1id 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +190 -0
- package/README.md +151 -0
- package/dist/auth.d.ts +55 -0
- package/dist/auth.d.ts.map +1 -0
- package/dist/auth.js +188 -0
- package/dist/auth.js.map +1 -0
- package/dist/client.d.ts +57 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +224 -0
- package/dist/client.js.map +1 -0
- package/dist/credentials.d.ts +84 -0
- package/dist/credentials.d.ts.map +1 -0
- package/dist/credentials.js +155 -0
- package/dist/credentials.js.map +1 -0
- package/dist/enroll.d.ts +44 -0
- package/dist/enroll.d.ts.map +1 -0
- package/dist/enroll.js +226 -0
- package/dist/enroll.js.map +1 -0
- package/dist/exceptions.d.ts +109 -0
- package/dist/exceptions.d.ts.map +1 -0
- package/dist/exceptions.js +168 -0
- package/dist/exceptions.js.map +1 -0
- package/dist/helper.d.ts +57 -0
- package/dist/helper.d.ts.map +1 -0
- package/dist/helper.js +387 -0
- package/dist/helper.js.map +1 -0
- package/dist/identity.d.ts +106 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +76 -0
- package/dist/identity.js.map +1 -0
- package/dist/index.d.ts +70 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +124 -0
- package/dist/index.js.map +1 -0
- package/dist/keys.d.ts +56 -0
- package/dist/keys.d.ts.map +1 -0
- package/dist/keys.js +105 -0
- package/dist/keys.js.map +1 -0
- package/dist/test/test_declared_enrollment.d.ts +11 -0
- package/dist/test/test_declared_enrollment.d.ts.map +1 -0
- package/dist/test/test_declared_enrollment.js +256 -0
- package/dist/test/test_declared_enrollment.js.map +1 -0
- package/package.json +53 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAoB,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,MAAM,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,+BAA+B,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,OAAO,EACP,KAAK,QAAQ,EACb,YAAY,EACZ,KAAK,KAAK,EACV,SAAS,EACT,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,EAClC,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,UAAU,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,OAAO,EACP,qBAAqB,EACrB,KAAK,QAAQ,EACb,KAAK,KAAK,EACV,KAAK,aAAa,EAClB,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,CAAC;AAGF,OAAO,EACL,MAAM,EACN,SAAS,IAAI,QAAQ,EACrB,SAAS,EACT,kBAAkB,EAClB,qBAAqB,EACrB,iBAAiB,EACjB,+BAA+B,GAChC,CAAC;AAEF,0BAA0B;AAC1B,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B;;;;;;;GAOG;AACH,wBAAgB,MAAM,IAAI,QAAQ,CAkDjC;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,IAAI,IAAI,CAE9B;AAGD,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;CAeV,CAAC;AAEF,eAAe,KAAK,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* 1id.com SDK -- Hardware-anchored identity for AI agents.
|
|
3
|
+
*
|
|
4
|
+
* Quick start:
|
|
5
|
+
*
|
|
6
|
+
* import oneid from "1id";
|
|
7
|
+
*
|
|
8
|
+
* // Enroll at declared tier (no HSM, always works)
|
|
9
|
+
* const identity = await oneid.enroll({ request_tier: "declared" });
|
|
10
|
+
* console.log(`Enrolled as ${identity.handle}`);
|
|
11
|
+
*
|
|
12
|
+
* // Get an OAuth2 token for authentication
|
|
13
|
+
* const token = await oneid.getToken();
|
|
14
|
+
* console.log(`Bearer ${token.access_token}`);
|
|
15
|
+
*
|
|
16
|
+
* // Check current identity
|
|
17
|
+
* const me = oneid.whoami();
|
|
18
|
+
*
|
|
19
|
+
* Trust tiers (request_tier parameter):
|
|
20
|
+
* 'sovereign' -- TPM hardware, manufacturer-attested
|
|
21
|
+
* 'sovereign-portable' -- YubiKey/Nitrokey, manufacturer-attested
|
|
22
|
+
* 'declared' -- Software keys, no hardware proof
|
|
23
|
+
*
|
|
24
|
+
* CRITICAL: request_tier is a REQUIREMENT, not a preference.
|
|
25
|
+
* You get exactly what you ask for, or an exception. No fallbacks.
|
|
26
|
+
*/
|
|
27
|
+
import { clear_cached_token, get_token, authenticate_with_tpm } from "./auth.js";
|
|
28
|
+
import { credentials_exist, load_credentials } from "./credentials.js";
|
|
29
|
+
import { enroll } from "./enroll.js";
|
|
30
|
+
import { sign_challenge_with_private_key } from "./keys.js";
|
|
31
|
+
import { DEFAULT_KEY_ALGORITHM, HSMType, KeyAlgorithm, TrustTier, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string, } from "./identity.js";
|
|
32
|
+
// Re-export all exception classes
|
|
33
|
+
export { OneIDError, EnrollmentError, NoHSMError, UACDeniedError, HSMAccessError, AlreadyEnrolledError, HandleTakenError, HandleInvalidError, HandleRetiredError, AuthenticationError, NetworkError, NotEnrolledError, BinaryNotFoundError, RateLimitExceededError, } from "./exceptions.js";
|
|
34
|
+
// Re-export types and enums
|
|
35
|
+
export { TrustTier, KeyAlgorithm, HSMType, DEFAULT_KEY_ALGORITHM, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string, };
|
|
36
|
+
// Re-export core functions
|
|
37
|
+
export { enroll, get_token as getToken, get_token, clear_cached_token, authenticate_with_tpm, credentials_exist, sign_challenge_with_private_key, };
|
|
38
|
+
/** SDK version string. */
|
|
39
|
+
export const VERSION = "0.1.0";
|
|
40
|
+
/**
|
|
41
|
+
* Check the current enrolled identity.
|
|
42
|
+
*
|
|
43
|
+
* Reads the local credentials file and returns the identity information
|
|
44
|
+
* stored during enrollment. Does NOT make a network request.
|
|
45
|
+
*
|
|
46
|
+
* @throws NotEnrolledError if no credentials exist.
