favalib 0.0.1

package/build/subclasses/SyncManager.mjs

@@ -0,0 +1,567 @@
+import WebSocket from 'isomorphic-ws';
+import { base64ToUint8Array, hexToUint8Array, stringToBase64, uint8ArrayToBase64, uint8ArrayToHex, } from 'uint8array-extras';
+import { deriveSFromPassword, JPakeThreePass, } from 'jpake-ts';
+import { TwoFaLibEvent } from '../TwoFaLibEvent.mjs';
+import { decodeInitiatorData, jsonToUint8Array } from '../utils/syncUtils.mjs';
+import { InitializationError, SyncAddDeviceFlowConflictError, SyncError, SyncInWrongStateError, SyncNoServerConnectionError, TwoFALibError, } from '../TwoFALibError.mjs';
+import AddSyncDeviceCommand from '../Command/commands/AddSyncDeviceCommand.mjs';
+const IN_TESTING = process.env.NODE_ENV === 'test';
+const IN_DEV = process.env.NODE_ENV === 'development';
+const generateNonCryptographicRandomString = () => {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    const length = Math.floor(Math.random() * 64) + 1;
+    return Array.from({ length }, () => chars[Math.floor(Math.random() * chars.length)]).join('');
+};
+/**
+ * Manages synchronization of 2FA devices and communication with the server.
+ */
+class SyncManager {
+    /**
+     * Public getter for the command send queue.
+     * @returns The command send queue.
+     */
+    getCommandSendQueue() {
+        return this.commandSendQueue;
+    }
+    /**
+     * Creates an instance of SyncManager.
+     * @param mediator - The mediator for accessing other components.
+     * @param deviceType - The type of the device.
+     * @param publicKey - The public key of the device.
+     * @param privateKey - The private key of the device.
+     * @param syncState - The state of the sync.
+     * @param deviceId - The unique identifier of the device.
+     * @throws {InitializationError} If initialization fails (e.g., if the server URL is invalid).
+     */
+    constructor(mediator, deviceType, publicKey, privateKey, syncState, deviceId) {
+        this.mediator = mediator;
+        this.deviceType = deviceType;
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
+        this.reconnectInterval = IN_TESTING ? 100 : 5000; // 5 seconds
+        this.readyEventEmitted = false;
+        this.commandSendQueue = [];
+        this.shouldReconnect = true;
+        const { serverUrl, devices, commandSendQueue } = syncState;
+        if (!serverUrl.startsWith('wss://')) {
+            if (!serverUrl.startsWith('ws://') && !(IN_DEV || IN_TESTING)) {
+                throw new InitializationError('Invalid server URL, protocol must be wss');
+            }
+        }
+        this.deviceId = deviceId;
+        this.syncDevices = devices;
+        this.commandSendQueue = commandSendQueue;
+        this.serverUrl = serverUrl;
+        this.initServerConnection();
+    }
+    get libraryLoader() {
+        return this.mediator.getComponent('libraryLoader');
+    }
+    get cryptoLib() {
+        return this.libraryLoader.getCryptoLib();
+    }
+    get persistentStorageManager() {
+        return this.mediator.getComponent('persistentStorageManager');
+    }
+    get commandManager() {
+        return this.mediator.getComponent('commandManager');
+    }
+    get dispatchLibEvent() {
+        return this.mediator.getComponent('dispatchLibEvent');
+    }
+    get log() {
+        return this.mediator.getComponent('log');
+    }
+    /**
+     * @returns Whether an add device flow is currently active.
+     */
+    get inAddDeviceFlow() {
+        return Boolean(this.activeAddDeviceFlow);
+    }
+    /**
+     * @returns Whether the WebSocket connection is open.
+     */
+    get webSocketConnected() {
+        return this.ws?.readyState === WebSocket.OPEN;
+    }
+    async getNonce() {
+        return uint8ArrayToBase64(await this.cryptoLib.getRandomBytes(16));
+    }
+    sendToServer(type, data) {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        this.ws.send(JSON.stringify({ type, data }));
+    }
+    /**
+     * Initializes the WebSocket connection to the server.
