@@ -9,11 +9,13 @@ import {
99 serverSessionKeys ,
1010} from "./utils/crypto" ;
1111
12- const PH_VERSION = "v1" ;
1312type PhaseCiphertext = `ph:${string } :${string } :${string } :${string } `;
1413type PhaseAppId = `phApp:${string } :${string } `;
1514type PhaseAppSecret = `pss:${string } :${string } :${string } ${string } `;
1615
16+ const PH_VERSION = "v1" ;
17+ const DEFAULT_KMS_HOST = "https://kms.phase.dev" ;
18+
1719export default class Phase {
1820 appId : string ;
1921 appPubKey : string ;
@@ -24,10 +26,10 @@ export default class Phase {
2426 keyshare0 : string ;
2527 keyshare1UnwrapKey : string ;
2628 } ;
29+ kmsHost : string ;
2730
28- constructor ( appId : string , appSecret : string ) {
31+ constructor ( appId : string , appSecret : string , kmsHost ?: string ) {
2932 const appIdRegex = / ^ p h A p p : v ( \d + ) : ( [ a - f A - F 0 - 9 ] { 64 } ) $ / ;
30- // Update regex after switching to XOR based shares
3133 const appSecretRegex =
3234 / ^ p s s : v ( \d + ) : ( [ a - f A - F 0 - 9 ] { 64 } ) : ( [ a - f A - F 0 - 9 ] { 64 , 128 } ) : ( [ a - f A - F 0 - 9 ] { 64 } ) / gm;
3335
@@ -37,6 +39,7 @@ export default class Phase {
3739
3840 this . appId = appId ;
3941 this . appPubKey = appId . split ( ":" ) [ 2 ] ;
42+ this . kmsHost = kmsHost ? `${ kmsHost } : DEFAULT_KMS_HOST ;
4043
4144 const appSecretSegments = appSecret . split ( ":" ) ;
4245
@@ -111,7 +114,8 @@ export default class Phase {
111114 this . appSecret . appToken ,
112115 this . appSecret . keyshare1UnwrapKey ,
113116 this . appId ,
114- ciphertext . data . length / 2
117+ ciphertext . data . length / 2 ,
118+ this . kmsHost
115119 ) ;
116120
117121 const appPrivKey = await reconstructSecret ( [
0 commit comments