|
|
47
|
+
*/
|
|
48
|
+
export function whoami() {
|
|
49
|
+
const creds = load_credentials();
|
|
50
|
+
// Resolve trust tier
|
|
51
|
+
let trust_tier;
|
|
52
|
+
const valid_tiers = Object.values(TrustTier);
|
|
53
|
+
if (valid_tiers.includes(creds.trust_tier)) {
|
|
54
|
+
trust_tier = creds.trust_tier;
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
trust_tier = TrustTier.DECLARED;
|
|
58
|
+
}
|
|
59
|
+
// Resolve key algorithm
|
|
60
|
+
let key_algorithm;
|
|
61
|
+
const valid_algorithms = Object.values(KeyAlgorithm);
|
|
62
|
+
if (valid_algorithms.includes(creds.key_algorithm)) {
|
|
63
|
+
key_algorithm = creds.key_algorithm;
|
|
64
|
+
}
|
|
65
|
+
else {
|
|
66
|
+
key_algorithm = DEFAULT_KEY_ALGORITHM;
|
|
67
|
+
}
|
|
68
|
+
// Parse enrolled_at
|
|
69
|
+
let enrolled_at;
|
|
70
|
+
try {
|
|
71
|
+
enrolled_at = creds.enrolled_at ? new Date(creds.enrolled_at) : new Date();
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
enrolled_at = new Date();
|
|
75
|
+
}
|
|
76
|
+
const internal_id = creds.client_id;
|
|
77
|
+
const handle = internal_id.startsWith("@") ? internal_id : `@${internal_id}`;
|
|
78
|
+
// Determine HSM type from credentials
|
|
79
|
+
let hsm_type = null;
|
|
80
|
+
if (creds.private_key_pem != null) {
|
|
81
|
+
hsm_type = HSMType.SOFTWARE;
|
|
82
|
+
}
|
|
83
|
+
else if (creds.hsm_key_reference != null) {
|
|
84
|
+
hsm_type = HSMType.TPM;
|
|
85
|
+
}
|
|
86
|
+
return {
|
|
87
|
+
internal_id,
|
|
88
|
+
handle,
|
|
89
|
+
trust_tier,
|
|
90
|
+
hsm_type,
|
|
91
|
+
hsm_manufacturer: null,
|
|
92
|
+
enrolled_at,
|
|
93
|
+
device_count: creds.hsm_key_reference ? 1 : 0,
|
|
94
|
+
key_algorithm,
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Force-refresh the cached OAuth2 token.
|
|
99
|
+
*
|
|
100
|
+
* Discards the in-memory cached token and fetches a new one
|
|
101
|
+
* on the next getToken() call.
|
|
102
|
+
*/
|
|
103
|
+
export function refresh() {
|
|
104
|
+
clear_cached_token();
|
|
105
|
+
}
|
|
106
|
+
// -- Default export for convenience --
|
|
107
|
+
const oneid = {
|
|
108
|
+
enroll,
|
|
109
|
+
getToken: get_token,
|
|
110
|
+
get_token,
|
|
111
|
+
whoami,
|
|
112
|
+
refresh,
|
|
113
|
+
credentials_exist,
|
|
114
|
+
authenticate_with_tpm,
|
|
115
|
+
sign_challenge_with_private_key,
|
|
116
|
+
clear_cached_token,
|
|
117
|
+
VERSION,
|
|
118
|
+
TrustTier,
|
|
119
|
+
KeyAlgorithm,
|
|
120
|
+
HSMType,
|
|
121
|
+
DEFAULT_KEY_ALGORITHM,
|
|
122
|
+
};
|
|
123
|
+
export default oneid;
|
|
124
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,MAAM,EAAsB,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,+BAA+B,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,OAAO,EAEP,YAAY,EAEZ,SAAS,EACT,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,MAAM,eAAe,CAAC;AAEvB,kCAAkC;AAClC,OAAO,EACL,UAAU,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AAEzB,4BAA4B;AAC5B,OAAO,EACL,SAAS,EACT,YAAY,EACZ,OAAO,EACP,qBAAqB,EAIrB,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,CAAC;AAEF,2BAA2B;AAC3B,OAAO,EACL,MAAM,EACN,SAAS,IAAI,QAAQ,EACrB,SAAS,EACT,kBAAkB,EAClB,qBAAqB,EACrB,iBAAiB,EACjB,+BAA+B,GAChC,CAAC;AAEF,0BAA0B;AAC1B,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B;;;;;;;GAOG;AACH,MAAM,UAAU,MAAM;IACpB,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IAEjC,qBAAqB;IACrB,IAAI,UAAqB,CAAC;IAC1B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAa,CAAC;IACzD,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,UAAU,GAAG,KAAK,CAAC,UAAuB,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,wBAAwB;IACxB,IAAI,aAA2B,CAAC;IAChC,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAa,CAAC;IACjE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACnD,aAAa,GAAG,KAAK,CAAC,aAA6B,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,qBAAqB,CAAC;IACxC,CAAC;IAED,oBAAoB;IACpB,IAAI,WAAiB,CAAC;IACtB,IAAI,CAAC;QACH,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;IACpC,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;IAE7E,sCAAsC;IACtC,IAAI,QAAQ,GAAmB,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QAClC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC;QAC3C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,OAAO;QACL,WAAW;QACX,MAAM;QACN,UAAU;QACV,QAAQ;QACR,gBAAgB,EAAE,IAAI;QACtB,WAAW;QACX,YAAY,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO;IACrB,kBAAkB,EAAE,CAAC;AACvB,CAAC;AAED,uCAAuC;AACvC,MAAM,KAAK,GAAG;IACZ,MAAM;IACN,QAAQ,EAAE,SAAS;IACnB,SAAS;IACT,MAAM;IACN,OAAO;IACP,iBAAiB;IACjB,qBAAqB;IACrB,+BAA+B;IAC/B,kBAAkB;IAClB,OAAO;IACP,SAAS;IACT,YAAY;IACZ,OAAO;IACP,qBAAqB;CACtB,CAAC;AAEF,eAAe,KAAK,CAAC"}
|
package/dist/keys.d.ts
ADDED
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cryptographic key generation for the 1id.com Node.js SDK.
|
|
3
|
+
*
|
|
4
|
+
* Uses Node.js built-in `crypto` module -- zero external dependencies.
|
|
5
|
+
*
|
|
6
|
+
* Supports multiple key algorithms for declared-tier software keys:
|
|
7
|
+
* - Ed25519: 128-bit security, smallest keys, fastest. Default.
|
|
8
|
+
* - ECDSA P-256: 128-bit security, widely compatible (NIST curve).
|
|
9
|
+
* - ECDSA P-384: 192-bit security, higher security NIST curve.
