@credo-ts/core 0.6.0-pr-2539-20251127092008 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/assertClassBrand.mjs +1 -1
  2. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/checkPrivateRedeclaration.mjs +1 -1
  3. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldGet2.mjs +1 -1
  4. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldInitSpec.mjs +1 -1
  5. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldSet2.mjs +1 -1
  6. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorate.mjs +1 -1
  7. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateMetadata.mjs +1 -1
  8. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateParam.mjs +1 -1
  9. package/build/_virtual/rolldown_runtime.mjs +10 -5
  10. package/build/agent/AgentModules.d.mts.map +1 -1
  11. package/build/agent/AgentModules.mjs.map +1 -1
  12. package/build/agent/EventEmitter.mjs +3 -3
  13. package/build/agent/context/DefaultAgentContextProvider.mjs +2 -2
  14. package/build/crypto/JwsService.mjs +5 -5
  15. package/build/crypto/JwsService.mjs.map +1 -1
  16. package/build/crypto/webcrypto/types.mjs +4 -4
  17. package/build/crypto/webcrypto/types.mjs.map +1 -1
  18. package/build/modules/cache/CachedStorageService.mjs +3 -3
  19. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRecord.mjs +2 -2
  20. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRepository.mjs +3 -3
  21. package/build/modules/dcql/DcqlService.mjs +2 -2
  22. package/build/modules/dcql/DcqlService.mjs.map +1 -1
  23. package/build/modules/dids/DidsApi.mjs +2 -2
  24. package/build/modules/dids/domain/DidDocument.mjs +3 -3
  25. package/build/modules/dids/domain/DidDocument.mjs.map +1 -1
  26. package/build/modules/dids/domain/key-type/keyDidMapping.mjs +1 -1
  27. package/build/modules/dids/domain/key-type/keyDidMapping.mjs.map +1 -1
  28. package/build/modules/dids/domain/service/DidCommV1Service.mjs +2 -2
  29. package/build/modules/dids/domain/service/DidCommV2Service.mjs +2 -2
  30. package/build/modules/dids/domain/service/DidDocumentService.mjs +2 -2
  31. package/build/modules/dids/domain/service/IndyAgentService.mjs +2 -2
  32. package/build/modules/dids/domain/service/LegacyDidCommV2Service.mjs +2 -2
  33. package/build/modules/dids/domain/verificationMethod/VerificationMethod.mjs +2 -2
  34. package/build/modules/dids/findMatchingEd25519Key.mjs +2 -2
  35. package/build/modules/dids/findMatchingEd25519Key.mjs.map +1 -1
  36. package/build/modules/dids/helpers.mjs +1 -1
  37. package/build/modules/dids/helpers.mjs.map +1 -1
  38. package/build/modules/dids/repository/DidRecord.mjs +2 -2
  39. package/build/modules/dids/repository/DidRepository.mjs +3 -3
  40. package/build/modules/dids/services/DidRegistrarService.mjs +3 -3
  41. package/build/modules/dids/services/DidResolverService.mjs +3 -3
  42. package/build/modules/dids/types.d.mts +1 -1
  43. package/build/modules/dif-presentation-exchange/DifPresentationExchangeService.mjs +2 -2
  44. package/build/modules/generic-records/GenericRecordsApi.mjs +3 -3
  45. package/build/modules/generic-records/repository/GenericRecordsRepository.mjs +3 -3
  46. package/build/modules/generic-records/services/GenericRecordService.mjs +2 -2
  47. package/build/modules/kms/KeyManagementApi.mjs +2 -2
  48. package/build/modules/kms/KeyManagementModuleConfig.mjs +3 -3
  49. package/build/modules/kms/index.d.mts +2 -2
  50. package/build/modules/kms/index.mjs +2 -2
  51. package/build/modules/kms/jwk/PublicJwk.d.mts +2 -2
  52. package/build/modules/kms/jwk/PublicJwk.mjs +4 -4
  53. package/build/modules/kms/jwk/PublicJwk.mjs.map +1 -1
  54. package/build/modules/kms/jwk/equals.d.mts +2 -2
  55. package/build/modules/kms/jwk/equals.mjs +2 -2
  56. package/build/modules/kms/jwk/equals.mjs.map +1 -1
  57. package/build/modules/kms/jwk/index.d.mts +1 -1
  58. package/build/modules/kms/jwk/index.mjs +1 -1
  59. package/build/modules/mdoc/Mdoc.mjs +4 -4
  60. package/build/modules/mdoc/Mdoc.mjs.map +1 -1
  61. package/build/modules/mdoc/MdocApi.mjs +2 -2
  62. package/build/modules/mdoc/MdocDeviceResponse.mjs +1 -1
  63. package/build/modules/mdoc/MdocDeviceResponse.mjs.map +1 -1
  64. package/build/modules/mdoc/MdocService.mjs +2 -2
  65. package/build/modules/mdoc/repository/MdocRepository.mjs +3 -3
  66. package/build/modules/sd-jwt-vc/SdJwtVcApi.mjs +2 -2
  67. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts +10 -5
  68. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts.map +1 -1
  69. package/build/modules/sd-jwt-vc/SdJwtVcService.d.mts.map +1 -1
  70. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs +8 -8
  71. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs.map +1 -1
  72. package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.mjs +3 -3
  73. package/build/modules/sd-jwt-vc/typeMetadata.d.mts +17 -2
  74. package/build/modules/sd-jwt-vc/typeMetadata.d.mts.map +1 -1
  75. package/build/modules/sd-jwt-vc/utils.mjs +1 -1
  76. package/build/modules/sd-jwt-vc/utils.mjs.map +1 -1
  77. package/build/modules/vc/W3cCredentialService.mjs +2 -2
  78. package/build/modules/vc/W3cCredentialsApi.mjs +2 -2
  79. package/build/modules/vc/W3cV2CredentialService.mjs +2 -2
  80. package/build/modules/vc/W3cV2CredentialsApi.mjs +2 -2
  81. package/build/modules/vc/data-integrity/SignatureSuiteRegistry.mjs +3 -3
  82. package/build/modules/vc/data-integrity/W3cJsonLdCredentialService.mjs +2 -2
  83. package/build/modules/vc/data-integrity/models/DataIntegrityProof.mjs +2 -2
  84. package/build/modules/vc/data-integrity/models/LinkedDataProof.mjs +2 -2
  85. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiableCredential.mjs +2 -2
  86. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiablePresentation.mjs +2 -2
  87. package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs +2 -2
  88. package/build/modules/vc/jwt-vc/W3cV2JwtCredentialService.mjs +2 -2
  89. package/build/modules/vc/models/credential/W3cCredential.mjs +2 -2
  90. package/build/modules/vc/models/credential/W3cCredentialSchema.mjs +2 -2
  91. package/build/modules/vc/models/credential/W3cCredentialStatus.mjs +2 -2
  92. package/build/modules/vc/models/credential/W3cCredentialSubject.mjs +2 -2
  93. package/build/modules/vc/models/credential/W3cIssuer.mjs +2 -2
  94. package/build/modules/vc/models/credential/W3cV2Credential.mjs +2 -2
  95. package/build/modules/vc/models/credential/W3cV2CredentialSchema.mjs +2 -2
  96. package/build/modules/vc/models/credential/W3cV2CredentialStatus.mjs +2 -2
  97. package/build/modules/vc/models/credential/W3cV2CredentialSubject.mjs +2 -2
  98. package/build/modules/vc/models/credential/W3cV2EnvelopedVerifiableCredential.mjs +2 -2
  99. package/build/modules/vc/models/credential/W3cV2Evidence.mjs +2 -2
  100. package/build/modules/vc/models/credential/W3cV2Issuer.mjs +2 -2
  101. package/build/modules/vc/models/credential/W3cV2LocalizedValue.mjs +2 -2
  102. package/build/modules/vc/models/credential/W3cV2RefreshService.mjs +2 -2
  103. package/build/modules/vc/models/credential/W3cV2TermsOfUse.mjs +2 -2
  104. package/build/modules/vc/models/presentation/W3cHolder.mjs +2 -2
  105. package/build/modules/vc/models/presentation/W3cPresentation.mjs +2 -2
  106. package/build/modules/vc/models/presentation/W3cV2EnvelopedVerifiablePresentation.mjs +2 -2
  107. package/build/modules/vc/models/presentation/W3cV2Holder.mjs +2 -2
  108. package/build/modules/vc/models/presentation/W3cV2Presentation.mjs +2 -2
  109. package/build/modules/vc/repository/W3cCredentialRepository.mjs +3 -3
  110. package/build/modules/vc/repository/W3cV2CredentialRepository.mjs +3 -3
  111. package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.mjs +1 -1
  112. package/build/modules/x509/X509Api.mjs +2 -2
  113. package/build/modules/x509/X509Certificate.mjs +2 -2
  114. package/build/modules/x509/X509Certificate.mjs.map +1 -1
  115. package/build/modules/x509/X509ModuleConfig.mjs +3 -3
  116. package/build/modules/x509/X509Service.mjs +1 -1
  117. package/build/storage/BaseRecord.mjs +2 -2
  118. package/build/storage/StorageService.d.mts.map +1 -1
  119. package/build/storage/migration/StorageUpdateService.mjs +3 -3
  120. package/build/storage/migration/repository/StorageVersionRepository.mjs +3 -3
  121. package/build/utils/MessageValidator.mjs +1 -1
  122. package/build/utils/MessageValidator.mjs.map +1 -1
  123. package/package.json +6 -6
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/assertClassBrand.mjs RENAMED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- //#region \0@oxc-project+runtime@0.97.0/helpers/assertClassBrand.js
3
+ //#region \0@oxc-project+runtime@0.99.0/helpers/assertClassBrand.js
4
4
  function _assertClassBrand(e, t, n) {
5
5
  if ("function" == typeof e ? e === t : e.has(t)) return arguments.length < 3 ? t : n;
6
6
  throw new TypeError("Private element is not present on this object");
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/checkPrivateRedeclaration.mjs RENAMED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- //#region \0@oxc-project+runtime@0.97.0/helpers/checkPrivateRedeclaration.js
3
+ //#region \0@oxc-project+runtime@0.99.0/helpers/checkPrivateRedeclaration.js
4
4
  function _checkPrivateRedeclaration(e, t) {
5
5
  if (t.has(e)) throw new TypeError("Cannot initialize the same private elements twice on an object");
6
6
  }
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldGet2.mjs RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  import { _assertClassBrand } from "./assertClassBrand.mjs";
4
4
 
5
- //#region \0@oxc-project+runtime@0.97.0/helpers/classPrivateFieldGet2.js
5
+ //#region \0@oxc-project+runtime@0.99.0/helpers/classPrivateFieldGet2.js
6
6
  function _classPrivateFieldGet2(s, a) {
7
7
  return s.get(_assertClassBrand(s, a));
8
8
  }
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldInitSpec.mjs RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  import { _checkPrivateRedeclaration } from "./checkPrivateRedeclaration.mjs";
4
4
 
5
- //#region \0@oxc-project+runtime@0.97.0/helpers/classPrivateFieldInitSpec.js
5
+ //#region \0@oxc-project+runtime@0.99.0/helpers/classPrivateFieldInitSpec.js
6
6
  function _classPrivateFieldInitSpec(e, t, a) {
7
7
  _checkPrivateRedeclaration(e, t), t.set(e, a);
8
8
  }
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldSet2.mjs RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  import { _assertClassBrand } from "./assertClassBrand.mjs";
4
4
 
5
- //#region \0@oxc-project+runtime@0.97.0/helpers/classPrivateFieldSet2.js
5
+ //#region \0@oxc-project+runtime@0.99.0/helpers/classPrivateFieldSet2.js
6
6
  function _classPrivateFieldSet2(s, a, r) {
7
7
  return s.set(_assertClassBrand(s, a), r), r;
8
8
  }
