From e7143950508f0a51eb2263e5dd8baef3950a14b9 Mon Sep 17 00:00:00 2001 From: Robert Yokota Date: Mon, 18 Aug 2025 09:49:52 -0700 Subject: [PATCH] Update to TypeScript 5.9; change from Uint8Array to Uint8Array --- examples/typescript/package.json | 2 +- package-lock.json | 4 +-- package.json | 2 +- schemaregistry/package.json | 2 +- .../rules/encryption/encrypt-executor.ts | 26 +++++++++---------- schemaregistry/rules/encryption/tink/aead.ts | 8 +++--- .../rules/encryption/tink/aes_gcm.ts | 10 +++---- .../rules/encryption/tink/aes_siv.ts | 12 ++++----- schemaregistry/rules/encryption/tink/bytes.ts | 18 ++++++------- schemaregistry/rules/encryption/tink/hkdf.ts | 4 +-- schemaregistry/rules/encryption/tink/hmac.ts | 6 ++--- schemaregistry/rules/encryption/tink/mac.ts | 4 +-- .../rules/encryption/tink/random.ts | 2 +- .../rules/encryption/tink/validators.ts | 2 +- 14 files changed, 51 insertions(+), 51 deletions(-) diff --git a/examples/typescript/package.json b/examples/typescript/package.json index 33a10079..5b0dcedc 100644 --- a/examples/typescript/package.json +++ b/examples/typescript/package.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@confluentinc/kafka-javascript": "file:../..", - "typescript": "^5.4.4" + "typescript": "^5.9.2" }, "devDependencies": { "@types/node": "^20.12.5" diff --git a/package-lock.json b/package-lock.json index 113170dc..3cbae781 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,7 +37,7 @@ "node-gyp": "^9.3.1", "nyc": "^17.1.0", "ts-jest": "^29.2.5", - "typescript": "^5.5.4", + "typescript": "^5.9.2", "typescript-eslint": "^8.2.0" }, "engines": { @@ -11936,7 +11936,7 @@ "mocha": "^10.7.0", "node-gyp": "^9.3.1", "ts-jest": "^29.2.4", - "typescript": "^5.5.4", + "typescript": "^5.9.2", "typescript-eslint": "^8.2.0" } }, diff --git a/package.json b/package.json index acc087d4..f4c042b1 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "node-gyp": "^9.3.1", "nyc": "^17.1.0", "ts-jest": "^29.2.5", - "typescript": "^5.5.4", + "typescript": "^5.9.2", "typescript-eslint": "^8.2.0" }, "dependencies": { diff --git a/schemaregistry/package.json b/schemaregistry/package.json index ab380750..e91c7315 100644 --- a/schemaregistry/package.json +++ b/schemaregistry/package.json @@ -25,7 +25,7 @@ "mocha": "^10.7.0", "node-gyp": "^9.3.1", "ts-jest": "^29.2.4", - "typescript": "^5.5.4", + "typescript": "^5.9.2", "typescript-eslint": "^8.2.0" }, "dependencies": { diff --git a/schemaregistry/rules/encryption/encrypt-executor.ts b/schemaregistry/rules/encryption/encrypt-executor.ts index c0973229..0e718705 100644 --- a/schemaregistry/rules/encryption/encrypt-executor.ts +++ b/schemaregistry/rules/encryption/encrypt-executor.ts @@ -170,7 +170,7 @@ export class EncryptionExecutor implements RuleExecutor { } export class Cryptor { - static readonly EMPTY_AAD = Buffer.from([]) + static readonly EMPTY_AAD: Uint8Array = new Uint8Array(0) dekFormat: DekFormat isDeterministic: boolean @@ -222,13 +222,13 @@ export class Cryptor { switch (this.dekFormat) { case DekFormat.AES256_SIV: const aesSivKey = fromBinary(AesSivKeySchema, dek) - rawKey = aesSivKey.keyValue - return Buffer.from(await this.encryptWithAesSiv(rawKey, plaintext)) + rawKey = new Uint8Array(aesSivKey.keyValue) + return Buffer.from(await this.encryptWithAesSiv(rawKey as