npm - @bcts/xid - Versions diffs - 1.0.0-alpha.12 → 1.0.0-alpha.13 - Mend

@bcts/xid 1.0.0-alpha.12 → 1.0.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.cjs CHANGED Viewed

@@ -1,6 +1,6 @@
+let _bcts_components = require("@bcts/components");
 let _bcts_known_values = require("@bcts/known-values");
 let _bcts_envelope = require("@bcts/envelope");
-let _bcts_components = require("@bcts/components");
 let _bcts_provenance_mark = require("@bcts/provenance-mark");
 let _bcts_dcbor = require("@bcts/dcbor");
@@ -577,14 +577,14 @@ let XIDPrivateKeyOptions = /* @__PURE__ */ function(XIDPrivateKeyOptions$1) {
 * Represents a key in an XID document.
 */
 var Key = class Key {
-	_publicKeyBase;
-	_privateKeys;
+	_publicKeys;
+	_privateKeyData;
 	_nickname;
 	_endpoints;
 	_permissions;
-	constructor(publicKeyBase, privateKeys, nickname = "", endpoints = /* @__PURE__ */ new Set(), permissions = Permissions.new()) {
-		this._publicKeyBase = publicKeyBase;
-		this._privateKeys = privateKeys;
+	constructor(publicKeys, privateKeyData, nickname = "", endpoints = /* @__PURE__ */ new Set(), permissions = Permissions.new()) {
+		this._publicKeys = publicKeys;
+		this._privateKeyData = privateKeyData;
 		this._nickname = nickname;
 		this._endpoints = endpoints;
 		this._permissions = permissions;
@@ -592,64 +592,78 @@ var Key = class Key {
 	/**
 	* Create a new Key with only public keys.
 	*/
-	static new(publicKeyBase) {
-		return new Key(publicKeyBase);
+	static new(publicKeys) {
+		return new Key(publicKeys);
 	}
 	/**
 	* Create a new Key with public keys and allow-all permissions.
 	*/
-	static newAllowAll(publicKeyBase) {
-		return new Key(publicKeyBase, void 0, "", /* @__PURE__ */ new Set(), Permissions.newAllowAll());
+	static newAllowAll(publicKeys) {
+		return new Key(publicKeys, void 0, "", /* @__PURE__ */ new Set(), Permissions.newAllowAll());
 	}
 	/**
-	* Create a new Key with private key base.
+	* Create a new Key with private keys.
 	*/
-	static newWithPrivateKeyBase(privateKeyBase) {
+	static newWithPrivateKeys(privateKeys, publicKeys) {
 		const salt = _bcts_components.Salt.random(32);
-		return new Key(privateKeyBase.publicKeys(), {
+		return new Key(publicKeys, {
 			data: {
 				type: "decrypted",
-				privateKeyBase
+				privateKeys
 			},
 			salt
 		}, "", /* @__PURE__ */ new Set(), Permissions.newAllowAll());
 	}
 	/**
-	* Get the public key base.
+	* Create a new Key with private key base (derives keys from it).
+	*/
+	static newWithPrivateKeyBase(privateKeyBase) {
+		const privateKeys = privateKeyBase.ed25519PrivateKeys();
+		const publicKeys = privateKeyBase.ed25519PublicKeys();
+		return Key.newWithPrivateKeys(privateKeys, publicKeys);
+	}
+	/**
+	* Get the public keys.
 	*/
-	publicKeyBase() {
-		return this._publicKeyBase;
+	publicKeys() {
+		return this._publicKeys;
 	}
 	/**
-	* Get the private key base, if available and decrypted.
+	* Get the private keys, if available and decrypted.
 	*/
-	privateKeyBase() {
-		if (this._privateKeys === void 0) return void 0;
-		if (this._privateKeys.data.type === "decrypted") return this._privateKeys.data.privateKeyBase;
+	privateKeys() {
+		if (this._privateKeyData === void 0) return void 0;
+		if (this._privateKeyData.data.type === "decrypted") return this._privateKeyData.data.privateKeys;
 	}
 	/**
 	* Check if this key has decrypted private keys.
 	*/
 	hasPrivateKeys() {
-		return this._privateKeys?.data.type === "decrypted";
+		return this._privateKeyData?.data.type === "decrypted";
 	}
 	/**
 	* Check if this key has encrypted private keys.
 	*/
 	hasEncryptedPrivateKeys() {
-		return this._privateKeys?.data.type === "encrypted";
+		return this._privateKeyData?.data.type === "encrypted";
 	}
 	/**
 	* Get the salt used for private key decorrelation.
