@credo-ts/core 0.6.0-pr-2539-20251127092008 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/assertClassBrand.mjs +1 -1
  2. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/checkPrivateRedeclaration.mjs +1 -1
  3. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldGet2.mjs +1 -1
  4. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldInitSpec.mjs +1 -1
  5. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldSet2.mjs +1 -1
  6. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorate.mjs +1 -1
  7. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateMetadata.mjs +1 -1
  8. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateParam.mjs +1 -1
  9. package/build/_virtual/rolldown_runtime.mjs +10 -5
  10. package/build/agent/AgentModules.d.mts.map +1 -1
  11. package/build/agent/AgentModules.mjs.map +1 -1
  12. package/build/agent/EventEmitter.mjs +3 -3
  13. package/build/agent/context/DefaultAgentContextProvider.mjs +2 -2
  14. package/build/crypto/JwsService.mjs +5 -5
  15. package/build/crypto/JwsService.mjs.map +1 -1
  16. package/build/crypto/webcrypto/types.mjs +4 -4
  17. package/build/crypto/webcrypto/types.mjs.map +1 -1
  18. package/build/modules/cache/CachedStorageService.mjs +3 -3
  19. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRecord.mjs +2 -2
  20. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRepository.mjs +3 -3
  21. package/build/modules/dcql/DcqlService.mjs +2 -2
  22. package/build/modules/dcql/DcqlService.mjs.map +1 -1
  23. package/build/modules/dids/DidsApi.mjs +2 -2
  24. package/build/modules/dids/domain/DidDocument.mjs +3 -3
  25. package/build/modules/dids/domain/DidDocument.mjs.map +1 -1
  26. package/build/modules/dids/domain/key-type/keyDidMapping.mjs +1 -1
  27. package/build/modules/dids/domain/key-type/keyDidMapping.mjs.map +1 -1
  28. package/build/modules/dids/domain/service/DidCommV1Service.mjs +2 -2
  29. package/build/modules/dids/domain/service/DidCommV2Service.mjs +2 -2
  30. package/build/modules/dids/domain/service/DidDocumentService.mjs +2 -2
  31. package/build/modules/dids/domain/service/IndyAgentService.mjs +2 -2
  32. package/build/modules/dids/domain/service/LegacyDidCommV2Service.mjs +2 -2
  33. package/build/modules/dids/domain/verificationMethod/VerificationMethod.mjs +2 -2
  34. package/build/modules/dids/findMatchingEd25519Key.mjs +2 -2
  35. package/build/modules/dids/findMatchingEd25519Key.mjs.map +1 -1
  36. package/build/modules/dids/helpers.mjs +1 -1
  37. package/build/modules/dids/helpers.mjs.map +1 -1
  38. package/build/modules/dids/repository/DidRecord.mjs +2 -2
  39. package/build/modules/dids/repository/DidRepository.mjs +3 -3
  40. package/build/modules/dids/services/DidRegistrarService.mjs +3 -3
  41. package/build/modules/dids/services/DidResolverService.mjs +3 -3
  42. package/build/modules/dids/types.d.mts +1 -1
  43. package/build/modules/dif-presentation-exchange/DifPresentationExchangeService.mjs +2 -2
  44. package/build/modules/generic-records/GenericRecordsApi.mjs +3 -3
  45. package/build/modules/generic-records/repository/GenericRecordsRepository.mjs +3 -3
  46. package/build/modules/generic-records/services/GenericRecordService.mjs +2 -2
  47. package/build/modules/kms/KeyManagementApi.mjs +2 -2
  48. package/build/modules/kms/KeyManagementModuleConfig.mjs +3 -3
  49. package/build/modules/kms/index.d.mts +2 -2
  50. package/build/modules/kms/index.mjs +2 -2
  51. package/build/modules/kms/jwk/PublicJwk.d.mts +2 -2
  52. package/build/modules/kms/jwk/PublicJwk.mjs +4 -4
  53. package/build/modules/kms/jwk/PublicJwk.mjs.map +1 -1
  54. package/build/modules/kms/jwk/equals.d.mts +2 -2
  55. package/build/modules/kms/jwk/equals.mjs +2 -2
  56. package/build/modules/kms/jwk/equals.mjs.map +1 -1
  57. package/build/modules/kms/jwk/index.d.mts +1 -1
  58. package/build/modules/kms/jwk/index.mjs +1 -1
  59. package/build/modules/mdoc/Mdoc.mjs +4 -4
  60. package/build/modules/mdoc/Mdoc.mjs.map +1 -1
  61. package/build/modules/mdoc/MdocApi.mjs +2 -2
  62. package/build/modules/mdoc/MdocDeviceResponse.mjs +1 -1
  63. package/build/modules/mdoc/MdocDeviceResponse.mjs.map +1 -1
  64. package/build/modules/mdoc/MdocService.mjs +2 -2
  65. package/build/modules/mdoc/repository/MdocRepository.mjs +3 -3
  66. package/build/modules/sd-jwt-vc/SdJwtVcApi.mjs +2 -2
  67. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts +10 -5
  68. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts.map +1 -1
  69. package/build/modules/sd-jwt-vc/SdJwtVcService.d.mts.map +1 -1
  70. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs +8 -8
  71. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs.map +1 -1
  72. package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.mjs +3 -3
  73. package/build/modules/sd-jwt-vc/typeMetadata.d.mts +17 -2
  74. package/build/modules/sd-jwt-vc/typeMetadata.d.mts.map +1 -1
  75. package/build/modules/sd-jwt-vc/utils.mjs +1 -1
  76. package/build/modules/sd-jwt-vc/utils.mjs.map +1 -1
  77. package/build/modules/vc/W3cCredentialService.mjs +2 -2
  78. package/build/modules/vc/W3cCredentialsApi.mjs +2 -2
  79. package/build/modules/vc/W3cV2CredentialService.mjs +2 -2
  80. package/build/modules/vc/W3cV2CredentialsApi.mjs +2 -2
  81. package/build/modules/vc/data-integrity/SignatureSuiteRegistry.mjs +3 -3
  82. package/build/modules/vc/data-integrity/W3cJsonLdCredentialService.mjs +2 -2
  83. package/build/modules/vc/data-integrity/models/DataIntegrityProof.mjs +2 -2
  84. package/build/modules/vc/data-integrity/models/LinkedDataProof.mjs +2 -2
  85. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiableCredential.mjs +2 -2
  86. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiablePresentation.mjs +2 -2
  87. package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs +2 -2
  88. package/build/modules/vc/jwt-vc/W3cV2JwtCredentialService.mjs +2 -2
  89. package/build/modules/vc/models/credential/W3cCredential.mjs +2 -2
  90. package/build/modules/vc/models/credential/W3cCredentialSchema.mjs +2 -2
  91. package/build/modules/vc/models/credential/W3cCredentialStatus.mjs +2 -2
  92. package/build/modules/vc/models/credential/W3cCredentialSubject.mjs +2 -2
  93. package/build/modules/vc/models/credential/W3cIssuer.mjs +2 -2
  94. package/build/modules/vc/models/credential/W3cV2Credential.mjs +2 -2
  95. package/build/modules/vc/models/credential/W3cV2CredentialSchema.mjs +2 -2
  96. package/build/modules/vc/models/credential/W3cV2CredentialStatus.mjs +2 -2
  97. package/build/modules/vc/models/credential/W3cV2CredentialSubject.mjs +2 -2
  98. package/build/modules/vc/models/credential/W3cV2EnvelopedVerifiableCredential.mjs +2 -2
  99. package/build/modules/vc/models/credential/W3cV2Evidence.mjs +2 -2
  100. package/build/modules/vc/models/credential/W3cV2Issuer.mjs +2 -2
  101. package/build/modules/vc/models/credential/W3cV2LocalizedValue.mjs +2 -2
  102. package/build/modules/vc/models/credential/W3cV2RefreshService.mjs +2 -2
  103. package/build/modules/vc/models/credential/W3cV2TermsOfUse.mjs +2 -2
  104. package/build/modules/vc/models/presentation/W3cHolder.mjs +2 -2
  105. package/build/modules/vc/models/presentation/W3cPresentation.mjs +2 -2
  106. package/build/modules/vc/models/presentation/W3cV2EnvelopedVerifiablePresentation.mjs +2 -2
  107. package/build/modules/vc/models/presentation/W3cV2Holder.mjs +2 -2
  108. package/build/modules/vc/models/presentation/W3cV2Presentation.mjs +2 -2
  109. package/build/modules/vc/repository/W3cCredentialRepository.mjs +3 -3
  110. package/build/modules/vc/repository/W3cV2CredentialRepository.mjs +3 -3
  111. package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.mjs +1 -1
  112. package/build/modules/x509/X509Api.mjs +2 -2
  113. package/build/modules/x509/X509Certificate.mjs +2 -2
  114. package/build/modules/x509/X509Certificate.mjs.map +1 -1
  115. package/build/modules/x509/X509ModuleConfig.mjs +3 -3
  116. package/build/modules/x509/X509Service.mjs +1 -1
  117. package/build/storage/BaseRecord.mjs +2 -2