+     */
+    initServerConnection() {
+        const ws = new WebSocket(this.serverUrl);
+        // eslint-disable-next-line @typescript-eslint/no-this-alias
+        const syncManager = this;
+        ws.addEventListener('error', (event) => {
+            syncManager.log('warning', `Error in websocket: ${event.error}`);
+        });
+        ws.addEventListener('message', function message(message) {
+            try {
+                const jsonString = String(message.data);
+                const parsedMessage = JSON.parse(jsonString);
+                syncManager.handleServerMessage(parsedMessage);
+            }
+            catch (error) {
+                // eslint-disable-next-line no-restricted-globals
+                if (error instanceof Error) {
+                    syncManager.log('warning', `Failed to parse message: ${error.message}`);
+                }
+                else {
+                    syncManager.log('warning', `Failed to parse message: ${String(error)}`);
+                }
+            }
+        });
+        ws.addEventListener('open', () => {
+            this.log('info', 'Connected to server.');
+            this.sendToServer('connect', { deviceId: syncManager.deviceId });
+            this.dispatchLibEvent(TwoFaLibEvent.ConnectionToSyncServerStatusChanged, {
+                connected: true,
+            });
+            // send any commands that were done while offline
+            void this.processCommandSendQueue();
+        });
+        ws.addEventListener('close', this.handleWebSocketClose.bind(this));
+        this.ws = ws;
+    }
+    handleWebSocketClose(event) {
+        this.dispatchLibEvent(TwoFaLibEvent.ConnectionToSyncServerStatusChanged, {
+            connected: false,
+        });
+        if (this.shouldReconnect) {
+            // if we shouldn't reconnect, this closing is expected
+            this.log('warning', `WebSocket closed: ${event.code} ${event.reason}`);
+            this.attemptReconnect();
+        }
+    }
+    handleServerMessage(message) {
+        switch (message.type) {
+            case 'confirmAddSyncDeviceInitialiseData': {
+                if (this.activeAddDeviceFlow?.state !== 'initiator:initiated') {
+                    throw new SyncInWrongStateError(`Expected initiator:initiated, got ${this.activeAddDeviceFlow?.state}`);
+                }
+                clearTimeout(this.activeAddDeviceFlow.timeout);
+                this.activeAddDeviceFlow.resolveContinuePromise(message);
+                break;
+            }
+            case 'JPAKEPass2': {
+                const { data } = message;
+                const unconvertedPass2Result = data.pass2Result;
+                const pass2Result = {
+                    round1Result: jsonToUint8Array(unconvertedPass2Result.round1Result),
+                    round2Result: jsonToUint8Array(unconvertedPass2Result.round2Result),
+                };
+                void this.finishAddDeviceFlowKeyExchangeInitiator(pass2Result, data.responderDeviceId, data.responderDeviceType);
+                break;
+            }
+            case 'JPAKEPass3': {
+                const { data } = message;
+                const pass3Result = jsonToUint8Array(data.pass3Result);
+                void this.finishAddDeviceFlowKeyExchangeResponder(pass3Result);
+                break;
+            }
+            case 'publicKey': {
+                const { data } = message;
+                const { responderEncryptedPublicKey } = data;
+                void this.sendInitialVaultData(responderEncryptedPublicKey);
+                break;
+            }
+            case 'vault': {
+                const { data } = message;
+                const { encryptedVaultData, initiatorEncryptedPublicKey } = data;
+                void this.importInitialVaultState(encryptedVaultData, initiatorEncryptedPublicKey);
