ssi-security-commons 0.16.27 → 0.16.29

package/fesm2022/ssi-security-commons.mjs

@@ -11,9 +11,9 @@ import * as i3 from '@angular/common';
 import { CommonModule } from '@angular/common';
 import * as i1$1 from '@angular/common/http';
 import { HttpHeaders, HttpResponse, HttpErrorResponse } from '@angular/common/http';
-import { map, catchError, switchMap, filter, take } from 'rxjs/operators';
-import { BehaviorSubject, throwError, map as map$1 } from 'rxjs';
-import * as i2$2 from '@angular/router';
+import { map, switchMap, catchError, filter, take } from 'rxjs/operators';
+import { from, BehaviorSubject, throwError, map as map$1 } from 'rxjs';
+import * as i3$1 from '@angular/router';
 
 class SsiSecurityCommonsService {
     static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: SsiSecurityCommonsService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
@@ -167,7 +167,8 @@ class SessionService {
             username: tokenData.preferred_username,
             email: tokenData.email,
             emailVerified: tokenData.email_verified,
-            countryCode: tokenData.country_code
+            countryCode: tokenData.country_code,
+            partyId: tokenData.party_id
         };
         return userData;
     }
@@ -894,10 +895,79 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.0.3", ngImpor
                 }]
         }] });
 