  118. package/build/storage/StorageService.d.mts.map +1 -1
  119. package/build/storage/migration/StorageUpdateService.mjs +3 -3
  120. package/build/storage/migration/repository/StorageVersionRepository.mjs +3 -3
  121. package/build/utils/MessageValidator.mjs +1 -1
  122. package/build/utils/MessageValidator.mjs.map +1 -1
  123. package/package.json +6 -6
package/build/modules/dids/services/DidResolverService.mjs CHANGED
@@ -4,14 +4,14 @@ import { InjectionSymbols } from "../../../constants.mjs";
4
4
  import { CredoError } from "../../../error/CredoError.mjs";
5
5
  import "../../../error/index.mjs";
6
6
  import { inject, injectable } from "../../../plugins/index.mjs";
7
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
8
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
8
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
9
9
  import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
10
10
  import "../../../utils/index.mjs";
11
11
  import { parseDid } from "../domain/parse.mjs";
12
12
  import { DidDocument } from "../domain/DidDocument.mjs";
13
13
  import "../domain/index.mjs";
14
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
14
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
15
15
  import { CacheModuleConfig } from "../../cache/CacheModuleConfig.mjs";
16
16
  import { DidRepository } from "../repository/DidRepository.mjs";
17
17
  import "../repository/index.mjs";
package/build/modules/dids/types.d.mts CHANGED
@@ -32,7 +32,7 @@ interface DidResolutionOptions extends DIDResolutionOptions {
32
32
  /**
33
33
  * How many seconds to persist the resolved document
34
34
  *
35
- * @default 3600
35
+ * @default 300
36
36
  */
37
37
  cacheDurationInSeconds?: number;
38
38
  }
package/build/modules/dif-presentation-exchange/DifPresentationExchangeService.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { CredoError } from "../../error/CredoError.mjs";
4
4
  import "../../error/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import { JsonTransformer } from "../../utils/JsonTransformer.mjs";
8
8
  import "../../utils/index.mjs";
9
9
  import { getJwkHumanDescription } from "../kms/jwk/humanDescription.mjs";
package/build/modules/generic-records/GenericRecordsApi.mjs CHANGED
@@ -3,10 +3,10 @@
3
3
  import { InjectionSymbols } from "../../constants.mjs";
4
4
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
5
5
  import { inject, injectable } from "../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import "../../agent/index.mjs";
9
- import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
9
+ import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
10
10
  import { GenericRecordService } from "./services/GenericRecordService.mjs";
11
11
 
12
12
  //#region src/modules/generic-records/GenericRecordsApi.ts
package/build/modules/generic-records/repository/GenericRecordsRepository.mjs CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  import { InjectionSymbols } from "../../../constants.mjs";
4
4
  import { inject, injectable } from "../../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
5
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
8
8
  import { EventEmitter } from "../../../agent/EventEmitter.mjs";
9
9
  import { Repository } from "../../../storage/Repository.mjs";
10
10
  import { GenericRecord } from "./GenericRecord.mjs";
package/build/modules/generic-records/services/GenericRecordService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../../error/CredoError.mjs";
4
4
  import "../../../error/index.mjs";
5
5
  import { injectable } from "../../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { GenericRecord } from "../repository/GenericRecord.mjs";
9
9
  import { GenericRecordsRepository } from "../repository/GenericRecordsRepository.mjs";
10
10
 
package/build/modules/kms/KeyManagementApi.mjs CHANGED
@@ -1,8 +1,8 @@
1
1
 
2
2
 
3
3
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
4
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
5
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
4
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
5
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
6
6
  import "../../agent/index.mjs";
7
7
  import { KeyManagementError } from "./error/KeyManagementError.mjs";
8
8
  import { KeyManagementKeyNotFoundError } from "./error/KeyManagementKeyNotFoundError.mjs";
package/build/modules/kms/KeyManagementModuleConfig.mjs CHANGED
@@ -1,9 +1,9 @@
1
1
 
2
2
 
3
3
  import { KeyManagementError } from "./error/KeyManagementError.mjs";
4
- import { _classPrivateFieldInitSpec } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldInitSpec.mjs";
5
- import { _classPrivateFieldSet2 } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldSet2.mjs";
6
- import { _classPrivateFieldGet2 } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldGet2.mjs";
4
+ import { _classPrivateFieldInitSpec } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldInitSpec.mjs";
5
+ import { _classPrivateFieldSet2 } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldSet2.mjs";
6
+ import { _classPrivateFieldGet2 } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldGet2.mjs";
7
7
 
8
8
  //#region src/modules/kms/KeyManagementModuleConfig.ts
9
9
  var _defaultBackend = /* @__PURE__ */ new WeakMap();
package/build/modules/kms/index.d.mts CHANGED
@@ -27,7 +27,7 @@ import { allowedEncryptionAlgsForKey, assertAllowedEncryptionAlgForKey, supporte
27
27
  import { allowedKeyDerivationAlgsForKey, assertAllowedKeyDerivationAlgForKey, supportedKeyDerivationAlgsForKey } from "./jwk/alg/keyDerivation.mjs";
28
28
  import { allowedSigningAlgsForSigningKey, assertAllowedSigningAlgForKey, supportedSigningAlgsForKey } from "./jwk/alg/signing.mjs";
29
29
  import { assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm } from "./jwk/assertSupported.mjs";
30
- import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches } from "./jwk/equals.mjs";
30
+ import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches } from "./jwk/equals.mjs";
31
31
  import { getJwkHumanDescription } from "./jwk/humanDescription.mjs";
32
32
  import { Jwk, JwkCommon } from "./jwk/jwk.mjs";
33
33
  import { assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify } from "./jwk/keyOps.mjs";
@@ -49,7 +49,7 @@ import { legacyKeyIdFromPublicJwk } from "./legacy.mjs";
49
49
 
50
50
  //#region src/modules/kms/index.d.ts
51
51
  declare namespace index_d_exports {
52
- export { Ed25519PublicJwk, Jwk, JwkCommon, KeyManagementAlgorithmNotSupportedError, KeyManagementApi, KeyManagementError, KeyManagementKeyExistsError, KeyManagementKeyNotFoundError, KeyManagementModule, KeyManagementModuleConfig, KeyManagementModuleConfigOptions, KeyManagementService, KmsCreateKeyForSignatureAlgorithmOptions, KmsCreateKeyOptions, KmsCreateKeyReturn, KmsCreateKeyType, KmsCreateKeyTypeAssymetric, KmsCreateKeyTypeEc, KmsCreateKeyTypeOct, KmsCreateKeyTypeOkp, KmsCreateKeyTypeRsa, KmsDecryptDataDecryption, KmsDecryptDataDecryptionAesCbc, KmsDecryptDataDecryptionAesGcm, KmsDecryptDataDecryptionC20p, KmsDecryptOptions, KmsDecryptReturn, KmsDeleteKeyOptions, KmsEncryptDataEncryption, KmsEncryptDataEncryptionAesCbc, KmsEncryptDataEncryptionAesGcm, KmsEncryptDataEncryptionX20c, KmsEncryptOptions, KmsEncryptReturn, KmsEncryptedKey, KmsGetPublicKeyOptions, KmsImportKeyOptions, KmsImportKeyReturn, KmsJwkPrivate, KmsJwkPrivateAsymmetric, KmsJwkPrivateEc, KmsJwkPrivateFromKmsJwkPublic, KmsJwkPrivateOct, KmsJwkPrivateOkp, KmsJwkPrivateRsa, KmsJwkPublic, KmsJwkPublicAsymmetric, KmsJwkPublicEc, KmsJwkPublicEcdh, KmsJwkPublicFromCreateType, KmsJwkPublicFromKmsJwkPrivate, KmsJwkPublicOct, KmsJwkPublicOkp, KmsJwkPublicRsa, KmsKeyAgreementDecryptEcdhEsKw, KmsKeyAgreementDecryptEcdhHsalsa20, KmsKeyAgreementDecryptOptions, KmsKeyAgreementEcdhEs, KmsKeyAgreementEncryptEcdhEsKw, KmsKeyAgreementEncryptEcdhHsalsa20, KmsKeyAgreementEncryptOptions, KmsOperation, KmsOperationCreateKey, KmsOperationDecrypt, KmsOperationDeleteKey, KmsOperationEncrypt, KmsOperationImportKey, KmsOperationSign, KmsOperationVerify, KmsRandomBytesOptions, KmsRandomBytesReturn, KmsSignOptions, KmsSignReturn, KmsVerifyOptions, KmsVerifyReturn, KnownCoseSignatureAlgorithm, KnownCoseSignatureAlgorithms, KnownJwaContentEncryptionAlgorithm, KnownJwaContentEncryptionAlgorithms, KnownJwaKeyAgreementAlgorithm, KnownJwaKeyAgreementAlgorithms, KnownJwaKeyEncryptionAlgorithm, KnownJwaKeyEncryptionAlgorithms, KnownJwaSignatureAlgorithm, KnownJwaSignatureAlgorithms, P256PublicJwk, P384PublicJwk, P521PublicJwk, PublicJwk, RsaPublicJwk, Secp256k1PublicJwk, X25519PublicJwk, allowedEncryptionAlgsForKey, allowedKeyDerivationAlgsForKey, allowedSigningAlgsForSigningKey, assertAllowedEncryptionAlgForKey, assertAllowedKeyDerivationAlgForKey, assertAllowedSigningAlgForKey, assertAsymmetricJwkKeyTypeMatches, assertJwkAsymmetric, assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches, derEcSignatureToRaw, getJwkHumanDescription, getKmsOperationHumanDescription, isJwkAsymmetric, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify, legacyKeyIdFromPublicJwk, publicJwkFromPrivateJwk, rawEcSignatureToDer, supportedEncryptionAlgsForKey, supportedKeyDerivationAlgsForKey, supportedSigningAlgsForKey };