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorate.mjs RENAMED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- //#region \0@oxc-project+runtime@0.97.0/helpers/decorate.js
3
+ //#region \0@oxc-project+runtime@0.99.0/helpers/decorate.js
4
4
  function __decorate(decorators, target, key, desc) {
5
5
  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
6
6
  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateMetadata.mjs RENAMED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- //#region \0@oxc-project+runtime@0.97.0/helpers/decorateMetadata.js
3
+ //#region \0@oxc-project+runtime@0.99.0/helpers/decorateMetadata.js
4
4
  function __decorateMetadata(k, v) {
5
5
  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
6
6
  }
package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateParam.mjs RENAMED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- //#region \0@oxc-project+runtime@0.97.0/helpers/decorateParam.js
3
+ //#region \0@oxc-project+runtime@0.99.0/helpers/decorateParam.js
4
4
  function __decorateParam(paramIndex, decorator) {
5
5
  return function(target, key) {
6
6
  decorator(target, key, paramIndex);
package/build/_virtual/rolldown_runtime.mjs CHANGED
@@ -2,12 +2,17 @@
2
2
 
3
3
  //#region rolldown:runtime
4
4
  var __defProp = Object.defineProperty;
5
- var __export = (all) => {
5
+ var __export = (all, symbols) => {
6
6
  let target = {};
7
- for (var name in all) __defProp(target, name, {
8
- get: all[name],
9
- enumerable: true
10
- });
7
+ for (var name in all) {
8
+ __defProp(target, name, {
9
+ get: all[name],
10
+ enumerable: true
11
+ });
12
+ }
13
+ if (symbols) {
14
+ __defProp(target, Symbol.toStringTag, { value: "Module" });
15
+ }
11
16
  return target;
12
17
  };
13
18
 
package/build/agent/AgentModules.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AgentModules.d.mts","names":[],"sources":["../../src/agent/AgentModules.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;KAiBY,UAAA;iBAA8B;;KAG9B,cAAA;;;;;KAMA,iBAAA,GAAoB;;AAThC;AAGA;AAMA;AAOA;AACwC,KAD5B,mBAAA,GAC4B,gBAAlB,MAAA,UAAA,CAAA,OAAkB,sBAAlB,CAAA,GAA4C,UAA5C,CAClB,UADkB,CAAA,OACA,sBADA,CAAA,CACwB,SADxB,CAAA,CAAA,EACA;AAAlB,KAIQ,qBAJR,CAAA,gBAI8C,UAJ9C,CAAA,GAAA,gBAKY,OAL8B,CAAA,MAKhB,OALgB,EAAA,MAKD,mBALC,CAAA,GAKsB,OALtB,CAK8B,SAL9B,CAAA,EADoB;AAAU,KAShE,iBATgE,CAAA,UASpC,MAToC,CAAA,GAS1B,CAT0B,CAAA,KAAA,CAAA,SAST,WATS,CAAA,OAAA,CAAA,GAUxE,YAVwE,CAU3D,CAV2D,CAAA,KAAA,CAAA,CAAA,GAAA,SAAA;AAK5E;;;;;;;;AAIA;;;;;;;AAoCA;;;;;;;;;;;AAqB8C;;;;;;KArBlC,yBAAyB,oCACf,WAAW,QAAQ,0BAA0B,uBAC7D,oBACQ,kBAAkB,QAAQ;;;;;iBAwB/B,sBAAA,CAAA"}
1
+ {"version":3,"file":"AgentModules.d.mts","names":[],"sources":["../../src/agent/AgentModules.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;KAiBY,UAAA;iBAA8B;;KAG9B,cAAA;;;;;KAMA,iBAAA,GAAoB;;AAThC;AAGA;AAMA;AAOA;AACwC,KAD5B,mBAAA,GAC4B,gBAAlB,MAAA,UAAA,CAAA,OAAkB,sBAAlB,CAAA,GAA4C,UAA5C,CAClB,UADkB,CAAA,OACA,sBADA,CAAA,CACwB,SADxB,CAAA,CAAA,EACA;AAAlB,KAIQ,qBAJR,CAAA,gBAI8C,UAJ9C,CAAA,GAAA,gBAKY,OAL8B,CAAA,MAKhB,OALgB,EAAA,MAKD,mBALC,CAAA,GAKsB,OALtB,CAK8B,SAL9B,CAAA,EADoB;AAAU,KAShE,iBATgE,CAAA,UASpC,MAToC,CAAA,GAU1E,CAV0E,CAAA,KAAA,CAAA,SAUzD,WAVyD,CAAA,OAAA,CAAA,GAUlC,YAVkC,CAUrB,CAVqB,CAAA,KAAA,CAAA,CAAA,GAAA,SAAA;AAK5E;;;;;;;;AAIA;;;;;;;AAmCA;;;;;;;;;;;AAqB8C;;;;;;KArBlC,yBAAyB,oCACf,WAAW,QAAQ,0BAA0B,uBAC7D,oBACQ,kBAAkB,QAAQ;;;;;iBAwB/B,sBAAA,CAAA"}
package/build/agent/AgentModules.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AgentModules.mjs","names":["defaultModules: Array<[string, Module]>","customModules: Array<[string, Module]>"],"sources":["../../src/agent/AgentModules.ts"],"sourcesContent":["import { CacheModule, SingleContextStorageLruCache } from '../modules/cache'\nimport { DcqlModule } from '../modules/dcql/DcqlModule'\nimport { DidsModule } from '../modules/dids'\nimport { DifPresentationExchangeModule } from '../modules/dif-presentation-exchange'\nimport { GenericRecordsModule } from '../modules/generic-records'\nimport { KeyManagementModule } from '../modules/kms'\nimport { MdocModule } from '../modules/mdoc/MdocModule'\nimport { SdJwtVcModule } from '../modules/sd-jwt-vc'\nimport { W3cCredentialsModule } from '../modules/vc'\nimport { X509Module } from '../modules/x509'\nimport type { ApiModule, DependencyManager, Module } from '../plugins'\nimport type { IsAny } from '../types'\nimport type { Constructor } from '../utils/mixins'\n\n/**\n * Simple utility type that represent a map of modules. This is used to map from moduleKey (api key) to the api in the framework.\n */\nexport type ModulesMap = { [key: string]: Module }\n\n// biome-ignore lint/complexity/noBannedTypes: no explanation\nexport type EmptyModuleMap = {}\n\n/**\n * Default modules can be optionally defined to provide custom configuration. This type makes it so that it is not\n * possible to use a different key for the default modules\n */\nexport type AgentModulesInput = ModulesMap\n\n/**\n * Type that represents the default agent modules. This is the {@link ModulesMap} variant for the default modules in the framework.\n * It uses the return type of the {@link getDefaultAgentModules} method to automatically infer which modules are always available on\n * the agent and in the agent. namespace.\n */\nexport type DefaultAgentModules = {\n [moduleKey in keyof ReturnType<typeof getDefaultAgentModules>]: ReturnType<\n ReturnType<typeof getDefaultAgentModules>[moduleKey]\n >\n}\n\nexport type WithoutDefaultModules<Modules extends ModulesMap> = {\n [moduleKey in Exclude<keyof Modules, keyof DefaultAgentModules>]: Modules[moduleKey]\n}\n\nexport type ModuleApiInstance<M extends Module> = M['api'] extends Constructor<unknown>\n ? InstanceType<M['api']>\n : undefined\n\n/**\n * Type that represents the api object of the agent (`agent.xxx`). It will extract all keys of the modules and map this to the\n * registered {@link Module.api} class instance. If the module does not have an api class registered, the property will be removed\n * and won't be available on the api object.\n *\n * @example\n * If the following AgentModules type was passed:\n * ```ts\n * {\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }\n * ```\n *\n * And we use the `AgentApi` type like this:\n * ```ts\n * type MyAgentApi = AgentApi<{\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }>\n * ```\n *\n * the resulting agent api will look like:\n *\n * ```ts\n * {\n * connections: ConnectionsApi\n * }\n * ```\n *\n * The `indy` module has been ignored because it doesn't define an api class.\n */\nexport type AgentApi<Modules extends ModulesMap> = {\n [moduleKey in keyof Modules as Modules[moduleKey]['api'] extends Constructor<unknown>\n ? moduleKey\n : never]: ModuleApiInstance<Modules[moduleKey]>\n}\n\n/**\n * Returns the `api` type from the CustomModuleType if the module is an ApiModule. If the module is not defined\n * which is the case if you don't configure a default agent module (e.g. credentials module), it will use the default\n * module type and use that for the typing. This will contain the default typing, and thus provide the correct agent api\n * interface\n */\nexport type CustomOrDefaultApi<\n CustomModuleType,\n DefaultModuleType extends ApiModule,\n> = IsAny<CustomModuleType> extends true\n ? InstanceType<DefaultModuleType['api']>\n : CustomModuleType extends ApiModule\n ? InstanceType<CustomModuleType['api']>\n : CustomModuleType extends Module\n ? never\n : InstanceType<DefaultModuleType['api']>\n\n/**\n * Method to get the default agent modules to be registered on any agent instance. It doens't configure the modules in any way,\n * and if that's needed the user needs to provide the module in the agent constructor\n */\nfunction getDefaultAgentModules() {\n return {\n dcql: () => new DcqlModule(),\n genericRecords: () => new GenericRecordsModule(),\n dids: () => new DidsModule(),\n w3cCredentials: () => new W3cCredentialsModule(),\n cache: () => new CacheModule({ cache: new SingleContextStorageLruCache({ limit: 500 }) }),\n pex: () => new DifPresentationExchangeModule(),\n sdJwtVc: () => new SdJwtVcModule(),\n x509: () => new X509Module(),\n mdoc: () => new MdocModule(),\n kms: () => new KeyManagementModule({}),\n } as const\n}\n\n/**\n * Extend the provided modules object with the default agent modules. If the modules property already contains a module with the same\n * name as a default module, the module won't be added to the extended module object. This allows users of the framework to override\n * the modules with custom configuration. The agent constructor type ensures you can't provide a different module for a key that registered\n * on the default agent.\n */\nexport function extendModulesWithDefaultModules<AgentModules extends AgentModulesInput>(\n modules?: AgentModules\n): AgentModules & DefaultAgentModules {\n const defaultAgentModules = getDefaultAgentModules()\n const defaultAgentModuleKeys = Object.keys(defaultAgentModules)\n\n const defaultModules: Array<[string, Module]> = []\n const customModules: Array<[string, Module]> = Object.entries(modules ?? {}).filter(\n ([key]) => !defaultAgentModuleKeys.includes(key)\n )\n\n // Register all default modules, if not registered yet\n for (const [moduleKey, getConfiguredModule] of Object.entries(defaultAgentModules)) {\n // Prefer user-registered module, otherwise initialize the default module\n defaultModules.push([moduleKey, modules?.[moduleKey] ?? getConfiguredModule()])\n }\n\n return Object.fromEntries([...defaultModules, ...customModules]) as AgentModules & DefaultAgentModules\n}\n\n/**\n * Get the agent api object based on the modules registered in the dependency manager. For each registered module on the\n * dependency manager, the method will extract the api class from the module, resolve it and assign it to the module key\n * as provided in the agent constructor (or the {@link getDefaultAgentModules} method).\n *\n * Modules that don't have an api class defined ({@link Module.api} is undefined) will be ignored and won't be added to the\n * api object.\n *\n * If the api of a module is passed in the `excluded` array, the api will not be added to the resulting api object.\n *\n * @example\n * If the dependency manager has the following modules configured:\n * ```ts\n * {\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }\n * ```\n *\n * And we call the `getAgentApi` method like this:\n * ```ts\n * const api = getAgentApi(dependencyManager)\n * ```\n *\n * the resulting agent api will look like:\n *\n * ```ts\n * {\n * connections: ConnectionsApi\n * }\n * ```\n *\n * The `indy` module has been ignored because it doesn't define an api class.\n */\nexport function getAgentApi<AgentModules extends ModulesMap>(\n dependencyManager: DependencyManager,\n excludedApis: unknown[] = []\n): AgentApi<AgentModules> {\n // Create the api object based on the `api` properties on the modules. If no `api` exists\n // on the module it will be ignored.\n const api = Object.entries(dependencyManager.registeredModules).reduce((api, [moduleKey, module]) => {\n // Module has no api\n if (!module.api) return api\n\n const apiInstance = dependencyManager.resolve(module.api)\n\n // Api is excluded\n if (excludedApis.includes(apiInstance)) return api\n // biome-ignore lint/performance/noAccumulatingSpread: no explanation\n return { ...api, [moduleKey]: apiInstance }\n }, {}) as AgentApi<AgentModules>\n\n return api\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AA0GA,SAAS,yBAAyB;AAChC,QAAO;EACL,YAAY,IAAI,YAAY;EAC5B,sBAAsB,IAAI,sBAAsB;EAChD,YAAY,IAAI,YAAY;EAC5B,sBAAsB,IAAI,sBAAsB;EAChD,aAAa,IAAI,YAAY,EAAE,OAAO,IAAI,6BAA6B,EAAE,OAAO,KAAK,CAAC,EAAE,CAAC;EACzF,WAAW,IAAI,+BAA+B;EAC9C,eAAe,IAAI,eAAe;EAClC,YAAY,IAAI,YAAY;EAC5B,YAAY,IAAI,YAAY;EAC5B,WAAW,IAAI,oBAAoB,EAAE,CAAC;EACvC;;;;;;;;AASH,SAAgB,gCACd,SACoC;CACpC,MAAM,sBAAsB,wBAAwB;CACpD,MAAM,yBAAyB,OAAO,KAAK,oBAAoB;CAE/D,MAAMA,iBAA0C,EAAE;CAClD,MAAMC,gBAAyC,OAAO,QAAQ,WAAW,EAAE,CAAC,CAAC,QAC1E,CAAC,SAAS,CAAC,uBAAuB,SAAS,IAAI,CACjD;AAGD,MAAK,MAAM,CAAC,WAAW,wBAAwB,OAAO,QAAQ,oBAAoB,CAEhF,gBAAe,KAAK,CAAC,WAAW,UAAU,cAAc,qBAAqB,CAAC,CAAC;AAGjF,QAAO,OAAO,YAAY,CAAC,GAAG,gBAAgB,GAAG,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqClE,SAAgB,YACd,mBACA,eAA0B,EAAE,EACJ;AAexB,QAZY,OAAO,QAAQ,kBAAkB,kBAAkB,CAAC,QAAQ,KAAK,CAAC,WAAW,YAAY;AAEnG,MAAI,CAAC,OAAO,IAAK,QAAO;EAExB,MAAM,cAAc,kBAAkB,QAAQ,OAAO,IAAI;AAGzD,MAAI,aAAa,SAAS,YAAY,CAAE,QAAO;AAE/C,SAAO;GAAE,GAAG;IAAM,YAAY;GAAa;IAC1C,EAAE,CAAC"}
