Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 92x 1x 92x 92x 1x 259x 48x 47x 92x 92x 92x 92x 42x 42x 42x 48x 48x 47x 44x 44x 3x 3x 42x 42x 42x 42x 1x 1x 1x 41x 41x 41x 41x 41x 39x 39x 41x | import { JwtService, KeysService } from '@affinidi/common' import { KeyStorageApiService } from '@affinidi/internal-api-clients' import { profile } from '@affinidi/tools-common' import retry from 'async-retry' import { extractSDKVersion } from '../_helpers' const createHash = require('create-hash') import { KeyParams } from '../dto/shared.dto' import { withDidData } from '../shared/getDidData' import SdkErrorFromCode from '../shared/SdkErrorFromCode' type ConstructorOptions = { keyStorageUrl: string accessApiKey: string tenantToken?: string } const sha256 = (data: unknown) => { return createHash('sha256').update(data).digest() } const hashFromString = (data: string): string => { const buffer = sha256(Buffer.from(data)) return buffer.toString('hex') } @profile() export default class KeyManagementService { private _keyStorageApiService constructor(options: ConstructorOptions) { this._keyStorageApiService = new KeyStorageApiService({ keyStorageUrl: options.keyStorageUrl, accessApiKey: options.accessApiKey, sdkVersion: extractSDKVersion(), tenantToken: options.tenantToken, }) } private async _pullEncryptedSeed(accessToken: string) { const { body: { encryptedSeed }, } = await this._keyStorageApiService.readMyKey({ accessToken }) return encryptedSeed } private async _pullEncryptionKey(accessToken: string): Promise<string> { // TODO: must use key provider, its just a mock at this point const { payload } = JwtService.fromJWT(accessToken) const userId = payload.sub const encryptionKey = hashFromString(userId) return encryptionKey } private async _storeEncryptedSeed(accessToken: string, seedHex: string, encryptionKey: string): Promise<void> { const encryptionKeyBuffer = Buffer.from(encryptionKey, 'hex') const encryptedSeed = await KeysService.encryptSeed(seedHex, encryptionKeyBuffer) await this._keyStorageApiService.storeMyKey(accessToken, { encryptedSeed }) } public async pullKeyAndSeed(accessToken: string) { const encryptionKey = await this._pullEncryptionKey(accessToken) const encryptedSeed = await this._pullEncryptedSeed(accessToken) return { encryptionKey, encryptedSeed } } public async pullUserData(accessToken: string) { const { encryptionKey, encryptedSeed } = await this.pullKeyAndSeed(accessToken) return withDidData({ encryptedSeed, password: encryptionKey }) } public async pullEncryptionKeyAndStoreEncryptedSeed(accessToken: string, seedHexWithMethod: string) { const encryptionKey = await this._pullEncryptionKey(accessToken) await this.storeEncryptedSeed(accessToken, seedHexWithMethod, encryptionKey) } private async storeEncryptedSeed(accessToken: string, seedHexWithMethod: string, encryptionKey: string) { await retry( async (bail) => { const errorCodes = ['COR-1', 'WAL-2'] try { await this._storeEncryptedSeed(accessToken, seedHexWithMethod, encryptionKey) } catch (error) { Eif (errorCodes.indexOf(error.code) >= 0) { // If it's a known error we can bail out of the retry and that error will be what's thrown bail(error) return } else { // Otherwise we wrap the error and throw that, // this will trigger a retry until "retries" count is met throw new SdkErrorFromCode('COR-18', { accessToken }, error) } } }, { retries: 3 }, ) } /* To cover scenario when registration failed and private key is not saved: * 1. seed is generated before user is confirmed in Cognito * 2. encrypt seed with user's password * 3. confirm user in Cognito, if registration is successful * 4. get user's encryptionKey * 5. re-encrypt user's seed with encryptionKey */ public async reencryptSeed(accessToken: string, keyParams: KeyParams, backupUpdatedSeed: boolean) { const encryptionKey = await this._pullEncryptionKey(accessToken) const { fullSeedHex } = KeysService.decryptSeed(keyParams.encryptedSeed, keyParams.password) const encryptionKeyBuffer = KeysService.normalizePassword(encryptionKey) const updatedEncryptedSeed = await KeysService.encryptSeed(fullSeedHex, encryptionKeyBuffer) if (backupUpdatedSeed) { const { fullSeedHex } = KeysService.decryptSeed(updatedEncryptedSeed, encryptionKey) await this.storeEncryptedSeed(accessToken, fullSeedHex, encryptionKey) } return { encryptionKey, updatedEncryptedSeed } } } |