 	*/
 	privateKeySalt() {
-		return this._privateKeys?.salt;
+		return this._privateKeyData?.salt;
 	}
 	/**
-	* Get the reference for this key (based on public key).
+	* Get the reference for this key (based on public keys tagged CBOR).
 	*/
 	reference() {
-		return _bcts_components.Reference.hash(this._publicKeyBase.data());
+		return this._publicKeys.reference();
+	}
+	/**
+	* Verify a signature against a message.
+	*/
+	verify(signature, message) {
+		return this._publicKeys.verify(signature, message);
 	}
 	/**
 	* Get the endpoints set.
@@ -691,26 +705,26 @@ var Key = class Key {
 	* Convert to envelope with specified options.
 	*/
 	intoEnvelopeOpt(privateKeyOptions = XIDPrivateKeyOptions.Omit) {
-		let envelope = _bcts_envelope.Envelope.new(this._publicKeyBase.data());
-		if (this._privateKeys !== void 0) {
-			const { data, salt } = this._privateKeys;
+		let envelope = _bcts_envelope.Envelope.new(this._publicKeys.taggedCborData());
+		if (this._privateKeyData !== void 0) {
+			const { data, salt } = this._privateKeyData;
 			if (data.type === "encrypted") {
 				envelope = envelope.addAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), data.envelope);
 				envelope = envelope.addAssertion(kv$3(_bcts_known_values.SALT), salt.toData());
 			} else if (data.type === "decrypted") switch (typeof privateKeyOptions === "object" ? privateKeyOptions.type : privateKeyOptions) {
 				case XIDPrivateKeyOptions.Include:
-					envelope = envelope.addAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), data.privateKeyBase.data());
+					envelope = envelope.addAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), data.privateKeys.taggedCborData());
 					envelope = envelope.addAssertion(kv$3(_bcts_known_values.SALT), salt.toData());
 					break;
 				case XIDPrivateKeyOptions.Elide: {
-					const elidedAssertion = _bcts_envelope.Envelope.newAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), data.privateKeyBase.data()).elide();
+					const elidedAssertion = _bcts_envelope.Envelope.newAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), data.privateKeys.taggedCborData()).elide();
 					envelope = envelope.addAssertionEnvelope(elidedAssertion);
 					envelope = envelope.addAssertion(kv$3(_bcts_known_values.SALT), salt.toData());
 					break;
 				}
 				case XIDPrivateKeyOptions.Encrypt:
 					if (typeof privateKeyOptions === "object") {
-						const encrypted = _bcts_envelope.Envelope.new(data.privateKeyBase.data()).encryptSubject(privateKeyOptions.password);
+						const encrypted = _bcts_envelope.Envelope.new(data.privateKeys.taggedCborData()).encryptSubject(privateKeyOptions.password);
 						envelope = envelope.addAssertion(kv$3(_bcts_known_values.PRIVATE_KEY), encrypted);
 						envelope = envelope.addAssertion(kv$3(_bcts_known_values.SALT), salt.toData());
 					}
@@ -732,10 +746,10 @@ var Key = class Key {
 	*/
 	static tryFromEnvelope(envelope, password) {
 		const env = envelope;
-		const publicKeyData = (env.case().type === "node" ? env.subject() : env).asByteString();
-		if (publicKeyData === void 0) throw XIDError.component(/* @__PURE__ */ new Error("Could not extract public key from envelope"));
-		const publicKeyBase = new _bcts_envelope.PublicKeyBase(publicKeyData);
-		let privateKeys;
+		const publicKeysData = (env.case().type === "node" ? env.subject() : env).asByteString();
+		if (publicKeysData === void 0) throw XIDError.component(/* @__PURE__ */ new Error("Could not extract public keys from envelope"));
+		const publicKeys = _bcts_components.PublicKeys.fromTaggedCborData(publicKeysData);
+		let privateKeyData;
 		let salt = _bcts_components.Salt.random(32);
 		const saltAssertions = env.assertionsWithPredicate(_bcts_known_values.SALT);
 		if (saltAssertions.length > 0) {
@@ -752,15 +766,15 @@ var Key = class Key {
 				const privateKeyObject = assertionCase.assertion.object();
 				if (privateKeyObject.case().type === "encrypted") if (password !== void 0) try {
 					const decryptedData = privateKeyObject.decryptSubject(password).asByteString();
-					if (decryptedData !== void 0) privateKeys = {
+					if (decryptedData !== void 0) privateKeyData = {
 						data: {
 							type: "decrypted",
-							privateKeyBase: _bcts_envelope.PrivateKeyBase.fromBytes(decryptedData, publicKeyData)
+							privateKeys: _bcts_components.PrivateKeys.fromTaggedCborData(decryptedData)
 						},
 						salt
 					};
 				} catch {
-					privateKeys = {
+					privateKeyData = {
 						data: {
 							type: "encrypted",