+                break;
+            }
+            case 'syncCommandsReceived': {
+                const { data: { commandIds }, } = message;
+                void this.commandsSuccesfullyReceived(commandIds);
+                break;
+            }
+            case 'syncCommands': {
+                const { data: commands } = message;
+                void this.receiveCommands(commands);
+                break;
+            }
+        }
+    }
+    attemptReconnect() {
+        this.log('info', 'Connection to server lost, attempting to reconnect...');
+        this.reconnectTimeout = setTimeout(() => {
+            this.initServerConnection();
+        }, this.reconnectInterval);
+    }
+    /**
+     * @inheritdoc
+     */
+    async initiateAddDeviceFlow(returnAs) {
+        if (this.activeAddDeviceFlow) {
+            throw new SyncAddDeviceFlowConflictError();
+        }
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        const addDevicePassword = deriveSFromPassword(uint8ArrayToBase64(await this.cryptoLib.getRandomBytes(60)));
+        const timestamp = Date.now();
+        const jpak = new JPakeThreePass(this.deviceId);
+        const pass1Result = jpak.pass1();
+        const continuePromise = new Promise((resolve, reject) => {
+            // Set a timeout for if we get no response from the server
+            const timeout = setTimeout(() => {
+                if (this.activeAddDeviceFlow?.state === 'initiator:initiated') {
+                    reject(new TwoFALibError('Timeout of registerAddDeviceFlowRequest, no response'));
+                    this.activeAddDeviceFlow = undefined;
+                }
+            }, 10000);
+            this.activeAddDeviceFlow = {
+                state: 'initiator:initiated',
+                jpak,
+                addDevicePassword,
+                initiatorDeviceId: this.deviceId,
+                timestamp,
+                resolveContinuePromise: resolve,
+                timeout,
+            };
+        });
+        // register this add device request at the server
+        this.sendToServer('addSyncDeviceInitialiseData', {
+            initiatorDeviceType: this.deviceType,
+            initiatorDeviceId: this.deviceId,
+            timestamp,
+            nonce: await this.getNonce(),
+        });
+        // wait for the server to confirm it has registered the add device request
+        await continuePromise;
+        const returnData = {
+            addDevicePassword: uint8ArrayToBase64(addDevicePassword),
+            initiatorDeviceId: this.deviceId,
+            initiatorDeviceType: this.deviceType,
+            timestamp,
+            pass1Result: {
+                G1: uint8ArrayToHex(pass1Result.G1),
+                G2: uint8ArrayToHex(pass1Result.G2),
+                ZKPx1: uint8ArrayToHex(pass1Result.ZKPx1),
+                ZKPx2: uint8ArrayToHex(pass1Result.ZKPx2),
+            },
+        };
+        let returnQr = null;
+        if (returnAs.qr) {
+            const qrGeneratorLib = await this.libraryLoader.getQrGeneratorLib();
+            returnQr = await qrGeneratorLib.toDataURL(JSON.stringify(returnData));
+        }
+        const returnText = returnAs.text
+            ? stringToBase64(JSON.stringify(returnData), { urlSafe: true })
+            : null;
+        return {
+            qr: returnQr,
+            text: returnText,
+        };
+    }
+    /**
+     * Responds to an add device flow initiated by another device.
+     * @param initiatorData The data received from the initiating device.
+     * @param initiatorDataType The type of the initiatorData, determines how it should be decoded
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     * @throws {SyncAddDeviceFlowConflictError} If an add device flow is already active.
+     * @throws {SyncError} If the initiator data is invalid.
