1id 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.d.ts +21 -13
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +126 -19
- package/dist/auth.js.map +1 -1
- package/dist/client.d.ts +5 -0
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +9 -0
- package/dist/client.js.map +1 -1
- package/dist/credentials.d.ts +2 -0
- package/dist/credentials.d.ts.map +1 -1
- package/dist/credentials.js +4 -0
- package/dist/credentials.js.map +1 -1
- package/dist/devices.d.ts +76 -0
- package/dist/devices.d.ts.map +1 -0
- package/dist/devices.js +103 -0
- package/dist/devices.js.map +1 -0
- package/dist/exceptions.d.ts +14 -0
- package/dist/exceptions.d.ts.map +1 -1
- package/dist/exceptions.js +19 -0
- package/dist/exceptions.js.map +1 -1
- package/dist/index.d.ts +43 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +52 -4
- package/dist/index.js.map +1 -1
- package/dist/test/test_peer_verification.d.ts +15 -0
- package/dist/test/test_peer_verification.d.ts.map +1 -0
- package/dist/test/test_peer_verification.js +481 -0
- package/dist/test/test_peer_verification.js.map +1 -0
- package/dist/trustRoots.d.ts +38 -0
- package/dist/trustRoots.d.ts.map +1 -0
- package/dist/trustRoots.js +145 -0
- package/dist/trustRoots.js.map +1 -0
- package/dist/verify.d.ts +71 -0
- package/dist/verify.d.ts.map +1 -0
- package/dist/verify.js +315 -0
- package/dist/verify.js.map +1 -0
- package/dist/world.d.ts +83 -0
- package/dist/world.d.ts.map +1 -0
- package/dist/world.js +122 -0
- package/dist/world.js.map +1 -0
- package/package.json +1 -1
package/dist/exceptions.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACnC,SAAgB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;gBAE9B,OAAO,GAAE,MAA2C,EAAE,UAAU,GAAE,MAAM,GAAG,IAAW;CAOnG;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,UAAU;gBACjC,OAAO,GAAE,MAA4B,EAAE,UAAU,GAAE,MAAM,GAAG,IAAW;CAIpF;AAED;;GAEG;AACH,qBAAa,UAAW,SAAQ,eAAe;gBACjC,OAAO,GAAE,MAA4C;CAIlE;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,eAAe;gBACrC,OAAO,GAAE,MAAuC;CAI7D;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,eAAe;gBACrC,OAAO,GAAE,MAAsC;CAI5D;AAED;;;;;;;;;GASG;AACH,qBAAa,qBAAsB,SAAQ,eAAe;gBAC5C,OAAO,GAAE,MAA2D;CAIjF;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,eAAe;gBAC3C,OAAO,GAAE,MAAiE;CAIvF;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,eAAe;gBACvC,OAAO,GAAE,MAA6C;CAInE;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,eAAe;gBACzC,OAAO,GAAE,MAAiD;CAIvE;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,eAAe;gBACzC,OAAO,GAAE,MAAgE;CAItF;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;gBACrC,OAAO,GAAE,MAAgC;CAItD;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,UAAU;gBAC9B,OAAO,GAAE,MAAkC;CAIxD;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,UAAU;gBAClC,OAAO,GAAE,MAAoD;CAI1E;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;gBACrC,OAAO,GAAE,MAAoE;CAI1F;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,eAAe;gBAC7C,OAAO,GAAE,MAA8D;CAIpF;
|
|
1
|
+
{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACnC,SAAgB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;gBAE9B,OAAO,GAAE,MAA2C,EAAE,UAAU,GAAE,MAAM,GAAG,IAAW;CAOnG;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,UAAU;gBACjC,OAAO,GAAE,MAA4B,EAAE,UAAU,GAAE,MAAM,GAAG,IAAW;CAIpF;AAED;;GAEG;AACH,qBAAa,UAAW,SAAQ,eAAe;gBACjC,OAAO,GAAE,MAA4C;CAIlE;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,eAAe;gBACrC,OAAO,GAAE,MAAuC;CAI7D;AAED;;GAEG;AACH,qBAAa,cAAe,SAAQ,eAAe;gBACrC,OAAO,GAAE,MAAsC;CAI5D;AAED;;;;;;;;;GASG;AACH,qBAAa,qBAAsB,SAAQ,eAAe;gBAC5C,OAAO,GAAE,MAA2D;CAIjF;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,eAAe;gBAC3C,OAAO,GAAE,MAAiE;CAIvF;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,eAAe;gBACvC,OAAO,GAAE,MAA6C;CAInE;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,eAAe;gBACzC,OAAO,GAAE,MAAiD;CAIvE;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,eAAe;gBACzC,OAAO,GAAE,MAAgE;CAItF;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;gBACrC,OAAO,GAAE,MAAgC;CAItD;AAED;;;;;;;;;;GAUG;AACH,qBAAa,6BAA8B,SAAQ,mBAAmB;gBACxD,OAAO,GAAE,MAAqE;CAK3F;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,UAAU;gBAC9B,OAAO,GAAE,MAAkC;CAIxD;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,UAAU;gBAClC,OAAO,GAAE,MAAoD;CAI1E;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;gBACrC,OAAO,GAAE,MAAoE;CAI1F;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,eAAe;gBAC7C,OAAO,GAAE,MAA8D;CAIpF;AAeD;;GAEG;AACH,wBAAgB,gCAAgC,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,KAAK,CAGjG"}
|
package/dist/exceptions.js
CHANGED
|
@@ -127,6 +127,24 @@ export class AuthenticationError extends OneIDError {
|
|
|
127
127
|
this.name = "AuthenticationError";
|
|
128
128
|
}
|
|
129
129
|
}
|
|
130
|
+
/**
|
|
131
|
+
* Hardware device required for authentication but not detected or not responding.