 							envelope: privateKeyObject
@@ -768,7 +782,7 @@ var Key = class Key {
 						salt
 					};
 				}
-				else privateKeys = {
+				else privateKeyData = {
 					data: {
 						type: "encrypted",
 						envelope: privateKeyObject
@@ -776,11 +790,11 @@ var Key = class Key {
 					salt
 				};
 				else {
-					const privateKeyData = privateKeyObject.asByteString();
-					if (privateKeyData !== void 0) privateKeys = {
+					const privateKeysBytes = privateKeyObject.asByteString();
+					if (privateKeysBytes !== void 0) privateKeyData = {
 						data: {
 							type: "decrypted",
-							privateKeyBase: _bcts_envelope.PrivateKeyBase.fromBytes(privateKeyData, publicKeyData)
+							privateKeys: _bcts_components.PrivateKeys.fromTaggedCborData(privateKeysBytes)
 						},
 						salt
 					};
@@ -799,27 +813,27 @@ var Key = class Key {
 			if (text !== void 0) endpoints.add(text);
 		}
 		const permissions = Permissions.tryFromEnvelope(envelope);
-		return new Key(publicKeyBase, privateKeys, nickname, endpoints, permissions);
+		return new Key(publicKeys, privateKeyData, nickname, endpoints, permissions);
 	}
 	/**
 	* Check equality with another Key.
 	*/
 	equals(other) {
-		return this._publicKeyBase.hex() === other._publicKeyBase.hex();
+		return this._publicKeys.equals(other._publicKeys);
 	}
 	/**
 	* Get a hash key for use in Sets/Maps.
 	*/
 	hashKey() {
-		return this._publicKeyBase.hex();
+		return this._publicKeys.reference().toHex();
 	}
 	/**
 	* Clone this Key.
 	*/
 	clone() {
-		return new Key(this._publicKeyBase, this._privateKeys !== void 0 ? {
-			data: this._privateKeys.data,
-			salt: this._privateKeys.salt
+		return new Key(this._publicKeys, this._privateKeyData !== void 0 ? {
+			data: this._privateKeyData.data,
+			salt: this._privateKeyData.salt
 		} : void 0, this._nickname, new Set(this._endpoints), this._permissions.clone());
 	}
 };
@@ -966,11 +980,11 @@ var Service = class Service {
 	intoEnvelope() {
 		let envelope = _bcts_envelope.Envelope.new(this._uri);
 		for (const keyRef of this._keyReferences) {
-			const refBytes = hexToBytes$1(keyRef);
+			const refBytes = hexToBytes(keyRef);
 			envelope = envelope.addAssertion(kv$2(_bcts_known_values.KEY), refBytes);
 		}
 		for (const delegateRef of this._delegateReferences) {
-			const refBytes = hexToBytes$1(delegateRef);
+			const refBytes = hexToBytes(delegateRef);
 			envelope = envelope.addAssertion(kv$2(_bcts_known_values.DELEGATE), refBytes);
 		}
 		if (this._capability !== "") envelope = envelope.addAssertion(kv$2(_bcts_known_values.CAPABILITY), this._capability);
@@ -1051,7 +1065,7 @@ var Service = class Service {
 		return clone;
 	}
 };
-function hexToBytes$1(hex) {
+function hexToBytes(hex) {
 	const bytes = new Uint8Array(hex.length / 2);
 	for (let i = 0; i < hex.length; i += 2) bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
 	return bytes;
@@ -1462,18 +1476,19 @@ var XIDDocument = class XIDDocument {
 	static new(keyOptions = { type: "default" }, markOptions = { type: "none" }) {
 		const inceptionKey = XIDDocument.inceptionKeyForOptions(keyOptions);
 		const provenance = XIDDocument.genesisMarkWithOptions(markOptions);
-		const doc = new XIDDocument(_bcts_components.XID.from(hashPublicKey(inceptionKey.publicKeyBase())), /* @__PURE__ */ new Set(), /* @__PURE__ */ new Map(), /* @__PURE__ */ new Map(), /* @__PURE__ */ new Map(), provenance);
+		const doc = new XIDDocument(_bcts_components.XID.from(inceptionKey.publicKeys().reference().getDigest().toData()), /* @__PURE__ */ new Set(), /* @__PURE__ */ new Map(), /* @__PURE__ */ new Map(), /* @__PURE__ */ new Map(), provenance);
 		doc.addKey(inceptionKey);
 		return doc;
 	}
 	static inceptionKeyForOptions(options) {
 		switch (options.type) {
 			case "default": {
-				const privateKeyBase = _bcts_envelope.PrivateKeyBase.generate();
+				const privateKeyBase = _bcts_components.PrivateKeyBase.new();
 				return Key.newWithPrivateKeyBase(privateKeyBase);
 			}
-			case "publicKeyBase": return Key.newAllowAll(options.publicKeyBase);
+			case "publicKeys": return Key.newAllowAll(options.publicKeys);
 			case "privateKeyBase": return Key.newWithPrivateKeyBase(options.privateKeyBase);
+			case "privateKeys": return Key.newWithPrivateKeys(options.privateKeys, options.publicKeys);
 		}
 	}
 	static genesisMarkWithOptions(options) {
@@ -1540,10 +1555,10 @@ var XIDDocument = class XIDDocument {
 		this._keys.set(hashKey, key);
 	}
 	/**
-	* Find a key by its public key base.