52
+ export { Ed25519PublicJwk, Jwk, JwkCommon, KeyManagementAlgorithmNotSupportedError, KeyManagementApi, KeyManagementError, KeyManagementKeyExistsError, KeyManagementKeyNotFoundError, KeyManagementModule, KeyManagementModuleConfig, KeyManagementModuleConfigOptions, KeyManagementService, KmsCreateKeyForSignatureAlgorithmOptions, KmsCreateKeyOptions, KmsCreateKeyReturn, KmsCreateKeyType, KmsCreateKeyTypeAssymetric, KmsCreateKeyTypeEc, KmsCreateKeyTypeOct, KmsCreateKeyTypeOkp, KmsCreateKeyTypeRsa, KmsDecryptDataDecryption, KmsDecryptDataDecryptionAesCbc, KmsDecryptDataDecryptionAesGcm, KmsDecryptDataDecryptionC20p, KmsDecryptOptions, KmsDecryptReturn, KmsDeleteKeyOptions, KmsEncryptDataEncryption, KmsEncryptDataEncryptionAesCbc, KmsEncryptDataEncryptionAesGcm, KmsEncryptDataEncryptionX20c, KmsEncryptOptions, KmsEncryptReturn, KmsEncryptedKey, KmsGetPublicKeyOptions, KmsImportKeyOptions, KmsImportKeyReturn, KmsJwkPrivate, KmsJwkPrivateAsymmetric, KmsJwkPrivateEc, KmsJwkPrivateFromKmsJwkPublic, KmsJwkPrivateOct, KmsJwkPrivateOkp, KmsJwkPrivateRsa, KmsJwkPublic, KmsJwkPublicAsymmetric, KmsJwkPublicEc, KmsJwkPublicEcdh, KmsJwkPublicFromCreateType, KmsJwkPublicFromKmsJwkPrivate, KmsJwkPublicOct, KmsJwkPublicOkp, KmsJwkPublicRsa, KmsKeyAgreementDecryptEcdhEsKw, KmsKeyAgreementDecryptEcdhHsalsa20, KmsKeyAgreementDecryptOptions, KmsKeyAgreementEcdhEs, KmsKeyAgreementEncryptEcdhEsKw, KmsKeyAgreementEncryptEcdhHsalsa20, KmsKeyAgreementEncryptOptions, KmsOperation, KmsOperationCreateKey, KmsOperationDecrypt, KmsOperationDeleteKey, KmsOperationEncrypt, KmsOperationImportKey, KmsOperationSign, KmsOperationVerify, KmsRandomBytesOptions, KmsRandomBytesReturn, KmsSignOptions, KmsSignReturn, KmsVerifyOptions, KmsVerifyReturn, KnownCoseSignatureAlgorithm, KnownCoseSignatureAlgorithms, KnownJwaContentEncryptionAlgorithm, KnownJwaContentEncryptionAlgorithms, KnownJwaKeyAgreementAlgorithm, KnownJwaKeyAgreementAlgorithms, KnownJwaKeyEncryptionAlgorithm, KnownJwaKeyEncryptionAlgorithms, KnownJwaSignatureAlgorithm, KnownJwaSignatureAlgorithms, P256PublicJwk, P384PublicJwk, P521PublicJwk, PublicJwk, RsaPublicJwk, Secp256k1PublicJwk, X25519PublicJwk, allowedEncryptionAlgsForKey, allowedKeyDerivationAlgsForKey, allowedSigningAlgsForSigningKey, assertAllowedEncryptionAlgForKey, assertAllowedKeyDerivationAlgForKey, assertAllowedSigningAlgForKey, assertAsymmetricJwkKeyTypeMatches, assertJwkAsymmetric, assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches, derEcSignatureToRaw, getJwkHumanDescription, getKmsOperationHumanDescription, isJwkAsymmetric, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify, legacyKeyIdFromPublicJwk, publicJwkFromPrivateJwk, rawEcSignatureToDer, supportedEncryptionAlgsForKey, supportedKeyDerivationAlgsForKey, supportedSigningAlgsForKey };
53
53
  }
54
54
  //#endregion
55
55
  export { index_d_exports };
package/build/modules/kms/index.mjs CHANGED
@@ -12,7 +12,7 @@ import { allowedEncryptionAlgsForKey, assertAllowedEncryptionAlgForKey, supporte
12
12
  import { allowedKeyDerivationAlgsForKey, assertAllowedKeyDerivationAlgForKey, supportedKeyDerivationAlgsForKey } from "./jwk/alg/keyDerivation.mjs";
13
13
  import { allowedSigningAlgsForSigningKey, assertAllowedSigningAlgForKey, supportedSigningAlgsForKey } from "./jwk/alg/signing.mjs";
14
14
  import { assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm } from "./jwk/assertSupported.mjs";
15
- import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches } from "./jwk/equals.mjs";
15
+ import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches } from "./jwk/equals.mjs";
16
16
  import { KnownJwaContentEncryptionAlgorithms, KnownJwaKeyAgreementAlgorithms, KnownJwaKeyEncryptionAlgorithms, KnownJwaSignatureAlgorithms } from "./jwk/jwa.mjs";
17
17
  import { assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify } from "./jwk/keyOps.mjs";
18
18
  import { assertJwkAsymmetric, isJwkAsymmetric, publicJwkFromPrivateJwk } from "./jwk/knownJwk.mjs";
@@ -71,7 +71,7 @@ var kms_exports = /* @__PURE__ */ __export({
71
71
  assertSupportedEncryptionAlgorithm: () => assertSupportedEncryptionAlgorithm,
72
72
  assertSupportedKeyAgreementAlgorithm: () => assertSupportedKeyAgreementAlgorithm,
73
73
  assymetricJwkKeyTypeMatches: () => assymetricJwkKeyTypeMatches,
74
- assymetricPublicJwkMatches: () => assymetricPublicJwkMatches,
74
+ asymmetricPublicJwkMatches: () => asymmetricPublicJwkMatches,
75
75
  derEcSignatureToRaw: () => derEcSignatureToRaw,
76
76
  getJwkHumanDescription: () => getJwkHumanDescription,
77
77
  getKmsOperationHumanDescription: () => getKmsOperationHumanDescription,
package/build/modules/kms/jwk/PublicJwk.d.mts CHANGED
@@ -79,7 +79,7 @@ declare class PublicJwk<Jwk extends SupportedPublicJwk = SupportedPublicJwk> {
79
79
  /**
80
80
  * Convert the PublicJwk to another type.
81
81
  *
82
- * NOTE: only supportedf or Ed25519 to X25519 at the moment
82
+ * NOTE: only supported for Ed25519 to X25519 at the moment
83
83
  */
84
84
  convertTo(type: Jwk extends Ed25519PublicJwk ? typeof X25519PublicJwk : never): Jwk extends Ed25519PublicJwk ? PublicJwk<X25519PublicJwk> : never;
85
85
  /**
@@ -92,7 +92,7 @@ declare class PublicJwk<Jwk extends SupportedPublicJwk = SupportedPublicJwk> {
92
92
  * Get human description of a jwk type. This does
93
93
  * not include the (public) key material
94
94
  */
95
- get jwkTypehumanDescription(): string;
95
+ get jwkTypeHumanDescription(): string;
96
96
  static supportedPublicJwkClassForSignatureAlgorithm(alg: KnownJwaSignatureAlgorithm): SupportedPublicJwkClass;
97
97
  }
98
98
  //#endregion
package/build/modules/kms/jwk/PublicJwk.mjs CHANGED
@@ -8,7 +8,7 @@ import { MultiBaseEncoder } from "../../../utils/MultiBaseEncoder.mjs";
8
8
  import { VarintEncoder } from "../../../utils/VarintEncoder.mjs";
9
9
  import "../../../utils/index.mjs";
10
10
  import { getJwkHumanDescription } from "./humanDescription.mjs";
11
- import { assymetricPublicJwkMatches } from "./equals.mjs";
11
+ import { asymmetricPublicJwkMatches } from "./equals.mjs";
12
12
  import { zParseWithErrorHandling } from "../../../utils/zod.mjs";
13
13
  import { assertJwkAsymmetric, publicJwkFromPrivateJwk, zKmsJwkPublic } from "./knownJwk.mjs";
14
14
  import { P256PublicJwk } from "./kty/ec/P256PublicJwk.mjs";
@@ -187,7 +187,7 @@ var PublicJwk = class PublicJwk {
187
187
  /**
188
188
  * Convert the PublicJwk to another type.
189
189
  *
190
- * NOTE: only supportedf or Ed25519 to X25519 at the moment
190
+ * NOTE: only supported for Ed25519 to X25519 at the moment
191
191
  */
192
192
  convertTo(type) {
193
193
  if (!this.is(Ed25519PublicJwk) || type !== X25519PublicJwk) throw new KeyManagementError("Unsupported key conversion. Only Ed25519 to X25519 is supported.");
@@ -199,13 +199,13 @@ var PublicJwk = class PublicJwk {
199
199
  * of the JWK such as keyId, use, etc..