1
+ {"version":3,"file":"AgentModules.mjs","names":["defaultModules: Array<[string, Module]>","customModules: Array<[string, Module]>"],"sources":["../../src/agent/AgentModules.ts"],"sourcesContent":["import { CacheModule, SingleContextStorageLruCache } from '../modules/cache'\nimport { DcqlModule } from '../modules/dcql/DcqlModule'\nimport { DidsModule } from '../modules/dids'\nimport { DifPresentationExchangeModule } from '../modules/dif-presentation-exchange'\nimport { GenericRecordsModule } from '../modules/generic-records'\nimport { KeyManagementModule } from '../modules/kms'\nimport { MdocModule } from '../modules/mdoc/MdocModule'\nimport { SdJwtVcModule } from '../modules/sd-jwt-vc'\nimport { W3cCredentialsModule } from '../modules/vc'\nimport { X509Module } from '../modules/x509'\nimport type { ApiModule, DependencyManager, Module } from '../plugins'\nimport type { IsAny } from '../types'\nimport type { Constructor } from '../utils/mixins'\n\n/**\n * Simple utility type that represent a map of modules. This is used to map from moduleKey (api key) to the api in the framework.\n */\nexport type ModulesMap = { [key: string]: Module }\n\n// biome-ignore lint/complexity/noBannedTypes: no explanation\nexport type EmptyModuleMap = {}\n\n/**\n * Default modules can be optionally defined to provide custom configuration. This type makes it so that it is not\n * possible to use a different key for the default modules\n */\nexport type AgentModulesInput = ModulesMap\n\n/**\n * Type that represents the default agent modules. This is the {@link ModulesMap} variant for the default modules in the framework.\n * It uses the return type of the {@link getDefaultAgentModules} method to automatically infer which modules are always available on\n * the agent and in the agent. namespace.\n */\nexport type DefaultAgentModules = {\n [moduleKey in keyof ReturnType<typeof getDefaultAgentModules>]: ReturnType<\n ReturnType<typeof getDefaultAgentModules>[moduleKey]\n >\n}\n\nexport type WithoutDefaultModules<Modules extends ModulesMap> = {\n [moduleKey in Exclude<keyof Modules, keyof DefaultAgentModules>]: Modules[moduleKey]\n}\n\nexport type ModuleApiInstance<M extends Module> =\n M['api'] extends Constructor<unknown> ? InstanceType<M['api']> : undefined\n\n/**\n * Type that represents the api object of the agent (`agent.xxx`). It will extract all keys of the modules and map this to the\n * registered {@link Module.api} class instance. If the module does not have an api class registered, the property will be removed\n * and won't be available on the api object.\n *\n * @example\n * If the following AgentModules type was passed:\n * ```ts\n * {\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }\n * ```\n *\n * And we use the `AgentApi` type like this:\n * ```ts\n * type MyAgentApi = AgentApi<{\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }>\n * ```\n *\n * the resulting agent api will look like:\n *\n * ```ts\n * {\n * connections: ConnectionsApi\n * }\n * ```\n *\n * The `indy` module has been ignored because it doesn't define an api class.\n */\nexport type AgentApi<Modules extends ModulesMap> = {\n [moduleKey in keyof Modules as Modules[moduleKey]['api'] extends Constructor<unknown>\n ? moduleKey\n : never]: ModuleApiInstance<Modules[moduleKey]>\n}\n\n/**\n * Returns the `api` type from the CustomModuleType if the module is an ApiModule. If the module is not defined\n * which is the case if you don't configure a default agent module (e.g. credentials module), it will use the default\n * module type and use that for the typing. This will contain the default typing, and thus provide the correct agent api\n * interface\n */\nexport type CustomOrDefaultApi<\n CustomModuleType,\n DefaultModuleType extends ApiModule,\n> = IsAny<CustomModuleType> extends true\n ? InstanceType<DefaultModuleType['api']>\n : CustomModuleType extends ApiModule\n ? InstanceType<CustomModuleType['api']>\n : CustomModuleType extends Module\n ? never\n : InstanceType<DefaultModuleType['api']>\n\n/**\n * Method to get the default agent modules to be registered on any agent instance. It doens't configure the modules in any way,\n * and if that's needed the user needs to provide the module in the agent constructor\n */\nfunction getDefaultAgentModules() {\n return {\n dcql: () => new DcqlModule(),\n genericRecords: () => new GenericRecordsModule(),\n dids: () => new DidsModule(),\n w3cCredentials: () => new W3cCredentialsModule(),\n cache: () => new CacheModule({ cache: new SingleContextStorageLruCache({ limit: 500 }) }),\n pex: () => new DifPresentationExchangeModule(),\n sdJwtVc: () => new SdJwtVcModule(),\n x509: () => new X509Module(),\n mdoc: () => new MdocModule(),\n kms: () => new KeyManagementModule({}),\n } as const\n}\n\n/**\n * Extend the provided modules object with the default agent modules. If the modules property already contains a module with the same\n * name as a default module, the module won't be added to the extended module object. This allows users of the framework to override\n * the modules with custom configuration. The agent constructor type ensures you can't provide a different module for a key that registered\n * on the default agent.\n */\nexport function extendModulesWithDefaultModules<AgentModules extends AgentModulesInput>(\n modules?: AgentModules\n): AgentModules & DefaultAgentModules {\n const defaultAgentModules = getDefaultAgentModules()\n const defaultAgentModuleKeys = Object.keys(defaultAgentModules)\n\n const defaultModules: Array<[string, Module]> = []\n const customModules: Array<[string, Module]> = Object.entries(modules ?? {}).filter(\n ([key]) => !defaultAgentModuleKeys.includes(key)\n )\n\n // Register all default modules, if not registered yet\n for (const [moduleKey, getConfiguredModule] of Object.entries(defaultAgentModules)) {\n // Prefer user-registered module, otherwise initialize the default module\n defaultModules.push([moduleKey, modules?.[moduleKey] ?? getConfiguredModule()])\n }\n\n return Object.fromEntries([...defaultModules, ...customModules]) as AgentModules & DefaultAgentModules\n}\n\n/**\n * Get the agent api object based on the modules registered in the dependency manager. For each registered module on the\n * dependency manager, the method will extract the api class from the module, resolve it and assign it to the module key\n * as provided in the agent constructor (or the {@link getDefaultAgentModules} method).\n *\n * Modules that don't have an api class defined ({@link Module.api} is undefined) will be ignored and won't be added to the\n * api object.\n *\n * If the api of a module is passed in the `excluded` array, the api will not be added to the resulting api object.\n *\n * @example\n * If the dependency manager has the following modules configured:\n * ```ts\n * {\n * connections: DidCommConnectionsModule\n * indy: IndyModule\n * }\n * ```\n *\n * And we call the `getAgentApi` method like this:\n * ```ts\n * const api = getAgentApi(dependencyManager)\n * ```\n *\n * the resulting agent api will look like:\n *\n * ```ts\n * {\n * connections: ConnectionsApi\n * }\n * ```\n *\n * The `indy` module has been ignored because it doesn't define an api class.\n */\nexport function getAgentApi<AgentModules extends ModulesMap>(\n dependencyManager: DependencyManager,\n excludedApis: unknown[] = []\n): AgentApi<AgentModules> {\n // Create the api object based on the `api` properties on the modules. If no `api` exists\n // on the module it will be ignored.\n const api = Object.entries(dependencyManager.registeredModules).reduce((api, [moduleKey, module]) => {\n // Module has no api\n if (!module.api) return api\n\n const apiInstance = dependencyManager.resolve(module.api)\n\n // Api is excluded\n if (excludedApis.includes(apiInstance)) return api\n // biome-ignore lint/performance/noAccumulatingSpread: no explanation\n return { ...api, [moduleKey]: apiInstance }\n }, {}) as AgentApi<AgentModules>\n\n return api\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAyGA,SAAS,yBAAyB;AAChC,QAAO;EACL,YAAY,IAAI,YAAY;EAC5B,sBAAsB,IAAI,sBAAsB;EAChD,YAAY,IAAI,YAAY;EAC5B,sBAAsB,IAAI,sBAAsB;EAChD,aAAa,IAAI,YAAY,EAAE,OAAO,IAAI,6BAA6B,EAAE,OAAO,KAAK,CAAC,EAAE,CAAC;EACzF,WAAW,IAAI,+BAA+B;EAC9C,eAAe,IAAI,eAAe;EAClC,YAAY,IAAI,YAAY;EAC5B,YAAY,IAAI,YAAY;EAC5B,WAAW,IAAI,oBAAoB,EAAE,CAAC;EACvC;;;;;;;;AASH,SAAgB,gCACd,SACoC;CACpC,MAAM,sBAAsB,wBAAwB;CACpD,MAAM,yBAAyB,OAAO,KAAK,oBAAoB;CAE/D,MAAMA,iBAA0C,EAAE;CAClD,MAAMC,gBAAyC,OAAO,QAAQ,WAAW,EAAE,CAAC,CAAC,QAC1E,CAAC,SAAS,CAAC,uBAAuB,SAAS,IAAI,CACjD;AAGD,MAAK,MAAM,CAAC,WAAW,wBAAwB,OAAO,QAAQ,oBAAoB,CAEhF,gBAAe,KAAK,CAAC,WAAW,UAAU,cAAc,qBAAqB,CAAC,CAAC;AAGjF,QAAO,OAAO,YAAY,CAAC,GAAG,gBAAgB,GAAG,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqClE,SAAgB,YACd,mBACA,eAA0B,EAAE,EACJ;AAexB,QAZY,OAAO,QAAQ,kBAAkB,kBAAkB,CAAC,QAAQ,KAAK,CAAC,WAAW,YAAY;AAEnG,MAAI,CAAC,OAAO,IAAK,QAAO;EAExB,MAAM,cAAc,kBAAkB,QAAQ,OAAO,IAAI;AAGzD,MAAI,aAAa,SAAS,YAAY,CAAE,QAAO;AAE/C,SAAO;GAAE,GAAG;IAAM,YAAY;GAAa;IAC1C,EAAE,CAAC"}
package/build/agent/EventEmitter.mjs CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  import { InjectionSymbols } from "../constants.mjs";
4
4
  import { inject, injectable } from "../plugins/index.mjs";
5
- import { __decorateMetadata } from "../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