|
|
132
|
+
*
|
|
133
|
+
* Raised by get_token() when the identity's trust_tier is hardware-backed
|
|
134
|
+
* (sovereign, portable, virtual) but the physical TPM or PIV device is
|
|
135
|
+
* absent, inaccessible, or the challenge-response signing failed.
|
|
136
|
+
*
|
|
137
|
+
* This is an intentional security property: credentials.json for a
|
|
138
|
+
* hardware-tier identity is useless without the physical device.
|
|
139
|
+
* get_token() never falls back to bare client_credentials for hardware tiers.
|
|
140
|
+
*/
|
|
141
|
+
export class HardwareDeviceNotPresentError extends AuthenticationError {
|
|
142
|
+
constructor(message = "Hardware device required but not present or not responding") {
|
|
143
|
+
super(message);
|
|
144
|
+
this.name = "HardwareDeviceNotPresentError";
|
|
145
|
+
this.error_code = "HARDWARE_DEVICE_NOT_PRESENT";
|
|
146
|
+
}
|
|
147
|
+
}
|
|
130
148
|
/**
|
|
131
149
|
* Could not reach the 1id.com API server.
|
|
132
150
|
*/
|
|
@@ -173,6 +191,7 @@ const SERVER_ERROR_CODE_TO_EXCEPTION_CLASS = {
|
|
|
173
191
|
"HANDLE_RETIRED": HandleRetiredError,
|
|
174
192
|
"RATE_LIMIT_EXCEEDED": RateLimitExceededError,
|
|
175
193
|
"RATE_LIMITED": RateLimitExceededError,
|
|
194
|
+
"HARDWARE_PROOF_REQUIRED": HardwareDeviceNotPresentError,
|
|
176
195
|
};
|
|
177
196
|
/**
|
|
178
197
|
* Raise the appropriate exception for a server error response.
|
package/dist/exceptions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnB,UAAU,CAAgB;IAE1C,YAAY,UAAkB,kCAAkC,EAAE,aAA4B,IAAI;QAChG,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,sFAAsF;QACtF,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,eAAgB,SAAQ,UAAU;IAC7C,YAAY,UAAkB,mBAAmB,EAAE,aAA4B,IAAI;QACjF,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,eAAe;IAC7C,YAAY,UAAkB,mCAAmC;QAC/D,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;IAC3B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IACjD,YAAY,UAAkB,8BAA8B;QAC1D,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IACjD,YAAY,UAAkB,6BAA6B;QACzD,KAAK,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,qBAAsB,SAAQ,eAAe;IACxD,YAAY,UAAkB,kDAAkD;QAC9E,KAAK,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,eAAe;IACvD,YAAY,UAAkB,wDAAwD;QACpF,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,YAAY,UAAkB,oCAAoC;QAChE,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IACrD,YAAY,UAAkB,wCAAwC;QACpE,KAAK,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IACrD,YAAY,UAAkB,uDAAuD;QACnF,KAAK,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,YAAY,UAAkB,uBAAuB;QACnD,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,UAAU;IAC1C,YAAY,UAAkB,yBAAyB;QACrD,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,UAAU;IAC9C,YAAY,UAAkB,2CAA2C;QACvE,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,YAAY,UAAkB,2DAA2D;QACvF,KAAK,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IACzD,YAAY,UAAkB,qDAAqD;QACjF,KAAK,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,iEAAiE;AACjE,MAAM,oCAAoC,GAAwD;IAChG,uBAAuB,EAAE,oBAAoB;IAC7C,iBAAiB,EAAE,eAAe;IAClC,yBAAyB,EAAE,eAAe;IAC1C,cAAc,EAAE,gBAAgB;IAChC,gBAAgB,EAAE,kBAAkB;IACpC,gBAAgB,EAAE,kBAAkB;IACpC,qBAAqB,EAAE,sBAAsB;IAC7C,cAAc,EAAE,sBAAsB;