+     */
+    async respondToAddDeviceFlow(initiatorData, initiatorDataType) {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        if (this.activeAddDeviceFlow) {
+            throw new SyncAddDeviceFlowConflictError();
+        }
+        const { addDevicePassword, initiatorDeviceId, timestamp, pass1Result, initiatorDeviceType: initiatorDeviceIdentifier, } = await decodeInitiatorData(initiatorData, initiatorDataType, await this.libraryLoader.getJsQrLib(), this.libraryLoader.getCanvasLib.bind(this));
+        if (!addDevicePassword ||
+            !initiatorDeviceId ||
+            !timestamp ||
+            !pass1Result ||
+            !initiatorDeviceIdentifier) {
+            throw new SyncError('Missing required fields in initiator data');
+        }
+        // Decode the base64 password
+        const decodedPassword = base64ToUint8Array(addDevicePassword);
+        const jpak = new JPakeThreePass(this.deviceId);
+        // Process the first pass from the initiator
+        const initiatorPass1Result = {
+            G1: hexToUint8Array(pass1Result.G1),
+            G2: hexToUint8Array(pass1Result.G2),
+            ZKPx1: hexToUint8Array(pass1Result.ZKPx1),
+            ZKPx2: hexToUint8Array(pass1Result.ZKPx2),
+        };
+        let pass2Result;
+        try {
+            pass2Result = jpak.pass2(initiatorPass1Result, decodedPassword, initiatorDeviceId);
+        }
+        catch {
+            throw new SyncError('Error processing initiator pass 1');
+        }
+        this.activeAddDeviceFlow = {
+            state: 'responder:initated',
+            jpak,
+            addDevicePassword: decodedPassword,
+            responderDeviceId: this.deviceId,
+            initiatorDeviceId: initiatorDeviceId,
+            initiatorDeviceType: initiatorDeviceIdentifier,
+            timestamp: Date.now(),
+        };
+        // respond to this add device request at the server
+        this.sendToServer('JPAKEPass2', {
+            nonce: await this.getNonce(),
+            // @ts-expect-error we get a type mismatch because we input Uint8Array instead of JsonifiedUint8Array, but it will get jsonified later
+            pass2Result,
+            responderDeviceId: this.deviceId,
+            initiatorDeviceId: initiatorDeviceId,
+            responderDeviceType: this.deviceType,
+        });
+    }
+    async finishAddDeviceFlowKeyExchangeInitiator(pass2Result, responderDeviceId, responderDeviceType) {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        if (this.activeAddDeviceFlow?.state !== 'initiator:initiated') {
+            throw new SyncInWrongStateError(`Expected initiator:initiated, got ${this.activeAddDeviceFlow?.state}`);
+        }
+        const pass3Result = this.activeAddDeviceFlow.jpak.pass3(pass2Result, this.activeAddDeviceFlow.addDevicePassword, responderDeviceId);
+        this.sendToServer('JPAKEPass3', {
+            nonce: await this.getNonce(),
+            initiatorDeviceId: this.activeAddDeviceFlow.initiatorDeviceId,
+            // @ts-expect-error we get a type mismatch because we input Uint8Array instead of JsonifiedUint8Array, but it will get jsonified later
+            pass3Result,
+        });
+        const sharedKey = this.activeAddDeviceFlow.jpak.deriveSharedKey();
+        const syncKey = await this.cryptoLib.createSyncKey(sharedKey, responderDeviceId);
+        this.activeAddDeviceFlow = {
+            ...this.activeAddDeviceFlow,
+            state: 'initiator:syncKeyCreated',
+            responderDeviceId: responderDeviceId,
+            responderDeviceType: responderDeviceType,
+            syncKey,
+        };
+    }
+    async finishAddDeviceFlowKeyExchangeResponder(pass3Result) {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        if (this.activeAddDeviceFlow?.state !== 'responder:initated') {
+            throw new SyncInWrongStateError(`Expected responder:initiated, got ${this.activeAddDeviceFlow?.state}`);
+        }
+        if (!this.publicKey) {
+            throw new SyncError('Public key not set');
+        }
+        this.activeAddDeviceFlow.jpak.receivePass3Results(pass3Result);
+        const sharedKey = this.activeAddDeviceFlow.jpak.deriveSharedKey();
