core-3nweb-client-lib 0.40.0 → 0.41.0

package/build/raw-3nweb-clients.d.ts

@@ -4,8 +4,8 @@ import { MailSender as MailSenderClient } from './lib-client/asmail/sender';
 import { MailerIdProvisioner as MailerIdProvisionerClient } from './lib-client/mailer-id/provisioner';
 import * as signupClientFuncs from './lib-client/3nweb-signup';
 import * as signupApi from './lib-common/user-admin-api/signup';
-import { user as midUser } from './lib-common/mid-sigs-NaCl-Ed';
 import * as srvLocFuncs from './lib-client/service-locator';
+import { type MailerIdSigner as MidSigner } from './lib-common/mailerid-sigs/user';
 export type StorageOwner = StorageOwnerClient;
 export declare const StorageOwner: typeof StorageOwnerClient;
 export type MailRecipient = MailRecipientClient;
@@ -17,6 +17,6 @@ export type MailerIdProvisioner = MailerIdProvisionerClient;
 export declare const MailerIdProvisioner: typeof MailerIdProvisionerClient;
 export type UserMidParams = signupApi.UserMidParams;
 export type UserStorageParams = signupApi.UserStorageParams;
-export type MailerIdSigner = midUser.MailerIdSigner;
+export type MailerIdSigner = MidSigner;
 export declare const serviceLocationFuncs: typeof srvLocFuncs;
 export declare function getLibVersion(): string;

package/build/raw-3nweb-clients.js

@@ -1,6 +1,6 @@
 "use strict";
 /*
- Copyright (C) 2020 - 2021 3NSoft Inc.
+ Copyright (C) 2020 - 2021, 2025 3NSoft Inc.
 
  This program is free software: you can redistribute it and/or modify it under
  the terms of the GNU General Public License as published by the Free Software

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "core-3nweb-client-lib",
-  "version": "0.40.0",
+  "version": "0.41.0",
   "description": "3NWeb client core library, embeddable into different environments",
   "main": "build/lib-index.js",
   "types": "build/lib-index.d.ts",