|
|
1
|
+
{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../src/exceptions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IACnB,UAAU,CAAgB;IAE1C,YAAY,UAAkB,kCAAkC,EAAE,aAA4B,IAAI;QAChG,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,sFAAsF;QACtF,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,eAAgB,SAAQ,UAAU;IAC7C,YAAY,UAAkB,mBAAmB,EAAE,aAA4B,IAAI;QACjF,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,eAAe;IAC7C,YAAY,UAAkB,mCAAmC;QAC/D,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;IAC3B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IACjD,YAAY,UAAkB,8BAA8B;QAC1D,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,eAAe;IACjD,YAAY,UAAkB,6BAA6B;QACzD,KAAK,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAED;;;;;;;;;GASG;AACH,MAAM,OAAO,qBAAsB,SAAQ,eAAe;IACxD,YAAY,UAAkB,kDAAkD;QAC9E,KAAK,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,oBAAqB,SAAQ,eAAe;IACvD,YAAY,UAAkB,wDAAwD;QACpF,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,YAAY,UAAkB,oCAAoC;QAChE,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IACrD,YAAY,UAAkB,wCAAwC;QACpE,KAAK,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IACrD,YAAY,UAAkB,uDAAuD;QACnF,KAAK,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,YAAY,UAAkB,uBAAuB;QACnD,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;;;;;;;;;GAUG;AACH,MAAM,OAAO,6BAA8B,SAAQ,mBAAmB;IACpE,YAAY,UAAkB,4DAA4D;QACxF,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,+BAA+B,CAAC;QAC3C,IAAsC,CAAC,UAAU,GAAG,6BAA6B,CAAC;IACrF,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,UAAU;IAC1C,YAAY,UAAkB,yBAAyB;QACrD,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,UAAU;IAC9C,YAAY,UAAkB,2CAA2C;QACvE,KAAK,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,UAAU;IACjD,YAAY,UAAkB,2DAA2D;QACvF,KAAK,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IACzD,YAAY,UAAkB,qDAAqD;QACjF,KAAK,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED,iEAAiE;AACjE,MAAM,oCAAoC,GAAwD;IAChG,uBAAuB,EAAE,oBAAoB;IAC7C,iBAAiB,EAAE,eAAe;IAClC,yBAAyB,EAAE,eAAe;IAC1C,cAAc,EAAE,gBAAgB;IAChC,gBAAgB,EAAE,kBAAkB;IACpC,gBAAgB,EAAE,kBAAkB;IACpC,qBAAqB,EAAE,sBAAsB;IAC7C,cAAc,EAAE,sBAAsB;IACtC,yBAAyB,EAAE,6BAA6B;CACzD,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAAC,UAAkB,EAAE,aAAqB;IACxF,MAAM,cAAc,GAAG,oCAAoC,CAAC,UAAU,CAAC,IAAI,eAAe,CAAC;IAC3F,MAAM,IAAI,cAAc,CAAC,aAAa,CAAC,CAAC;AAC1C,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -16,15 +16,22 @@
|
|
|
16
16
|
* The SDK auto-detects your hardware (TPM, YubiKey, Secure Enclave)
|
|
17
17
|
* and enrolls at the highest available trust tier.