|
|
10
|
+
* - RSA-2048: 112-bit security, legacy compatibility.
|
|
11
|
+
* - RSA-4096: 128-bit security, higher security RSA.
|
|
12
|
+
*
|
|
13
|
+
* For TPM tiers, key generation happens inside the TPM hardware via
|
|
14
|
+
* the Go binary. This module is only used for declared-tier enrollment.
|
|
15
|
+
*/
|
|
16
|
+
import { KeyAlgorithm } from "./identity.js";
|
|
17
|
+
/**
|
|
18
|
+
* A generated keypair: private key PEM + public key PEM.
|
|
19
|
+
*/
|
|
20
|
+
export interface GeneratedKeypair {
|
|
21
|
+
/** PEM-encoded PKCS#8 private key. */
|
|
22
|
+
private_key_pem: string;
|
|
23
|
+
/** PEM-encoded SPKI public key. */
|
|
24
|
+
public_key_pem: string;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Generate a new keypair for declared-tier enrollment.
|
|
28
|
+
*
|
|
29
|
+
* The private key is stored locally in the credentials file. The public
|
|
30
|
+
* key is sent to the 1id.com server during enrollment. The private key
|
|
31
|
+
* is used later for challenge-response signing by relying parties.
|
|
32
|
+
*
|
|
33
|
+
* @param algorithm Which key algorithm to use. Default: Ed25519.
|
|
34
|
+
* @returns The generated keypair as PEM strings.
|
|
35
|
+
* @throws Error if the algorithm is not supported.
|
|
36
|
+
*/
|
|
37
|
+
export declare function generate_keypair(algorithm?: KeyAlgorithm): GeneratedKeypair;
|
|
38
|
+
/**
|
|
39
|
+
* Sign a challenge nonce using the stored private key.
|
|
40
|
+
*
|
|
41
|
+
* Used for relying-party live re-verification: the relying party
|
|
42
|
+
* sends a nonce via 1id.com, the SDK signs it with the agent's
|
|
43
|
+
* private key, and 1id.com verifies the signature against the
|
|
44
|
+
* stored public key.
|
|
45
|
+
*
|
|
46
|
+
* The signing algorithm is determined automatically from the key type:
|
|
47
|
+
* - Ed25519: EdDSA (no hash selection needed)
|
|
48
|
+
* - ECDSA: SHA-256 (P-256) or SHA-384 (P-384)
|
|
49
|
+
* - RSA: SHA-256 with PKCS1v15
|
|
50
|
+
*
|
|
51
|
+
* @param private_key_pem PEM-encoded private key.
|
|
52
|
+
* @param challenge_bytes The raw bytes of the challenge nonce to sign.
|
|
53
|
+
* @returns The signature as a Buffer.
|
|
54
|
+
*/
|
|
55
|
+
export declare function sign_challenge_with_private_key(private_key_pem: string, challenge_bytes: Buffer): Buffer;
|
|
56
|
+
//# sourceMappingURL=keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,eAAe,EAAE,MAAM,CAAC;IACxB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,GAAE,YAAmC,GAAG,gBAAgB,CAqCjG;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,+BAA+B,CAC7C,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,MAAM,CAmBR"}
|
package/dist/keys.js
ADDED
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cryptographic key generation for the 1id.com Node.js SDK.
|
|
3
|
+
*
|
|
4
|
+
* Uses Node.js built-in `crypto` module -- zero external dependencies.
|
|
5
|
+
*
|
|
6
|
+
* Supports multiple key algorithms for declared-tier software keys:
|
|
7
|
+
* - Ed25519: 128-bit security, smallest keys, fastest. Default.
|
|
8
|
+
* - ECDSA P-256: 128-bit security, widely compatible (NIST curve).
|
|
9
|
+
* - ECDSA P-384: 192-bit security, higher security NIST curve.
|
|
10
|
+
* - RSA-2048: 112-bit security, legacy compatibility.
|
|
11
|
+
* - RSA-4096: 128-bit security, higher security RSA.
|
|
12
|
+
*
|
|
13
|
+
* For TPM tiers, key generation happens inside the TPM hardware via
|
|
14
|
+
* the Go binary. This module is only used for declared-tier enrollment.
|
|
15
|
+
*/
|
|
16
|
+
import * as crypto from "node:crypto";
|
|
17
|
+
import { KeyAlgorithm } from "./identity.js";
|
|
18
|
+
/**
|
|
19
|
+
* Generate a new keypair for declared-tier enrollment.
|
|
20
|
+
*
|
|
21
|
+
* The private key is stored locally in the credentials file. The public
|
|
22
|
+
* key is sent to the 1id.com server during enrollment. The private key
|
|
23
|
+
* is used later for challenge-response signing by relying parties.
|
|
24
|
+
*
|
|
25
|
+
* @param algorithm Which key algorithm to use. Default: Ed25519.
|
|
26
|
+
* @returns The generated keypair as PEM strings.
|
|
27
|
+
* @throws Error if the algorithm is not supported.
|
|
28
|
+
*/
|
|
29
|
+
export function generate_keypair(algorithm = KeyAlgorithm.ED25519) {
|
|
30
|
+
let key_pair;
|
|
31
|
+
if (algorithm === KeyAlgorithm.ED25519) {
|
|
32
|
+
key_pair = crypto.generateKeyPairSync("ed25519");
|
|
33
|
+
}
|
|
34
|
+
else if (algorithm === KeyAlgorithm.ECDSA_P256) {
|
|
35
|
+
key_pair = crypto.generateKeyPairSync("ec", { namedCurve: "P-256" });
|
|
36
|
+
}
|
|
37
|
+
else if (algorithm === KeyAlgorithm.ECDSA_P384) {
|
|
38
|
+
key_pair = crypto.generateKeyPairSync("ec", { namedCurve: "P-384" });
|
|
39
|
+
}
|
|
40
|
+
else if (algorithm === KeyAlgorithm.RSA_2048) {
|
|
41
|
+
key_pair = crypto.generateKeyPairSync("rsa", {
|
|
42
|
+
modulusLength: 2048,
|
|
43
|
+
publicExponent: 65537,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
else if (algorithm === KeyAlgorithm.RSA_4096) {
|
|
47
|
+
key_pair = crypto.generateKeyPairSync("rsa", {
|
|
48
|
+
modulusLength: 4096,
|
|
49
|
+
publicExponent: 65537,
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
const valid_algorithms = Object.values(KeyAlgorithm).join(", ");
|
|
54
|
+
throw new Error(`Unsupported key algorithm: ${algorithm}. Supported: ${valid_algorithms}`);
|
|
55
|
+
}
|
|
56
|
+
const private_key_pem = key_pair.privateKey.export({
|
|
57
|
+
type: "pkcs8",
|
|
58
|
+
format: "pem",
|
|
59
|
+
});
|
|
60
|
+
const public_key_pem = key_pair.publicKey.export({
|
|
61
|
+
type: "spki",
|
|
62
|
+
format: "pem",
|
|
63
|
+
});
|
|
64
|
+
return { private_key_pem, public_key_pem };
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Sign a challenge nonce using the stored private key.