Uint8Array, new Uint8Array(plaintext))) case DekFormat.AES128_GCM: case DekFormat.AES256_GCM: const aesGcmKey = fromBinary(AesGcmKeySchema, dek) - rawKey = aesGcmKey.keyValue - return Buffer.from(await this.encryptWithAesGcm(rawKey, plaintext)) + rawKey = new Uint8Array(aesGcmKey.keyValue) + return Buffer.from(await this.encryptWithAesGcm(rawKey as Uint8Array, new Uint8Array(plaintext))) default: throw new RuleError('unsupported dek format') } @@ -239,34 +239,34 @@ export class Cryptor { switch (this.dekFormat) { case DekFormat.AES256_SIV: const aesSivKey = fromBinary(AesSivKeySchema, dek) - rawKey = aesSivKey.keyValue - return Buffer.from(await this.decryptWithAesSiv(rawKey, ciphertext)) + rawKey = new Uint8Array(aesSivKey.keyValue) + return Buffer.from(await this.decryptWithAesSiv(rawKey as Uint8Array, new Uint8Array(ciphertext))) case DekFormat.AES128_GCM: case DekFormat.AES256_GCM: const aesGcmKey = fromBinary(AesGcmKeySchema, dek) - rawKey = aesGcmKey.keyValue - return Buffer.from(await this.decryptWithAesGcm(rawKey, ciphertext)) + rawKey = new Uint8Array(aesGcmKey.keyValue) + return Buffer.from(await this.decryptWithAesGcm(rawKey as Uint8Array, new Uint8Array(ciphertext))) default: throw new RuleError('unsupported dek format') } } - async encryptWithAesSiv(key: Uint8Array, plaintext: Uint8Array): Promise { + async encryptWithAesSiv(key: Uint8Array, plaintext: Uint8Array): Promise> { const aead = await aesSivFromRawKey(key) return aead.encrypt(plaintext, Cryptor.EMPTY_AAD) } - async decryptWithAesSiv(key: Uint8Array, ciphertext: Uint8Array): Promise { + async decryptWithAesSiv(key: Uint8Array, ciphertext: Uint8Array): Promise> { const aead = await aesSivFromRawKey(key) return aead.decrypt(ciphertext, Cryptor.EMPTY_AAD) } - async encryptWithAesGcm(key: Uint8Array, plaintext: Uint8Array): Promise { + async encryptWithAesGcm(key: Uint8Array, plaintext: Uint8Array): Promise> { const aead = await aesGcmFromRawKey(key) return aead.encrypt(plaintext, Cryptor.EMPTY_AAD) } - async decryptWithAesGcm(key: Uint8Array, ciphertext: Uint8Array): Promise { + async decryptWithAesGcm(key: Uint8Array, ciphertext: Uint8Array): Promise> { const aead = await aesGcmFromRawKey(key) return aead.decrypt(ciphertext, Cryptor.EMPTY_AAD) } diff --git a/schemaregistry/rules/encryption/tink/aead.ts b/schemaregistry/rules/encryption/tink/aead.ts index df85ca73..5f3fb34b 100644 --- a/schemaregistry/rules/encryption/tink/aead.ts +++ b/schemaregistry/rules/encryption/tink/aead.ts @@ -29,8 +29,8 @@ export abstract class Aead { * @returns resulting ciphertext * */ - abstract encrypt(plaintext: Uint8Array, opt_associatedData?: Uint8Array|null): - Promise; + abstract encrypt(plaintext: Uint8Array, opt_associatedData?: Uint8Array|null): + Promise>; /** * Decrypts ciphertext with associated authenticated data. @@ -46,6 +46,6 @@ export abstract class Aead { * @returns resulting plaintext */ abstract decrypt( - ciphertext: Uint8Array, - opt_associatedData?: Uint8Array|null): Promise; + ciphertext: Uint8Array, + opt_associatedData?: Uint8Array|null): Promise>; } diff --git a/schemaregistry/rules/encryption/tink/aes_gcm.ts b/schemaregistry/rules/encryption/tink/aes_gcm.ts index 0035759f..93e623c8 100644 --- a/schemaregistry/rules/encryption/tink/aes_gcm.ts +++ b/schemaregistry/rules/encryption/tink/aes_gcm.ts @@ -34,8 +34,8 @@ export class AesGcm extends Aead { /** */ - async encrypt(plaintext: Uint8Array, associatedData?: Uint8Array): - Promise { + async encrypt(plaintext: Uint8Array, associatedData?: Uint8Array): + Promise> { Validators.requireUint8Array(plaintext); if (associatedData != null) { Validators.requireUint8Array(associatedData); @@ -56,8 +56,8 @@ export class AesGcm extends Aead { /** */ - async decrypt(ciphertext: Uint8Array, associatedData?: Uint8Array): - Promise { + async decrypt(ciphertext: Uint8Array, associatedData?: Uint8Array): + Promise> { Validators.requireUint8Array(ciphertext); if (ciphertext.length < IV_SIZE_IN_BYTES + TAG_SIZE_IN_BITS / 8) { throw new SecurityException('ciphertext too short'); @@ -88,7 +88,7 @@ export class AesGcm extends Aead { } } -export async function fromRawKey(key: Uint8Array): Promise { +export async function fromRawKey(key: Uint8Array): Promise { Validators.requireUint8Array(key); Validators.validateAesKeySize(key.length); const webCryptoKey = await crypto.subtle.importKey( diff --git a/schemaregistry/rules/encryption/tink/aes_siv.ts b/schemaregistry/rules/encryption/tink/aes_siv.ts index 64114dd2..2137b0c7 100644 --- a/schemaregistry/rules/encryption/tink/aes_siv.ts +++ b/schemaregistry/rules/encryption/tink/aes_siv.ts @@ -13,27 +13,27 @@ import {SIV, SoftCryptoProvider} from "@hackbg/miscreant-esm"; * */ export class AesSiv extends Aead { - constructor(private readonly key: Uint8Array) { + constructor(private readonly key: Uint8Array) { super(); } /** */ - async encrypt(plaintext: Uint8Array, associatedData?: Uint8Array): - Promise { + async encrypt(plaintext: Uint8Array, associatedData?: Uint8Array): + Promise> { let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new SoftCryptoProvider()); return key.seal(plaintext, associatedData != null ? [associatedData] : []); } /** */ - async decrypt(ciphertext: Uint8Array, associatedData?: Uint8Array): - Promise { + async decrypt(ciphertext: Uint8Array, associatedData?: Uint8Array): + Promise> { let key = await SIV.importKey(this.key, "AES-CMAC-SIV", new SoftCryptoProvider()); return key.open(ciphertext, associatedData != null? [associatedData] : []); } } -export async function fromRawKey(key: Uint8Array): Promise { +export async function fromRawKey(key: Uint8Array): Promise { return new AesSiv(key); } diff --git a/schemaregistry/rules/encryption/tink/bytes.ts b/schemaregistry/rules/encryption/tink/bytes.ts index f2aafdaf..cc37eef7 100644 --- a/schemaregistry/rules/encryption/tink/bytes.ts +++ b/schemaregistry/rules/encryption/tink/bytes.ts @@ -11,7 +11,7 @@ import {InvalidArgumentsException} from './exception/invalid_arguments_exception * @param ba2 - The second bytearray to check. * @returns If the array are equal. */ -export function isEqual(ba1: Uint8Array, ba2: Uint8Array): boolean { +export function isEqual(ba1: Uint8Array, ba2: Uint8Array): boolean { if (ba1.length !