|
|
18
18
|
*/
|
|
19
|
-
import { clear_cached_token, get_token, authenticate_with_tpm } from "./auth.js";
|
|
19
|
+
import { clear_cached_token, get_token, authenticate_with_tpm, authenticate_with_piv } from "./auth.js";
|
|
20
20
|
import { credentials_exist } from "./credentials.js";
|
|
21
21
|
import { enroll, type EnrollOptions } from "./enroll.js";
|
|
22
22
|
import { sign_challenge_with_private_key } from "./keys.js";
|
|
23
23
|
import { DEFAULT_KEY_ALGORITHM, HSMType, type Identity, KeyAlgorithm, type Token, TrustTier, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string } from "./identity.js";
|
|
24
|
-
|
|
24
|
+
import { invalidate_world_cache, type WorldStatus, type WorldIdentitySection, type WorldDeviceEntry, type WorldServiceEntry, type WorldGuidanceItem, type WorldOperatorGuidance } from "./world.js";
|
|
25
|
+
import { listDevices, lockHardware, registerOperatorEmail, type DeviceInfo, type DeviceListResult, type HardwareLockResult } from "./devices.js";
|
|
26
|
+
import { signChallenge, verifyPeerIdentity, PeerVerificationError, CertificateChainValidationError, SignatureVerificationError, MissingIdentityCertificateError, type IdentityProofBundle, type VerifiedPeerIdentity } from "./verify.js";
|
|
27
|
+
import { refresh_trust_roots, get_trust_roots } from "./trustRoots.js";
|
|
28
|
+
export { OneIDError, EnrollmentError, NoHSMError, UACDeniedError, HSMAccessError, TPMSetupRequiredError, AlreadyEnrolledError, HandleTakenError, HandleInvalidError, HandleRetiredError, AuthenticationError, HardwareDeviceNotPresentError, NetworkError, NotEnrolledError, BinaryNotFoundError, RateLimitExceededError, } from "./exceptions.js";
|
|
25
29
|
export { TrustTier, KeyAlgorithm, HSMType, DEFAULT_KEY_ALGORITHM, type Identity, type Token, type EnrollOptions, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string, };
|
|
30
|
+
export { type WorldStatus, type WorldIdentitySection, type WorldDeviceEntry, type WorldServiceEntry, type WorldGuidanceItem, type WorldOperatorGuidance, invalidate_world_cache, };
|
|
31
|
+
export { type DeviceInfo, type DeviceListResult, type HardwareLockResult, };
|
|
32
|
+
export { signChallenge, verifyPeerIdentity, refresh_trust_roots, get_trust_roots, PeerVerificationError, CertificateChainValidationError, SignatureVerificationError, MissingIdentityCertificateError, type IdentityProofBundle, type VerifiedPeerIdentity, };
|
|
26
33
|
/** SDK version string. */
|
|
27
|
-
export declare const VERSION = "0.
|
|
34
|
+
export declare const VERSION = "0.6.1";
|
|
28
35
|
/**
|
|
29
36
|
* Check the current enrolled identity.
|
|
30
37
|
*
|
|
@@ -39,6 +46,7 @@ export interface GetOrCreateIdentityOptions {
|
|
|
39
46
|
operator_email?: string | null;
|
|
40
47
|
requested_handle?: string | null;
|
|
41
48
|
api_base_url?: string;
|
|
49
|
+
get_only?: boolean;
|
|
42
50
|
}
|
|
43
51
|
/**
|
|
44
52
|
* Get your existing 1ID identity, or create one if you don't have one yet.
|
|
@@ -48,8 +56,29 @@ export interface GetOrCreateIdentityOptions {
|
|
|
48
56
|
*
|
|
49
57
|
* If you've already enrolled, returns your existing identity instantly
|
|
50
58
|
* (no network call). If not, enrolls at the best available trust tier.
|
|
59
|
+
*
|
|
60
|
+
* Pass get_only: true when you want to recover context without risking
|
|
61
|
+
* a new enrollment. This is useful for agents resuming after a restart:
|
|
62
|
+
* const id = await oneid.getOrCreateIdentity({ get_only: true });
|
|
63
|
+
*
|
|
64
|
+
* @throws NotEnrolledError if get_only is true and no credentials exist.
|
|
51
65
|
*/
|
|
52
66
|
export declare function getOrCreateIdentity(options?: GetOrCreateIdentityOptions): Promise<Identity>;
|
|
67
|
+
/**
|
|
68
|
+
* Get the full picture of your 1ID identity and connected services.
|
|
69
|
+
*
|
|
70
|
+
* Calls the server's world endpoint with your Bearer token and returns
|
|
71
|
+
* everything: identity, devices, connected services, available services,
|
|
72
|
+
* and operator guidance.
|
|
73
|
+
*
|
|
74
|
+
* Results are cached for 5 minutes. Call invalidate_world_cache() to force a fresh fetch.
|
|
75
|
+
*
|
|
76
|
+
* @returns WorldStatus with complete identity state.
|
|
77
|
+
* @throws NotEnrolledError if no credentials exist.
|
|
78
|
+
* @throws NetworkError if the server cannot be reached.
|
|
79
|
+
* @throws AuthenticationError if the token is invalid or expired.
|
|
80
|
+
*/
|
|
81
|
+
export declare function status(): Promise<WorldStatus>;
|
|
53
82
|
/**
|
|
54
83
|
* Force-refresh the cached OAuth2 token.
|
|
55
84
|
*
|
|
@@ -82,10 +111,11 @@ export declare function setup_tbs(): Promise<boolean>;
|
|
|
82
111
|
* @throws Error if mode is not 'sd-jwt' or 'direct'.