package/build/lib-common/mid-sigs-NaCl-Ed.d.ts

@@ -1,220 +0,0 @@
-/**
- * This library handles signing and verification of signatures, used
- * in MailerId.
- */
-import { GetRandom, arrays } from "ecma-nacl";
-type JsonKey = web3n.keys.JsonKey;
-type Key = web3n.keys.Key;
-type SignedLoad = web3n.keys.SignedLoad;
-/**
- * This enumerates MailerId's different use-roles of keys, involved in
- * establishing a trust.
- */
-export declare const KEY_USE: {
-    /**
-     * This is a MailerId trust root.
-     * It signs certificate for itself, and it signs certificates for provider
-     * keys, which have shorter life span, than the root.
-     * Root may revoke itself, and may revoke provider key.
-     */
-    ROOT: string;
-    /**
-     * This is a provider key, which is used to certify users' signing keys.
-     */
-    PROVIDER: string;
-    /**
-     * With this key, MailerId user signs assertions and mail keys.
-     */
-    SIGN: string;
-};
-export declare const exceptionType = "mailerid";
-export interface MidException extends web3n.RuntimeException {
-    type: 'mailerid';
-    msg: string;
-    algMismatch?: true;
-    timeMismatch?: true;
-    certsMismatch?: true;
-    certMalformed?: true;
-    sigVerificationFails?: true;
-}
-export declare function makeMalformedCertsException(msg: string, cause?: any): MidException;
-export interface Keypair {
-    pkey: JsonKey;
-    skey: Key;
-}
-export declare namespace idProvider {
-    const KID_BYTES_LENGTH = 9;
-    const MAX_USER_CERT_VALIDITY: number;
-    function makeSelfSignedCert(address: string, validityPeriod: number, sjkey: JsonKey, arrFactory?: arrays.Factory): SignedLoad;
-    /**
-     * One should keep MailerId root key offline, as this key is used only to
-     * sign provider keys, which have to work online.
-     * @param address is an address of an issuer
-     * @param validityPeriod validity period of a generated self-signed
-     * certificate in milliseconds
-     * @param random
-     * @param arrFactory optional array factory
-     * @return Generated root key and a self-signed certificate for respective
-     * public key.
-     */
-    function generateRootKey(address: string, validityPeriod: number, random: GetRandom, arrFactory?: arrays.Factory): {
-        cert: SignedLoad;
-        skey: JsonKey;
-    };
-    /**
-     * @param address is an address of an issuer
-     * @param validityPeriod validity period of a generated self-signed
-     * certificate in seconds
-     * @param rootJKey root key in json format
-     * @param random
-     * @param arrFactory optional array factory
-     * @return Generated provider's key and a certificate for a respective
-     * public key.
-     */
-    function generateProviderKey(address: string, validityPeriod: number, rootJKey: JsonKey, random: GetRandom, arrFactory?: arrays.Factory): {
-        cert: SignedLoad;
-        skey: JsonKey;
-    };
-    /**
-     * MailerId providing service should use this object to generate certificates.
-     */
-    interface IdProviderCertifier {
-        /**
-         * @param publicKey
-         * @param address
-         * @param validFor (optional)
-         * @return certificate for a given key
-         */
-        certify(publicKey: JsonKey, address: string, validFor?: number): SignedLoad;
-        /**
-         * This securely erases internal key.
-         * Call this function, when certifier is no longer needed.
-         */
-        destroy(): void;
-    }
-    /**
-     * @param issuer is a domain of certificate issuer, at which issuer's public
-     * key can be found to check the signature
-     * @param validityPeriod is a default validity period in seconds, for
-     * which certifier shall be making certificates
-     * @param signJKey is a certificates signing key
-     * @param arrFactory is an optional array factory
-     * @return MailerId certificates generator, which shall be used on identity
-     * provider's side
-     */
-    function makeIdProviderCertifier(issuer: string, validityPeriod: number, signJKey: JsonKey, arrFactory?: arrays.Factory): IdProviderCertifier;
-}
-export interface AssertionLoad {
-    user: string;
-    rpDomain: string;
-    sessionId: string;
-    issuedAt: number;
-    expiresAt: number;
-}
-export interface CertsChain {
-    user: SignedLoad;
-    prov: SignedLoad;
-    root: SignedLoad;
-}
-export declare namespace relyingParty {
-    /**
-     * @param certs is a chain of certificate to be verified.
-     * @param rootAddr is MailerId service's domain.
-     * @param validAt is an epoch time moment (in second), at which user
-     * certificate must be valid. Provider certificate must be valid at
-     * creation of user's certificate. Root certificate must be valid at
-     * creation of provider's certificate.
-     * @return user's MailerId signing key with user's address.
-     */
-    function verifyChainAndGetUserKey(certs: CertsChain, rootAddr: string, validAt: number, arrFactory?: arrays.Factory): {
-        pkey: Key;
-        address: string;
-    };
-    interface AssertionInfo {
-        relyingPartyDomain: string;
-        sessionId: string;
-        user: string;
-    }
-    function verifyAssertion(midAssertion: SignedLoad, certChain: CertsChain, rootAddr: string, validAt: number, arrFactory?: arrays.Factory): AssertionInfo;
-    /**
-     * This function does verification of a single certificate with known
-     * signing key.
-     * If your task requires verification starting with principal's MailerId,
-     * use verifyPubKey function that also accepts and checks MailerId
-     * certificates chain.
-     * @param keyCert is a certificate that should be checked
-     * @param principalAddress is an expected principal's address in a given
-     * certificate. Exception is thrown, if certificate does not match this
-     * expectation.
-     * @param signingKey is a public key, with which given certificate is
-     * validated cryptographically. Exception is thrown, if crypto-verification
-     * fails.
-     * @param validAt is an epoch time moment (in second), for which verification
-     * should be done.
-     * @param arrFactory is an optional array factory.
-     * @return a key from a given certificate.
-     */
-    function verifyKeyCert(keyCert: SignedLoad, principalAddress: string, signingKey: Key, validAt: number, arrFactory?: arrays.Factory): JsonKey;
-    /**
-     * @param pubKeyCert certificate with a public key, that needs to be
-     * verified.
-     * @param principalAddress is an expected principal's address in both key
-     * certificate, and in MailerId certificate chain. Exception is thrown,
-     * if certificate does not match this expectation.
-     * @param certChain is MailerId certificate chain for named principal.
-     * @param rootAddr is MailerId root's domain.
-     * @param validAt is an epoch time moment (in second), for which key
-     * certificate verification should be done.
-     * @param arrFactory is an optional array factory.
-     * @return a key from a given certificate.
-     */
-    function verifyPubKey(pubKeyCert: SignedLoad, principalAddress: string, certChain: CertsChain, rootAddr: string, validAt: number, arrFactory?: arrays.Factory): JsonKey;
-}
-export declare namespace user {
-    /**
-     * This is used by user of MailerId to create assertion that prove user's
-     * identity.
-     */
-    interface MailerIdSigner {
-        address: string;
-        userCert: SignedLoad;
-        providerCert: SignedLoad;
-        issuer: string;
-        certExpiresAt: number;
-        validityPeriod: number;
-        /**
-         * @param rpDomain relying party domain. If there is an explicit port,
-         * this should domain:port, which is a hostname part of url parsing.
-         * @param sessionId
-         * @param validFor (optional)
-         * @return signed assertion with a given sessionId string.
-         */
-        generateAssertionFor(rpDomain: string, sessionId: string, validFor?: number): SignedLoad;
-        /**
-         * @param pkey
-         * @param validFor
-         * @return signed certificate with a given public key.
-         */
-        certifyPublicKey(pkey: JsonKey, validFor: number): SignedLoad;
-        /**
-         * Makes this AssertionSigner not usable by wiping its secret key.
-         */
-        destroy(): void;
-    }
-    const KID_BYTES_LENGTH = 9;
-    const MAX_SIG_VALIDITY: number;
-    function generateSigningKeyPair(random: GetRandom, arrFactory?: arrays.Factory): Keypair;
-    /**
-     * @param signKey which will be used to sign assertions/keys. Note that
-     * this key shall be wiped, when signer is destroyed, as key is neither
-     * long-living, nor should be shared.
-     * @param cert is user's certificate, signed by identity provider.
-     * @param provCert is provider's certificate, signed by respective mid root.
-     * @param assertionValidity is an assertion validity period in seconds
-     * @param arrFactory is an optional array factory
-     * @return signer for user of MailerId to generate assertions, and to sign
-     * keys.
-     */
-    function makeMailerIdSigner(signKey: Key, userCert: SignedLoad, provCert: SignedLoad, assertionValidity?: number, arrFactory?: arrays.Factory): MailerIdSigner;
-}
-export {};