+class HybridEncryptionService {
+    constructor() {
+        this.publicKeyPem = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydjMaPDQvcNCPsB3zmuA
+RyDw/eVPjH8eITcWq+TnmqW4FCxwTxAQQy8bEnO7HC8eUVaD8tlNaLVjiRRCo0+o
+JMDZC5S9aUGpz/Ueghp5aziu0abk7pZ+x/BrfpAN+7VteZh00d/YAtZlbQ6kHM44
+oz2d7Fj1MPzB22ZoEnmcFqBlvsW8yblM38HEAKRXj9733XiayDoq6ivP046IFBpP
+Cgg7kOLfOYMt7ZNkaKzDeYBfQAvhW+Nd6EN+8CCrI8//fnwRbrItzgR5KXwJ0F5T
+w6/YhIkJi7Ce6kR8D7aYdXNoRKzX5m+GxSkLtiMImHOnVWg+wo/lvCbLRWS+QQ14
+pQIDAQAB
+-----END PUBLIC KEY-----`;
+        this.loadPublicKey();
+    }
+    /** Import RSA public key */
+    async loadPublicKey() {
+        const pemHeader = '-----BEGIN PUBLIC KEY-----';
+        const pemFooter = '-----END PUBLIC KEY-----';
+        const pemContents = this.publicKeyPem
+            .replace(pemHeader, '')
+            .replace(pemFooter, '')
+            .replace(/\s/g, '');
+        const binaryDer = Uint8Array.from(atob(pemContents), c => c.charCodeAt(0));
+        this.publicKey = await crypto.subtle.importKey('spki', binaryDer.buffer, {
+            name: 'RSA-OAEP',
+            hash: 'SHA-256'
+        }, true, ['encrypt']);
+    }
+    /** Generate a random AES key */
+    async generateAesKey() {
+        return crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']);
+    }
+    /** Encrypt large data with AES and AES key with RSA */
+    async encrypt(data) {
+        if (!this.publicKey) {
+            await this.loadPublicKey();
+        }
+        // Convert payload to JSON + Uint8Array
+        const encoder = new TextEncoder();
+        const plainBytes = encoder.encode(JSON.stringify(data));
+        // Generate AES key + IV
+        const aesKey = await this.generateAesKey();
+        const iv = crypto.getRandomValues(new Uint8Array(12)); // AES-GCM nonce
+        // Encrypt data with AES
+        const encryptedDataBuffer = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, aesKey, plainBytes);
+        // Export AES key
+        const rawAesKey = await crypto.subtle.exportKey('raw', aesKey);
+        // Encrypt AES key with RSA
+        const encryptedKeyBuffer = await crypto.subtle.encrypt({ name: 'RSA-OAEP' }, this.publicKey, rawAesKey);
+        return {
+            encryptedKey: this.arrayBufferToBase64(encryptedKeyBuffer),
+            encryptedData: this.arrayBufferToBase64(encryptedDataBuffer),
+            iv: this.arrayBufferToBase64(iv.buffer)
+        };
+    }
+    /** Convert ArrayBuffer → Base64 */
+    arrayBufferToBase64(buffer) {
+        return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: HybridEncryptionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: HybridEncryptionService, providedIn: 'root' }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: HybridEncryptionService, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
+        }], ctorParameters: function () { return []; } });
+
 /* eslint-disable */
 class AuthInterceptor {
-    constructor(cryptoService, environment) {
+    constructor(cryptoService, hybridEncryptionService, environment) {
         this.cryptoService = cryptoService;
+        this.hybridEncryptionService = hybridEncryptionService;
         console.log('AuthInterceptor constructor');
         this.environment = environment;
     }
@@ -937,14 +1007,23 @@ class AuthInterceptor {
                 headers: request.headers.append('Language', l)
             });
         }
+        const isEncrypted = request.headers.get('X-Encrypted');
+        if (isEncrypted === 'true' && request.body) {
+            return from(this.hybridEncryptionService.encrypt(request.body)).pipe(switchMap(encryptedPayload => {
+                const newReq = request.clone({
+                    body: encryptedPayload
+                });
+                return next.handle(newReq);
+            }));
+        }
         return next.handle(request);
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: AuthInterceptor, deps: [{ token: CryptoService }, { token: 'environment' }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: AuthInterceptor, deps: [{ token: CryptoService }, { token: HybridEncryptionService }, { token: 'environment' }], target: i0.ɵɵFactoryTarget.Injectable }); }
     static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: AuthInterceptor }); }
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: AuthInterceptor, decorators: [{
             type: Injectable
-        }], ctorParameters: function () { return [{ type: CryptoService }, { type: undefined, decorators: [{
+        }], ctorParameters: function () { return [{ type: CryptoService }, { type: HybridEncryptionService }, { type: undefined, decorators: [{
                     type: Inject,
                     args: ['environment']
                 }] }]; } });
@@ -1041,12 +1120,12 @@ class ResponseInterceptor {
             console.error(err);
         });
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: ResponseInterceptor, deps: [{ token: i0.Injector }, { token: i2$2.Router }, { token: CryptoService }, { token: JwtService }, { token: SessionService }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: ResponseInterceptor, deps: [{ token: i0.Injector }, { token: i3$1.Router }, { token: CryptoService }, { token: JwtService }, { token: SessionService }], target: i0.ɵɵFactoryTarget.Injectable }); }
     static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: ResponseInterceptor }); }
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.0.3", ngImport: i0, type: ResponseInterceptor, decorators: [{
             type: Injectable
-        }], ctorParameters: function () { return [{ type: i0.Injector }, { type: i2$2.Router }, { type: CryptoService }, { type: JwtService }, { type: SessionService }]; } });
+        }], ctorParameters: function () { return [{ type: i0.Injector }, { type: i3$1.Router }, { type: CryptoService }, { type: JwtService }, { type: SessionService }]; } });
 
 /* eslint-disable max-lines-per-function */
 /* eslint-disable prefer-const */
@@ -1102,9 +1181,24 @@ class WebAuthnService {
         };
         return navigator.credentials.get({ publicKey: publicKeyCredentials });
     }
-    getChallenge() {
+    getChallengeOld() {
         return Uint8Array.from('jEfcn1CsGFxBiXYtJMSGDycPqPoyFJ3Z', c => c.charCodeAt(0));
     }
+    getChallenge() {
+        let base64 = 'jEfcn1CsGFxBiXYtJMSGDycPqPoyFJ3Z'
+            .replace(/-/g, '+')
+            .replace(/_/g, '/');
+        while (base64.length % 4) {
+            base64 += '=';
+        }
+        const binaryString = atob(base64);
+        const len = binaryString.length;
+        const bytes = new Uint8Array(len);
+        for (let i = 0; i < len; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes;
+    }
     register(user, newCredentialInfo) {
         const promise = new Promise((resolve, reject) => {
             let enc = new TextDecoder('utf-8');