+        const syncKey = await this.cryptoLib.createSyncKey(sharedKey, this.activeAddDeviceFlow.responderDeviceId);
+        this.activeAddDeviceFlow = {
+            ...this.activeAddDeviceFlow,
+            state: 'responder:syncKeyCreated',
+            syncKey,
+        };
+        const responderEncryptedPublicKey = await this.cryptoLib.encryptSymmetric(syncKey, this.publicKey);
+        // send our public key
+        this.sendToServer('publicKey', {
+            nonce: await this.getNonce(),
+            responderEncryptedPublicKey,
+            initiatorDeviceId: this.activeAddDeviceFlow.initiatorDeviceId,
+        });
+    }
+    async sendInitialVaultData(responderEncryptedPublicKey) {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        if (this.activeAddDeviceFlow?.state !== 'initiator:syncKeyCreated') {
+            throw new SyncInWrongStateError(`Expected initiator:syncKeyCreated, got ${this.activeAddDeviceFlow?.state}`);
+        }
+        if (!this.publicKey) {
+            throw new SyncError('Public key not set');
+        }
+        const syncKey = this.activeAddDeviceFlow.syncKey;
+        // Decrypt the received public key
+        const decryptedPublicKey = await this.cryptoLib.decryptSymmetric(syncKey, responderEncryptedPublicKey);
+        // get the vault data (encrypted with the sync key)
+        const encryptedVaultData = await this.persistentStorageManager.getEncryptedVaultState(syncKey);
+        const initiatorEncryptedPublicKey = await this.cryptoLib.encryptSymmetric(syncKey, this.publicKey);
+        // Send the encrypted vault data to the server
+        this.sendToServer('vault', {
+            nonce: await this.getNonce(),
+            encryptedVaultData,
+            initiatorDeviceId: this.activeAddDeviceFlow.initiatorDeviceId,
+            initiatorEncryptedPublicKey,
+        });
+        // save the added the sync device, done via command so this is synced to
+        // all the other (already existing) sync devices
+        const command = AddSyncDeviceCommand.create({
+            deviceId: this.activeAddDeviceFlow.responderDeviceId,
+            deviceType: this.activeAddDeviceFlow.responderDeviceType,
+            publicKey: decryptedPublicKey,
+        });
+        await this.commandManager.execute(command);
+        // all done
+        this.activeAddDeviceFlow = undefined;
+    }
+    async importInitialVaultState(encryptedVaultState, encryptedPublicKey) {
+        if (this.activeAddDeviceFlow?.state !== 'responder:syncKeyCreated') {
+            throw new SyncInWrongStateError(`Expected responder:syncKeyCreated, got ${this.activeAddDeviceFlow?.state}`);
+        }
+        const syncKey = this.activeAddDeviceFlow.syncKey;
+        // Decrypt the received public key
+        const decryptedPublicKey = await this.cryptoLib.decryptSymmetric(syncKey, encryptedPublicKey);
+        const vaultState = JSON.parse(await this.cryptoLib.decryptSymmetric(syncKey, encryptedVaultState));
+        if (vaultState.deviceId !== this.activeAddDeviceFlow.initiatorDeviceId) {
+            throw new SyncError(`DeviceId mismatch when importing, expected ${this.activeAddDeviceFlow.initiatorDeviceId} got ${vaultState.deviceId}`);
+        }
+        this.syncDevices = vaultState.sync.devices;
+        this.mediator
+            .getComponent('vaultDataManager')
+            .replaceVault(vaultState.vault);
+        // Update the sync devices list with the initiator's information
+        // Not done as a command as all other devices already have the senders info
+        await this.addSyncDevice({
+            deviceId: this.activeAddDeviceFlow.initiatorDeviceId,
+            deviceType: this.activeAddDeviceFlow.initiatorDeviceType,
+            publicKey: decryptedPublicKey,
+        });
+        // Reset the active add device flow
+        this.activeAddDeviceFlow = undefined;
+        this.dispatchLibEvent(TwoFaLibEvent.ConnectToExistingVaultFinished);
+    }
+    /**
+     * Cancels the active add sync device flow.
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     * @throws {SyncInWrongStateError} If there is no active add device flow.