- import { __decorateParam } from "../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
5
+ import { __decorateMetadata } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
+ import { __decorateParam } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
8
8
  import { Subject, fromEventPattern } from "rxjs";
9
9
  import { takeUntil } from "rxjs/operators";
10
10
 
package/build/agent/context/DefaultAgentContextProvider.mjs CHANGED
@@ -4,8 +4,8 @@ import { AgentContext } from "./AgentContext.mjs";
4
4
  import { CredoError } from "../../error/CredoError.mjs";
5
5
  import "../../error/index.mjs";
6
6
  import { injectable } from "../../plugins/index.mjs";
7
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
8
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
8
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
9
9
 
10
10
  //#region src/agent/context/DefaultAgentContextProvider.ts
11
11
  var _ref;
package/build/crypto/JwsService.mjs CHANGED
@@ -3,13 +3,13 @@
3
3
  import { CredoError } from "../error/CredoError.mjs";
4
4
  import "../error/index.mjs";
5
5
  import { injectable } from "../plugins/index.mjs";
6
- import { __decorate } from "../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import { KeyManagementError } from "../modules/kms/error/KeyManagementError.mjs";
8
8
  import { TypedArrayEncoder } from "../utils/TypedArrayEncoder.mjs";
9
9
  import { JsonEncoder } from "../utils/JsonEncoder.mjs";
10
10
  import "../utils/index.mjs";
11
11
  import { getJwkHumanDescription } from "../modules/kms/jwk/humanDescription.mjs";
12
- import { assymetricPublicJwkMatches } from "../modules/kms/jwk/equals.mjs";
12
+ import { asymmetricPublicJwkMatches } from "../modules/kms/jwk/equals.mjs";
13
13
  import { isKnownJwaSignatureAlgorithm } from "../modules/kms/jwk/jwa.mjs";
14
14
  import { assertJwkAsymmetric } from "../modules/kms/jwk/knownJwk.mjs";
15
15
  import { PublicJwk } from "../modules/kms/jwk/PublicJwk.mjs";
@@ -32,11 +32,11 @@ let JwsService = class JwsService$1 {
32
32
  assertJwkAsymmetric(key);
33
33
  const publicJwk = PublicJwk.fromPublicJwk(key);
34
34
  if (x5c) {
35
- if (!assymetricPublicJwkMatches(X509Service.getLeafCertificate(agentContext, { certificateChain: x5c }).publicJwk.toJson(), key)) throw new CredoError("Protected header x5c does not match key for signing.");
35
+ if (!asymmetricPublicJwkMatches(X509Service.getLeafCertificate(agentContext, { certificateChain: x5c }).publicJwk.toJson(), key)) throw new CredoError("Protected header x5c does not match key for signing.");
36
36
  }
37
37
  const jwkInstance = jwk instanceof PublicJwk ? jwk : jwk ? PublicJwk.fromUnknown(jwk) : void 0;
38
- if (jwkInstance && !assymetricPublicJwkMatches(jwkInstance.toJson(), key)) throw new CredoError("Protected header JWK does not match key for signing.");
39
- if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) throw new CredoError(`alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypehumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(", ")}`);
38
+ if (jwkInstance && !asymmetricPublicJwkMatches(jwkInstance.toJson(), key)) throw new CredoError("Protected header JWK does not match key for signing.");
39
+ if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) throw new CredoError(`alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypeHumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(", ")}`);
40
40
  const payload = options.payload instanceof JwtPayload ? JsonEncoder.toBuffer(options.payload.toJson()) : options.payload;
41
41
  const base64Payload = TypedArrayEncoder.toBase64URL(payload);
42
42
  const base64UrlProtectedHeader = JsonEncoder.toBase64URL(this.buildProtected(options.protectedHeaderOptions));
package/build/crypto/JwsService.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"JwsService.mjs","names":["JwsService","signatures: JwsDetachedFormat[]","payload: string","jwsSigners: JwsSignerWithJwk[]","jws"],"sources":["../../src/crypto/JwsService.ts"],"sourcesContent":["import type { AgentContext } from '../agent'\nimport { CredoError } from '../error'\nimport {\n assertJwkAsymmetric,\n assymetricPublicJwkMatches,\n getJwkHumanDescription,\n KeyManagementApi,\n KeyManagementError,\n type KnownJwaSignatureAlgorithm,\n PublicJwk,\n} from '../modules/kms'\nimport { isKnownJwaSignatureAlgorithm } from '../modules/kms/jwk/jwa'\nimport { type EncodedX509Certificate, X509ModuleConfig } from '../modules/x509'\nimport { X509Service } from './../modules/x509/X509Service'\nimport { injectable } from '../plugins'\nimport { type AnyUint8Array, isJsonObject } from '../types'\nimport { JsonEncoder, TypedArrayEncoder } from '../utils'\nimport type { JwsSigner, JwsSignerWithJwk } from './JwsSigner'\nimport type {\n Jws,\n JwsDetachedFormat,\n JwsFlattenedFormat,\n JwsGeneralFormat,\n JwsProtectedHeaderOptions,\n} from './JwsTypes'\nimport { JWS_COMPACT_FORMAT_MATCHER } from './JwsTypes'\nimport { JwtPayload } from './jose/jwt'\n\n@injectable()\nexport class JwsService {\n private async createJwsBase(agentContext: AgentContext, options: CreateJwsBaseOptions) {\n const { jwk, alg, x5c } = options.protectedHeaderOptions\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const key = await kms.getPublicKey({ keyId: options.keyId })\n assertJwkAsymmetric(key)\n\n const publicJwk = PublicJwk.fromPublicJwk(key)\n\n // Make sure the options.x5c and x5c from protectedHeader are the same.\n if (x5c) {\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: x5c,\n })\n\n if (!assymetricPublicJwkMatches(certificate.publicJwk.toJson(), key)) {\n throw new CredoError('Protected header x5c does not match key for signing.')\n }\n }\n\n const jwkInstance = jwk instanceof PublicJwk ? jwk : jwk ? PublicJwk.fromUnknown(jwk) : undefined\n // Make sure the options.key and jwk from protectedHeader are the same.\n if (jwkInstance && !assymetricPublicJwkMatches(jwkInstance.toJson(), key)) {\n throw new CredoError('Protected header JWK does not match key for signing.')\n }\n\n // Validate the options.key used for signing against the jws options\n if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) {\n throw new CredoError(\n `alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypehumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(\n ', '\n )}`\n )\n }\n\n const payload =\n options.payload instanceof JwtPayload ? JsonEncoder.toBuffer(options.payload.toJson()) : options.payload\n\n const base64Payload = TypedArrayEncoder.toBase64URL(payload)\n const base64UrlProtectedHeader = JsonEncoder.toBase64URL(this.buildProtected(options.protectedHeaderOptions))\n\n const signResult = await kms.sign({\n algorithm: alg,\n data: TypedArrayEncoder.fromString(`${base64UrlProtectedHeader}.${base64Payload}`),\n keyId: options.keyId,\n })\n const signature = TypedArrayEncoder.toBase64URL(signResult.signature)\n\n return {\n base64Payload,\n base64UrlProtectedHeader,\n signature,\n }\n }\n\n public async createJws(\n agentContext: AgentContext,\n { payload, keyId, header, protectedHeaderOptions }: CreateJwsOptions\n ): Promise<JwsGeneralFormat> {\n const { base64UrlProtectedHeader, signature, base64Payload } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n\n return {\n protected: base64UrlProtectedHeader,\n signature,\n header,\n payload: base64Payload,\n }\n }\n\n /**\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515#section-3.1}\n * */\n public async createJwsCompact(\n agentContext: AgentContext,\n { payload, keyId, protectedHeaderOptions }: CreateCompactJwsOptions\n ): Promise<string> {\n const { base64Payload, base64UrlProtectedHeader, signature } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n return `${base64UrlProtectedHeader}.${base64Payload}.${signature}`\n }\n\n /**\n * Verify a JWS\n */\n public async verifyJws(\n agentContext: AgentContext,\n {\n jws,\n resolveJwsSigner,\n trustedCertificates,\n jwsSigner: expectedJwsSigner,\n allowedJwsSignerMethods = ['did', 'jwk', 'x5c'],\n }: VerifyJwsOptions\n ): Promise<VerifyJwsResult> {\n let signatures: JwsDetachedFormat[] = []\n let payload: string\n\n if (expectedJwsSigner && !allowedJwsSignerMethods.includes(expectedJwsSigner.method)) {\n throw new CredoError(\n `jwsSigner provided with method '${\n expectedJwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n if (typeof jws === 'string') {\n if (!JWS_COMPACT_FORMAT_MATCHER.test(jws)) throw new CredoError(`Invalid JWS compact format for value '${jws}'.`)\n\n const [protectedHeader, _payload, signature] = jws.split('.')\n\n payload = _payload\n signatures.push({\n header: {},\n protected: protectedHeader,\n signature,\n })\n } else if ('signatures' in jws) {\n signatures = jws.signatures\n payload = jws.payload\n } else {\n signatures.push(jws)\n payload = jws.payload\n }\n\n if (signatures.length === 0) {\n throw new CredoError('Unable to verify JWS, no signatures present in JWS.')\n }\n\n const jwsFlattened = {\n signatures,\n payload,\n } satisfies JwsFlattenedFormat\n\n const jwsSigners: JwsSignerWithJwk[] = []\n for (const jws of signatures) {\n const protectedJson = JsonEncoder.fromBase64(jws.protected)\n\n if (!isJsonObject(protectedJson)) {\n throw new CredoError('Unable to verify JWS, protected header is not a valid JSON object.')\n }\n\n if (!protectedJson.alg || typeof protectedJson.alg !== 'string') {\n throw new CredoError('Unable to verify JWS, protected header alg is not provided or not a string.')\n }\n\n const jwsSigner =\n expectedJwsSigner ??\n (await this.jwsSignerFromJws(agentContext, {\n jws,\n payload,\n protectedHeader: {\n ...protectedJson,\n alg: protectedJson.alg,\n },\n allowedJwsSignerMethods,\n resolveJwsSigner,\n }))\n\n await this.verifyJwsSigner(agentContext, {\n jwsSigner,\n trustedCertificates,\n })\n\n if (!jwsSigner.jwk.supportedSignatureAlgorithms.includes(protectedJson.alg as KnownJwaSignatureAlgorithm)) {\n throw new CredoError(\n `alg '${protectedJson.alg}' is not a valid JWA signature algorithm for this jwk ${getJwkHumanDescription(jwsSigner.jwk.toJson())}. Supported algorithms are ${jwsSigner.jwk.supportedSignatureAlgorithms.join(', ')}`\n )\n }\n\n const data = TypedArrayEncoder.fromString(`${jws.protected}.