAa;YACtB,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC/D,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,OAAO,EAAE,CAAC;QACd,YAAY,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@workit-poa/hedera-kms-wallet",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "AWS KMS-backed Hedera wallet provisioning and signing utilities.",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"repository": {
|
|
7
|
+
"type": "git",
|
|
8
|
+
"url": "git+https://github.com/workit-poa/workit.git",
|
|
9
|
+
"directory": "libs/hedera-kms-wallet"
|
|
10
|
+
},
|
|
11
|
+
"homepage": "https://github.com/workit-poa/workit/tree/main/libs/hedera-kms-wallet#readme",
|
|
12
|
+
"bugs": {
|
|
13
|
+
"url": "https://github.com/workit-poa/workit/issues"
|
|
14
|
+
},
|
|
15
|
+
"private": false,
|
|
16
|
+
"main": "dist/index.js",
|
|
17
|
+
"types": "dist/index.d.ts",
|
|
18
|
+
"exports": {
|
|
19
|
+
".": {
|
|
20
|
+
"types": "./dist/index.d.ts",
|
|
21
|
+
"default": "./dist/index.js"
|
|
22
|
+
}
|
|
23
|
+
},
|
|
24
|
+
"files": [
|
|
25
|
+
"dist",
|
|
26
|
+
"README.md",
|
|
27
|
+
".env.example",
|
|
28
|
+
"LICENSE"
|
|
29
|
+
],
|
|
30
|
+
"publishConfig": {
|
|
31
|
+
"access": "public"
|
|
32
|
+
},
|
|
33
|
+
"sideEffects": false,
|
|
34
|
+
"engines": {
|
|
35
|
+
"node": ">=18"
|
|
36
|
+
},
|
|
37
|
+
"keywords": [
|
|
38
|
+
"hedera",
|
|
39
|
+
"hashgraph",
|
|
40
|
+
"aws-kms",
|
|
41
|
+
"kms",
|
|
42
|
+
"wallet",
|
|
43
|
+
"signer"
|
|
44
|
+
],
|
|
45
|
+
"devDependencies": {
|
|
46
|
+
"@vitest/coverage-v8": "^3.2.4",
|
|
47
|
+
"dotenv": "^16.4.5",
|
|
48
|
+
"vitest": "^3.2.4"
|
|
49
|
+
},
|
|
50
|
+
"dependencies": {
|
|
51
|
+
"@noble/hashes": "^1.7.1",
|
|
52
|
+
"@aws-sdk/client-kms": "^3.900.0",
|
|
53
|
+
"@hashgraph/sdk": "^2.62.0"
|
|
54
|
+
},
|
|
55
|
+
"scripts": {
|
|
56
|
+
"clean": "rm -rf dist",
|
|
57
|
+
"build": "tsc -p tsconfig.build.json",
|
|
58
|
+
"lint": "tsc --noEmit -p tsconfig.json",
|
|
59
|
+
"test": "vitest run",
|
|
60
|
+
"test:coverage": "vitest run --coverage"
|
|
61
|
+
}
|
|
62
|
+
}
|