UNPKG

@a4smanjorg5/invoida

Version:

> Core signing and cryptographic module for the Invoida project

a4smanjorg5/js-invoida

35 lines (34 loc) 2.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.sign = exports.removeKeyPair = exports.listKeys = exports.generateKeyPair = void 0; const glob_1 = require("glob"); const jose_1 = require("jose"); const crypto_1 = require("crypto"); const promises_1 = require("fs/promises"); const path_1 = require("path"); const BUFFER_SIZE = Math.max(+process.env.INVOIDA_KIDSZ, 8) || 8; const encodeObj = (obj) => new Uint8Array(Buffer.from(JSON.stringify(obj).replace(/[^\x00-\xff]/g, char => ('\\u' + char.charCodeAt(0).toString(16).padStart(4, '0'))))); const generateKeyPair = async (kid) => { const { privateKey, publicKey } = await (0, jose_1.generateKeyPair)('ES256'); const jwk = await (0, jose_1.exportJWK)(publicKey); jwk.kid = kid || (0, crypto_1.randomBytes)(BUFFER_SIZE).toString('base64url'); await (0, promises_1.mkdir)(pathToKeysDir(''), { recursive: true }).catch(); await Promise.all([ (0, promises_1.writeFile)(pathToKeysDir(jwk.kid + '.jwk'), JSON.stringify(jwk)), (0, promises_1.writeFile)(pathToKeysDir(jwk.kid + '.pem'), await (0, jose_1.exportPKCS8)(privateKey)), ]); return jwk; }; exports.generateKeyPair = generateKeyPair; const listKeys = async () => Promise.all((await (0, glob_1.glob)(pathToKeysDir('*.jwk'), { windowsPathsNoEscape: true })).map(async (path) => JSON.parse('' + await (0, promises_1.readFile)(path)))); exports.listKeys = listKeys; const removeKeyPair = (kid) => Promise.all([ (0, promises_1.unlink)(pathToKeysDir(kid + '.pem')), (0, promises_1.unlink)(pathToKeysDir(kid + '.jwk')), ]).then(arr => arr[0]); exports.removeKeyPair = removeKeyPair; const sign = async (payload, kid) => new jose_1.CompactSign(encodeObj({ iat: Math.floor(Date.now() / 1000), ...payload })) .setProtectedHeader({ alg: 'ES256', kid }) .sign(await (0, jose_1.importPKCS8)('' + await (0, promises_1.readFile)(pathToKeysDir(kid + '.pem')), 'ES256')); exports.sign = sign; const pathToKeysDir = (...paths) => (0, path_1.join)(process.env.INVOIDA_CERTS_DIR, ...paths);