+	* Find a key by its public keys.
 	*/
-	findKeyByPublicKeyBase(publicKeyBase) {
-		const hashKey = publicKeyBase.hex();
+	findKeyByPublicKeys(publicKeys) {
+		const hashKey = publicKeys.reference().toHex();
 		return this._keys.get(hashKey);
 	}
 	/**
@@ -1555,8 +1570,8 @@ var XIDDocument = class XIDDocument {
 	/**
 	* Take and remove a key.
 	*/
-	takeKey(publicKeyBase) {
-		const hashKey = publicKeyBase.hex();
+	takeKey(publicKeys) {
+		const hashKey = publicKeys.reference().toHex();
 		const key = this._keys.get(hashKey);
 		if (key !== void 0) this._keys.delete(hashKey);
 		return key;
@@ -1564,28 +1579,28 @@ var XIDDocument = class XIDDocument {
 	/**
 	* Remove a key.
 	*/
-	removeKey(publicKeyBase) {
-		if (this.servicesReferenceKey(publicKeyBase)) throw XIDError.stillReferenced("key");
-		const hashKey = publicKeyBase.hex();
+	removeKey(publicKeys) {
+		if (this.servicesReferenceKey(publicKeys)) throw XIDError.stillReferenced("key");
+		const hashKey = publicKeys.reference().toHex();
 		if (!this._keys.delete(hashKey)) throw XIDError.notFound("key");
 	}
 	/**
-	* Check if the given public key is the inception signing key.
+	* Check if the given public keys is the inception signing key.
 	*/
-	isInceptionKey(publicKeyBase) {
-		return bytesEqual(hashPublicKey(publicKeyBase), this._xid.toData());
+	isInceptionKey(publicKeys) {
+		return bytesEqual(publicKeys.reference().getDigest().toData(), this._xid.toData());
 	}
 	/**
 	* Get the inception key, if it exists in the document.
 	*/
 	inceptionKey() {
-		for (const key of this._keys.values()) if (this.isInceptionKey(key.publicKeyBase())) return key;
+		for (const key of this._keys.values()) if (this.isInceptionKey(key.publicKeys())) return key;
 	}
 	/**
-	* Get the inception private key base, if available.
+	* Get the inception private keys, if available.
 	*/
-	inceptionPrivateKeyBase() {
-		return this.inceptionKey()?.privateKeyBase();
+	inceptionPrivateKeys() {
+		return this.inceptionKey()?.privateKeys();
 	}
 	/**
 	* Remove the inception key from the document.
@@ -1690,13 +1705,11 @@ var XIDDocument = class XIDDocument {
 	checkServiceConsistency(service) {
 		if (service.keyReferences().size === 0 && service.delegateReferences().size === 0) throw XIDError.noReferences(service.uri());
 		for (const keyRef of service.keyReferences()) {
-			const refBytes = hexToBytes(keyRef);
-			const ref = _bcts_components.Reference.hash(refBytes);
+			const ref = _bcts_components.Reference.fromHex(keyRef);
 			if (this.findKeyByReference(ref) === void 0) throw XIDError.unknownKeyReference(keyRef, service.uri());
 		}
 		for (const delegateRef of service.delegateReferences()) {
-			const refBytes = hexToBytes(delegateRef);
-			const ref = _bcts_components.Reference.hash(refBytes);
+			const ref = _bcts_components.Reference.fromHex(delegateRef);
 			if (this.findDelegateByReference(ref) === void 0) throw XIDError.unknownDelegateReference(delegateRef, service.uri());
 		}
 		if (service.permissions().allow.size === 0) throw XIDError.noPermissions(service.uri());
@@ -1704,8 +1717,8 @@ var XIDDocument = class XIDDocument {
 	/**
 	* Check if any service references the given key.
