UNPKG

@sphereon/ssi-sdk-ext.kms-azure-rest-client

Version:

Sphereon SSI-SDK plugin for Azure KeyVault Key Management System.

144 lines 6.51 kB
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.AzureKeyVaultKeyManagementSystemRestClient = void 0; const key_manager_1 = require("@veramo/key-manager"); const AzureRestClient = __importStar(require("./js-client")); const u8a = __importStar(require("uint8arrays")); class AzureKeyVaultKeyManagementSystemRestClient extends key_manager_1.AbstractKeyManagementSystem { constructor(options) { super(); this.mapKeyTypeCurveName = (type) => { switch (type) { case 'Secp256r1': return 'P-256'; default: throw new Error(`Key type ${type} is not supported by AzureKeyVaultKMS`); } }; this.keyTypeToDigestAlgorithm = (type) => { switch (type) { case 'Secp256r1': return 'sha256'; default: throw new Error(`Key type ${type} is not supported by AzureKeyVaultKMS`); } }; const config = AzureRestClient.createConfiguration({ baseServer: new AzureRestClient.ServerConfiguration(options.vaultUrl, {}), authMethods: { apiKeyScheme: options.apiKey, }, }); this.id = options.applicationId; this.client = new AzureRestClient.KeyVaultControllerApi(config); } createKey(args) { return __awaiter(this, void 0, void 0, function* () { var _a, _b; const { type, meta } = args; const curveName = this.mapKeyTypeCurveName(type); const options = { keyName: meta === null || meta === void 0 ? void 0 : meta.keyAlias.replace(/_/g, "-"), curveName, operations: meta && 'keyOperations' in meta ? meta.keyOperations : ['sign', 'verify'], }; const createKeyResponse = yield this.client.createEcKey(options); return { kid: createKeyResponse.name, kms: this.id, type, meta: { alias: createKeyResponse.name, algorithms: [(_b = (_a = createKeyResponse.key) === null || _a === void 0 ? void 0 : _a.curveName) !== null && _b !== void 0 ? _b : 'ES256'], kmsKeyRef: createKeyResponse.id }, publicKeyHex: this.ecJwkToRawHexKey(createKeyResponse.key), }; }); } ecJwkToRawHexKey(jwk) { if (!jwk.x || !jwk.y) { throw new Error("EC JWK must contain 'x' and 'y' properties."); } // We are converting from base64 to base64url to be sure. The spec uses base64url, but in the wild we sometimes encounter a base64 string const x = u8a.fromString(jwk.x.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, ''), 'base64url'); const y = u8a.fromString(jwk.y.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, ''), 'base64url'); return '04' + u8a.toString(x, 'hex') + u8a.toString(y, 'hex'); } sign(args) { return __awaiter(this, void 0, void 0, function* () { if (!args.keyRef) { throw new Error('key_not_found: No key ref provided'); } const signResponse = yield this.client.signPayload({ keyName: args.keyRef.kid, payload: u8a.toString(args.data), }); return signResponse.signature; }); } verify(args) { return __awaiter(this, void 0, void 0, function* () { if (!args.keyRef) { throw new Error('key_not_found: No key ref provided'); } return yield this.client.verifyPayload({ keyName: args.keyRef.kid, signature: args.signature, payload: new TextDecoder().decode(args.data), }); }); } sharedSecret(args) { throw new Error('sharedSecret is not implemented for AzureKeyVaultKMS.'); } importKey(args) { return __awaiter(this, void 0, void 0, function* () { throw new Error('importKey is not implemented for AzureKeyVaultKMS.'); }); } deleteKey(_a) { return __awaiter(this, arguments, void 0, function* ({ kid }) { throw new Error('deleteKey is not implemented for AzureKeyVaultKMS.'); }); } listKeys() { return __awaiter(this, void 0, void 0, function* () { throw new Error('listKeys is not implemented for AzureKeyVaultKMS.'); }); } } exports.AzureKeyVaultKeyManagementSystemRestClient = AzureKeyVaultKeyManagementSystemRestClient; //# sourceMappingURL=AzureKeyVaultKeyManagementSystemRestClient.js.map