${payload}`)\n const signature = TypedArrayEncoder.fromBase64(jws.signature)\n jwsSigners.push(jwsSigner)\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n try {\n const { verified } = await kms.verify({\n key: {\n publicJwk: jwsSigner.jwk.toJson(),\n },\n data,\n signature,\n algorithm: protectedJson.alg as KnownJwaSignatureAlgorithm,\n })\n\n if (!verified) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n } catch (error) {\n // WalletError probably means signature verification failed. Would be useful to add\n // more specific error type in kms.verify method\n if (error instanceof KeyManagementError) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n\n throw error\n }\n }\n\n return { isValid: true, jwsSigners, jws: jwsFlattened }\n }\n\n private buildProtected(options: JwsProtectedHeaderOptions) {\n return {\n ...options,\n alg: options.alg,\n jwk: options.jwk instanceof PublicJwk ? options.jwk.toJson() : options.jwk,\n kid: options.kid,\n }\n }\n\n private async verifyJwsSigner(\n agentContext: AgentContext,\n options: {\n jwsSigner: JwsSignerWithJwk\n trustedCertificates?: EncodedX509Certificate[]\n }\n ) {\n const { jwsSigner } = options\n\n if (jwsSigner.method === 'x5c') {\n const trustedCertificatesFromConfig =\n agentContext.dependencyManager.resolve(X509ModuleConfig).trustedCertificates ?? []\n const trustedCertificates = options.trustedCertificates ?? trustedCertificatesFromConfig\n if (trustedCertificates.length === 0) {\n throw new CredoError(\n `trustedCertificates is required when the JWS protected header contains an 'x5c' property.`\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: jwsSigner.x5c,\n trustedCertificates,\n })\n }\n }\n\n private async jwsSignerFromJws(\n agentContext: AgentContext,\n options: {\n jws: JwsDetachedFormat\n allowedJwsSignerMethods: JwsSigner['method'][]\n protectedHeader: { alg: string; [key: string]: unknown }\n payload: string\n resolveJwsSigner?: JwsSignerResolver\n }\n ): Promise<JwsSignerWithJwk> {\n const { protectedHeader, resolveJwsSigner, jws, payload, allowedJwsSignerMethods } = options\n\n const alg = protectedHeader.alg\n if (!isKnownJwaSignatureAlgorithm(alg)) {\n throw new CredoError(`Unsupported JWA signature algorithm '${protectedHeader.alg}'`)\n }\n\n if (protectedHeader.x5c && allowedJwsSignerMethods.includes('x5c')) {\n if (\n !Array.isArray(protectedHeader.x5c) ||\n protectedHeader.x5c.some((certificate) => typeof certificate !== 'string')\n ) {\n throw new CredoError('x5c header is not a valid JSON array of strings.')\n }\n\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: protectedHeader.x5c,\n })\n return {\n method: 'x5c',\n jwk: certificate.publicJwk,\n x5c: protectedHeader.x5c,\n }\n }\n\n // Jwk\n if (protectedHeader.jwk && allowedJwsSignerMethods.includes('jwk')) {\n if (!isJsonObject(protectedHeader.jwk)) throw new CredoError('JWK is not a valid JSON object.')\n\n const protectedJwk = PublicJwk.fromUnknown(protectedHeader.jwk)\n\n return {\n method: 'jwk',\n jwk: protectedJwk,\n }\n }\n\n if (!resolveJwsSigner) {\n throw new CredoError(`resolveJwsSigner is required for resolving jws signers other than 'jwk' and 'x5c'.`)\n }\n\n try {\n const jwsSigner = await resolveJwsSigner({\n jws,\n protectedHeader: {\n ...protectedHeader,\n alg,\n },\n payload,\n })\n\n if (!allowedJwsSignerMethods.includes(jwsSigner.method)) {\n throw new CredoError(\n `resolveJwsSigner returned jws signer with method '${\n jwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n return jwsSigner\n } catch (error) {\n throw new CredoError(`Error when resolving jws signer for jws in resolveJwsSigner. ${error.message}`, {\n cause: error,\n })\n }\n }\n}\n\nexport interface CreateJwsOptions {\n payload: AnyUint8Array | JwtPayload\n keyId: string\n header: Record<string, unknown>\n protectedHeaderOptions: JwsProtectedHeaderOptions\n}\n\ntype CreateJwsBaseOptions = Omit<CreateJwsOptions, 'header'>\ntype CreateCompactJwsOptions = Omit<CreateJwsOptions, 'header'>\n\nexport interface VerifyJwsOptions {\n jws: Jws\n\n /**\n * The expected signer of the JWS. If provided the signer won't be dynamically\n * detected based on the values in the JWS.\n */\n jwsSigner?: JwsSignerWithJwk\n\n /**\n * Allowed jws signer methods when dynamically inferring the jws signer method.\n */\n allowedJwsSignerMethods?: JwsSigner['method'][]\n\n /*\n * Method that should return the JWS signer was used\n * to sign the JWS.\n *\n * This method is called by the JWS Service when it could not determine the public key.\n *\n * Currently the JWS Service can only determine the public key if the JWS protected header\n * contains a `jwk` or `x5c` property. In all other cases, it's up to the caller to resolve the public\n * key based on the JWS.\n *\n * A common use case is the `kid` property in the JWS protected header. Or determining the key\n * base on the `iss` property in the JWT payload.\n */\n resolveJwsSigner?: JwsSignerResolver\n\n trustedCertificates?: EncodedX509Certificate[]\n}\n\nexport type JwsSignerResolver = (options: {\n jws: JwsDetachedFormat\n payload: string\n protectedHeader: {\n alg: KnownJwaSignatureAlgorithm\n jwk?: string\n kid?: string\n [key: string]: unknown\n }\n}) => Promise<JwsSignerWithJwk> | JwsSignerWithJwk\n\nexport interface VerifyJwsResult {\n isValid: boolean\n jwsSigners: JwsSignerWithJwk[]\n\n jws: JwsFlattenedFormat\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA6BO,uBAAMA,aAAW;CACtB,MAAc,cAAc,cAA4B,SAA+B;EACrF,MAAM,EAAE,KAAK,KAAK,QAAQ,QAAQ;EAElC,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;EAEpE,MAAM,MAAM,MAAM,IAAI,aAAa,EAAE,OAAO,QAAQ,OAAO,CAAC;AAC5D,sBAAoB,IAAI;EAExB,MAAM,YAAY,UAAU,cAAc,IAAI;AAG9C,MAAI,KAKF;OAAI,CAAC,2BAJe,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,KACnB,CAAC,CAE0C,UAAU,QAAQ,EAAE,IAAI,CAClE,OAAM,IAAI,WAAW,uDAAuD;;EAIhF,MAAM,cAAc,eAAe,YAAY,MAAM,MAAM,UAAU,YAAY,IAAI,GAAG;AAExF,MAAI,eAAe,CAAC,2BAA2B,YAAY,QAAQ,EAAE,IAAI,CACvE,OAAM,IAAI,WAAW,uDAAuD;AAI9E,MAAI,CAAC,UAAU,6BAA6B,SAAS,IAAI,CACvD,OAAM,IAAI,WACR,QAAQ,IAAI,6DAA6D,UAAU,wBAAwB,6BAA6B,UAAU,6BAA6B,KAC7K,KACD,GACF;EAGH,MAAM,UACJ,QAAQ,mBAAmB,aAAa,YAAY,SAAS,QAAQ,QAAQ,QAAQ,CAAC,GAAG,QAAQ;EAEnG,MAAM,gBAAgB,kBAAkB,YAAY,QAAQ;EAC5D,MAAM,2BAA2B,YAAY,YAAY,KAAK,eAAe,QAAQ,uBAAuB,CAAC;EAE7G,MAAM,aAAa,MAAM,IAAI,KAAK;GAChC,WAAW;GACX,MAAM,kBAAkB,WAAW,GAAG,yBAAyB,GAAG,gBAAgB;GAClF,OAAO,QAAQ;GAChB,CAAC;AAGF,SAAO;GACL;GACA;GACA,WALgB,kBAAkB,YAAY,WAAW,UAAU;GAMpE;;CAGH,MAAa,UACX,cACA,EAAE,SAAS,OAAO,QAAQ,0BACC;EAC3B,MAAM,EAAE,0BAA0B,WAAW,kBAAkB,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AAEF,SAAO;GACL,WAAW;GACX;GACA;GACA,SAAS;GACV;;;;;CAMH,MAAa,iBACX,cACA,EAAE,SAAS,OAAO,0BACD;EACjB,MAAM,EAAE,eAAe,0BAA0B,cAAc,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AACF,SAAO,GAAG,yBAAyB,GAAG,cAAc,GAAG;;;;;CAMzD,MAAa,UACX,cACA,EACE,KACA,kBACA,qBACA,WAAW,mBACX,0BAA0B;EAAC;EAAO;EAAO;EAAM,IAEvB;EAC1B,IAAIC,aAAkC,EAAE;EACxC,IAAIC;AAEJ,MAAI,qBAAqB,CAAC,wBAAwB,SAAS,kBAAkB,OAAO,CAClF,OAAM,IAAI,WACR,mCACE,kBAAkB,OACnB,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,MAAI,OAAO,QAAQ,UAAU;AAC3B,OAAI,CAAC,2BAA2B,KAAK,IAAI,CAAE,OAAM,IAAI,WAAW,yCAAyC,IAAI,IAAI;GAEjH,MAAM,CAAC,iBAAiB,UAAU,aAAa,IAAI,MAAM,IAAI;AAE7D,aAAU;AACV,cAAW,KAAK;IACd,QAAQ,EAAE;IACV,WAAW;IACX;IACD,CAAC;aACO,gBAAgB,KAAK;AAC9B,gBAAa,IAAI;AACjB,aAAU,IAAI;SACT;AACL,cAAW,KAAK,IAAI;AACpB,aAAU,IAAI;;AAGhB,MAAI,WAAW,WAAW,EACxB,OAAM,IAAI,WAAW,sDAAsD;EAG7E,MAAM,eAAe;GACnB;GACA;GACD;EAED,MAAMC,aAAiC,EAAE;AACzC,OAAK,MAAMC,SAAO,YAAY;GAC5B,MAAM,gBAAgB,YAAY,WAAWA,MAAI,UAAU;AAE3D,OAAI,CAAC,aAAa,cAAc,CAC9B,OAAM,IAAI,WAAW,qEAAqE;AAG5F,OAAI,CAAC,cAAc,OAAO,OAAO,cAAc,QAAQ,SACrD,OAAM,IAAI,WAAW,8EAA8E;GAGrG,MAAM,YACJ,qBACC,MAAM,KAAK,iBAAiB,cAAc;IACzC;IACA;IACA,iBAAiB;KACf,GAAG;KACH,KAAK,cAAc;KACpB;IACD;IACA;IACD,CAAC;AAEJ,SAAM,KAAK,gBAAgB,cAAc;IACvC;IACA;IACD,CAAC;AAEF,OAAI,CAAC,UAAU,IAAI,6BAA6B,SAAS,cAAc,IAAkC,CACvG,OAAM,IAAI,WACR,QAAQ,cAAc,IAAI,wDAAwD,uBAAuB,UAAU,IAAI,QAAQ,CAAC,CAAC,6BAA6B,UAAU,IAAI,6BAA6B,KAAK,KAAK,GACpN;GAGH,MAAM,OAAO,kBAAkB,WAAW,GAAGA,MAAI,UAAU,GAAG,UAAU;GACxE,MAAM,YAAY,kBAAkB,WAAWA,MAAI,UAAU;AAC7D,cAAW,KAAK,UAAU;GAE1B,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;AAEpE,OAAI;IACF,MAAM,EAAE,aAAa,MAAM,IAAI,OAAO;KACpC,KAAK,EACH,WAAW,UAAU,IAAI,QAAQ,EAClC;KACD;KACA;KACA,WAAW,cAAc;KAC1B,CAAC;AAEF,QAAI,CAAC,SACH,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;YAEI,OAAO;AAGd,QAAI,iBAAiB,mBACnB,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;AAGH,UAAM;;;AAIV,SAAO;GAAE,SAAS;GAAM;GAAY,KAAK;GAAc;;CAGzD,AAAQ,eAAe,SAAoC;AACzD,SAAO;GACL,GAAG;GACH,KAAK,QAAQ;GACb,KAAK,QAAQ,eAAe,YAAY,QAAQ,IAAI,QAAQ,GAAG,QAAQ;GACvE,KAAK,QAAQ;GACd;;CAGH,MAAc,gBACZ,cACA,SAIA;EACA,MAAM,EAAE,cAAc;AAEtB,MAAI,UAAU,WAAW,OAAO;GAC9B,MAAM,gCACJ,aAAa,kBAAkB,QAAQ,iBAAiB,CAAC,uBAAuB,EAAE;GACpF,MAAM,sBAAsB,QAAQ,uBAAuB;AAC3D,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,4FACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,UAAU;IAC5B;IACD,CAAC;;;CAIN,MAAc,iBACZ,cACA,SAO2B;EAC3B,MAAM,EAAE,iBAAiB,kBAAkB,KAAK,SAAS,4BAA4B;EAErF,MAAM,MAAM,gBAAgB;AAC5B,MAAI,CAAC,6BAA6B,IAAI,CACpC,OAAM,IAAI,WAAW,wCAAwC,gBAAgB,IAAI,GAAG;AAGtF,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OACE,CAAC,MAAM,QAAQ,gBAAgB,IAAI,IACnC,gBAAgB,IAAI,MAAM,gBAAgB,OAAO,gBAAgB,SAAS,CAE1E,OAAM,IAAI,WAAW,mDAAmD;AAM1E,UAAO;IACL,QAAQ;IACR,KALkB,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,gBAAgB,KACnC,CAAC,CAGiB;IACjB,KAAK,gBAAgB;IACtB;;AAIH,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OAAI,CAAC,aAAa,gBAAgB,IAAI,CAAE,OAAM,IAAI,WAAW,kCAAkC;AAI/F,UAAO;IACL,QAAQ;IACR,KAJmB,UAAU,YAAY,gBAAgB,IAAI;IAK9D;;AAGH,MAAI,CAAC,iBACH,OAAM,IAAI,WAAW,qFAAqF;AAG5G,MAAI;GACF,MAAM,YAAY,MAAM,iBAAiB;IACvC;IACA,iBAAiB;KACf,GAAG;KACH;KACD;IACD;IACD,CAAC;AAEF,OAAI,CAAC,wBAAwB,SAAS,UAAU,OAAO,CACrD,OAAM,IAAI,WACR,qDACE,UAAU,OACX,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,UAAO;WACA,OAAO;AACd,SAAM,IAAI,WAAW,gEAAgE,MAAM,WAAW,EACpG,OAAO,OACR,CAAC;;;;yBAxUP,YAAY"}
1