|
|
83
112
|
*/
|
|
84
113
|
export declare function record_privacy_consent(mode?: string): void;
|
|
85
|
-
export { enroll, get_token as getToken, get_token, clear_cached_token, authenticate_with_tpm, credentials_exist, sign_challenge_with_private_key, };
|
|
114
|
+
export { enroll, get_token as getToken, get_token, clear_cached_token, authenticate_with_tpm, authenticate_with_piv, credentials_exist, sign_challenge_with_private_key, listDevices, lockHardware, registerOperatorEmail, };
|
|
86
115
|
declare const oneid: {
|
|
87
116
|
enroll: typeof enroll;
|
|
88
117
|
getOrCreateIdentity: typeof getOrCreateIdentity;
|
|
118
|
+
status: typeof status;
|
|
89
119
|
getToken: typeof get_token;
|
|
90
120
|
get_token: typeof get_token;
|
|
91
121
|
whoami: typeof whoami;
|
|
@@ -94,9 +124,18 @@ declare const oneid: {
|
|
|
94
124
|
record_privacy_consent: typeof record_privacy_consent;
|
|
95
125
|
credentials_exist: typeof credentials_exist;
|
|
96
126
|
authenticate_with_tpm: typeof authenticate_with_tpm;
|
|
127
|
+
authenticate_with_piv: typeof authenticate_with_piv;
|
|
97
128
|
sign_challenge_with_private_key: typeof sign_challenge_with_private_key;
|
|
98
129
|
clear_cached_token: typeof clear_cached_token;
|
|
99
130
|
format_identity_as_display_string: typeof format_identity_as_display_string;
|
|
131
|
+
invalidate_world_cache: typeof invalidate_world_cache;
|
|
132
|
+
listDevices: typeof listDevices;
|
|
133
|
+
lockHardware: typeof lockHardware;
|
|
134
|
+
registerOperatorEmail: typeof registerOperatorEmail;
|
|
135
|
+
signChallenge: typeof signChallenge;
|
|
136
|
+
verifyPeerIdentity: typeof verifyPeerIdentity;
|
|
137
|
+
refresh_trust_roots: typeof refresh_trust_roots;
|
|
138
|
+
get_trust_roots: typeof get_trust_roots;
|
|
100
139
|
VERSION: string;
|
|
101
140
|
TrustTier: typeof TrustTier;
|
|
102
141
|
KeyAlgorithm: typeof KeyAlgorithm;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAsC,MAAM,kBAAkB,CAAC;AACzF,OAAO,EAAE,MAAM,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,+BAA+B,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,OAAO,EACP,KAAK,QAAQ,EACb,YAAY,EACZ,KAAK,KAAK,EACV,SAAS,EACT,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,EAClC,MAAM,eAAe,CAAC;AACvB,OAAO,EAEL,sBAAsB,EACtB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC3B,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,qBAAqB,EACrB,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACxB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,qBAAqB,EACrB,+BAA+B,EAC/B,0BAA0B,EAC1B,+BAA+B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAGvE,OAAO,EACL,UAAU,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,EAC7B,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,OAAO,EACP,qBAAqB,EACrB,KAAK,QAAQ,EACb,KAAK,KAAK,EACV,KAAK,aAAa,EAClB,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,CAAC;AAGF,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,EAC1B,sBAAsB,GACvB,CAAC;AAGF,OAAO,EACL,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,CAAC;AAGF,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,qBAAqB,EACrB,+BAA+B,EAC/B,0BAA0B,EAC1B,+BAA+B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,CAAC;AAEF,0BAA0B;AAC1B,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B;;;;;;;GAOG;AACH,wBAAgB,MAAM,IAAI,QAAQ,CAoDjC;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,QAAQ,CAAC,CAqBnB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,CAEnD;AAED;;;;;GAKG;AACH,wBAAgB,OAAO,IAAI,IAAI,CAE9B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAIlD;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,GAAE,MAAiB,GAAG,IAAI,CASpE;AAGD,OAAO,EACL,MAAM,EACN,SAAS,IAAI,QAAQ,EACrB,SAAS,EACT,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,iBAAiB,EACjB,+BAA+B,EAC/B,WAAW,EACX,YAAY,EACZ,qBAAqB,GACtB,CAAC;AAEF,QAAA,MAAM,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BV,CAAC;AAEF,eAAe,KAAK,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -16,17 +16,25 @@
|
|
|
16
16
|
* The SDK auto-detects your hardware (TPM, YubiKey, Secure Enclave)
|
|
17
17
|
* and enrolls at the highest available trust tier.
