feat: Implement AWS RSA-PSS provider (#16)

Author: gnarea

package-lock.json

@@ -40,6 +40,7 @@
     "node": ">=16"
   },
   "dependencies": {
+    "@aws-sdk/client-kms": "^3.298.0",
     "@google-cloud/kms": "^3.5.0",
     "@peculiar/webcrypto": "^1.4.3",
     "fast-crc32c": "^2.0.0",

package.json

@@ -0,0 +1,3 @@
+import { RsaPssProvider } from 'webcrypto-core';
+
+export abstract class KmsRsaPssProvider extends RsaPssProvider {}

src/lib/KmsRsaPssProvider.ts

@@ -4,23 +4,23 @@ import { CryptoKey, KeyAlgorithm, KeyUsages, ProviderCrypto } from 'webcrypto-co
 
 import { HashingAlgorithm } from './algorithms';
 
-export class PrivateKey extends CryptoKey {
+export class PrivateKey<Provider extends ProviderCrypto> extends CryptoKey {
   public override readonly extractable = true;
 
   public override readonly type = 'private' as KeyType;
 
   constructor(
     public override readonly algorithm: KeyAlgorithm,
-    public readonly provider: ProviderCrypto,
+    public readonly provider: Provider,
   ) {
     super();
   }
 }
 
-export class RsaPssPrivateKey extends PrivateKey {
+export class RsaPssPrivateKey<Provider extends ProviderCrypto> extends PrivateKey<Provider> {
   public override readonly usages = ['sign'] as KeyUsages;
 
-  constructor(hashingAlgorithm: HashingAlgorithm, provider: ProviderCrypto) {
+  constructor(hashingAlgorithm: HashingAlgorithm, provider: Provider) {
     const algorithm = { name: 'RSA-PSS', hash: { name: hashingAlgorithm } };
     super(algorithm, provider);
   }

src/lib/PrivateKey.ts

@@ -0,0 +1,25 @@
+import { AwsKmsRsaPssPrivateKey } from './AwsKmsRsaPssPrivateKey';
+import { AwsKmsRsaPssProvider } from './AwsKmsRsaPssProvider';
+import { HashingAlgorithm } from '../algorithms';
+
+const HASHING_ALGORITHM: HashingAlgorithm = 'SHA-256';
+const KMS_KEY_ARN = 'arn:aws:kms:eu-west-2:111122223333:key/c34c7f46-e663-4d76-bff4-7b5c0820e500';
+const KMS_PROVIDER = new AwsKmsRsaPssProvider(null as any);
+
+test('KMS key ARN should be honored', () => {
+  const key = new AwsKmsRsaPssPrivateKey(KMS_KEY_ARN, HASHING_ALGORITHM, KMS_PROVIDER);
+
+  expect(key.arn).toEqual(KMS_KEY_ARN);
+});
+
+test('Crypto provider should be honored', () => {
+  const key = new AwsKmsRsaPssPrivateKey(KMS_KEY_ARN, HASHING_ALGORITHM, KMS_PROVIDER);
+
+  expect(key.provider).toBe(KMS_PROVIDER);
+});
+
+test('Hashing algorithm should be honored', () => {
+  const key = new AwsKmsRsaPssPrivateKey(KMS_KEY_ARN, HASHING_ALGORITHM, KMS_PROVIDER);
+
+  expect(key.algorithm).toHaveProperty('hash.name', HASHING_ALGORITHM);
+});

src/lib/aws/AwsKmsRsaPssPrivateKey.spec.ts

@@ -0,0 +1,13 @@
+import type { AwsKmsRsaPssProvider } from './AwsKmsRsaPssProvider';
+import { RsaPssPrivateKey } from '../PrivateKey';
+import { HashingAlgorithm } from '../algorithms';
+
+export class AwsKmsRsaPssPrivateKey extends RsaPssPrivateKey<AwsKmsRsaPssProvider> {
+  constructor(
+    public arn: string,
+    hashingAlgorithm: HashingAlgorithm,
+    provider: AwsKmsRsaPssProvider,
+  ) {
+    super(hashingAlgorithm, provider);
+  }
+}