200
200
  */
201
201
  equals(other) {
202
- return assymetricPublicJwkMatches(this.toJson(), other.toJson());
202
+ return asymmetricPublicJwkMatches(this.toJson(), other.toJson());
203
203
  }
204
204
  /**
205
205
  * Get human description of a jwk type. This does
206
206
  * not include the (public) key material
207
207
  */
208
- get jwkTypehumanDescription() {
208
+ get jwkTypeHumanDescription() {
209
209
  return getJwkHumanDescription(this.toJson());
210
210
  }
211
211
  static supportedPublicJwkClassForSignatureAlgorithm(alg) {
package/build/modules/kms/jwk/PublicJwk.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"PublicJwk.mjs","names":["jwk: Jwk","jwkInstance: SupportedPublicJwk"],"sources":["../../../../src/modules/kms/jwk/PublicJwk.ts"],"sourcesContent":["import type { HashName } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { MultiBaseEncoder, TypedArrayEncoder, VarintEncoder } from '../../../utils'\nimport type { Constructor } from '../../../utils/mixins'\nimport { zParseWithErrorHandling } from '../../../utils/zod'\nimport { KeyManagementError } from '../error/KeyManagementError'\nimport { legacyKeyIdFromPublicJwk } from '../legacy'\nimport { assymetricPublicJwkMatches } from './equals'\nimport { getJwkHumanDescription } from './humanDescription'\nimport type { KnownJwaKeyAgreementAlgorithm, KnownJwaSignatureAlgorithm } from './jwa'\nimport { calculateJwkThumbprint } from './jwkThumbprint'\nimport { assertJwkAsymmetric, type KmsJwkPublicAsymmetric, publicJwkFromPrivateJwk, zKmsJwkPublic } from './knownJwk'\n\nimport {\n Ed25519PublicJwk,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n X25519PublicJwk,\n} from './kty'\n\nexport const SupportedPublicJwks = [\n Ed25519PublicJwk,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n X25519PublicJwk,\n]\nexport type SupportedPublicJwkClass = (typeof SupportedPublicJwks)[number]\nexport type SupportedPublicJwk =\n | Ed25519PublicJwk\n | P256PublicJwk\n | P384PublicJwk\n | P521PublicJwk\n | RsaPublicJwk\n | Secp256k1PublicJwk\n | X25519PublicJwk\n\ntype ExtractByJwk<T, K> = T extends { jwk: infer J } ? (K extends J ? T : never) : never\n\ntype ExtractByPublicKey<T, K> = T extends { publicKey: infer J } ? (K extends J ? T : never) : never\n\nexport class PublicJwk<Jwk extends SupportedPublicJwk = SupportedPublicJwk> {\n private constructor(private readonly jwk: Jwk) {}\n\n public static fromUnknown(jwkJson: unknown) {\n // We remove any private properties if they are present\n const publicJwk = publicJwkFromPrivateJwk(zParseWithErrorHandling(zKmsJwkPublic, jwkJson, 'jwk is not a valid jwk'))\n assertJwkAsymmetric(publicJwk)\n\n let jwkInstance: SupportedPublicJwk\n if (publicJwk.kty === 'RSA') {\n jwkInstance = new RsaPublicJwk(publicJwk)\n } else if (publicJwk.kty === 'EC') {\n if (publicJwk.crv === 'P-256') {\n jwkInstance = new P256PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'P-384') {\n jwkInstance = new P384PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'P-521') {\n jwkInstance = new P521PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'secp256k1') {\n jwkInstance = new Secp256k1PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else {\n throw new KeyManagementError(\n `Unsupported kty '${publicJwk.kty}' with crv '${publicJwk.crv}' for creating jwk instance`\n )\n }\n } else if (publicJwk.crv === 'Ed25519') {\n jwkInstance = new Ed25519PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'X25519') {\n jwkInstance = new X25519PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else {\n throw new KeyManagementError(`Unsupported kty '${publicJwk.kty}' for creating jwk instance`)\n }\n\n return new PublicJwk(jwkInstance)\n }\n\n // FIXME: all Jwk combinations should be separate types.\n // so not kty: EC, and crv: P-256 | P-384\n // but: kty: EC, and crv: P-256 | kty: EC, and crv: P-384\n // As the first appraoch messes with TypeScript's type inference\n public static fromPublicJwk<Jwk extends KmsJwkPublicAsymmetric>(jwk: Jwk) {\n return PublicJwk.fromUnknown(jwk) as PublicJwk<\n ExtractByJwk<SupportedPublicJwk, Jwk> extends never ? SupportedPublicJwk : ExtractByJwk<SupportedPublicJwk, Jwk>\n >\n }\n\n public toJson({ includeKid = true }: { includeKid?: boolean } = {}): Jwk['jwk'] {\n if (includeKid) return this.jwk.jwk\n\n // biome-ignore lint/correctness/noUnusedVariables: no explanation\n const { kid, ...jwk } = this.jwk.jwk\n return jwk\n }\n\n public get supportedSignatureAlgorithms(): KnownJwaSignatureAlgorithm[] {\n return this.jwk.supportedSignatureAlgorithms ?? []\n }\n\n public get supportdEncryptionKeyAgreementAlgorithms(): KnownJwaKeyAgreementAlgorithm[] {\n return this.jwk.supportdEncryptionKeyAgreementAlgorithms ?? []\n }\n\n /**\n * key type as defined in [JWA Specification](https://tools.ietf.org/html/rfc7518#section-6.1)\n */\n public get kty(): Jwk['jwk']['kty'] {\n return this.jwk.jwk.kty\n }\n\n /**\n * Get the key id for a public jwk. If the public jwk does not have\n * a key id, an error will be thrown\n */\n public get keyId(): string {\n if (this.jwk.jwk.kid) return this.jwk.jwk.kid\n\n throw new KeyManagementError('Unable to determine keyId for jwk')\n }\n\n public get hasKeyId(): boolean {\n return this.jwk.jwk.kid !== undefined\n }\n\n public set keyId(keyId: string) {\n this.jwk.jwk.kid = keyId\n }\n\n public get legacyKeyId() {\n return legacyKeyIdFromPublicJwk(this)\n }\n\n public get publicKey(): Jwk['publicKey'] {\n return this.jwk.publicKey\n }\n\n /**\n * Return the compressed public key. If the key type does not support compressed public keys, it will return null\n */\n public get compressedPublicKey(): Jwk['compressedPublicKey'] {\n return this.jwk.compressedPublicKey\n }\n\n public get JwkClass() {\n return this.jwk.constructor as SupportedPublicJwkClass\n }\n\n /**\n * SHA-256 jwk thumbprint\n */\n public getJwkThumbprint(hashAlgorithm: HashName = 'sha-256') {\n return calculateJwkThumbprint({\n jwk: this.jwk.jwk,\n hashAlgorithm: hashAlgorithm,\n })\n }\n\n /**\n * Get the signature algorithm to use with this jwk. If the jwk has an `alg` field defined\n * it will use that alg, and otherwise fall back to the first supported signature algorithm.\n *\n * If no algorithm is supported it will throw an error\n */\n public get signatureAlgorithm() {\n if (this.jwk.jwk.alg) {\n if (!this.supportedSignatureAlgorithms.includes(this.jwk.jwk.alg as KnownJwaSignatureAlgorithm)) {\n throw new KeyManagementError(\n `${getJwkHumanDescription(this.jwk.jwk)} defines alg '${this.jwk.jwk.alg}' but this alg is not supported.`\n )\n }\n\n return this.jwk.jwk.alg as this['supportedSignatureAlgorithms'][number]\n }\n\n const alg = this.supportedSignatureAlgorithms[0]\n if (!alg) {\n throw new KeyManagementError(`${getJwkHumanDescription(this.jwk.jwk)} has no supported signature algorithms`)\n }\n\n return alg as this['supportedSignatureAlgorithms'][number]\n }\n\n public static fromPublicKey<Supported extends SupportedPublicJwk['publicKey']>(publicKey: Supported) {\n let jwkInstance: SupportedPublicJwk\n\n if (publicKey.kty === 'RSA') {\n jwkInstance = RsaPublicJwk.fromPublicKey(publicKey)\n } else if (publicKey.kty === 'EC') {\n if (publicKey.crv === 'P-256') {\n jwkInstance = P256PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'P-384') {\n jwkInstance = P384PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'P-521') {\n jwkInstance = P521PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'secp256k1') {\n jwkInstance = Secp256k1PublicJwk.fromPublicKey(publicKey.publicKey)\n } else {\n throw new KeyManagementError(\n // @ts-expect-error\n `Unsupported kty '${publicKey.kty}' with crv '${publicKey.crv}' for creating jwk instance based on public key bytes`\n )\n }\n } else if (publicKey.crv === 'X25519') {\n jwkInstance = X25519PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'Ed25519') {\n jwkInstance = Ed25519PublicJwk.fromPublicKey(publicKey.publicKey)\n } else {\n throw new KeyManagementError(\n // @ts-expect-error\n `Unsupported kty '${publicKey.kty}' for creating jwk instance based on public key bytes`\n )\n }\n\n return new PublicJwk(jwkInstance) as PublicJwk<ExtractByPublicKey<SupportedPublicJwk, Supported>>\n }\n\n /**\n * Returns the jwk encoded a Base58 multibase encoded multicodec key\n */\n public get fingerprint() {\n const prefixBytes = VarintEncoder.encode(this.jwk.multicodecPrefix)\n const prefixedPublicKey = new Uint8Array([...prefixBytes, ...this.jwk.multicodec])\n\n return `z${TypedArrayEncoder.toBase58(prefixedPublicKey)}`\n }\n\n /**\n * Create a jwk instance based on a Base58 multibase encoded multicodec key\n */\n public static fromFingerprint(fingerprint: string) {\n const { data } = MultiBaseEncoder.decode(fingerprint)\n const [code, byteLength] = VarintEncoder.decode(data)\n const publicKey = data.slice(byteLength)\n\n const PublicJwkClass = SupportedPublicJwks.find((JwkClass) => JwkClass.multicodecPrefix === code)\n if (!PublicJwkClass) {\n throw new KeyManagementError(`Unsupported multicodec public key with prefix '${code}'`)\n }\n\n const jwk = PublicJwkClass.fromMulticodec(publicKey)\n return new PublicJwk(jwk)\n }\n\n /**\n * Check whether this PublicJwk instance is of a specific type\n */\n public is<\n Jwk1 extends SupportedPublicJwk,\n Jwk2 extends SupportedPublicJwk = Jwk1,\n Jwk3 extends SupportedPublicJwk = Jwk1,\n >(\n jwkType1: Constructor<Jwk1>,\n jwkType2?: Constructor<Jwk2>,\n jwkType3?: Constructor<Jwk3>\n ): this is PublicJwk<Jwk1> | PublicJwk<Jwk2> | PublicJwk<Jwk3> {\n const types = [jwkType1, jwkType2, jwkType3].filter(Boolean) as Constructor<SupportedPublicJwk>[]\n return types.some((type) => this.jwk.constructor === type)\n }\n\n /**\n * Convert the PublicJwk to another type.\n *\n * NOTE: only supportedf or Ed25519 to X25519 at the moment\n */\n public convertTo(\n type: Jwk extends Ed25519PublicJwk ? typeof X25519PublicJwk : never\n ): Jwk extends Ed25519PublicJwk ? PublicJwk<X25519PublicJwk> : never {\n if (!this.is(Ed25519PublicJwk) || type !== X25519PublicJwk) {\n throw new KeyManagementError('Unsupported key conversion. Only Ed25519 to X25519 is supported.')\n }\n\n return PublicJwk.fromPublicJwk(this.jwk.toX25519PublicJwk()) as Jwk extends Ed25519PublicJwk\n ? PublicJwk<X25519PublicJwk>\n : never\n }\n\n /**\n * Check whether this jwk instance is the same as another jwk instance.\n * It does this by comparing the key types and public keys, not other fields\n * of the JWK such as keyId, use, etc..\n */\n public equals(other: PublicJwk) {\n return assymetricPublicJwkMatches(this.toJson(), other.toJson())\n }\n\n /**\n * Get human description of a jwk type. This does\n * not include the (public) key material\n */\n public get jwkTypehumanDescription() {\n return getJwkHumanDescription(this.toJson())\n }\n\n public static supportedPublicJwkClassForSignatureAlgorithm(alg: KnownJwaSignatureAlgorithm): SupportedPublicJwkClass {\n const supportedPublicJwkClass = SupportedPublicJwks.find((JwkClass) =>\n JwkClass.supportedSignatureAlgorithms.includes(alg)\n )\n\n if (!supportedPublicJwkClass) {\n throw new CredoError(`Could not determine supported public jwk class for alg '${alg}'`)\n }\n\n return supportedPublicJwkClass\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,MAAa,sBAAsB;CACjC;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAeD,IAAa,YAAb,MAAa,UAA+D;CAC1E,AAAQ,YAAY,AAAiBA,KAAU;EAAV;;CAErC,OAAc,YAAY,SAAkB;EAE1C,MAAM,YAAY,wBAAwB,wBAAwB,eAAe,SAAS,yBAAyB,CAAC;AACpH,sBAAoB,UAAU;EAE9B,IAAIC;AACJ,MAAI,UAAU,QAAQ,MACpB,eAAc,IAAI,aAAa,UAAU;WAChC,UAAU,QAAQ,KAC3B,KAAI,UAAU,QAAQ,QACpB,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,QAC3B,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,QAC3B,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,YAC3B,eAAc,IAAI,mBAAmB;GACnC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;MAEF,OAAM,IAAI,mBACR,oBAAoB,UAAU,IAAI,cAAc,UAAU,IAAI,6BAC/D;WAEM,UAAU,QAAQ,UAC3B,eAAc,IAAI,iBAAiB;GACjC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,SAC3B,eAAc,IAAI,gBAAgB;GAChC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;MAEF,OAAM,IAAI,mBAAmB,oBAAoB,UAAU,IAAI,6BAA6B;AAG9F,SAAO,IAAI,UAAU,YAAY;;CAOnC,OAAc,cAAkD,KAAU;AACxE,SAAO,UAAU,YAAY,IAAI;;CAKnC,AAAO,OAAO,EAAE,aAAa,SAAmC,EAAE,EAAc;AAC9E,MAAI,WAAY,QAAO,KAAK,IAAI;EAGhC,MAAM,EAAE,KAAK,GAAG,QAAQ,KAAK,IAAI;AACjC,SAAO;;CAGT,IAAW,+BAA6D;AACtE,SAAO,KAAK,IAAI,gCAAgC,EAAE;;CAGpD,IAAW,2CAA4E;AACrF,SAAO,KAAK,IAAI,4CAA4C,EAAE;;;;;CAMhE,IAAW,MAAyB;AAClC,SAAO,KAAK,IAAI,IAAI;;;;;;CAOtB,IAAW,QAAgB;AACzB,MAAI,KAAK,IAAI,IAAI,IAAK,QAAO,KAAK,IAAI,IAAI;AAE1C,QAAM,IAAI,mBAAmB,oCAAoC;;CAGnE,IAAW,WAAoB;AAC7B,SAAO,KAAK,IAAI,IAAI,QAAQ;;CAG9B,IAAW,MAAM,OAAe;AAC9B,OAAK,IAAI,IAAI,MAAM;;CAGrB,IAAW,cAAc;AACvB,SAAO,yBAAyB,KAAK;;CAGvC,IAAW,YAA8B;AACvC,SAAO,KAAK,IAAI;;;;;CAMlB,IAAW,sBAAkD;AAC3D,SAAO,KAAK,IAAI;;CAGlB,IAAW,WAAW;AACpB,SAAO,KAAK,IAAI;;;;;CAMlB,AAAO,iBAAiB,gBAA0B,WAAW;AAC3D,SAAO,uBAAuB;GAC5B,KAAK,KAAK,IAAI;GACC;GAChB,CAAC;;;;;;;;CASJ,IAAW,qBAAqB;AAC9B,MAAI,KAAK,IAAI,IAAI,KAAK;AACpB,OAAI,CAAC,KAAK,6BAA6B,SAAS,KAAK,IAAI,IAAI,IAAkC,CAC7F,OAAM,IAAI,mBACR,GAAG,uBAAuB,KAAK,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,kCAC1E;AAGH,UAAO,KAAK,IAAI,IAAI;;EAGtB,MAAM,MAAM,KAAK,6BAA6B;AAC9C,MAAI,CAAC,IACH,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,KAAK,IAAI,IAAI,CAAC,wCAAwC;AAG/G,SAAO;;CAGT,OAAc,cAAiE,WAAsB;EACnG,IAAIA;AAEJ,MAAI,UAAU,QAAQ,MACpB,eAAc,aAAa,cAAc,UAAU;WAC1C,UAAU,QAAQ,KAC3B,KAAI,UAAU,QAAQ,QACpB,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,QAC3B,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,QAC3B,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,YAC3B,eAAc,mBAAmB,cAAc,UAAU,UAAU;MAEnE,OAAM,IAAI,mBAER,oBAAoB,UAAU,IAAI,cAAc,UAAU,IAAI,uDAC/D;WAEM,UAAU,QAAQ,SAC3B,eAAc,gBAAgB,cAAc,UAAU,UAAU;WACvD,UAAU,QAAQ,UAC3B,eAAc,iBAAiB,cAAc,UAAU,UAAU;MAEjE,OAAM,IAAI,mBAER,oBAAoB,UAAU,IAAI,uDACnC;AAGH,SAAO,IAAI,UAAU,YAAY;;;;;CAMnC,IAAW,cAAc;EACvB,MAAM,cAAc,cAAc,OAAO,KAAK,IAAI,iBAAiB;EACnE,MAAM,oBAAoB,IAAI,WAAW,CAAC,GAAG,aAAa,GAAG,KAAK,IAAI,WAAW,CAAC;AAElF,SAAO,IAAI,kBAAkB,SAAS,kBAAkB;;;;;CAM1D,OAAc,gBAAgB,aAAqB;EACjD,MAAM,EAAE,SAAS,iBAAiB,OAAO,YAAY;EACrD,MAAM,CAAC,MAAM,cAAc,cAAc,OAAO,KAAK;EACrD,MAAM,YAAY,KAAK,MAAM,WAAW;EAExC,MAAM,iBAAiB,oBAAoB,MAAM,aAAa,SAAS,qBAAqB,KAAK;AACjG,MAAI,CAAC,eACH,OAAM,IAAI,mBAAmB,kDAAkD,KAAK,GAAG;AAIzF,SAAO,IAAI,UADC,eAAe,eAAe,UAAU,CAC3B;;;;;CAM3B,AAAO,GAKL,UACA,UACA,UAC6D;AAE7D,SADc;GAAC;GAAU;GAAU;GAAS,CAAC,OAAO,QAAQ,CAC/C,MAAM,SAAS,KAAK,IAAI,gBAAgB,KAAK;;;;;;;CAQ5D,AAAO,UACL,MACmE;AACnE,MAAI,CAAC,KAAK,GAAG,iBAAiB,IAAI,SAAS,gBACzC,OAAM,IAAI,mBAAmB,mEAAmE;AAGlG,SAAO,UAAU,cAAc,KAAK,IAAI,mBAAmB,CAAC;;;;;;;CAU9D,AAAO,OAAO,OAAkB;AAC9B,SAAO,2BAA2B,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;;;;;;CAOlE,IAAW,0BAA0B;AACnC,SAAO,uBAAuB,KAAK,QAAQ,CAAC;;CAG9C,OAAc,6CAA6C,KAA0D;EACnH,MAAM,0BAA0B,oBAAoB,MAAM,aACxD,SAAS,6BAA6B,SAAS,IAAI,CACpD;AAED,MAAI,CAAC,wBACH,OAAM,IAAI,WAAW,2DAA2D,IAAI,GAAG;AAGzF,SAAO"}
1
+ {"version":3,"file":"PublicJwk.mjs","names":["jwk: Jwk","jwkInstance: SupportedPublicJwk"],"sources":["../../../../src/modules/kms/jwk/PublicJwk.ts"],"sourcesContent":["import type { HashName } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { MultiBaseEncoder, TypedArrayEncoder, VarintEncoder } from '../../../utils'\nimport type { Constructor } from '../../../utils/mixins'\nimport { zParseWithErrorHandling } from '../../../utils/zod'\nimport { KeyManagementError } from '../error/KeyManagementError'\nimport { legacyKeyIdFromPublicJwk } from '../legacy'\nimport { asymmetricPublicJwkMatches } from './equals'\nimport { getJwkHumanDescription } from './humanDescription'\nimport type { KnownJwaKeyAgreementAlgorithm, KnownJwaSignatureAlgorithm } from './jwa'\nimport { calculateJwkThumbprint } from './jwkThumbprint'\nimport { assertJwkAsymmetric, type KmsJwkPublicAsymmetric, publicJwkFromPrivateJwk, zKmsJwkPublic } from './knownJwk'\n\nimport {\n Ed25519PublicJwk,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n X25519PublicJwk,\n} from './kty'\n\nexport const SupportedPublicJwks = [\n Ed25519PublicJwk,\n P256PublicJwk,\n P384PublicJwk,\n P521PublicJwk,\n RsaPublicJwk,\n Secp256k1PublicJwk,\n X25519PublicJwk,\n]\nexport type SupportedPublicJwkClass = (typeof SupportedPublicJwks)[number]\nexport type SupportedPublicJwk =\n | Ed25519PublicJwk\n | P256PublicJwk\n | P384PublicJwk\n | P521PublicJwk\n | RsaPublicJwk\n | Secp256k1PublicJwk\n | X25519PublicJwk\n\ntype ExtractByJwk<T, K> = T extends { jwk: infer J } ? (K