|
|
18
18
|
*/
|
|
19
|
-
import { clear_cached_token, get_token, authenticate_with_tpm } from "./auth.js";
|
|
19
|
+
import { clear_cached_token, get_token, authenticate_with_tpm, authenticate_with_piv } from "./auth.js";
|
|
20
20
|
import { credentials_exist, load_credentials, save_credentials } from "./credentials.js";
|
|
21
21
|
import { enroll } from "./enroll.js";
|
|
22
22
|
import { sign_challenge_with_private_key } from "./keys.js";
|
|
23
23
|
import { DEFAULT_KEY_ALGORITHM, HSMType, KeyAlgorithm, TrustTier, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string, } from "./identity.js";
|
|
24
|
+
import { fetch_world_status_from_server, invalidate_world_cache, } from "./world.js";
|
|
25
|
+
import { listDevices, lockHardware, registerOperatorEmail, } from "./devices.js";
|
|
26
|
+
import { signChallenge, verifyPeerIdentity, PeerVerificationError, CertificateChainValidationError, SignatureVerificationError, MissingIdentityCertificateError, } from "./verify.js";
|
|
27
|
+
import { refresh_trust_roots, get_trust_roots } from "./trustRoots.js";
|
|
24
28
|
// Re-export all exception classes
|
|
25
|
-
export { OneIDError, EnrollmentError, NoHSMError, UACDeniedError, HSMAccessError, TPMSetupRequiredError, AlreadyEnrolledError, HandleTakenError, HandleInvalidError, HandleRetiredError, AuthenticationError, NetworkError, NotEnrolledError, BinaryNotFoundError, RateLimitExceededError, } from "./exceptions.js";
|
|
29
|
+
export { OneIDError, EnrollmentError, NoHSMError, UACDeniedError, HSMAccessError, TPMSetupRequiredError, AlreadyEnrolledError, HandleTakenError, HandleInvalidError, HandleRetiredError, AuthenticationError, HardwareDeviceNotPresentError, NetworkError, NotEnrolledError, BinaryNotFoundError, RateLimitExceededError, } from "./exceptions.js";
|
|
26
30
|
// Re-export types and enums
|
|
27
31
|
export { TrustTier, KeyAlgorithm, HSMType, DEFAULT_KEY_ALGORITHM, this_token_has_not_yet_expired, format_authorization_header_value, format_identity_as_display_string, };
|
|
32
|
+
// Re-export world/status types
|
|
33
|
+
export { invalidate_world_cache, };
|
|
34
|
+
// Re-export peer verification types and functions
|
|
35
|
+
export { signChallenge, verifyPeerIdentity, refresh_trust_roots, get_trust_roots, PeerVerificationError, CertificateChainValidationError, SignatureVerificationError, MissingIdentityCertificateError, };
|
|
28
36
|
/** SDK version string. */
|
|
29
|
-
export const VERSION = "0.
|
|
37
|
+
export const VERSION = "0.6.1";
|
|
30
38
|
/**
|
|
31
39
|
* Check the current enrolled identity.
|
|
32
40
|
*
|
|
@@ -94,11 +102,24 @@ export function whoami() {
|
|
|
94
102
|
*
|
|
95
103
|
* If you've already enrolled, returns your existing identity instantly
|
|
96
104
|
* (no network call). If not, enrolls at the best available trust tier.
|
|
105
|
+
*
|
|
106
|
+
* Pass get_only: true when you want to recover context without risking
|
|
107
|
+
* a new enrollment. This is useful for agents resuming after a restart:
|
|
108
|
+
* const id = await oneid.getOrCreateIdentity({ get_only: true });
|
|
109
|
+
*
|
|
110
|
+
* @throws NotEnrolledError if get_only is true and no credentials exist.
|
|
97
111
|
*/
|
|
98
112
|
export async function getOrCreateIdentity(options) {
|
|
99
113
|
if (credentials_exist()) {
|
|
100
114
|
return whoami();
|
|
101
115
|
}
|
|
116
|
+
if (options?.get_only) {
|
|
117
|
+
const { NotEnrolledError: NotEnrolled } = await import("./exceptions.js");
|
|
118
|
+
throw new NotEnrolled("No 1ID identity found on this machine. " +
|
|
119
|
+
"You passed get_only: true, so no new enrollment was attempted. " +
|
|
120
|
+
"Call getOrCreateIdentity() without get_only to enroll, " +
|
|
121
|
+
"or call enroll() directly.");
|
|
122
|
+
}
|
|
102
123
|
return enroll({
|
|
103
124
|
display_name: options?.display_name ?? null,
|
|
104
125
|
operator_email: options?.operator_email ?? null,
|
|
@@ -106,6 +127,23 @@ export async function getOrCreateIdentity(options) {
|
|
|
106
127
|
api_base_url: options?.api_base_url,
|
|
107
128
|
});
|
|
108
129
|
}
|
|
130
|
+
/**
|
|
131
|
+
* Get the full picture of your 1ID identity and connected services.