+ {"version":3,"file":"JwsService.mjs","names":["JwsService","signatures: JwsDetachedFormat[]","payload: string","jwsSigners: JwsSignerWithJwk[]","jws"],"sources":["../../src/crypto/JwsService.ts"],"sourcesContent":["import type { AgentContext } from '../agent'\nimport { CredoError } from '../error'\nimport {\n assertJwkAsymmetric,\n asymmetricPublicJwkMatches,\n getJwkHumanDescription,\n KeyManagementApi,\n KeyManagementError,\n type KnownJwaSignatureAlgorithm,\n PublicJwk,\n} from '../modules/kms'\nimport { isKnownJwaSignatureAlgorithm } from '../modules/kms/jwk/jwa'\nimport { type EncodedX509Certificate, X509ModuleConfig } from '../modules/x509'\nimport { X509Service } from './../modules/x509/X509Service'\nimport { injectable } from '../plugins'\nimport { type AnyUint8Array, isJsonObject } from '../types'\nimport { JsonEncoder, TypedArrayEncoder } from '../utils'\nimport type { JwsSigner, JwsSignerWithJwk } from './JwsSigner'\nimport type {\n Jws,\n JwsDetachedFormat,\n JwsFlattenedFormat,\n JwsGeneralFormat,\n JwsProtectedHeaderOptions,\n} from './JwsTypes'\nimport { JWS_COMPACT_FORMAT_MATCHER } from './JwsTypes'\nimport { JwtPayload } from './jose/jwt'\n\n@injectable()\nexport class JwsService {\n private async createJwsBase(agentContext: AgentContext, options: CreateJwsBaseOptions) {\n const { jwk, alg, x5c } = options.protectedHeaderOptions\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const key = await kms.getPublicKey({ keyId: options.keyId })\n assertJwkAsymmetric(key)\n\n const publicJwk = PublicJwk.fromPublicJwk(key)\n\n // Make sure the options.x5c and x5c from protectedHeader are the same.\n if (x5c) {\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: x5c,\n })\n\n if (!asymmetricPublicJwkMatches(certificate.publicJwk.toJson(), key)) {\n throw new CredoError('Protected header x5c does not match key for signing.')\n }\n }\n\n const jwkInstance = jwk instanceof PublicJwk ? jwk : jwk ? PublicJwk.fromUnknown(jwk) : undefined\n // Make sure the options.key and jwk from protectedHeader are the same.\n if (jwkInstance && !asymmetricPublicJwkMatches(jwkInstance.toJson(), key)) {\n throw new CredoError('Protected header JWK does not match key for signing.')\n }\n\n // Validate the options.key used for signing against the jws options\n if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) {\n throw new CredoError(\n `alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypeHumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(\n ', '\n )}`\n )\n }\n\n const payload =\n options.payload instanceof JwtPayload ? JsonEncoder.toBuffer(options.payload.toJson()) : options.payload\n\n const base64Payload = TypedArrayEncoder.toBase64URL(payload)\n const base64UrlProtectedHeader = JsonEncoder.toBase64URL(this.buildProtected(options.protectedHeaderOptions))\n\n const signResult = await kms.sign({\n algorithm: alg,\n data: TypedArrayEncoder.fromString(`${base64UrlProtectedHeader}.${base64Payload}`),\n keyId: options.keyId,\n })\n const signature = TypedArrayEncoder.toBase64URL(signResult.signature)\n\n return {\n base64Payload,\n base64UrlProtectedHeader,\n signature,\n }\n }\n\n public async createJws(\n agentContext: AgentContext,\n { payload, keyId, header, protectedHeaderOptions }: CreateJwsOptions\n ): Promise<JwsGeneralFormat> {\n const { base64UrlProtectedHeader, signature, base64Payload } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n\n return {\n protected: base64UrlProtectedHeader,\n signature,\n header,\n payload: base64Payload,\n }\n }\n\n /**\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515#section-3.1}\n * */\n public async createJwsCompact(\n agentContext: AgentContext,\n { payload, keyId, protectedHeaderOptions }: CreateCompactJwsOptions\n ): Promise<string> {\n const { base64Payload, base64UrlProtectedHeader, signature } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n return `${base64UrlProtectedHeader}.${base64Payload}.${signature}`\n }\n\n /**\n * Verify a JWS\n */\n public async verifyJws(\n agentContext: AgentContext,\n {\n jws,\n resolveJwsSigner,\n trustedCertificates,\n jwsSigner: expectedJwsSigner,\n allowedJwsSignerMethods = ['did', 'jwk', 'x5c'],\n }: VerifyJwsOptions\n ): Promise<VerifyJwsResult> {\n let signatures: JwsDetachedFormat[] = []\n let payload: string\n\n if (expectedJwsSigner && !allowedJwsSignerMethods.includes(expectedJwsSigner.method)) {\n throw new CredoError(\n `jwsSigner provided with method '${\n expectedJwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n if (typeof jws === 'string') {\n if (!JWS_COMPACT_FORMAT_MATCHER.test(jws)) throw new CredoError(`Invalid JWS compact format for value '${jws}'.`)\n\n const [protectedHeader, _payload, signature] = jws.split('.')\n\n payload = _payload\n signatures.push({\n header: {},\n protected: protectedHeader,\n signature,\n })\n } else if ('signatures' in jws) {\n signatures = jws.signatures\n payload = jws.payload\n } else {\n signatures.push(jws)\n payload = jws.payload\n }\n\n if (signatures.length === 0) {\n throw new CredoError('Unable to verify JWS, no signatures present in JWS.')\n }\n\n const jwsFlattened = {\n signatures,\n payload,\n } satisfies JwsFlattenedFormat\n\n const jwsSigners: JwsSignerWithJwk[] = []\n for (const jws of signatures) {\n const protectedJson = JsonEncoder.fromBase64(jws.protected)\n\n if (!isJsonObject(protectedJson)) {\n throw new CredoError('Unable to verify JWS, protected header is not a valid JSON object.')\n }\n\n if (!protectedJson.alg || typeof protectedJson.alg !== 'string') {\n throw new CredoError('Unable to verify JWS, protected header alg is not provided or not a string.')\n }\n\n const jwsSigner =\n expectedJwsSigner ??\n (await this.jwsSignerFromJws(agentContext, {\n jws,\n payload,\n protectedHeader: {\n ...protectedJson,\n alg: protectedJson.alg,\n },\n allowedJwsSignerMethods,\n resolveJwsSigner,\n }))\n\n await this.verifyJwsSigner(agentContext, {\n jwsSigner,\n trustedCertificates,\n })\n\n if (!jwsSigner.jwk.supportedSignatureAlgorithms.includes(protectedJson.alg as KnownJwaSignatureAlgorithm)) {\n throw new CredoError(\n `alg '${protectedJson.alg}' is not a valid JWA signature algorithm for this jwk ${getJwkHumanDescription(jwsSigner.jwk.toJson())}. Supported algorithms are ${jwsSigner.jwk.supportedSignatureAlgorithms.join(', ')}`\n )\n }\n\n const data = TypedArrayEncoder.fromString(`${jws.protected}.${payload}`)\n const signature = TypedArrayEncoder.fromBase64(jws.signature)\n jwsSigners.push(jwsSigner)\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n try {\n const { verified } = await kms.verify({\n key: {\n publicJwk: jwsSigner.jwk.toJson(),\n },\n data,\n signature,\n algorithm: protectedJson.alg as KnownJwaSignatureAlgorithm,\n })\n\n if (!verified) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n } catch (error) {\n // WalletError probably means signature verification failed. Would be useful to add\n // more specific error type in kms.verify method\n if (error instanceof KeyManagementError) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n\n throw error\n }\n }\n\n return { isValid: true, jwsSigners, jws: jwsFlattened }\n }\n\n private buildProtected(options: JwsProtectedHeaderOptions) {\n return {\n ...options,\n alg: options.alg,\n jwk: options.jwk instanceof PublicJwk ? options.jwk.toJson() : options.jwk,\n kid: options.kid,\n }\n }\n\n private async verifyJwsSigner(\n agentContext: AgentContext,\n options: {\n jwsSigner: JwsSignerWithJwk\n trustedCertificates?: EncodedX509Certificate[]\n }\n ) {\n const { jwsSigner } = options\n\n if (jwsSigner.method === 'x5c') {\n const trustedCertificatesFromConfig =\n agentContext.dependencyManager.resolve(X509ModuleConfig).trustedCertificates ?? []\n const trustedCertificates = options.trustedCertificates ?? trustedCertificatesFromConfig\n if (trustedCertificates.length === 0) {\n throw new CredoError(\n `trustedCertificates is required when the JWS protected header contains an 'x5c' property.`\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: jwsSigner.x5c,\n trustedCertificates,\n })\n }\n }\n\n private async jwsSignerFromJws(\n agentContext: AgentContext,\n options: {\n jws: JwsDetachedFormat\n allowedJwsSignerMethods: JwsSigner['method'][]\n protectedHeader: { alg: string; [key: string]: unknown }\n payload: string\n resolveJwsSigner?: JwsSignerResolver\n }\n ): Promise<JwsSignerWithJwk> {\n const { protectedHeader, resolveJwsSigner, jws, payload, allowedJwsSignerMethods } = options\n\n const alg = protectedHeader.alg\n if (!isKnownJwaSignatureAlgorithm(alg)) {\n throw new CredoError(`Unsupported JWA signature algorithm '${protectedHeader.alg}'`)\n }\n\n if (protectedHeader.x5c && allowedJwsSignerMethods.includes('x5c')) {\n if (\n !Array.isArray(protectedHeader.x5c) ||\n protectedHeader.x5c.some((certificate) => typeof certificate !== 'string')\n ) {\n throw new CredoError('x5c header is not a valid JSON array of strings.')\n }\n\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: protectedHeader.x5c,\n })\n return {\n method: 'x5c',\n jwk: certificate.publicJwk,\n x5c: protectedHeader.x5c,\n }\n }\n\n // Jwk\n if (protectedHeader.jwk && allowedJwsSignerMethods.includes('jwk')) {\n if (!isJsonObject(protectedHeader.jwk)) throw new CredoError('JWK is not a valid JSON object.')\n\n const protectedJwk = PublicJwk.fromUnknown(protectedHeader.jwk)\n\n return {\n method: 'jwk',\n jwk: protectedJwk,\n }\n }\n\n if (!resolveJwsSigner) {\n throw new CredoError(`resolveJwsSigner is required for resolving jws signers other than 'jwk' and 'x5c'.`)\n }\n\n try {\n const jwsSigner = await resolveJwsSigner({\n jws,\n protectedHeader: {\n ...protectedHeader,\n alg,\n },\n payload,\n })\n\n if (!allowedJwsSignerMethods.includes(jwsSigner.method)) {\n throw new CredoError(\n `resolveJwsSigner returned jws signer with method '${\n jwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n return jwsSigner\n } catch (error) {\n throw new CredoError(`Error when resolving jws signer for jws in resolveJwsSigner. ${error.message}`, {\n cause: error,\n })\n }\n }\n}\n\nexport interface CreateJwsOptions {\n payload: AnyUint8Array | JwtPayload\n keyId: string\n header: Record<string, unknown>\n protectedHeaderOptions: JwsProtectedHeaderOptions\n}\n\ntype CreateJwsBaseOptions = Omit<CreateJwsOptions, 'header'>\ntype CreateCompactJwsOptions = Omit<CreateJwsOptions, 'header'>\n\nexport interface VerifyJwsOptions {\n jws: Jws\n\n /**\n * The expected signer of the JWS. If provided the signer won't be dynamically\n * detected based on the values in the JWS.\n */\n jwsSigner?: JwsSignerWithJwk\n\n /**\n * Allowed jws signer methods when dynamically inferring the jws signer method.\n */\n allowedJwsSignerMethods?: JwsSigner['method'][]\n\n /*\n * Method that should return the JWS signer was used\n * to sign the JWS.\n *\n * This method is called by the JWS Service when it could not determine the public key.\n *\n * Currently the JWS Service can only determine the public key if the JWS protected header\n * contains a `jwk` or `x5c` property. In all other cases, it's up to the caller to resolve the public\n * key based on the JWS.\n *\n * A common use case is the `kid` property in the JWS protected header. Or determining the key\n * base on the `iss` property in the JWT payload.