extends J ? T : never) : never\n\ntype ExtractByPublicKey<T, K> = T extends { publicKey: infer J } ? (K extends J ? T : never) : never\n\nexport class PublicJwk<Jwk extends SupportedPublicJwk = SupportedPublicJwk> {\n private constructor(private readonly jwk: Jwk) {}\n\n public static fromUnknown(jwkJson: unknown) {\n // We remove any private properties if they are present\n const publicJwk = publicJwkFromPrivateJwk(zParseWithErrorHandling(zKmsJwkPublic, jwkJson, 'jwk is not a valid jwk'))\n assertJwkAsymmetric(publicJwk)\n\n let jwkInstance: SupportedPublicJwk\n if (publicJwk.kty === 'RSA') {\n jwkInstance = new RsaPublicJwk(publicJwk)\n } else if (publicJwk.kty === 'EC') {\n if (publicJwk.crv === 'P-256') {\n jwkInstance = new P256PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'P-384') {\n jwkInstance = new P384PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'P-521') {\n jwkInstance = new P521PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'secp256k1') {\n jwkInstance = new Secp256k1PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else {\n throw new KeyManagementError(\n `Unsupported kty '${publicJwk.kty}' with crv '${publicJwk.crv}' for creating jwk instance`\n )\n }\n } else if (publicJwk.crv === 'Ed25519') {\n jwkInstance = new Ed25519PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else if (publicJwk.crv === 'X25519') {\n jwkInstance = new X25519PublicJwk({\n ...publicJwk,\n crv: publicJwk.crv,\n })\n } else {\n throw new KeyManagementError(`Unsupported kty '${publicJwk.kty}' for creating jwk instance`)\n }\n\n return new PublicJwk(jwkInstance)\n }\n\n // FIXME: all Jwk combinations should be separate types.\n // so not kty: EC, and crv: P-256 | P-384\n // but: kty: EC, and crv: P-256 | kty: EC, and crv: P-384\n // As the first appraoch messes with TypeScript's type inference\n public static fromPublicJwk<Jwk extends KmsJwkPublicAsymmetric>(jwk: Jwk) {\n return PublicJwk.fromUnknown(jwk) as PublicJwk<\n ExtractByJwk<SupportedPublicJwk, Jwk> extends never ? SupportedPublicJwk : ExtractByJwk<SupportedPublicJwk, Jwk>\n >\n }\n\n public toJson({ includeKid = true }: { includeKid?: boolean } = {}): Jwk['jwk'] {\n if (includeKid) return this.jwk.jwk\n\n // biome-ignore lint/correctness/noUnusedVariables: no explanation\n const { kid, ...jwk } = this.jwk.jwk\n return jwk\n }\n\n public get supportedSignatureAlgorithms(): KnownJwaSignatureAlgorithm[] {\n return this.jwk.supportedSignatureAlgorithms ?? []\n }\n\n public get supportdEncryptionKeyAgreementAlgorithms(): KnownJwaKeyAgreementAlgorithm[] {\n return this.jwk.supportdEncryptionKeyAgreementAlgorithms ?? []\n }\n\n /**\n * key type as defined in [JWA Specification](https://tools.ietf.org/html/rfc7518#section-6.1)\n */\n public get kty(): Jwk['jwk']['kty'] {\n return this.jwk.jwk.kty\n }\n\n /**\n * Get the key id for a public jwk. If the public jwk does not have\n * a key id, an error will be thrown\n */\n public get keyId(): string {\n if (this.jwk.jwk.kid) return this.jwk.jwk.kid\n\n throw new KeyManagementError('Unable to determine keyId for jwk')\n }\n\n public get hasKeyId(): boolean {\n return this.jwk.jwk.kid !== undefined\n }\n\n public set keyId(keyId: string) {\n this.jwk.jwk.kid = keyId\n }\n\n public get legacyKeyId() {\n return legacyKeyIdFromPublicJwk(this)\n }\n\n public get publicKey(): Jwk['publicKey'] {\n return this.jwk.publicKey\n }\n\n /**\n * Return the compressed public key. If the key type does not support compressed public keys, it will return null\n */\n public get compressedPublicKey(): Jwk['compressedPublicKey'] {\n return this.jwk.compressedPublicKey\n }\n\n public get JwkClass() {\n return this.jwk.constructor as SupportedPublicJwkClass\n }\n\n /**\n * SHA-256 jwk thumbprint\n */\n public getJwkThumbprint(hashAlgorithm: HashName = 'sha-256') {\n return calculateJwkThumbprint({\n jwk: this.jwk.jwk,\n hashAlgorithm: hashAlgorithm,\n })\n }\n\n /**\n * Get the signature algorithm to use with this jwk. If the jwk has an `alg` field defined\n * it will use that alg, and otherwise fall back to the first supported signature algorithm.\n *\n * If no algorithm is supported it will throw an error\n */\n public get signatureAlgorithm() {\n if (this.jwk.jwk.alg) {\n if (!this.supportedSignatureAlgorithms.includes(this.jwk.jwk.alg as KnownJwaSignatureAlgorithm)) {\n throw new KeyManagementError(\n `${getJwkHumanDescription(this.jwk.jwk)} defines alg '${this.jwk.jwk.alg}' but this alg is not supported.`\n )\n }\n\n return this.jwk.jwk.alg as this['supportedSignatureAlgorithms'][number]\n }\n\n const alg = this.supportedSignatureAlgorithms[0]\n if (!alg) {\n throw new KeyManagementError(`${getJwkHumanDescription(this.jwk.jwk)} has no supported signature algorithms`)\n }\n\n return alg as this['supportedSignatureAlgorithms'][number]\n }\n\n public static fromPublicKey<Supported extends SupportedPublicJwk['publicKey']>(publicKey: Supported) {\n let jwkInstance: SupportedPublicJwk\n\n if (publicKey.kty === 'RSA') {\n jwkInstance = RsaPublicJwk.fromPublicKey(publicKey)\n } else if (publicKey.kty === 'EC') {\n if (publicKey.crv === 'P-256') {\n jwkInstance = P256PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'P-384') {\n jwkInstance = P384PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'P-521') {\n jwkInstance = P521PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'secp256k1') {\n jwkInstance = Secp256k1PublicJwk.fromPublicKey(publicKey.publicKey)\n } else {\n throw new KeyManagementError(\n // @ts-expect-error\n `Unsupported kty '${publicKey.kty}' with crv '${publicKey.crv}' for creating jwk instance based on public key bytes`\n )\n }\n } else if (publicKey.crv === 'X25519') {\n jwkInstance = X25519PublicJwk.fromPublicKey(publicKey.publicKey)\n } else if (publicKey.crv === 'Ed25519') {\n jwkInstance = Ed25519PublicJwk.fromPublicKey(publicKey.publicKey)\n } else {\n throw new KeyManagementError(\n // @ts-expect-error\n `Unsupported kty '${publicKey.kty}' for creating jwk instance based on public key bytes`\n )\n }\n\n return new PublicJwk(jwkInstance) as PublicJwk<ExtractByPublicKey<SupportedPublicJwk, Supported>>\n }\n\n /**\n * Returns the jwk encoded a Base58 multibase encoded multicodec key\n */\n public get fingerprint() {\n const prefixBytes = VarintEncoder.encode(this.jwk.multicodecPrefix)\n const prefixedPublicKey = new Uint8Array([...prefixBytes, ...this.jwk.multicodec])\n\n return `z${TypedArrayEncoder.toBase58(prefixedPublicKey)}`\n }\n\n /**\n * Create a jwk instance based on a Base58 multibase encoded multicodec key\n */\n public static fromFingerprint(fingerprint: string) {\n const { data } = MultiBaseEncoder.decode(fingerprint)\n const [code, byteLength] = VarintEncoder.decode(data)\n const publicKey = data.slice(byteLength)\n\n const PublicJwkClass = SupportedPublicJwks.find((JwkClass) => JwkClass.multicodecPrefix === code)\n if (!PublicJwkClass) {\n throw new KeyManagementError(`Unsupported multicodec public key with prefix '${code}'`)\n }\n\n const jwk = PublicJwkClass.fromMulticodec(publicKey)\n return new PublicJwk(jwk)\n }\n\n /**\n * Check whether this PublicJwk instance is of a specific type\n */\n public is<\n Jwk1 extends SupportedPublicJwk,\n Jwk2 extends SupportedPublicJwk = Jwk1,\n Jwk3 extends SupportedPublicJwk = Jwk1,\n >(\n jwkType1: Constructor<Jwk1>,\n jwkType2?: Constructor<Jwk2>,\n jwkType3?: Constructor<Jwk3>\n ): this is PublicJwk<Jwk1> | PublicJwk<Jwk2> | PublicJwk<Jwk3> {\n const types = [jwkType1, jwkType2, jwkType3].filter(Boolean) as Constructor<SupportedPublicJwk>[]\n return types.some((type) => this.jwk.constructor === type)\n }\n\n /**\n * Convert the PublicJwk to another type.\n *\n * NOTE: only supported for Ed25519 to X25519 at the moment\n */\n public convertTo(\n type: Jwk extends Ed25519PublicJwk ? typeof X25519PublicJwk : never\n ): Jwk extends Ed25519PublicJwk ? PublicJwk<X25519PublicJwk> : never {\n if (!this.is(Ed25519PublicJwk) || type !== X25519PublicJwk) {\n throw new KeyManagementError('Unsupported key conversion. Only Ed25519 to X25519 is supported.')\n }\n\n return PublicJwk.fromPublicJwk(this.jwk.toX25519PublicJwk()) as Jwk extends Ed25519PublicJwk\n ? PublicJwk<X25519PublicJwk>\n : never\n }\n\n /**\n * Check whether this jwk instance is the same as another jwk instance.