+     */
+    cancelAddSyncDevice() {
+        if (!this.ws || !this.webSocketConnected) {
+            throw new SyncNoServerConnectionError();
+        }
+        if (!this.activeAddDeviceFlow) {
+            throw new SyncInWrongStateError('Trying to cancel addSyncDevice while not active');
+        }
+        this.sendToServer('addSyncDeviceCancelled', {
+            initiatorDeviceId: this.activeAddDeviceFlow.initiatorDeviceId,
+        });
+        // Reset the active add device flow
+        this.activeAddDeviceFlow = undefined;
+        this.dispatchLibEvent(TwoFaLibEvent.ConnectToExistingVaultFinished);
+    }
+    /**
+     * Sends a command to the server to synchronize with other devices.
+     * @param command - The command to be sent.
+     * @throws {SyncNoServerConnectionError} If there is no server connection.
+     */
+    async sendCommand(command) {
+        const commandJson = command.toJSON();
+        await Promise.all(this.syncDevices.map(async (device) => {
+            const symmetricKey = await this.cryptoLib.createSymmetricKey();
+            const encryptedSymmetricKey = await this.cryptoLib.encrypt(device.publicKey, symmetricKey);
+            const encryptedCommand = await this.cryptoLib.encryptSymmetric(symmetricKey, JSON.stringify({
+                ...commandJson,
+                id: undefined,
+                padding: generateNonCryptographicRandomString(), // make it harder to guess the length
+            }));
+            this.commandSendQueue.push({
+                commandId: command.id,
+                deviceId: device.deviceId,
+                encryptedSymmetricKey,
+                encryptedCommand,
+            });
+        }));
+        await this.processCommandSendQueue();
+    }
+    async processCommandSendQueue() {
+        if (this.syncDevices.length === 0) {
+            // no devices to sync with, no need to send anything
+            this.commandSendQueue = [];
+            return;
+        }
+        if (!this.ws || !this.webSocketConnected) {
+            // not possible to process commands at this point
+            this.log('warning', 'Could not sync commands, no server connection, will retry later.');
+            return;
+        }
+        if (this.commandSendQueue.length === 0) {
+            // no commands to sync
+            return;
+        }
+        this.sendToServer('syncCommands', {
+            nonce: await this.getNonce(),
+            commands: this.commandSendQueue,
+        });
+    }
+    /**
+     * Handles the confirmation that the sever succesfully received (some) send commands
+     * @param commandIds - The ids of the received commands
+     */
+    commandsSuccesfullyReceived(commandIds) {
+        // remove all succesfully received commands frm the queue
+        this.commandSendQueue = this.commandSendQueue.filter((command) => !commandIds.includes(command.commandId));
+    }
+    /**
+     * Receives and processes commands from other devices.
+     * @param encryptedCommands - The commands
+     * @throws {CryptoError} If decryption fails.