|
|
68
|
+
*
|
|
69
|
+
* Used for relying-party live re-verification: the relying party
|
|
70
|
+
* sends a nonce via 1id.com, the SDK signs it with the agent's
|
|
71
|
+
* private key, and 1id.com verifies the signature against the
|
|
72
|
+
* stored public key.
|
|
73
|
+
*
|
|
74
|
+
* The signing algorithm is determined automatically from the key type:
|
|
75
|
+
* - Ed25519: EdDSA (no hash selection needed)
|
|
76
|
+
* - ECDSA: SHA-256 (P-256) or SHA-384 (P-384)
|
|
77
|
+
* - RSA: SHA-256 with PKCS1v15
|
|
78
|
+
*
|
|
79
|
+
* @param private_key_pem PEM-encoded private key.
|
|
80
|
+
* @param challenge_bytes The raw bytes of the challenge nonce to sign.
|
|
81
|
+
* @returns The signature as a Buffer.
|
|
82
|
+
*/
|
|
83
|
+
export function sign_challenge_with_private_key(private_key_pem, challenge_bytes) {
|
|
84
|
+
const private_key_object = crypto.createPrivateKey(private_key_pem);
|
|
85
|
+
const key_type = private_key_object.asymmetricKeyType;
|
|
86
|
+
if (key_type === "ed25519") {
|
|
87
|
+
return crypto.sign(null, challenge_bytes, private_key_object);
|
|
88
|
+
}
|
|
89
|
+
else if (key_type === "ec") {
|
|
90
|
+
// Determine hash from curve: P-384 uses SHA-384, others use SHA-256
|
|
91
|
+
const key_details = private_key_object.asymmetricKeyDetails;
|
|
92
|
+
const hash_algorithm = key_details?.namedCurve === "P-384" ? "sha384" : "sha256";
|
|
93
|
+
return crypto.sign(hash_algorithm, challenge_bytes, private_key_object);
|
|
94
|
+
}
|
|
95
|
+
else if (key_type === "rsa") {
|
|
96
|
+
return crypto.sign("sha256", challenge_bytes, {
|
|
97
|
+
key: private_key_object,
|
|
98
|
+
padding: crypto.constants.RSA_PKCS1_PADDING,
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
throw new Error(`Unsupported key type for signing: ${key_type}`);
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=keys.js.map
|
package/dist/keys.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../src/keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAY7C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAAC,YAA0B,YAAY,CAAC,OAAO;IAC7E,IAAI,QAAuC,CAAC;IAE5C,IAAI,SAAS,KAAK,YAAY,CAAC,OAAO,EAAE,CAAC;QACvC,QAAQ,GAAG,MAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACnD,CAAC;SAAM,IAAI,SAAS,KAAK,YAAY,CAAC,UAAU,EAAE,CAAC;QACjD,QAAQ,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;SAAM,IAAI,SAAS,KAAK,YAAY,CAAC,UAAU,EAAE,CAAC;QACjD,QAAQ,GAAG,MAAM,CAAC,mBAAmB,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;SAAM,IAAI,SAAS,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC/C,QAAQ,GAAG,MAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE;YAC3C,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,KAAK;SACtB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,SAAS,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC/C,QAAQ,GAAG,MAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE;YAC3C,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,KAAK;SACtB,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,MAAM,IAAI,KAAK,CACb,8BAA8B,SAAS,gBAAgB,gBAAgB,EAAE,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,KAAK;KACd,CAAW,CAAC;IAEb,MAAM,cAAc,GAAG,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC;QAC/C,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,KAAK;KACd,CAAW,CAAC;IAEb,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,+BAA+B,CAC7C,eAAuB,EACvB,eAAuB;IAEvB,MAAM,kBAAkB,GAAG,MAAM,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,iBAAiB,CAAC;IAEtD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC7B,oEAAoE;QACpE,MAAM,WAAW,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;QAC5D,MAAM,cAAc,GAAG,WAAW,EAAE,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;QACjF,OAAO,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC;IAC1E,CAAC;SAAM,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC5C,GAAG,EAAE,kBAAkB;YACvB,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,iBAAiB;SAC5C,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Integration and unit tests for the 1id.com Node.js SDK.
|
|
3
|
+
*
|
|
4
|
+
* Tests include:
|
|
5
|
+
* 1. Offline tests (key generation, credential storage, whoami, error hierarchy)
|
|
6
|
+
* 2. Live enrollment test against 1id.com (may fail if server is down)
|
|
7
|
+
*
|
|
8
|
+
* Run with: node --test dist/test/test_declared_enrollment.js
|
|
9
|
+
*/
|
|
10
|
+
export {};
|
|
11
|
+
//# sourceMappingURL=test_declared_enrollment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"test_declared_enrollment.d.ts","sourceRoot":"","sources":["../../src/test/test_declared_enrollment.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}
|
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Integration and unit tests for the 1id.com Node.js SDK.