\n * It does this by comparing the key types and public keys, not other fields\n * of the JWK such as keyId, use, etc..\n */\n public equals(other: PublicJwk) {\n return asymmetricPublicJwkMatches(this.toJson(), other.toJson())\n }\n\n /**\n * Get human description of a jwk type. This does\n * not include the (public) key material\n */\n public get jwkTypeHumanDescription() {\n return getJwkHumanDescription(this.toJson())\n }\n\n public static supportedPublicJwkClassForSignatureAlgorithm(alg: KnownJwaSignatureAlgorithm): SupportedPublicJwkClass {\n const supportedPublicJwkClass = SupportedPublicJwks.find((JwkClass) =>\n JwkClass.supportedSignatureAlgorithms.includes(alg)\n )\n\n if (!supportedPublicJwkClass) {\n throw new CredoError(`Could not determine supported public jwk class for alg '${alg}'`)\n }\n\n return supportedPublicJwkClass\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,MAAa,sBAAsB;CACjC;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAeD,IAAa,YAAb,MAAa,UAA+D;CAC1E,AAAQ,YAAY,AAAiBA,KAAU;EAAV;;CAErC,OAAc,YAAY,SAAkB;EAE1C,MAAM,YAAY,wBAAwB,wBAAwB,eAAe,SAAS,yBAAyB,CAAC;AACpH,sBAAoB,UAAU;EAE9B,IAAIC;AACJ,MAAI,UAAU,QAAQ,MACpB,eAAc,IAAI,aAAa,UAAU;WAChC,UAAU,QAAQ,KAC3B,KAAI,UAAU,QAAQ,QACpB,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,QAC3B,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,QAC3B,eAAc,IAAI,cAAc;GAC9B,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,YAC3B,eAAc,IAAI,mBAAmB;GACnC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;MAEF,OAAM,IAAI,mBACR,oBAAoB,UAAU,IAAI,cAAc,UAAU,IAAI,6BAC/D;WAEM,UAAU,QAAQ,UAC3B,eAAc,IAAI,iBAAiB;GACjC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;WACO,UAAU,QAAQ,SAC3B,eAAc,IAAI,gBAAgB;GAChC,GAAG;GACH,KAAK,UAAU;GAChB,CAAC;MAEF,OAAM,IAAI,mBAAmB,oBAAoB,UAAU,IAAI,6BAA6B;AAG9F,SAAO,IAAI,UAAU,YAAY;;CAOnC,OAAc,cAAkD,KAAU;AACxE,SAAO,UAAU,YAAY,IAAI;;CAKnC,AAAO,OAAO,EAAE,aAAa,SAAmC,EAAE,EAAc;AAC9E,MAAI,WAAY,QAAO,KAAK,IAAI;EAGhC,MAAM,EAAE,KAAK,GAAG,QAAQ,KAAK,IAAI;AACjC,SAAO;;CAGT,IAAW,+BAA6D;AACtE,SAAO,KAAK,IAAI,gCAAgC,EAAE;;CAGpD,IAAW,2CAA4E;AACrF,SAAO,KAAK,IAAI,4CAA4C,EAAE;;;;;CAMhE,IAAW,MAAyB;AAClC,SAAO,KAAK,IAAI,IAAI;;;;;;CAOtB,IAAW,QAAgB;AACzB,MAAI,KAAK,IAAI,IAAI,IAAK,QAAO,KAAK,IAAI,IAAI;AAE1C,QAAM,IAAI,mBAAmB,oCAAoC;;CAGnE,IAAW,WAAoB;AAC7B,SAAO,KAAK,IAAI,IAAI,QAAQ;;CAG9B,IAAW,MAAM,OAAe;AAC9B,OAAK,IAAI,IAAI,MAAM;;CAGrB,IAAW,cAAc;AACvB,SAAO,yBAAyB,KAAK;;CAGvC,IAAW,YAA8B;AACvC,SAAO,KAAK,IAAI;;;;;CAMlB,IAAW,sBAAkD;AAC3D,SAAO,KAAK,IAAI;;CAGlB,IAAW,WAAW;AACpB,SAAO,KAAK,IAAI;;;;;CAMlB,AAAO,iBAAiB,gBAA0B,WAAW;AAC3D,SAAO,uBAAuB;GAC5B,KAAK,KAAK,IAAI;GACC;GAChB,CAAC;;;;;;;;CASJ,IAAW,qBAAqB;AAC9B,MAAI,KAAK,IAAI,IAAI,KAAK;AACpB,OAAI,CAAC,KAAK,6BAA6B,SAAS,KAAK,IAAI,IAAI,IAAkC,CAC7F,OAAM,IAAI,mBACR,GAAG,uBAAuB,KAAK,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,IAAI,IAAI,kCAC1E;AAGH,UAAO,KAAK,IAAI,IAAI;;EAGtB,MAAM,MAAM,KAAK,6BAA6B;AAC9C,MAAI,CAAC,IACH,OAAM,IAAI,mBAAmB,GAAG,uBAAuB,KAAK,IAAI,IAAI,CAAC,wCAAwC;AAG/G,SAAO;;CAGT,OAAc,cAAiE,WAAsB;EACnG,IAAIA;AAEJ,MAAI,UAAU,QAAQ,MACpB,eAAc,aAAa,cAAc,UAAU;WAC1C,UAAU,QAAQ,KAC3B,KAAI,UAAU,QAAQ,QACpB,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,QAC3B,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,QAC3B,eAAc,cAAc,cAAc,UAAU,UAAU;WACrD,UAAU,QAAQ,YAC3B,eAAc,mBAAmB,cAAc,UAAU,UAAU;MAEnE,OAAM,IAAI,mBAER,oBAAoB,UAAU,IAAI,cAAc,UAAU,IAAI,uDAC/D;WAEM,UAAU,QAAQ,SAC3B,eAAc,gBAAgB,cAAc,UAAU,UAAU;WACvD,UAAU,QAAQ,UAC3B,eAAc,iBAAiB,cAAc,UAAU,UAAU;MAEjE,OAAM,IAAI,mBAER,oBAAoB,UAAU,IAAI,uDACnC;AAGH,SAAO,IAAI,UAAU,YAAY;;;;;CAMnC,IAAW,cAAc;EACvB,MAAM,cAAc,cAAc,OAAO,KAAK,IAAI,iBAAiB;EACnE,MAAM,oBAAoB,IAAI,WAAW,CAAC,GAAG,aAAa,GAAG,KAAK,IAAI,WAAW,CAAC;AAElF,SAAO,IAAI,kBAAkB,SAAS,kBAAkB;;;;;CAM1D,OAAc,gBAAgB,aAAqB;EACjD,MAAM,EAAE,SAAS,iBAAiB,OAAO,YAAY;EACrD,MAAM,CAAC,MAAM,cAAc,cAAc,OAAO,KAAK;EACrD,MAAM,YAAY,KAAK,MAAM,WAAW;EAExC,MAAM,iBAAiB,oBAAoB,MAAM,aAAa,SAAS,qBAAqB,KAAK;AACjG,MAAI,CAAC,eACH,OAAM,IAAI,mBAAmB,kDAAkD,KAAK,GAAG;AAIzF,SAAO,IAAI,UADC,eAAe,eAAe,UAAU,CAC3B;;;;;CAM3B,AAAO,GAKL,UACA,UACA,UAC6D;AAE7D,SADc;GAAC;GAAU;GAAU;GAAS,CAAC,OAAO,QAAQ,CAC/C,MAAM,SAAS,KAAK,IAAI,gBAAgB,KAAK;;;;;;;CAQ5D,AAAO,UACL,MACmE;AACnE,MAAI,CAAC,KAAK,GAAG,iBAAiB,IAAI,SAAS,gBACzC,OAAM,IAAI,mBAAmB,mEAAmE;AAGlG,SAAO,UAAU,cAAc,KAAK,IAAI,mBAAmB,CAAC;;;;;;;CAU9D,AAAO,OAAO,OAAkB;AAC9B,SAAO,2BAA2B,KAAK,QAAQ,EAAE,MAAM,QAAQ,CAAC;;;;;;CAOlE,IAAW,0BAA0B;AACnC,SAAO,uBAAuB,KAAK,QAAQ,CAAC;;CAG9C,OAAc,6CAA6C,KAA0D;EACnH,MAAM,0BAA0B,oBAAoB,MAAM,aACxD,SAAS,6BAA6B,SAAS,IAAI,CACpD;AAED,MAAI,CAAC,wBACH,OAAM,IAAI,WAAW,2DAA2D,IAAI,GAAG;AAGzF,SAAO"}
package/build/modules/kms/jwk/equals.d.mts CHANGED
@@ -15,7 +15,7 @@ declare function assertAsymmetricJwkKeyTypeMatches(first: KmsJwkPublicAsymmetric
15
15
  * Checks if two JWK public keys have matching key material
16
16
  * Supports EC, OKP, and RSA key types
17
17
  */
18
- declare function assymetricPublicJwkMatches(first: KmsJwkPublicAsymmetric, second: KmsJwkPublicAsymmetric): boolean;
18
+ declare function asymmetricPublicJwkMatches(first: KmsJwkPublicAsymmetric, second: KmsJwkPublicAsymmetric): boolean;
19
19
  //#endregion
20
- export { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches };
20
+ export { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches };
21
21
  //# sourceMappingURL=equals.d.mts.map
package/build/modules/kms/jwk/equals.mjs CHANGED
@@ -26,7 +26,7 @@ function assertAsymmetricJwkKeyTypeMatches(first, second) {
26
26
  * Checks if two JWK public keys have matching key material
27
27
  * Supports EC, OKP, and RSA key types
28
28
  */
29
- function assymetricPublicJwkMatches(first, second) {
29
+ function asymmetricPublicJwkMatches(first, second) {
30
30
  if (!assymetricJwkKeyTypeMatches(first, second)) return false;
31
31
  if (first.kty === "EC" && second.kty === "EC") return first.x === second.x && first.y === second.y;
32
32
  if (first.kty === "OKP" && second.kty === "OKP") return first.x === second.x;
@@ -35,5 +35,5 @@ function assymetricPublicJwkMatches(first, second) {
35
35
  }
36
36
 
37
37
  //#endregion
38
- export { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches };
38
+ export { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches };
39
39
  //# sourceMappingURL=equals.mjs.map
package/build/modules/kms/jwk/equals.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"equals.mjs","names":[],"sources":["../../../../src/modules/kms/jwk/equals.ts"],"sourcesContent":["import { KeyManagementError } from '../error/KeyManagementError'\nimport { getJwkHumanDescription } from './humanDescription'\nimport type { KmsJwkPrivateAsymmetric, KmsJwkPublicAsymmetric } from './knownJwk'\n\n/**\n * Checks if two JWK public keys have matching key types\n * Supports EC, OKP, and RSA key types\n */\nexport function assymetricJwkKeyTypeMatches(\n first: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric,\n second: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric\n): boolean {\n if (first.kty !== second.kty) return false\n\n if (first.kty === 'EC' && second.kty === 'EC') {\n return first.crv === second.crv\n }\n\n if (first.kty === 'OKP' && second.kty === 'OKP') {\n return first.crv === second.crv\n }\n\n if (first.kty === 'RSA' && second.kty === 'RSA') {\n // RSA doesn't have curve parameter, so key type match is sufficient\n return true\n }\n\n // Unknown key type\n return false\n}\n\n/**\n * Checks if two JWK public keys have matching key types\n * Supports EC, OKP, and RSA key types\n */\nexport function assertAsymmetricJwkKeyTypeMatches(\n first: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric,\n second: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric\n): asserts first is typeof second {\n if (!assymetricJwkKeyTypeMatches(first, second)) {\n throw new KeyManagementError(\n `Expected jwk types to match, but found ${getJwkHumanDescription(first)} and ${getJwkHumanDescription(second)}`\n )\n }\n}\n\n/**\n * Checks if two JWK public keys have matching key material\n * Supports EC, OKP, and RSA key types\n */\nexport function assymetricPublicJwkMatches(first: KmsJwkPublicAsymmetric, second: KmsJwkPublicAsymmetric): boolean {\n // First check that types match\n if (!assymetricJwkKeyTypeMatches(first, second)) {\n return false\n }\n\n // For EC keys, compare x and y coordinates\n if (first.kty === 'EC' && second.kty === 'EC') {\n return first.x === second.x && first.y === second.y\n }\n\n // For OKP keys, compare x coordinate (Ed25519, X25519, etc.)