From 41cb5f4d363631dcac757b501aa3b1d7f9bf6696 Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 29 Nov 2023 10:33:09 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20Move=20KAS=20methods=20in=20nano?= =?UTF-8?q?=20code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Small refactor to consolidate KAS methods --- lib/src/{kas.ts => access.ts} | 11 +++++++++++ lib/src/index.ts | 6 ++++-- lib/src/nanotdf/Client.ts | 2 +- lib/src/tdf/AttributeObject.ts | 4 ++-- 4 files changed, 18 insertions(+), 5 deletions(-) rename lib/src/{kas.ts => access.ts} (79%) diff --git a/lib/src/kas.ts b/lib/src/access.ts similarity index 79% rename from lib/src/kas.ts rename to lib/src/access.ts index 54fef60e..4a1ece83 100644 --- a/lib/src/kas.ts +++ b/lib/src/access.ts @@ -48,3 +48,14 @@ export async function fetchWrappedKey( return response.json(); } + +export async function fetchECKasPubKey(kasEndpoint: string): Promise { + const kasPubKeyResponse = await fetch(`${kasEndpoint}/kas_public_key?algorithm=ec:secp256r1`); + if (!kasPubKeyResponse.ok) { + throw new Error( + `Unable to validate KAS [${kasEndpoint}]. Received [${kasPubKeyResponse.status}:${kasPubKeyResponse.statusText}]` + ); + } + return kasPubKeyResponse.json(); +} + diff --git a/lib/src/index.ts b/lib/src/index.ts index 18eeddf3..e237e920 100644 --- a/lib/src/index.ts +++ b/lib/src/index.ts @@ -10,6 +10,8 @@ import { } from './nanotdf/index.js'; import { keyAgreement } from './nanotdf-crypto/index.js'; import { TypedArray, createAttribute, Policy } from './tdf/index.js'; +import { AuthProvider } from './auth/auth.js'; +import { fetchECKasPubKey } from './access.js'; import { ClientConfig } from './nanotdf/Client.js'; import { pemToCryptoPublicKey } from './utils.js'; @@ -132,7 +134,7 @@ export class NanoTDFClient extends Client { delete this.iv; if (!this.kasPubKey) { - this.kasPubKey = await fetchKasPubKey(this.kasUrl); + this.kasPubKey = await fetchECKasPubKey(this.kasUrl); } // Create a policy for the tdf @@ -259,7 +261,7 @@ export class NanoTDFDatasetClient extends Client { const ephemeralKeyPair = await this.ephemeralKeyPair; if (!this.kasPubKey) { - this.kasPubKey = await fetchKasPubKey(this.kasUrl); + this.kasPubKey = await fetchECKasPubKey(this.kasUrl); } // Create a policy for the tdf diff --git a/lib/src/nanotdf/Client.ts b/lib/src/nanotdf/Client.ts index 8a5049da..44760a87 100644 --- a/lib/src/nanotdf/Client.ts +++ b/lib/src/nanotdf/Client.ts @@ -3,7 +3,7 @@ import * as base64 from '../encodings/base64.js'; import { generateKeyPair, keyAgreement } from '../nanotdf-crypto/index.js'; import getHkdfSalt from './helpers/getHkdfSalt.js'; import DefaultParams from './models/DefaultParams.js'; -import { fetchWrappedKey } from '../kas.js'; +import { fetchWrappedKey } from '../access.js'; import { AuthProvider, isAuthProvider, reqSignature } from '../auth/providers.js'; import { cryptoPublicToPem, diff --git a/lib/src/tdf/AttributeObject.ts b/lib/src/tdf/AttributeObject.ts index 510b1ce2..3e9b20f3 100644 --- a/lib/src/tdf/AttributeObject.ts +++ b/lib/src/tdf/AttributeObject.ts @@ -17,11 +17,11 @@ export async function createAttribute( kasUrl: string ): Promise { return { - attribute: attribute, + attribute, isDefault: false, displayName: '', pubKey: await cryptoPublicToPem(pubKey), - kasUrl: kasUrl, + kasUrl, schemaVersion: '1.1.0', }; }