== ba2.length) { return false; } @@ -25,7 +25,7 @@ export function isEqual(ba1: Uint8Array, ba2: Uint8Array): boolean { /** * Returns a new array that is the result of joining the arguments. */ -export function concat(...var_args: Uint8Array[]): Uint8Array { +export function concat(...var_args: Uint8Array[]): Uint8Array { let length = 0; for (let i = 0; i < arguments.length; i++) { // eslint-disable-next-line prefer-rest-params @@ -48,7 +48,7 @@ export function concat(...var_args: Uint8Array[]): Uint8Array { * @returns The number as a big-endian byte array. * @throws {@link InvalidArgumentsException} */ -export function fromNumber(value: number): Uint8Array { +export function fromNumber(value: number): Uint8Array { if (Number.isNaN(value) || value % 1 !== 0) { throw new InvalidArgumentsException('cannot convert non-integer value'); } @@ -81,7 +81,7 @@ export function fromNumber(value: number): Uint8Array { * @returns the byte array output * @throws {@link InvalidArgumentsException} */ -export function fromHex(hex: string): Uint8Array { +export function fromHex(hex: string): Uint8Array { if (hex.length % 2 != 0) { throw new InvalidArgumentsException( 'Hex string length must be multiple of 2'); @@ -99,7 +99,7 @@ export function fromHex(hex: string): Uint8Array { * @param bytes - the byte array input * @returns hex the output */ -export function toHex(bytes: Uint8Array): string { +export function toHex(bytes: Uint8Array): string { let result = ''; for (let i = 0; i < bytes.length; i++) { const hexByte = bytes[i].toString(16); @@ -116,7 +116,7 @@ export function toHex(bytes: Uint8Array): string { * alphabet, which does not require escaping for use in URLs. * @returns the byte array output */ -export function fromBase64(encoded: string, opt_webSafe?: boolean): Uint8Array { +export function fromBase64(encoded: string, opt_webSafe?: boolean): Uint8Array { if (opt_webSafe) { const normalBase64 = encoded.replace(/-/g, '+').replace(/_/g, '/'); return fromByteString(window.atob(normalBase64)); @@ -132,7 +132,7 @@ export function fromBase64(encoded: string, opt_webSafe?: boolean): Uint8Array { * alphabet, which does not require escaping for use in URLs. * @returns base64 output */ -export function toBase64(bytes: Uint8Array, opt_webSafe?: boolean): string { +export function toBase64(bytes: Uint8Array, opt_webSafe?: boolean): string { const encoded = window .btoa( /* padding */ @@ -151,7 +151,7 @@ export function toBase64(bytes: Uint8Array, opt_webSafe?: boolean): string { * @param str - the input * @returns the byte array output */ -export function fromByteString(str: string): Uint8Array { +export function fromByteString(str: string): Uint8Array { const output = []; let p = 0; for (let i = 0; i < str.length; i++) { @@ -170,7 +170,7 @@ export function fromByteString(str: string): Uint8Array { * characters. * @returns Stringification of the array. */ -export function toByteString(bytes: Uint8Array): string { +export function toByteString(bytes: Uint8Array): string { let str = ''; for (let i = 0; i < bytes.length; i += 1) { str += String.fromCharCode(bytes[i]); diff --git a/schemaregistry/rules/encryption/tink/hkdf.ts b/schemaregistry/rules/encryption/tink/hkdf.ts index 2f0406df..27c6f8d8 100644 --- a/schemaregistry/rules/encryption/tink/hkdf.ts +++ b/schemaregistry/rules/encryption/tink/hkdf.ts @@ -28,8 +28,8 @@ import * as Validators from './validators'; * @returns Output keying material (okm). */ export async function compute( - size: number, hash: string, ikm: Uint8Array, info: Uint8Array, - opt_salt?: Uint8Array): Promise { + size: number, hash: string, ikm: Uint8Array, info: Uint8Array, + opt_salt?: Uint8Array): Promise> { let