fix: sequential requests instead of promise.all (#339)

* sequential requests instead of promise.all

* 🤖 🎨 Autoformat

Signed-off-by: Tyler Biscoe <[email protected]>

* add type

---------

Signed-off-by: Tyler Biscoe <[email protected]>
Co-authored-by: biscoe916 <[email protected]>

Author: biscoe916

lib/tdf3/src/tdf.ts

@@ -868,79 +868,80 @@ async function unwrapKey({
   let responseMetadata;
   const isAppIdProvider = authProvider && isAppIdProviderCheck(authProvider);
   // Get key access information to know the KAS URLS
-  const rewrappedKeys = await Promise.all(
-    Object.entries(splitPotentials).map(async ([splitId, potentials]) => {
-      if (!potentials || !Object.keys(potentials).length) {
-        throw new UnsafeUrlError(
-          `Unreconstructable key - no valid KAS found for split ${JSON.stringify(splitId)}`,
-          ''
-        );
-      }
-      // If we have multiple ways of getting a value, try the 'best' way
-      // or maybe retry across all potential ways? Currently, just tries them all
-      const [keySplitInfo] = Object.values(potentials);
-      const url = `${keySplitInfo.url}/${isAppIdProvider ? '' : 'v2/'}rewrap`;
+  const rewrappedKeys: Uint8Array[] = [];
 
-      const ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(
-        await cryptoService.generateKeyPair()
+  for (const [splitId, potentials] of Object.entries(splitPotentials)) {
+    if (!potentials || !Object.keys(potentials).length) {
+      throw new UnsafeUrlError(
+        `Unreconstructable key - no valid KAS found for split ${JSON.stringify(splitId)}`,
+        ''
       );
-      const clientPublicKey = ephemeralEncryptionKeys.publicKey;
+    }
 
-      const requestBodyStr = JSON.stringify({
-        algorithm: 'RS256',
-        keyAccess: keySplitInfo,
-        policy: manifest.encryptionInformation.policy,
-        clientPublicKey,
-      });
+    // If we have multiple ways of getting a value, try the 'best' way
+    // or maybe retry across all potential ways? Currently, just tries them all
+    const [keySplitInfo] = Object.values(potentials);
+    const url = `${keySplitInfo.url}/${isAppIdProvider ? '' : 'v2/'}rewrap`;
 
-      const jwtPayload = { requestBody: requestBodyStr };
-      const signedRequestToken = await reqSignature(
-        isAppIdProvider ? {} : jwtPayload,
-        dpopKeys.privateKey
-      );
+    const ephemeralEncryptionKeys = await cryptoService.cryptoToPemPair(
+      await cryptoService.generateKeyPair()
+    );
+    const clientPublicKey = ephemeralEncryptionKeys.publicKey;
 
-      let requestBody;
-      if (isAppIdProvider) {
-        requestBody = {
-          keyAccess: keySplitInfo,
-          policy: manifest.encryptionInformation.policy,
-          entity: {
-            ...entity,
-            publicKey: clientPublicKey,
-          },
-          authToken: signedRequestToken,
-        };
-      } else {
-        requestBody = {
-          signedRequestToken,
-        };
-      }
+    const requestBodyStr = JSON.stringify({
+      algorithm: 'RS256',
+      keyAccess: keySplitInfo,
+      policy: manifest.encryptionInformation.policy,
+      clientPublicKey,
+    });
 
-      // Create a PoP token by signing the body so KAS knows we actually have a private key
-      // Expires in 60 seconds
-      const httpReq = await authProvider.withCreds(buildRequest('POST', url, requestBody));
+    const jwtPayload = { requestBody: requestBodyStr };
+    const signedRequestToken = await reqSignature(
+      isAppIdProvider ? {} : jwtPayload,
+      dpopKeys.privateKey
+    );
 
-      try {
-        // The response from KAS on a rewrap
-        const {
-          data: { entityWrappedKey, metadata },
-        } = await axios.post(httpReq.url, httpReq.body, { headers: httpReq.headers });
-        responseMetadata = metadata;
-        const key = Binary.fromString(base64.decode(entityWrappedKey));
-        const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey(
-          key,
-          ephemeralEncryptionKeys.privateKey
-        );
-        return new Uint8Array(decryptedKeyBinary.asByteArray());
-      } catch (e) {
-        console.error(e);
-        throw new KasDecryptError(
-          `Unable to decrypt the response from KAS: [${e.name}: ${e.message}], response: [${e?.response?.body}]`,
-          e
-        );
-      }
-    })
-  );
+    let requestBody;
+    if (isAppIdProvider) {
+      requestBody = {
+        keyAccess: keySplitInfo,
+        policy: manifest.encryptionInformation.policy,
+        entity: {
+          ...entity,
+          publicKey: clientPublicKey,
+        },
+        authToken: signedRequestToken,
+      };
+    } else {
+      requestBody = {
+        signedRequestToken,
+      };
+    }
+
+    // Create a PoP token by signing the body so KAS knows we actually have a private key
+    // Expires in 60 seconds
+    const httpReq = await authProvider.withCreds(buildRequest('POST', url, requestBody));
+
+    try {
+      // The response from KAS on a rewrap
+      const {
+        data: { entityWrappedKey, metadata },
+      } = await axios.post(httpReq.url, httpReq.body, { headers: httpReq.headers });
+      responseMetadata = metadata;
+      const key = Binary.fromString(base64.decode(entityWrappedKey));
+      const decryptedKeyBinary = await cryptoService.decryptWithPrivateKey(
+        key,
+        ephemeralEncryptionKeys.privateKey
+      );
+      rewrappedKeys.push(new Uint8Array(decryptedKeyBinary.asByteArray()));
+    } catch (e) {
+      console.error(e);
+      throw new KasDecryptError(
+        `Unable to decrypt the response from KAS: [${e.name}: ${e.message}], response: [${e?.response?.body}]`,
+        e
+      );
+    }
+  }
 
   // Merge the unwrapped keys from each KAS
   const reconstructedKey = keyMerge(rewrappedKeys);