|
|
3
|
+
*
|
|
4
|
+
* Tests include:
|
|
5
|
+
* 1. Offline tests (key generation, credential storage, whoami, error hierarchy)
|
|
6
|
+
* 2. Live enrollment test against 1id.com (may fail if server is down)
|
|
7
|
+
*
|
|
8
|
+
* Run with: node --test dist/test/test_declared_enrollment.js
|
|
9
|
+
*/
|
|
10
|
+
import { describe, it, before, after } from "node:test";
|
|
11
|
+
import * as assert from "node:assert/strict";
|
|
12
|
+
import * as fs from "node:fs";
|
|
13
|
+
import * as crypto from "node:crypto";
|
|
14
|
+
import { enroll, whoami, credentials_exist, TrustTier, KeyAlgorithm, HSMType, VERSION, OneIDError, EnrollmentError, NoHSMError, NetworkError, NotEnrolledError, sign_challenge_with_private_key, } from "../index.js";
|
|
15
|
+
import { get_credentials_file_path, delete_credentials, save_credentials, load_credentials, } from "../credentials.js";
|
|
16
|
+
import { generate_keypair } from "../keys.js";
|
|
17
|
+
// -- Test configuration --
|
|
18
|
+
const BACKUP_SUFFIX = ".test-backup";
|
|
19
|
+
// =====================================================================
|
|
20
|
+
// OFFLINE UNIT TESTS (no network required)
|
|
21
|
+
// =====================================================================
|
|
22
|
+
describe("Key generation (offline)", () => {
|
|
23
|
+
it("should generate Ed25519 keypair", () => {
|
|
24
|
+
const kp = generate_keypair(KeyAlgorithm.ED25519);
|
|
25
|
+
assert.ok(kp.private_key_pem.includes("BEGIN PRIVATE KEY"), "should contain PEM private key header");
|
|
26
|
+
assert.ok(kp.public_key_pem.includes("BEGIN PUBLIC KEY"), "should contain PEM public key header");
|
|
27
|
+
});
|
|
28
|
+
it("should generate ECDSA P-256 keypair", () => {
|
|
29
|
+
const kp = generate_keypair(KeyAlgorithm.ECDSA_P256);
|
|
30
|
+
assert.ok(kp.private_key_pem.includes("BEGIN PRIVATE KEY"));
|
|
31
|
+
assert.ok(kp.public_key_pem.includes("BEGIN PUBLIC KEY"));
|
|
32
|
+
});
|
|
33
|
+
it("should generate ECDSA P-384 keypair", () => {
|
|
34
|
+
const kp = generate_keypair(KeyAlgorithm.ECDSA_P384);
|
|
35
|
+
assert.ok(kp.private_key_pem.includes("BEGIN PRIVATE KEY"));
|
|
36
|
+
assert.ok(kp.public_key_pem.includes("BEGIN PUBLIC KEY"));
|
|
37
|
+
});
|
|
38
|
+
it("should generate RSA-2048 keypair", () => {
|
|
39
|
+
const kp = generate_keypair(KeyAlgorithm.RSA_2048);
|
|
40
|
+
assert.ok(kp.private_key_pem.includes("BEGIN PRIVATE KEY"));
|
|
41
|
+
assert.ok(kp.public_key_pem.includes("BEGIN PUBLIC KEY"));
|
|
42
|
+
});
|
|
43
|
+
it("should generate RSA-4096 keypair", () => {
|
|
44
|
+
const kp = generate_keypair(KeyAlgorithm.RSA_4096);
|
|
45
|
+
assert.ok(kp.private_key_pem.includes("BEGIN PRIVATE KEY"));
|
|
46
|
+
assert.ok(kp.public_key_pem.includes("BEGIN PUBLIC KEY"));
|
|
47
|
+
});
|
|
48
|
+
});
|
|
49
|
+
describe("Challenge signing (offline)", () => {
|
|
50
|
+
it("should sign and verify with Ed25519", () => {
|
|
51
|
+
const kp = generate_keypair(KeyAlgorithm.ED25519);
|
|
52
|
+
const challenge = crypto.randomBytes(32);
|
|
53
|
+
const signature = sign_challenge_with_private_key(kp.private_key_pem, challenge);
|
|
54
|
+
assert.ok(signature.length > 0, "signature should be non-empty");
|
|
55
|
+
// Verify the signature using Node.js crypto
|
|
56
|
+
const public_key = crypto.createPublicKey(kp.public_key_pem);
|
|
57
|
+
const is_valid = crypto.verify(null, challenge, public_key, signature);
|
|
58
|
+
assert.ok(is_valid, "Ed25519 signature should verify correctly");
|
|
59
|
+
});
|
|
60
|
+
it("should sign and verify with ECDSA P-256", () => {
|
|
61
|
+
const kp = generate_keypair(KeyAlgorithm.ECDSA_P256);
|
|
62
|
+
const challenge = crypto.randomBytes(32);
|
|
63
|
+
const signature = sign_challenge_with_private_key(kp.private_key_pem, challenge);
|
|
64
|
+
assert.ok(signature.length > 0);
|
|
65
|
+
const public_key = crypto.createPublicKey(kp.public_key_pem);
|
|
66
|
+
const is_valid = crypto.verify("sha256", challenge, public_key, signature);
|
|
67
|
+
assert.ok(is_valid, "ECDSA P-256 signature should verify correctly");
|
|
68
|
+
});
|
|
69
|
+
it("should sign and verify with RSA-2048", () => {
|
|
70
|
+
const kp = generate_keypair(KeyAlgorithm.RSA_2048);
|
|
71
|
+
const challenge = crypto.randomBytes(32);
|
|
72
|
+
const signature = sign_challenge_with_private_key(kp.private_key_pem, challenge);
|
|
73
|
+
assert.ok(signature.length > 0);
|
|
74
|
+
const public_key = crypto.createPublicKey(kp.public_key_pem);
|
|
75
|
+
const is_valid = crypto.verify("sha256", challenge, {
|
|
76
|
+
key: public_key,
|
|
77
|
+
padding: crypto.constants.RSA_PKCS1_PADDING,
|
|
78
|
+
}, signature);
|
|
79
|
+
assert.ok(is_valid, "RSA-2048 signature should verify correctly");
|
|
80
|
+
});
|
|
81
|
+
});
|
|
82
|
+
describe("Credential storage (offline)", () => {
|
|
83
|
+
const credentials_file_path = get_credentials_file_path();
|
|
84
|
+
const backup_path = credentials_file_path + ".unit-test-backup";
|
|
85
|
+
let had_existing_credentials = false;
|
|
86
|
+
before(() => {
|
|
87
|
+
if (fs.existsSync(credentials_file_path)) {
|
|
88
|
+
fs.copyFileSync(credentials_file_path, backup_path);
|
|
89
|
+
had_existing_credentials = true;
|
|
90
|
+
fs.unlinkSync(credentials_file_path);
|
|
91
|
+
}
|
|
92
|
+
});
|
|
93
|
+
after(() => {
|
|
94
|
+
// Restore original credentials
|
|
95
|
+
if (had_existing_credentials && fs.existsSync(backup_path)) {