digestSize; if (!Number.isInteger(size)) { throw new InvalidArgumentsException('size must be an integer'); diff --git a/schemaregistry/rules/encryption/tink/hmac.ts b/schemaregistry/rules/encryption/tink/hmac.ts index c83ccfff..bf84d794 100644 --- a/schemaregistry/rules/encryption/tink/hmac.ts +++ b/schemaregistry/rules/encryption/tink/hmac.ts @@ -33,7 +33,7 @@ export class Hmac extends Mac { /** */ - async computeMac(data: Uint8Array): Promise { + async computeMac(data: Uint8Array): Promise> { Validators.requireUint8Array(data); const tag = await crypto.subtle.sign( {'name': 'HMAC', 'hash': {'name': this.hash}}, this.key, data); @@ -42,7 +42,7 @@ export class Hmac extends Mac { /** */ - async verifyMac(tag: Uint8Array, data: Uint8Array): Promise { + async verifyMac(tag: Uint8Array, data: Uint8Array): Promise { Validators.requireUint8Array(tag); Validators.requireUint8Array(data); const computedTag = await this.computeMac(data); @@ -55,7 +55,7 @@ export class Hmac extends Mac { * @param tagSize - the size of the tag */ export async function fromRawKey( - hash: string, key: Uint8Array, tagSize: number): Promise { + hash: string, key: Uint8Array, tagSize: number): Promise { Validators.requireUint8Array(key); if (!Number.isInteger(tagSize)) { throw new InvalidArgumentsException('invalid tag size, must be an integer'); diff --git a/schemaregistry/rules/encryption/tink/mac.ts b/schemaregistry/rules/encryption/tink/mac.ts index 034259da..7ab58592 100644 --- a/schemaregistry/rules/encryption/tink/mac.ts +++ b/schemaregistry/rules/encryption/tink/mac.ts @@ -21,7 +21,7 @@ export abstract class Mac { * @param data - the data to compute MAC * @returns the MAC tag */ - abstract computeMac(data: Uint8Array): Promise; + abstract computeMac(data: Uint8Array): Promise>; /** * Verifies whether `tag` is a correct authentication code for `data`. @@ -29,5 +29,5 @@ export abstract class Mac { * @param tag - the MAC tag * @param data - the data to compute MAC */ - abstract verifyMac(tag: Uint8Array, data: Uint8Array): Promise; + abstract verifyMac(tag: Uint8Array, data: Uint8Array): Promise; } diff --git a/schemaregistry/rules/encryption/tink/random.ts b/schemaregistry/rules/encryption/tink/random.ts index 7ec2dbdc..9cb85b2e 100644 --- a/schemaregistry/rules/encryption/tink/random.ts +++ b/schemaregistry/rules/encryption/tink/random.ts @@ -16,7 +16,7 @@ import * as crypto from 'crypto'; * @param n - number of bytes to generate * @returns the random bytes */ -export function randBytes(n: number): Uint8Array { +export function randBytes(n: number): Uint8Array { if (!Number.isInteger(n) || n < 0) { throw new InvalidArgumentsException('n must be a nonnegative integer'); } diff --git a/schemaregistry/rules/encryption/tink/validators.ts b/schemaregistry/rules/encryption/tink/validators.ts index 6b73ae55..d04e4320 100644 --- a/schemaregistry/rules/encryption/tink/validators.ts +++ b/schemaregistry/rules/encryption/tink/validators.ts @@ -25,7 +25,7 @@ export function validateAesKeySize(n: number) { * * @throws {@link InvalidArgumentsException} */ -export function requireUint8Array(input: Uint8Array) { +export function requireUint8Array(input: Uint8Array) { if (input == null || !(input instanceof Uint8Array)) { throw new InvalidArgumentsException('input must be a non null Uint8Array'); }