+     */
+    async receiveCommands(encryptedCommands) {
+        await Promise.all(encryptedCommands.map(async (data) => {
+            const symmetricKey = await this.cryptoLib.decrypt(this.privateKey, data.encryptedSymmetricKey);
+            const command = JSON.parse(await this.cryptoLib.decryptSymmetric(symmetricKey, data.encryptedCommand));
+            this.commandManager.receiveRemoteCommand({
+                ...command,
+                id: data.commandId,
+            });
+        }));
+        const commandsExecutedIds = await this.commandManager.processRemoteCommands();
+        // if this was the first time we received commands,
+        // we can signal that we're done loading after the commands where processed
+        if (!this.readyEventEmitted) {
+            this.readyEventEmitted = true;
+            this.dispatchLibEvent(TwoFaLibEvent.Ready);
+        }
+        if (commandsExecutedIds.length > 0) {
+            this.sendToServer('syncCommandsExecuted', {
+                commandIds: commandsExecutedIds,
+            });
+        }
+    }
+    /**
+     * Add a sync device
+     * @param deviceInfo - The info about the device
+     */
+    async addSyncDevice(deviceInfo) {
+        if (deviceInfo.deviceId === this.deviceId) {
+            // This is the command that adds this device to all sync devices
+            // besides the sender after the device add flow. We don't want to
+            // add ourselves to our syncDevices
+            return;
+        }
+        this.log('info', `Adding syncdevice ${deviceInfo.deviceId} to ${this.deviceId}`);
+        this.syncDevices.push(deviceInfo);
+        await this.persistentStorageManager.save();
+    }
+    /**
+     * Function to call when the server connection should be closed
+     */
+    closeServerConnection() {
+        this.shouldReconnect = false;
+        if (this.reconnectTimeout) {
+            clearTimeout(this.reconnectTimeout);
+            this.reconnectTimeout = undefined;
+        }
+        if (this.ws) {
+            const ws = this.ws;
+            this.ws = undefined;
+            ws.close();
+            // force terminate the connection after 5 seconds
+            // ws.terminate is not defined in the test enviroment, which is the reason for the &&
+            setTimeout(() => ws.terminate && ws.terminate(), 5000);
+        }
+    }
+}
+export default SyncManager;

package/build/subclasses/VaultDataManager.d.mts

@@ -0,0 +1,68 @@
+import type Entry from '../interfaces/Entry.mjs';
+import type { EntryId, Token } from '../interfaces/Entry.mjs';
+import type TwoFaLibMediator from '../TwoFaLibMediator.mjs';
+import { Vault } from '../interfaces/Vault.mjs';
+/**
+ * Manages the data within the vault. This class should only be used internally
+ * by the library, for public methods, see VaultOperationsManager.
+ */
+declare class VaultDataManager {
+    private readonly mediator;
+    private vault;
+    /**
+     * Constructs a new VaultDataManager instance.
+     * @param mediator - The mediator for accessing other components.
+     */
+    constructor(mediator: TwoFaLibMediator);
+    private get persistentStorageManager();
+    /**
+     * @returns The number of entries in the vault.
+     */
+    get size(): number;
+    /**
+     * Retrieve a specific entry.
+     * @param entryId - The unique identifier of the entry.
+     * @returns The entry.
+     * @throws {EntryNotFoundError} If no entry exists with the given ID.
+     */
+    getFullEntry(entryId: EntryId): Entry;
+    /**
+     * Retrieve all entries in the vault.
+     * @returns An array of all entries.
+     */
+    getAllEntries(): Vault;
+    /**
+     * Generate a time-based one-time password (TOTP) for a specific entry.
+     * @param id - The unique identifier of the entry.
+     * @param timestamp - Optional timestamp to use for token generation (default is current time).
+     * @returns An object containing the token and the validity period.
+     * @throws {EntryNotFoundError} If no entry exists with the given ID.
+     * @throws {TokenGenerationError} If token generation fails due to invalid entry data or technical issues.
+     */
+    generateTokenForEntry(id: EntryId, timestamp?: number): Token;
+    /**
+     * Add a new entry to the vault.
+     * @param entry - The entry data to add (without an ID, as it will be generated).
+     * @returns A promise that resolves when the entry is added.
+     */
+    addEntry(entry: Entry): Promise<void>;
+    /**
+     * Delete an entry from the vault.
+     * @param entryId - The identifier of the entry to delete.
+     * @throws {EntryNotFoundError} If no entry exists with the given ID.
+     */
+    deleteEntry(entryId: EntryId): Promise<void>;
+    /**
+     * Update an existing entry in the vault.
+     * @param updatedEntry - An object containing the updated entry.
+     * @returns A promise that resolves when the entry is updated.
+     * @throws {EntryNotFoundError} If no entry exists with the given ID.
+     */
+    updateEntry(updatedEntry: Entry): Promise<void>;
+    /**
+     * Replace the current vault with a new one.
+     * @param newVault - The new vault data to replace the existing vault.
+     */
+    replaceVault(newVault: Vault): void;
+}
+export default VaultDataManager;