|
|
96
|
+
if (fs.existsSync(credentials_file_path)) {
|
|
97
|
+
fs.unlinkSync(credentials_file_path);
|
|
98
|
+
}
|
|
99
|
+
fs.renameSync(backup_path, credentials_file_path);
|
|
100
|
+
}
|
|
101
|
+
else if (fs.existsSync(credentials_file_path)) {
|
|
102
|
+
// Clean up test credentials
|
|
103
|
+
fs.unlinkSync(credentials_file_path);
|
|
104
|
+
}
|
|
105
|
+
});
|
|
106
|
+
it("should save and load credentials", () => {
|
|
107
|
+
const test_credentials = {
|
|
108
|
+
client_id: "1id_test1234",
|
|
109
|
+
client_secret: "secret_abc123",
|
|
110
|
+
token_endpoint: "https://1id.com/realms/agents/protocol/openid-connect/token",
|
|
111
|
+
api_base_url: "https://1id.com",
|
|
112
|
+
trust_tier: "declared",
|
|
113
|
+
key_algorithm: "ed25519",
|
|
114
|
+
private_key_pem: "-----BEGIN PRIVATE KEY-----\nTEST\n-----END PRIVATE KEY-----",
|
|
115
|
+
enrolled_at: "2026-02-11T00:00:00Z",
|
|
116
|
+
};
|
|
117
|
+
save_credentials(test_credentials);
|
|
118
|
+
assert.ok(credentials_exist(), "credentials should exist after save");
|
|
119
|
+
const loaded = load_credentials();
|
|
120
|
+
assert.equal(loaded.client_id, "1id_test1234");
|
|
121
|
+
assert.equal(loaded.client_secret, "secret_abc123");
|
|
122
|
+
assert.equal(loaded.trust_tier, "declared");
|
|
123
|
+
assert.equal(loaded.key_algorithm, "ed25519");
|
|
124
|
+
assert.ok(loaded.private_key_pem?.includes("TEST"));
|
|
125
|
+
});
|
|
126
|
+
it("should handle whoami() with saved credentials", () => {
|
|
127
|
+
// Credentials from previous test should still exist
|
|
128
|
+
const identity = whoami();
|
|
129
|
+
assert.equal(identity.internal_id, "1id_test1234");
|
|
130
|
+
assert.equal(identity.handle, "@1id_test1234");
|
|
131
|
+
assert.equal(identity.trust_tier, TrustTier.DECLARED);
|
|
132
|
+
assert.equal(identity.hsm_type, HSMType.SOFTWARE);
|
|
133
|
+
assert.equal(identity.key_algorithm, KeyAlgorithm.ED25519);
|
|
134
|
+
});
|
|
135
|
+
it("should throw NotEnrolledError when no credentials exist", () => {
|
|
136
|
+
delete_credentials();
|
|
137
|
+
assert.throws(() => whoami(), (error) => {
|
|
138
|
+
assert.ok(error instanceof NotEnrolledError);
|
|
139
|
+
return true;
|
|
140
|
+
});
|
|
141
|
+
});
|
|
142
|
+
});
|
|
143
|
+
describe("Exception hierarchy (offline)", () => {
|
|
144
|
+
it("should have correct inheritance chain", () => {
|
|
145
|
+
const enrollment_error = new EnrollmentError("test");
|
|
146
|
+
assert.ok(enrollment_error instanceof OneIDError, "EnrollmentError should extend OneIDError");
|
|
147
|
+
assert.ok(enrollment_error instanceof Error, "EnrollmentError should extend Error");
|
|
148
|
+
const no_hsm_error = new NoHSMError("test");
|
|
149
|
+
assert.ok(no_hsm_error instanceof EnrollmentError, "NoHSMError should extend EnrollmentError");
|
|
150
|
+
assert.ok(no_hsm_error instanceof OneIDError, "NoHSMError should extend OneIDError");
|
|
151
|
+
const network_error = new NetworkError("test");
|
|
152
|
+
assert.ok(network_error instanceof OneIDError, "NetworkError should extend OneIDError");
|
|
153
|
+
assert.ok(!(network_error instanceof EnrollmentError), "NetworkError should NOT extend EnrollmentError");
|
|
154
|
+
});
|
|
155
|
+
it("should preserve error codes", () => {
|
|
156
|
+
const error = new NoHSMError("no tpm found");
|
|
157
|
+
assert.equal(error.error_code, "NO_HSM_FOUND");
|
|
158
|
+
assert.equal(error.message, "no tpm found");
|
|
159
|
+
assert.equal(error.name, "NoHSMError");
|
|
160
|
+
});
|
|
161
|
+
});
|
|
162
|
+
describe("SDK version and types (offline)", () => {
|
|
163
|
+
it("should report correct SDK version", () => {
|
|
164
|
+
assert.equal(VERSION, "0.1.0");
|
|
165
|
+
});
|
|
166
|
+
it("should have all trust tiers", () => {
|
|
167
|
+
assert.equal(TrustTier.SOVEREIGN, "sovereign");
|
|
168
|
+
assert.equal(TrustTier.SOVEREIGN_PORTABLE, "sovereign-portable");
|
|
169
|
+
assert.equal(TrustTier.LEGACY, "legacy");
|
|
170
|
+
assert.equal(TrustTier.VIRTUAL, "virtual");
|
|
171
|
+
assert.equal(TrustTier.ENCLAVE, "enclave");
|
|
172
|
+
assert.equal(TrustTier.DECLARED, "declared");
|
|
173
|
+
});
|
|
174
|
+
it("should have all key algorithms", () => {
|
|
175
|
+
assert.equal(KeyAlgorithm.ED25519, "ed25519");
|
|
176
|
+
assert.equal(KeyAlgorithm.ECDSA_P256, "ecdsa-p256");
|
|
177
|
+
assert.equal(KeyAlgorithm.ECDSA_P384, "ecdsa-p384");
|
|
178
|
+
assert.equal(KeyAlgorithm.RSA_2048, "rsa-2048");
|
|
179
|
+
assert.equal(KeyAlgorithm.RSA_4096, "rsa-4096");
|
|
180
|
+
});
|
|
181
|
+
});
|
|
182
|
+
describe("Input validation (offline)", () => {
|
|
183
|
+
it("should reject invalid trust tier", async () => {
|
|
184
|
+
await assert.rejects(() => enroll({ request_tier: "nonexistent-tier" }), (error) => {
|
|
185
|
+
assert.ok(error.message.includes("Invalid trust tier"));
|
|
186
|
+
return true;
|
|
187
|
+
});
|
|
188
|
+
});
|
|
189
|
+
it("should reject invalid key algorithm", async () => {
|
|
190
|
+
await assert.rejects(() => enroll({ request_tier: "declared", key_algorithm: "bogus-algo" }), (error) => {
|
|
191
|
+
assert.ok(error.message.includes("Invalid key algorithm"));
|
|
192
|
+
return true;
|
|
193
|
+
});
|
|
194
|
+
});
|
|
195
|
+
});
|
|
196
|
+
// =====================================================================
|
|
197
|
+
// LIVE ENROLLMENT TEST (requires network + working server)