|
|
132
|
+
*
|
|
133
|
+
* Calls the server's world endpoint with your Bearer token and returns
|
|
134
|
+
* everything: identity, devices, connected services, available services,
|
|
135
|
+
* and operator guidance.
|
|
136
|
+
*
|
|
137
|
+
* Results are cached for 5 minutes. Call invalidate_world_cache() to force a fresh fetch.
|
|
138
|
+
*
|
|
139
|
+
* @returns WorldStatus with complete identity state.
|
|
140
|
+
* @throws NotEnrolledError if no credentials exist.
|
|
141
|
+
* @throws NetworkError if the server cannot be reached.
|
|
142
|
+
* @throws AuthenticationError if the token is invalid or expired.
|
|
143
|
+
*/
|
|
144
|
+
export async function status() {
|
|
145
|
+
return fetch_world_status_from_server();
|
|
146
|
+
}
|
|
109
147
|
/**
|
|
110
148
|
* Force-refresh the cached OAuth2 token.
|
|
111
149
|
*
|
|
@@ -153,10 +191,11 @@ export function record_privacy_consent(mode = "sd-jwt") {
|
|
|
153
191
|
save_credentials(creds);
|
|
154
192
|
}
|
|
155
193
|
// Re-export core functions
|
|
156
|
-
export { enroll, get_token as getToken, get_token, clear_cached_token, authenticate_with_tpm, credentials_exist, sign_challenge_with_private_key, };
|
|
194
|
+
export { enroll, get_token as getToken, get_token, clear_cached_token, authenticate_with_tpm, authenticate_with_piv, credentials_exist, sign_challenge_with_private_key, listDevices, lockHardware, registerOperatorEmail, };
|
|
157
195
|
const oneid = {
|
|
158
196
|
enroll,
|
|
159
197
|
getOrCreateIdentity,
|
|
198
|
+
status,
|
|
160
199
|
getToken: get_token,
|
|
161
200
|
get_token,
|
|
162
201
|
whoami,
|
|
@@ -165,9 +204,18 @@ const oneid = {
|
|
|
165
204
|
record_privacy_consent,
|
|
166
205
|
credentials_exist,
|
|
167
206
|
authenticate_with_tpm,
|
|
207
|
+
authenticate_with_piv,
|
|
168
208
|
sign_challenge_with_private_key,
|
|
169
209
|
clear_cached_token,
|
|
170
210
|
format_identity_as_display_string,
|
|
211
|
+
invalidate_world_cache,
|
|
212
|
+
listDevices,
|
|
213
|
+
lockHardware,
|
|
214
|
+
registerOperatorEmail,
|
|
215
|
+
signChallenge,
|
|
216
|
+
verifyPeerIdentity,
|
|
217
|
+
refresh_trust_roots,
|
|
218
|
+
get_trust_roots,
|
|
171
219
|
VERSION,
|
|
172
220
|
TrustTier,
|
|
173
221
|
KeyAlgorithm,
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzF,OAAO,EAAE,MAAM,EAAsB,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,+BAA+B,EAAE,MAAM,WAAW,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,OAAO,EAEP,YAAY,EAEZ,SAAS,EACT,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,8BAA8B,EAC9B,sBAAsB,GAOvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,qBAAqB,GAItB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,qBAAqB,EACrB,+BAA+B,EAC/B,0BAA0B,EAC1B,+BAA+B,GAGhC,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAEvE,kCAAkC;AAClC,OAAO,EACL,UAAU,EACV,eAAe,EACf,UAAU,EACV,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,EAC7B,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AAEzB,4BAA4B;AAC5B,OAAO,EACL,SAAS,EACT,YAAY,EACZ,OAAO,EACP,qBAAqB,EAIrB,8BAA8B,EAC9B,iCAAiC,EACjC,iCAAiC,GAClC,CAAC;AAEF,+BAA+B;AAC/B,OAAO,EAOL,sBAAsB,GACvB,CAAC;AASF,kDAAkD;AAClD,OAAO,EACL,aAAa,EACb,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,qBAAqB,EACrB,+BAA+B,EAC/B,0BAA0B,EAC1B,+BAA+B,GAGhC,CAAC;AAEF,0BAA0B;AAC1B,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B;;;;;;;GAOG;AACH,MAAM,UAAU,MAAM;IACpB,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IAEjC,qBAAqB;IACrB,IAAI,UAAqB,CAAC;IAC1B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAa,CAAC;IACzD,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,UAAU,GAAG,KAAK,CAAC,UAAuB,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,wBAAwB;IACxB,IAAI,aAA2B,CAAC;IAChC,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAa,CAAC;IACjE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACnD,aAAa,GAAG,KAAK,CAAC,aAA6B,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,qBAAqB,CAAC;IACxC,CAAC;IAED,oBAAoB;IACpB,IAAI,WAAiB,CAAC;IACtB,IAAI,CAAC;QACH,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;IACpC,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;IAE7E,sCAAsC;IACtC,IAAI,QAAQ,GAAmB,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,eAAe,IAAI,IAAI,EAAE,CAAC;QAClC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC;QAC3C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,OAAO;QACL,WAAW;QACX,MAAM;QACN,UAAU;QACV,QAAQ;QACR,gBAAgB,EAAE,IAAI;QACtB,WAAW;QACX,YAAY,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,aAAa;QACb,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,IAAI,IAAI;QACpD,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,IAAI;KACzC,CAAC;AACJ,CAAC;AAUD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAoC;IAEpC,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtB,MAAM,EAAE,gBAAgB,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC1E,MAAM,IAAI,WAAW,CACnB,yCAAyC;YACzC,iEAAiE;YACjE,yDAAyD;YACzD,4BAA4B,CAC7B,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;QACZ,YAAY,EAAE,OAAO,EAAE,YAAY,IAAI,IAAI;QAC3C,cAAc,EAAE,OAAO,EAAE,cAAc,IAAI,IAAI;QAC/C,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,IAAI,IAAI;QACnD,YAAY,EAAE,OAAO,EAAE,YAAY;KACpC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,MAAM;IAC1B,OAAO,8BAA8B,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,OAAO;IACrB,kBAAkB,EAAE,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,EAAE,kCAAkC,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,MAAM,kCAAkC,EAAE,CAAC;IAC1D,OAAQ,MAAM,CAAC,EAAc,IAAI,KAAK,CAAC;AACzC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe,QAAQ;IAC5D,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,kCAAkC,CAAC,CAAC;IACvF,CAAC;IAED,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,KAAK,CAAC,wBAAwB,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1D,KAAK,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACtC,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED,2BAA2B;AAC3B,OAAO,EACL,MAAM,EACN,SAAS,IAAI,QAAQ,EACrB,SAAS,EACT,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,iBAAiB,EACjB,+BAA+B,EAC/B,WAAW,EACX,YAAY,EACZ,qBAAqB,GACtB,CAAC;AAEF,MAAM,KAAK,GAAG;IACZ,MAAM;IACN,mBAAmB;IACnB,MAAM;IACN,QAAQ,EAAE,SAAS;IACnB,SAAS;IACT,MAAM;IACN,OAAO;IACP,SAAS;IACT,sBAAsB;IACtB,iBAAiB;IACjB,qBAAqB;IACrB,qBAAqB;IACrB,+BAA+B;IAC/B,kBAAkB;IAClB,iCAAiC;IACjC,sBAAsB;IACtB,WAAW;IACX,YAAY;IACZ,qBAAqB;IACrB,aAAa;IACb,kBAAkB;IAClB,mBAAmB;IACnB,eAAe;IACf,OAAO;IACP,SAAS;IACT,YAAY;IACZ,OAAO;IACP,qBAAqB;CACtB,CAAC;AAEF,eAAe,KAAK,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tests 42-48: Peer Identity Verification (Milestone 9)
|
|
3
|
+
*
|
|
4
|
+
* 42. Proof bundle (sovereign) -- requires TPM hardware, marked TODO
|
|
5
|
+
* 43. Proof bundle (portable) -- requires YubiKey hardware, marked TODO
|
|
6
|
+
* 44. Proof bundle (declared) -- software key, fully testable offline
|
|
7
|
+
* 45. Trust root caching -- GET /api/v1/trust/roots + local cache
|
|
8
|
+
* 46. Replay resistance -- reused nonce with different verifier context
|
|
9
|
+
* 47. Tamper detection -- modified proof bundle fails validation
|
|
10
|
+
* 48. Certificate issuance during enrollment -- requires live server
|
|
11
|
+
*
|
|
12
|
+
* Run with: node --test dist/test/test_peer_verification.js
|
|
13
|
+
*/
|
|
14
|
+
export {};
|
|
15
|
+
//# sourceMappingURL=test_peer_verification.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"test_peer_verification.d.ts","sourceRoot":"","sources":["../../src/test/test_peer_verification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG"}
|