\n */\n resolveJwsSigner?: JwsSignerResolver\n\n trustedCertificates?: EncodedX509Certificate[]\n}\n\nexport type JwsSignerResolver = (options: {\n jws: JwsDetachedFormat\n payload: string\n protectedHeader: {\n alg: KnownJwaSignatureAlgorithm\n jwk?: string\n kid?: string\n [key: string]: unknown\n }\n}) => Promise<JwsSignerWithJwk> | JwsSignerWithJwk\n\nexport interface VerifyJwsResult {\n isValid: boolean\n jwsSigners: JwsSignerWithJwk[]\n\n jws: JwsFlattenedFormat\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA6BO,uBAAMA,aAAW;CACtB,MAAc,cAAc,cAA4B,SAA+B;EACrF,MAAM,EAAE,KAAK,KAAK,QAAQ,QAAQ;EAElC,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;EAEpE,MAAM,MAAM,MAAM,IAAI,aAAa,EAAE,OAAO,QAAQ,OAAO,CAAC;AAC5D,sBAAoB,IAAI;EAExB,MAAM,YAAY,UAAU,cAAc,IAAI;AAG9C,MAAI,KAKF;OAAI,CAAC,2BAJe,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,KACnB,CAAC,CAE0C,UAAU,QAAQ,EAAE,IAAI,CAClE,OAAM,IAAI,WAAW,uDAAuD;;EAIhF,MAAM,cAAc,eAAe,YAAY,MAAM,MAAM,UAAU,YAAY,IAAI,GAAG;AAExF,MAAI,eAAe,CAAC,2BAA2B,YAAY,QAAQ,EAAE,IAAI,CACvE,OAAM,IAAI,WAAW,uDAAuD;AAI9E,MAAI,CAAC,UAAU,6BAA6B,SAAS,IAAI,CACvD,OAAM,IAAI,WACR,QAAQ,IAAI,6DAA6D,UAAU,wBAAwB,6BAA6B,UAAU,6BAA6B,KAC7K,KACD,GACF;EAGH,MAAM,UACJ,QAAQ,mBAAmB,aAAa,YAAY,SAAS,QAAQ,QAAQ,QAAQ,CAAC,GAAG,QAAQ;EAEnG,MAAM,gBAAgB,kBAAkB,YAAY,QAAQ;EAC5D,MAAM,2BAA2B,YAAY,YAAY,KAAK,eAAe,QAAQ,uBAAuB,CAAC;EAE7G,MAAM,aAAa,MAAM,IAAI,KAAK;GAChC,WAAW;GACX,MAAM,kBAAkB,WAAW,GAAG,yBAAyB,GAAG,gBAAgB;GAClF,OAAO,QAAQ;GAChB,CAAC;AAGF,SAAO;GACL;GACA;GACA,WALgB,kBAAkB,YAAY,WAAW,UAAU;GAMpE;;CAGH,MAAa,UACX,cACA,EAAE,SAAS,OAAO,QAAQ,0BACC;EAC3B,MAAM,EAAE,0BAA0B,WAAW,kBAAkB,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AAEF,SAAO;GACL,WAAW;GACX;GACA;GACA,SAAS;GACV;;;;;CAMH,MAAa,iBACX,cACA,EAAE,SAAS,OAAO,0BACD;EACjB,MAAM,EAAE,eAAe,0BAA0B,cAAc,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AACF,SAAO,GAAG,yBAAyB,GAAG,cAAc,GAAG;;;;;CAMzD,MAAa,UACX,cACA,EACE,KACA,kBACA,qBACA,WAAW,mBACX,0BAA0B;EAAC;EAAO;EAAO;EAAM,IAEvB;EAC1B,IAAIC,aAAkC,EAAE;EACxC,IAAIC;AAEJ,MAAI,qBAAqB,CAAC,wBAAwB,SAAS,kBAAkB,OAAO,CAClF,OAAM,IAAI,WACR,mCACE,kBAAkB,OACnB,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,MAAI,OAAO,QAAQ,UAAU;AAC3B,OAAI,CAAC,2BAA2B,KAAK,IAAI,CAAE,OAAM,IAAI,WAAW,yCAAyC,IAAI,IAAI;GAEjH,MAAM,CAAC,iBAAiB,UAAU,aAAa,IAAI,MAAM,IAAI;AAE7D,aAAU;AACV,cAAW,KAAK;IACd,QAAQ,EAAE;IACV,WAAW;IACX;IACD,CAAC;aACO,gBAAgB,KAAK;AAC9B,gBAAa,IAAI;AACjB,aAAU,IAAI;SACT;AACL,cAAW,KAAK,IAAI;AACpB,aAAU,IAAI;;AAGhB,MAAI,WAAW,WAAW,EACxB,OAAM,IAAI,WAAW,sDAAsD;EAG7E,MAAM,eAAe;GACnB;GACA;GACD;EAED,MAAMC,aAAiC,EAAE;AACzC,OAAK,MAAMC,SAAO,YAAY;GAC5B,MAAM,gBAAgB,YAAY,WAAWA,MAAI,UAAU;AAE3D,OAAI,CAAC,aAAa,cAAc,CAC9B,OAAM,IAAI,WAAW,qEAAqE;AAG5F,OAAI,CAAC,cAAc,OAAO,OAAO,cAAc,QAAQ,SACrD,OAAM,IAAI,WAAW,8EAA8E;GAGrG,MAAM,YACJ,qBACC,MAAM,KAAK,iBAAiB,cAAc;IACzC;IACA;IACA,iBAAiB;KACf,GAAG;KACH,KAAK,cAAc;KACpB;IACD;IACA;IACD,CAAC;AAEJ,SAAM,KAAK,gBAAgB,cAAc;IACvC;IACA;IACD,CAAC;AAEF,OAAI,CAAC,UAAU,IAAI,6BAA6B,SAAS,cAAc,IAAkC,CACvG,OAAM,IAAI,WACR,QAAQ,cAAc,IAAI,wDAAwD,uBAAuB,UAAU,IAAI,QAAQ,CAAC,CAAC,6BAA6B,UAAU,IAAI,6BAA6B,KAAK,KAAK,GACpN;GAGH,MAAM,OAAO,kBAAkB,WAAW,GAAGA,MAAI,UAAU,GAAG,UAAU;GACxE,MAAM,YAAY,kBAAkB,WAAWA,MAAI,UAAU;AAC7D,cAAW,KAAK,UAAU;GAE1B,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;AAEpE,OAAI;IACF,MAAM,EAAE,aAAa,MAAM,IAAI,OAAO;KACpC,KAAK,EACH,WAAW,UAAU,IAAI,QAAQ,EAClC;KACD;KACA;KACA,WAAW,cAAc;KAC1B,CAAC;AAEF,QAAI,CAAC,SACH,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;YAEI,OAAO;AAGd,QAAI,iBAAiB,mBACnB,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;AAGH,UAAM;;;AAIV,SAAO;GAAE,SAAS;GAAM;GAAY,KAAK;GAAc;;CAGzD,AAAQ,eAAe,SAAoC;AACzD,SAAO;GACL,GAAG;GACH,KAAK,QAAQ;GACb,KAAK,QAAQ,eAAe,YAAY,QAAQ,IAAI,QAAQ,GAAG,QAAQ;GACvE,KAAK,QAAQ;GACd;;CAGH,MAAc,gBACZ,cACA,SAIA;EACA,MAAM,EAAE,cAAc;AAEtB,MAAI,UAAU,WAAW,OAAO;GAC9B,MAAM,gCACJ,aAAa,kBAAkB,QAAQ,iBAAiB,CAAC,uBAAuB,EAAE;GACpF,MAAM,sBAAsB,QAAQ,uBAAuB;AAC3D,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,4FACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,UAAU;IAC5B;IACD,CAAC;;;CAIN,MAAc,iBACZ,cACA,SAO2B;EAC3B,MAAM,EAAE,iBAAiB,kBAAkB,KAAK,SAAS,4BAA4B;EAErF,MAAM,MAAM,gBAAgB;AAC5B,MAAI,CAAC,6BAA6B,IAAI,CACpC,OAAM,IAAI,WAAW,wCAAwC,gBAAgB,IAAI,GAAG;AAGtF,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OACE,CAAC,MAAM,QAAQ,gBAAgB,IAAI,IACnC,gBAAgB,IAAI,MAAM,gBAAgB,OAAO,gBAAgB,SAAS,CAE1E,OAAM,IAAI,WAAW,mDAAmD;AAM1E,UAAO;IACL,QAAQ;IACR,KALkB,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,gBAAgB,KACnC,CAAC,CAGiB;IACjB,KAAK,gBAAgB;IACtB;;AAIH,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OAAI,CAAC,aAAa,gBAAgB,IAAI,CAAE,OAAM,IAAI,WAAW,kCAAkC;AAI/F,UAAO;IACL,QAAQ;IACR,KAJmB,UAAU,YAAY,gBAAgB,IAAI;IAK9D;;AAGH,MAAI,CAAC,iBACH,OAAM,IAAI,WAAW,qFAAqF;AAG5G,MAAI;GACF,MAAM,YAAY,MAAM,iBAAiB;IACvC;IACA,iBAAiB;KACf,GAAG;KACH;KACD;IACD;IACD,CAAC;AAEF,OAAI,CAAC,wBAAwB,SAAS,UAAU,OAAO,CACrD,OAAM,IAAI,WACR,qDACE,UAAU,OACX,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,UAAO;WACA,OAAO;AACd,SAAM,IAAI,WAAW,gEAAgE,MAAM,WAAW,EACpG,OAAO,OACR,CAAC;;;;yBAxUP,YAAY"}
package/build/crypto/webcrypto/types.mjs CHANGED
@@ -17,7 +17,7 @@ import { CredoWebCryptoError } from "./CredoWebCryptoError.mjs";
17
17
  */
18
18
  function keyParamsToJwaAlgorithm(params, key) {
19
19
  if (params.name === "Ed25519") {
20
- if (!key.publicJwk.is(Ed25519PublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for Ed25519: ${key.publicJwk.jwkTypehumanDescription}`);
20
+ if (!key.publicJwk.is(Ed25519PublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for Ed25519: ${key.publicJwk.jwkTypeHumanDescription}`);
21
21
  return "EdDSA";
22
22
  }
23
23
  if (params.name === "ECDSA") {
@@ -38,11 +38,11 @@ function keyParamsToJwaAlgorithm(params, key) {
38
38
  case "SHA-512": return "ES512";
39
39
  default: throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P521: ${hashName}`);
40
40
  }
41
- throw new CredoWebCryptoError(`Unsupported key ${key.publicJwk.jwkTypehumanDescription} or hash algorithm '${hashName}' for ECDSA`);
41
+ throw new CredoWebCryptoError(`Unsupported key ${key.publicJwk.jwkTypeHumanDescription} or hash algorithm '${hashName}' for ECDSA`);
42
42
  }
43
43
  if (params.name === "RSASSA-PKCS1-v1_5") {
44
44
  const hashName = typeof params.hash === "string" ? params.hash : params.hash.name;
45
- if (!key.publicJwk.is(RsaPublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for RSASSA-PKCS1-v1_5: ${key.publicJwk.jwkTypehumanDescription}`);
45
+ if (!key.publicJwk.is(RsaPublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for RSASSA-PKCS1-v1_5: ${key.publicJwk.jwkTypeHumanDescription}`);
46
46
  switch (hashName) {
47
47
  case "SHA-256": return "RS256";
48
48
  case "SHA-384": return "RS384";
@@ -52,7 +52,7 @@ function keyParamsToJwaAlgorithm(params, key) {
52
52
  }
53
53
  if (params.name === "RSA-PSS") {
54
54
  const hashName = typeof params.hash === "string" ? params.hash : params.hash.name;
55
- if (!key.publicJwk.is(RsaPublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for RSA-PSS: ${key.publicJwk.jwkTypehumanDescription}`);
55
+ if (!key.publicJwk.is(RsaPublicJwk)) throw new CredoWebCryptoError(`Unsupported key for algorithm for RSA-PSS: ${key.publicJwk.jwkTypeHumanDescription}`);
56
56
  switch (hashName) {
57
57
  case "SHA-256": return "PS256";
58
58
  case "SHA-384": return "PS384";
package/build/crypto/webcrypto/types.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.mjs","names":[],"sources":["../../../src/crypto/webcrypto/types.ts"],"sourcesContent":["/*\n *\n * Based on: https://www.w3.org/TR/WebCryptoAPI/\n */\n\nimport {\n Ed25519PublicJwk,\n type Jwk,\n type KnownJwaSignatureAlgorithm,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n} from '../../modules/kms'\nimport type { AnyUint8Array } from '../../types'\nimport { CredoWebCryptoError } from './CredoWebCryptoError'\nimport type { CredoWebCryptoKey } from './CredoWebCryptoKey'\n\nexport type CredoWebCryptoKeyPair = {\n publicKey: CredoWebCryptoKey\n privateKey: CredoWebCryptoKey\n}\n\ntype HashAlgorithmIdentifier = 'SHA-256' | 'SHA-384' | 'SHA-512'\n\n/*\n *\n * Sign and Verify Parameters\n *\n */\n\nexport type EcdsaParams = {\n name: 'ECDSA'\n hash: { name: HashAlgorithmIdentifier } | HashAlgorithmIdentifier\n}\n\nexport type Ed25519Params = { name: 'Ed25519' }\n\nexport type RsaSsaParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n hash: { name: HashAlgorithmIdentifier } | HashAlgorithmIdentifier\n saltLength?: number // Only for RSA-PSS\n}\n\n/*\n *\n * Key Generation Parameters\n *\n */\n\nexport type Ed25519KeyGenParams = { name: 'Ed25519' }\n\nexport type EcKeyGenParams = {\n name: 'ECDSA'\n namedCurve: 'P-256' | 'P-384' | 'P-521' | 'K-256'\n}\n\nexport type RsaHashedKeyGenParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n modulusLength: number\n publicExponent: AnyUint8Array\n hash: { name: HashAlgorithmIdentifier }\n}\n\n/*\n *\n * Key Import Parameters\n *\n */\n\nexport type Ed25519KeyImportParams = { name: 'Ed25519' }\n\nexport type EcKeyImportParams = {\n name: 'ECDSA'\n namedCurve: 'P-256' | 'P-384' | 'K-256' | 'P-521'\n}\n\nexport type RsaHashedImportParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n hash: { name: HashAlgorithmIdentifier }\n}\n\nexport type KeyUsage = 'sign' | 'verify' | 'encrypt' | 'decrypt' | 'wrapKey' | 'unwrapKey' | 'deriveKey' | 'deriveBits'\nexport type KeyFormat = 'jwk' | 'pkcs8' | 'spki' | 'raw'\nexport type KeyType = 'private' | 'public' | 'secret'\n\nexport type JsonWebKey = Jwk\n\nexport type HashAlgorithm = { name: HashAlgorithmIdentifier }\n\nexport type KeyImportParams = EcKeyImportParams | Ed25519KeyImportParams | RsaHashedImportParams\nexport type KeyGenAlgorithm = EcKeyGenParams | Ed25519KeyGenParams | RsaHashedKeyGenParams\nexport type KeySignParams = EcdsaParams | Ed25519Params | RsaSsaParams\nexport type KeyVerifyParams = EcdsaParams | Ed25519Params | RsaSsaParams\n\n/**\n * Derives the JWA algorithm name from KeySignParams or KeyVerifyParams\n * @param params - The signing or verification parameters\n * @returns The corresponding JWA algorithm string\n */\nexport function keyParamsToJwaAlgorithm(\n params: KeySignParams | KeyVerifyParams,\n key: CredoWebCryptoKey\n): KnownJwaSignatureAlgorithm {\n if (params.name === 'Ed25519') {\n if (!key.publicJwk.is(Ed25519PublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for Ed25519: ${key.publicJwk.jwkTypehumanDescription}`\n )\n }\n\n return 'EdDSA'\n }\n\n if (params.name === 'ECDSA') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (key.publicJwk.is(Secp256k1PublicJwk)) {\n // Map ECDSA with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'ES256K'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with Secp255K1: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P256PublicJwk)) {\n switch (hashName) {\n case 'SHA-256':\n return 'ES256'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P256: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P384PublicJwk)) {\n switch (hashName) {\n case 'SHA-384':\n return 'ES384'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P384: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P521PublicJwk)) {\n switch (hashName) {\n case 'SHA-512':\n return 'ES512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P521: ${hashName}`)\n }\n }\n\n throw new CredoWebCryptoError(\n `Unsupported key ${key.publicJwk.jwkTypehumanDescription} or hash algorithm '${hashName}' for ECDSA`\n )\n }\n\n if (params.name === 'RSASSA-PKCS1-v1_5') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (!key.publicJwk.is(RsaPublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for RSASSA-PKCS1-v1_5: ${key.publicJwk.jwkTypehumanDescription}`\n )\n }\n\n // Map RSA-PKCS1 with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'RS256'\n case 'SHA-384':\n return 'RS384'\n case 'SHA-512':\n return 'RS512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for RSASSA-PKCS1-v1_5: ${hashName}`)\n }\n }\n\n if (params.name === 'RSA-PSS') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (!key.publicJwk.is(RsaPublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for RSA-PSS: ${key.publicJwk.jwkTypehumanDescription}`\n )\n }\n\n // Map RSA-PSS with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'PS256'\n case 'SHA-384':\n return 'PS384'\n case 'SHA-512':\n return 'PS512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for RSA-PSS: ${hashName}`)\n }\n }\n\n throw new CredoWebCryptoError(`Unsupported algorithm: ${params.name}`)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAqGA,SAAgB,wBACd,QACA,KAC4B;AAC5B,KAAI,OAAO,SAAS,WAAW;AAC7B,MAAI,CAAC,IAAI,UAAU,GAAG,iBAAiB,CACrC,OAAM,IAAI,oBACR,8CAA8C,IAAI,UAAU,0BAC7D;AAGH,SAAO;;AAGT,KAAI,OAAO,SAAS,SAAS;EAE3B,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,IAAI,UAAU,GAAG,mBAAmB,CAEtC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,wDAAwD,WAAW;;AAKvG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAKlG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAKlG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAIlG,QAAM,IAAI,oBACR,mBAAmB,IAAI,UAAU,wBAAwB,sBAAsB,SAAS,aACzF;;AAGH,KAAI,OAAO,SAAS,qBAAqB;EAEvC,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,CAAC,IAAI,UAAU,GAAG,aAAa,CACjC,OAAM,IAAI,oBACR,wDAAwD,IAAI,UAAU,0BACvE;AAIH,UAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,qDAAqD,WAAW;;;AAIpG,KAAI,OAAO,SAAS,WAAW;EAE7B,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,CAAC,IAAI,UAAU,GAAG,aAAa,CACjC,OAAM,IAAI,oBACR,8CAA8C,IAAI,UAAU,0BAC7D;AAIH,UAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,2CAA2C,WAAW;;;AAI1F,OAAM,IAAI,oBAAoB,0BAA0B,OAAO,OAAO"}
1
+ {"version":3,"file":"types.mjs","names":[],"sources":["../../../src/crypto/webcrypto/types.ts"],"sourcesContent":["/*\n *\n * Based on: https://www.w3.org/TR/WebCryptoAPI/\n */\n\nimport {\n Ed25519PublicJwk,\n type Jwk,\n type KnownJwaSignatureAlgorithm,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n} from '../../modules/kms'\nimport type { AnyUint8Array } from '../../types'\nimport { CredoWebCryptoError } from './CredoWebCryptoError'\nimport type { CredoWebCryptoKey } from './CredoWebCryptoKey'\n\nexport type CredoWebCryptoKeyPair = {\n publicKey: CredoWebCryptoKey\n privateKey: CredoWebCryptoKey\n}\n\ntype HashAlgorithmIdentifier = 'SHA-256' | 'SHA-384' | 'SHA-512'\n\n/*\n *\n * Sign and Verify Parameters\n *\n */\n\nexport type EcdsaParams = {\n name: 'ECDSA'\n hash: { name: HashAlgorithmIdentifier } | HashAlgorithmIdentifier\n}\n\nexport type Ed25519Params = { name: 'Ed25519' }\n\nexport type RsaSsaParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n hash: { name: HashAlgorithmIdentifier } | HashAlgorithmIdentifier\n saltLength?: number // Only for RSA-PSS\n}\n\n/*\n *\n * Key Generation Parameters\n *\n */\n\nexport type Ed25519KeyGenParams = { name: 'Ed25519' }\n\nexport type EcKeyGenParams = {\n name: 'ECDSA'\n namedCurve: 'P-256' | 'P-384' | 'P-521' | 'K-256'\n}\n\nexport type RsaHashedKeyGenParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n modulusLength: number\n publicExponent: AnyUint8Array\n hash: { name: HashAlgorithmIdentifier }\n}\n\n/*\n *\n * Key Import Parameters\n *\n */\n\nexport type Ed25519KeyImportParams = { name: 'Ed25519' }\n\nexport type EcKeyImportParams = {\n name: 'ECDSA'\n namedCurve: 'P-256' | 'P-384' | 'K-256' | 'P-521'\n}\n\nexport type RsaHashedImportParams = {\n name: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS'\n hash: { name: HashAlgorithmIdentifier }\n}\n\nexport type KeyUsage = 'sign' | 'verify' | 'encrypt' | 'decrypt' | 'wrapKey' | 'unwrapKey' | 'deriveKey' | 'deriveBits'\nexport type KeyFormat = 'jwk' | 'pkcs8' | 'spki' | 'raw'\nexport type KeyType = 'private' | 'public' | 'secret'\n\nexport type JsonWebKey = Jwk\n\nexport type HashAlgorithm = { name: HashAlgorithmIdentifier }\n\nexport type KeyImportParams = EcKeyImportParams | Ed25519KeyImportParams | RsaHashedImportParams\nexport type KeyGenAlgorithm = EcKeyGenParams | Ed25519KeyGenParams | RsaHashedKeyGenParams\nexport type KeySignParams = EcdsaParams | Ed25519Params | RsaSsaParams\nexport type KeyVerifyParams = EcdsaParams | Ed25519Params | RsaSsaParams\n\n/**\n * Derives the JWA algorithm name from KeySignParams or KeyVerifyParams\n * @param params - The signing or verification parameters\n * @returns The corresponding JWA algorithm string\n */\nexport function keyParamsToJwaAlgorithm(\n params: KeySignParams | KeyVerifyParams,\n key: CredoWebCryptoKey\n): KnownJwaSignatureAlgorithm {\n if (params.name === 'Ed25519') {\n if (!key.publicJwk.is(Ed25519PublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for Ed25519: ${key.publicJwk.jwkTypeHumanDescription}`\n )\n }\n\n return 'EdDSA'\n }\n\n if (params.name === 'ECDSA') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (key.publicJwk.is(Secp256k1PublicJwk)) {\n // Map ECDSA with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'ES256K'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with Secp255K1: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P256PublicJwk)) {\n switch (hashName) {\n case 'SHA-256':\n return 'ES256'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P256: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P384PublicJwk)) {\n switch (hashName) {\n case 'SHA-384':\n return 'ES384'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P384: ${hashName}`)\n }\n }\n\n // Map ECDSA with different hash algorithms to JWA names\n if (key.publicJwk.is(P521PublicJwk)) {\n switch (hashName) {\n case 'SHA-512':\n return 'ES512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for ECDSA with P521: ${hashName}`)\n }\n }\n\n throw new CredoWebCryptoError(\n `Unsupported key ${key.publicJwk.jwkTypeHumanDescription} or hash algorithm '${hashName}' for ECDSA`\n )\n }\n\n if (params.name === 'RSASSA-PKCS1-v1_5') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (!key.publicJwk.is(RsaPublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for RSASSA-PKCS1-v1_5: ${key.publicJwk.jwkTypeHumanDescription}`\n )\n }\n\n // Map RSA-PKCS1 with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'RS256'\n case 'SHA-384':\n return 'RS384'\n case 'SHA-512':\n return 'RS512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for RSASSA-PKCS1-v1_5: ${hashName}`)\n }\n }\n\n if (params.name === 'RSA-PSS') {\n // Normalize hash parameter\n const hashName = typeof params.hash === 'string' ? params.hash : params.hash.name\n\n if (!key.publicJwk.is(RsaPublicJwk)) {\n throw new CredoWebCryptoError(\n `Unsupported key for algorithm for RSA-PSS: ${key.publicJwk.jwkTypeHumanDescription}`\n )\n }\n\n // Map RSA-PSS with different hash algorithms to JWA names\n switch (hashName) {\n case 'SHA-256':\n return 'PS256'\n case 'SHA-384':\n return 'PS384'\n case 'SHA-512':\n return 'PS512'\n default:\n throw new CredoWebCryptoError(`Unsupported hash algorithm for RSA-PSS: ${hashName}`)\n }\n }\n\n throw new CredoWebCryptoError(`Unsupported algorithm: ${params.name}`)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAqGA,SAAgB,wBACd,QACA,KAC4B;AAC5B,KAAI,OAAO,SAAS,WAAW;AAC7B,MAAI,CAAC,IAAI,UAAU,GAAG,iBAAiB,CACrC,OAAM,IAAI,oBACR,8CAA8C,IAAI,UAAU,0BAC7D;AAGH,SAAO;;AAGT,KAAI,OAAO,SAAS,SAAS;EAE3B,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,IAAI,UAAU,GAAG,mBAAmB,CAEtC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,wDAAwD,WAAW;;AAKvG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAKlG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAKlG,MAAI,IAAI,UAAU,GAAG,cAAc,CACjC,SAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,mDAAmD,WAAW;;AAIlG,QAAM,IAAI,oBACR,mBAAmB,IAAI,UAAU,wBAAwB,sBAAsB,SAAS,aACzF;;AAGH,KAAI,OAAO,SAAS,qBAAqB;EAEvC,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,CAAC,IAAI,UAAU,GAAG,aAAa,CACjC,OAAM,IAAI,oBACR,wDAAwD,IAAI,UAAU,0BACvE;AAIH,UAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,qDAAqD,WAAW;;;AAIpG,KAAI,OAAO,SAAS,WAAW;EAE7B,MAAM,WAAW,OAAO,OAAO,SAAS,WAAW,OAAO,OAAO,OAAO,KAAK;AAE7E,MAAI,CAAC,IAAI,UAAU,GAAG,aAAa,CACjC,OAAM,IAAI,oBACR,8CAA8C,IAAI,UAAU,0BAC7D;AAIH,UAAQ,UAAR;GACE,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,KAAK,UACH,QAAO;GACT,QACE,OAAM,IAAI,oBAAoB,2CAA2C,WAAW;;;AAI1F,OAAM,IAAI,oBAAoB,0BAA0B,OAAO,OAAO"}
package/build/modules/cache/CachedStorageService.mjs CHANGED
@@ -2,13 +2,13 @@
2
2
 
3
3
  import { InjectionSymbols } from "../../constants.mjs";
4
4
  import { inject, injectable } from "../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { JsonTransformer } from "../../utils/JsonTransformer.mjs";
9
9
  import "../../utils/index.mjs";
10
10
  import "../../storage/BaseRecord.mjs";
11
- import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
11
+ import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
12
12
  import { CacheModuleConfig } from "./CacheModuleConfig.mjs";
13
13
 
14
14
  //#region src/modules/cache/CachedStorageService.ts
package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRecord.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { BaseRecord } from "../../../storage/BaseRecord.mjs";
6
6
  import { uuid } from "../../../utils/uuid.mjs";
7
7
  import { Type } from "class-transformer";
package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRepository.mjs CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  import { InjectionSymbols } from "../../../constants.mjs";
4
4
  import { inject, injectable } from "../../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
5
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
8
8
  import { EventEmitter } from "../../../agent/EventEmitter.mjs";
9
9
  import { Repository } from "../../../storage/Repository.mjs";
10
10
  import { SingleContextLruCacheRecord } from "./SingleContextLruCacheRecord.mjs";
package/build/modules/dcql/DcqlService.mjs CHANGED
@@ -1,6 +1,6 @@
1
1
 
2
2
 
3
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
4
4
  import { asArray } from "../../utils/array.mjs";
5
5
  import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
6
6
  import "../../utils/index.mjs";
@@ -511,7 +511,7 @@ let DcqlService = class DcqlService$1 {
511
511
  const signatureSuiteRegistry = agentContext.dependencyManager.resolve(SignatureSuiteRegistry);
512
512
  const publicJwk = getPublicJwkFromVerificationMethod(verificationMethod);
513
513
  const supportedSignatureSuites = signatureSuiteRegistry.getAllByPublicJwkType(publicJwk);
514
- if (supportedSignatureSuites.length === 0) throw new DcqlError(`Couldn't find a supported signature suite for the given jwk ${publicJwk.jwkTypehumanDescription}`);
514
+ if (supportedSignatureSuites.length === 0) throw new DcqlError(`Couldn't find a supported signature suite for the given jwk ${publicJwk.jwkTypeHumanDescription}`);
515
515
  return supportedSignatureSuites[0].proofType;
516
516
  }
517
517
  };