|
|
198
|
+
// =====================================================================
|
|
199
|
+
describe("Live declared-tier enrollment (requires server)", () => {
|
|
200
|
+
let backed_up_credentials_exist = false;
|
|
201
|
+
const credentials_file_path = get_credentials_file_path();
|
|
202
|
+
const backup_path = credentials_file_path + BACKUP_SUFFIX;
|
|
203
|
+
before(() => {
|
|
204
|
+
if (fs.existsSync(credentials_file_path)) {
|
|
205
|
+
fs.copyFileSync(credentials_file_path, backup_path);
|
|
206
|
+
backed_up_credentials_exist = true;
|
|
207
|
+
fs.unlinkSync(credentials_file_path);
|
|
208
|
+
}
|
|
209
|
+
});
|
|
210
|
+
after(() => {
|
|
211
|
+
if (backed_up_credentials_exist && fs.existsSync(backup_path)) {
|
|
212
|
+
if (fs.existsSync(credentials_file_path)) {
|
|
213
|
+
fs.unlinkSync(credentials_file_path);
|
|
214
|
+
}
|
|
215
|
+
fs.renameSync(backup_path, credentials_file_path);
|
|
216
|
+
}
|
|
217
|
+
});
|
|
218
|
+
it("should enroll at declared tier with ed25519 key", async () => {
|
|
219
|
+
if (credentials_exist()) {
|
|
220
|
+
delete_credentials();
|
|
221
|
+
}
|
|
222
|
+
let identity;
|
|
223
|
+
try {
|
|
224
|
+
identity = await enroll({
|
|
225
|
+
request_tier: "declared",
|
|
226
|
+
key_algorithm: "ed25519",
|
|
227
|
+
});
|
|
228
|
+
}
|
|
229
|
+
catch (error) {
|
|
230
|
+
if (error instanceof NetworkError || (error instanceof Error && error.message.includes("500"))) {
|
|
231
|
+
console.log(" SKIPPED: Server unavailable or returned 500. This is a server issue, not an SDK issue.");
|
|
232
|
+
return; // Skip test gracefully
|
|
233
|
+
}
|
|
234
|
+
throw error;
|
|
235
|
+
}
|
|
236
|
+
// Verify the identity object
|
|
237
|
+
assert.ok(identity.internal_id, "internal_id should be non-empty");
|
|
238
|
+
assert.ok(identity.internal_id.startsWith("1id_"), `internal_id should start with '1id_', got: ${identity.internal_id}`);
|
|
239
|
+
assert.ok(identity.handle, "handle should be non-empty");
|
|
240
|
+
assert.ok(identity.handle.startsWith("@"), `handle should start with '@', got: ${identity.handle}`);
|
|
241
|
+
assert.equal(identity.trust_tier, TrustTier.DECLARED);
|
|
242
|
+
assert.equal(identity.hsm_type, HSMType.SOFTWARE);
|
|
243
|
+
assert.equal(identity.key_algorithm, KeyAlgorithm.ED25519);
|
|
244
|
+
assert.ok(identity.enrolled_at instanceof Date, "enrolled_at should be a Date");
|
|
245
|
+
assert.equal(identity.device_count, 0, "declared tier should have device_count 0");
|
|
246
|
+
console.log(` Enrolled: ${identity.handle} (${identity.internal_id})`);
|
|
247
|
+
console.log(` Trust tier: ${identity.trust_tier}`);
|
|
248
|
+
console.log(` Key algorithm: ${identity.key_algorithm}`);
|
|
249
|
+
// Verify whoami works with the live enrollment
|
|
250
|
+
const me = whoami();
|
|
251
|
+
assert.ok(me.internal_id.startsWith("1id_"));
|
|
252
|
+
assert.equal(me.trust_tier, TrustTier.DECLARED);
|
|
253
|
+
console.log(` whoami(): ${me.handle}`);
|
|
254
|
+
});
|
|
255
|
+
});
|
|
256
|
+
//# sourceMappingURL=test_declared_enrollment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"test_declared_enrollment.js","sourceRoot":"","sources":["../../src/test/test_declared_enrollment.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,KAAK,MAAM,MAAM,oBAAoB,CAAC;AAC7C,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EACL,MAAM,EACN,MAAM,EACN,iBAAiB,EACjB,SAAS,EACT,YAAY,EACZ,OAAO,EACP,OAAO,EACP,UAAU,EACV,eAAe,EACf,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,+BAA+B,GAChC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,yBAAyB,EACzB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,GAEjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,2BAA2B;AAC3B,MAAM,aAAa,GAAG,cAAc,CAAC;AAErC,wEAAwE;AACxE,2CAA2C;AAC3C,wEAAwE;AAExE,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,uCAAuC,CAAC,CAAC;QACrG,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,sCAAsC,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,+BAA+B,CAAC,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,+BAA+B,CAAC,CAAC;QAEjE,4CAA4C;QAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QACvE,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,2CAA2C,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,+BAA+B,CAAC,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhC,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QAC3E,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,+CAA+C,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,EAAE,GAAG,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,+BAA+B,CAAC,EAAE,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEhC,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE;YAClD,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,iBAAiB;SAC5C,EAAE,SAAS,CAAC,CAAC;QACd,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,4CAA4C,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,MAAM,WAAW,GAAG,qBAAqB,GAAG,mBAAmB,CAAC;IAChE,IAAI,wBAAwB,GAAG,KAAK,CAAC;IAErC,MAAM,CAAC,GAAG,EAAE;QACV,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACzC,EAAE,CAAC,YAAY,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;YACpD,wBAAwB,GAAG,IAAI,CAAC;YAChC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,+BAA+B;QAC/B,IAAI,wBAAwB,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;gBACzC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;YACvC,CAAC;YACD,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