 	*/
-	servicesReferenceKey(publicKeyBase) {
-		const keyRef = _bcts_components.Reference.hash(publicKeyBase.data()).toHex();
+	servicesReferenceKey(publicKeys) {
+		const keyRef = publicKeys.reference().toHex();
 		for (const service of this._services.values()) if (service.keyReferences().has(keyRef)) return true;
 		return false;
 	}
@@ -1784,13 +1797,18 @@ var XIDDocument = class XIDDocument {
 			case "inception": {
 				const inceptionKey = this.inceptionKey();
 				if (inceptionKey === void 0) throw XIDError.missingInceptionKey();
-				const privateKeyBase = inceptionKey.privateKeyBase();
-				if (privateKeyBase === void 0) throw XIDError.missingInceptionKey();
-				envelope = envelope.addSignature(privateKeyBase);
+				const privateKeys = inceptionKey.privateKeys();
+				if (privateKeys === void 0) throw XIDError.missingInceptionKey();
+				envelope = envelope.sign(privateKeys);
 				break;
 			}
-			case "privateKeyBase":
-				envelope = envelope.addSignature(signingOptions.privateKeyBase);
+			case "privateKeyBase": {
+				const privateKeys = signingOptions.privateKeyBase.ed25519PrivateKeys();
+				envelope = envelope.sign(privateKeys);
+				break;
+			}
+			case "privateKeys":
+				envelope = envelope.sign(signingOptions.privateKeys);
 				break;
 			case "none":
 			default: break;
@@ -1817,8 +1835,8 @@ var XIDDocument = class XIDDocument {
 				const doc = XIDDocument.fromEnvelopeInner(unwrapped, password);
 				const inceptionKey = doc.inceptionKey();
 				if (inceptionKey === void 0) throw XIDError.missingInceptionKey();
-				if (!envelopeExt.hasSignatureFrom(inceptionKey.publicKeyBase())) throw XIDError.signatureVerificationFailed();
-				if (!doc.isInceptionKey(inceptionKey.publicKeyBase())) throw XIDError.invalidXid();
+				if (!envelopeExt.hasSignatureFrom(inceptionKey.publicKeys())) throw XIDError.signatureVerificationFailed();
+				if (!doc.isInceptionKey(inceptionKey.publicKeys())) throw XIDError.invalidXid();
 				return doc;
 			}
 		}
@@ -1872,7 +1890,7 @@ var XIDDocument = class XIDDocument {
 	* Create a signed envelope.
 	*/
 	toSignedEnvelope(signingKey) {
-		return this.toEnvelope(XIDPrivateKeyOptions.Omit, XIDGeneratorOptions.Omit, { type: "none" }).addSignature(signingKey);
+		return this.toEnvelope(XIDPrivateKeyOptions.Omit, XIDGeneratorOptions.Omit, { type: "none" }).sign(signingKey);
 	}
 	/**
 	* Get the reference for this document.
@@ -1900,19 +1918,11 @@ var XIDDocument = class XIDDocument {
 	}
 };
 registerXIDDocumentClass(XIDDocument);
-function hexToBytes(hex) {
-	const bytes = new Uint8Array(hex.length / 2);
-	for (let i = 0; i < hex.length; i += 2) bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
-	return bytes;
-}
 function bytesEqual(a, b) {
 	if (a.length !== b.length) return false;
 	for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;
 	return true;
 }
-function hashPublicKey(publicKeyBase) {
-	return _bcts_components.Reference.hash(publicKeyBase.data()).getDigest().toData();
-}
 //#endregion
 //#region src/index.ts
@@ -1929,6 +1939,12 @@ exports.Provenance = Provenance;
 exports.Service = Service;
 exports.Shared = Shared;
 exports.VERSION = VERSION;
+Object.defineProperty(exports, 'XID', {
+  enumerable: true,
+  get: function () {
+    return _bcts_components.XID;
+  }
+});
 exports.XIDDocument = XIDDocument;
 exports.XIDError = XIDError;
 exports.XIDErrorCode = XIDErrorCode;