;QACpD,CAAC;aAAM,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAChD,4BAA4B;YAC5B,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,gBAAgB,GAAsB;YAC1C,SAAS,EAAE,cAAc;YACzB,aAAa,EAAE,eAAe;YAC9B,cAAc,EAAE,6DAA6D;YAC7E,YAAY,EAAE,iBAAiB;YAC/B,UAAU,EAAE,UAAU;YACtB,aAAa,EAAE,SAAS;YACxB,eAAe,EAAE,8DAA8D;YAC/E,WAAW,EAAE,sBAAsB;SACpC,CAAC;QAEF,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;QACnC,MAAM,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,qCAAqC,CAAC,CAAC;QAEtE,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,oDAAoD;QACpD,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,kBAAkB,EAAE,CAAC;QACrB,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,MAAM,EAAE,EACd,CAAC,KAAY,EAAE,EAAE;YACf,MAAM,CAAC,EAAE,CAAC,KAAK,YAAY,gBAAgB,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,gBAAgB,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,CAAC,gBAAgB,YAAY,UAAU,EAAE,0CAA0C,CAAC,CAAC;QAC9F,MAAM,CAAC,EAAE,CAAC,gBAAgB,YAAY,KAAK,EAAE,qCAAqC,CAAC,CAAC;QAEpF,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,YAAY,YAAY,eAAe,EAAE,0CAA0C,CAAC,CAAC;QAC/F,MAAM,CAAC,EAAE,CAAC,YAAY,YAAY,UAAU,EAAE,qCAAqC,CAAC,CAAC;QAErF,MAAM,aAAa,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,CAAC,EAAE,CAAC,aAAa,YAAY,UAAU,EAAE,uCAAuC,CAAC,CAAC;QACxF,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,YAAY,eAAe,CAAC,EAAE,gDAAgD,CAAC,CAAC;IAC3G,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,cAAc,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,MAAM,CAAC,OAAO,CAClB,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAC,EAClD,CAAC,KAAY,EAAE,EAAE;YACf,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,MAAM,CAAC,OAAO,CAClB,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC,EACvE,CAAC,KAAY,EAAE,EAAE;YACf,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,wEAAwE;AACxE,2DAA2D;AAC3D,wEAAwE;AAExE,QAAQ,CAAC,iDAAiD,EAAE,GAAG,EAAE;IAC/D,IAAI,2BAA2B,GAAG,KAAK,CAAC;IACxC,MAAM,qBAAqB,GAAG,yBAAyB,EAAE,CAAC;IAC1D,MAAM,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;IAE1D,MAAM,CAAC,GAAG,EAAE;QACV,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACzC,EAAE,CAAC,YAAY,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC;YACpD,2BAA2B,GAAG,IAAI,CAAC;YACnC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,IAAI,2BAA2B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9D,IAAI,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;gBACzC,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;YACvC,CAAC;YACD,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,IAAI,iBAAiB,EAAE,EAAE,CAAC;YACxB,kBAAkB,EAAE,CAAC;QACvB,CAAC;QAED,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,MAAM,CAAC;gBACtB,YAAY,EAAE,UAAU;gBACxB,aAAa,EAAE,SAAS;aACzB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,YAAY,IAAI,CAAC,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBAC/F,OAAO,CAAC,GAAG,CAAC,0FAA0F,CAAC,CAAC;gBACxG,OAAO,CAAC,uBAAuB;YACjC,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,6BAA6B;QAC7B,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,iCAAiC,CAAC,CAAC;QACnE,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,8CAA8C,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACzH,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;QACzD,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,sCAAsC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAC3D,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,YAAY,IAAI,EAAE,8BAA8B,CAAC,CAAC;QAChF,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC,EAAE,0CAA0C,CAAC,CAAC;QAEnF,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,WAAW,GAAG,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,oBAAoB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;QAE1D,+CAA+C;QAC/C,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "1id",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Hardware-anchored identity SDK for AI agents -- 1id.com",
|
|
5
|
+
"keywords": [
|
|
6
|
+
"identity",
|
|
7
|
+
"ai",
|
|
8
|
+
"agent",
|
|
9
|
+
"tpm",
|
|
10
|
+
"hardware",
|
|
11
|
+
"oidc",
|
|
12
|
+
"oauth2",
|
|
13
|
+
"sybil",
|
|
14
|
+
"1id"
|
|
15
|
+
],
|
|
16
|
+
"homepage": "https://1id.com",
|
|
17
|
+
"repository": {
|
|
18
|
+
"type": "git",
|
|
19
|
+
"url": "https://github.com/AuraFriday/oneid-node.git"
|
|
20
|
+
},
|
|
21
|
+
"bugs": {
|
|
22
|
+
"url": "https://github.com/AuraFriday/oneid-node/issues"
|
|
23
|
+
},
|
|
24
|
+
"license": "Apache-2.0",
|
|
25
|
+
"author": "Christopher Drake <chris@1id.com>",
|
|
26
|
+
"type": "module",
|
|
27
|
+
"main": "./dist/index.js",
|
|
28
|
+
"types": "./dist/index.d.ts",
|
|
29
|
+
"exports": {
|
|
30
|
+
".": {
|
|
31
|
+
"import": "./dist/index.js",
|
|
32
|
+
"types": "./dist/index.d.ts"
|
|
33
|
+
}
|
|
34
|
+
},
|
|
35
|
+
"files": [
|
|
36
|
+
"dist",
|
|
37
|
+
"LICENSE",
|
|
38
|
+
"README.md"
|
|
39
|
+
],
|
|
40
|
+
"engines": {
|
|
41
|
+
"node": ">=18.0.0"
|
|
42
|
+
},
|
|
43
|
+
"scripts": {
|
|
44
|
+
"build": "tsc",
|
|
45
|
+
"clean": "node -e \"const fs=require('fs'); fs.rmSync('dist',{recursive:true,force:true})\"",
|
|
46
|
+
"prepublishOnly": "npm run clean && npm run build",
|
|
47
|
+
"test": "node --test dist/test/test_declared_enrollment.js",
|
|
48
|
+
"test:src": "npx tsc && node --test dist/test/test_declared_enrollment.js"
|
|
49
|
+
},
|
|
50
|
+
"devDependencies": {
|
|
51
|
+
"typescript": "^5.4"
|
|
52
|
+
}
|
|
53
|
+
}
|