\n if (first.kty === 'OKP' && second.kty === 'OKP') {\n return first.x === second.x\n }\n\n // For RSA keys, compare modulus (n) and exponent (e)\n if (first.kty === 'RSA' && second.kty === 'RSA') {\n return first.n === second.n && first.e === second.e\n }\n\n // Unknown key type\n return false\n}\n"],"mappings":";;;;;;;;;;AAQA,SAAgB,4BACd,OACA,QACS;AACT,KAAI,MAAM,QAAQ,OAAO,IAAK,QAAO;AAErC,KAAI,MAAM,QAAQ,QAAQ,OAAO,QAAQ,KACvC,QAAO,MAAM,QAAQ,OAAO;AAG9B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,QAAQ,OAAO;AAG9B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MAExC,QAAO;AAIT,QAAO;;;;;;AAOT,SAAgB,kCACd,OACA,QACgC;AAChC,KAAI,CAAC,4BAA4B,OAAO,OAAO,CAC7C,OAAM,IAAI,mBACR,0CAA0C,uBAAuB,MAAM,CAAC,OAAO,uBAAuB,OAAO,GAC9G;;;;;;AAQL,SAAgB,2BAA2B,OAA+B,QAAyC;AAEjH,KAAI,CAAC,4BAA4B,OAAO,OAAO,CAC7C,QAAO;AAIT,KAAI,MAAM,QAAQ,QAAQ,OAAO,QAAQ,KACvC,QAAO,MAAM,MAAM,OAAO,KAAK,MAAM,MAAM,OAAO;AAIpD,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,MAAM,OAAO;AAI5B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,MAAM,OAAO,KAAK,MAAM,MAAM,OAAO;AAIpD,QAAO"}
1
+ {"version":3,"file":"equals.mjs","names":[],"sources":["../../../../src/modules/kms/jwk/equals.ts"],"sourcesContent":["import { KeyManagementError } from '../error/KeyManagementError'\nimport { getJwkHumanDescription } from './humanDescription'\nimport type { KmsJwkPrivateAsymmetric, KmsJwkPublicAsymmetric } from './knownJwk'\n\n/**\n * Checks if two JWK public keys have matching key types\n * Supports EC, OKP, and RSA key types\n */\nexport function assymetricJwkKeyTypeMatches(\n first: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric,\n second: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric\n): boolean {\n if (first.kty !== second.kty) return false\n\n if (first.kty === 'EC' && second.kty === 'EC') {\n return first.crv === second.crv\n }\n\n if (first.kty === 'OKP' && second.kty === 'OKP') {\n return first.crv === second.crv\n }\n\n if (first.kty === 'RSA' && second.kty === 'RSA') {\n // RSA doesn't have curve parameter, so key type match is sufficient\n return true\n }\n\n // Unknown key type\n return false\n}\n\n/**\n * Checks if two JWK public keys have matching key types\n * Supports EC, OKP, and RSA key types\n */\nexport function assertAsymmetricJwkKeyTypeMatches(\n first: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric,\n second: KmsJwkPublicAsymmetric | KmsJwkPrivateAsymmetric\n): asserts first is typeof second {\n if (!assymetricJwkKeyTypeMatches(first, second)) {\n throw new KeyManagementError(\n `Expected jwk types to match, but found ${getJwkHumanDescription(first)} and ${getJwkHumanDescription(second)}`\n )\n }\n}\n\n/**\n * Checks if two JWK public keys have matching key material\n * Supports EC, OKP, and RSA key types\n */\nexport function asymmetricPublicJwkMatches(first: KmsJwkPublicAsymmetric, second: KmsJwkPublicAsymmetric): boolean {\n // First check that types match\n if (!assymetricJwkKeyTypeMatches(first, second)) {\n return false\n }\n\n // For EC keys, compare x and y coordinates\n if (first.kty === 'EC' && second.kty === 'EC') {\n return first.x === second.x && first.y === second.y\n }\n\n // For OKP keys, compare x coordinate (Ed25519, X25519, etc.)\n if (first.kty === 'OKP' && second.kty === 'OKP') {\n return first.x === second.x\n }\n\n // For RSA keys, compare modulus (n) and exponent (e)\n if (first.kty === 'RSA' && second.kty === 'RSA') {\n return first.n === second.n && first.e === second.e\n }\n\n // Unknown key type\n return false\n}\n"],"mappings":";;;;;;;;;;AAQA,SAAgB,4BACd,OACA,QACS;AACT,KAAI,MAAM,QAAQ,OAAO,IAAK,QAAO;AAErC,KAAI,MAAM,QAAQ,QAAQ,OAAO,QAAQ,KACvC,QAAO,MAAM,QAAQ,OAAO;AAG9B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,QAAQ,OAAO;AAG9B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MAExC,QAAO;AAIT,QAAO;;;;;;AAOT,SAAgB,kCACd,OACA,QACgC;AAChC,KAAI,CAAC,4BAA4B,OAAO,OAAO,CAC7C,OAAM,IAAI,mBACR,0CAA0C,uBAAuB,MAAM,CAAC,OAAO,uBAAuB,OAAO,GAC9G;;;;;;AAQL,SAAgB,2BAA2B,OAA+B,QAAyC;AAEjH,KAAI,CAAC,4BAA4B,OAAO,OAAO,CAC7C,QAAO;AAIT,KAAI,MAAM,QAAQ,QAAQ,OAAO,QAAQ,KACvC,QAAO,MAAM,MAAM,OAAO,KAAK,MAAM,MAAM,OAAO;AAIpD,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,MAAM,OAAO;AAI5B,KAAI,MAAM,QAAQ,SAAS,OAAO,QAAQ,MACxC,QAAO,MAAM,MAAM,OAAO,KAAK,MAAM,MAAM,OAAO;AAIpD,QAAO"}
package/build/modules/kms/jwk/index.d.mts CHANGED
@@ -9,7 +9,7 @@ import { allowedKeyDerivationAlgsForKey, assertAllowedKeyDerivationAlgForKey, su
9
9
  import { allowedSigningAlgsForSigningKey, assertAllowedSigningAlgForKey, supportedSigningAlgsForKey } from "./alg/signing.mjs";
10
10
  import "./alg/index.mjs";
11
11
  import { assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm } from "./assertSupported.mjs";
12
- import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches } from "./equals.mjs";
12
+ import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches } from "./equals.mjs";
13
13
  import { getJwkHumanDescription } from "./humanDescription.mjs";
14
14
  import { Jwk, JwkCommon } from "./jwk.mjs";
15
15
  import { assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify } from "./keyOps.mjs";
package/build/modules/kms/jwk/index.mjs CHANGED
@@ -6,7 +6,7 @@ import { allowedKeyDerivationAlgsForKey, assertAllowedKeyDerivationAlgForKey, su
6
6
  import { allowedSigningAlgsForSigningKey, assertAllowedSigningAlgForKey, supportedSigningAlgsForKey } from "./alg/signing.mjs";
7
7
  import "./alg/index.mjs";
8
8
  import { assertSupportedEncryptionAlgorithm, assertSupportedKeyAgreementAlgorithm } from "./assertSupported.mjs";
9
- import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, assymetricPublicJwkMatches } from "./equals.mjs";
9
+ import { assertAsymmetricJwkKeyTypeMatches, assymetricJwkKeyTypeMatches, asymmetricPublicJwkMatches } from "./equals.mjs";
10
10
  import { KnownJwaContentEncryptionAlgorithms, KnownJwaKeyAgreementAlgorithms, KnownJwaKeyEncryptionAlgorithms, KnownJwaSignatureAlgorithms } from "./jwa.mjs";
11
11
  import { assertKeyAllowsDecrypt, assertKeyAllowsDerive, assertKeyAllowsEncrypt, assertKeyAllowsSign, assertKeyAllowsVerify, keyAllowsDecrypt, keyAllowsEncrypt, keyAllowsSign, keyAllowsVerify } from "./keyOps.mjs";
12
12
  import { assertJwkAsymmetric, isJwkAsymmetric, publicJwkFromPrivateJwk } from "./knownJwk.mjs";
package/build/modules/mdoc/Mdoc.mjs CHANGED
@@ -4,9 +4,9 @@ import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
4
4
  import "../../utils/index.mjs";
5
5
  import { isKnownJwaSignatureAlgorithm } from "../kms/jwk/jwa.mjs";
6
6
  import { PublicJwk } from "../kms/jwk/PublicJwk.mjs";
7
- import { _classPrivateFieldInitSpec } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldInitSpec.mjs";
8
- import { _classPrivateFieldSet2 } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldSet2.mjs";
9
- import { _classPrivateFieldGet2 } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/classPrivateFieldGet2.mjs";
7
+ import { _classPrivateFieldInitSpec } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldInitSpec.mjs";
8
+ import { _classPrivateFieldSet2 } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldSet2.mjs";
9
+ import { _classPrivateFieldGet2 } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/classPrivateFieldGet2.mjs";
10
10
  import "../kms/index.mjs";
11
11
  import { X509Certificate } from "../x509/X509Certificate.mjs";
12
12
  import { X509ModuleConfig } from "../x509/X509ModuleConfig.mjs";
@@ -101,7 +101,7 @@ var Mdoc = class Mdoc {
101
101
  for (const [namespace, namespaceRecord] of Object.entries(namespaces)) document.addIssuerNameSpace(namespace, namespaceRecord);
102
102
  const issuerKey = issuerCertificate.publicJwk;
103
103
  const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm);
104
- if (!alg) throw new MdocError(`Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${issuerKey.jwkTypehumanDescription}. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(", ")}`);
104
+ if (!alg) throw new MdocError(`Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${issuerKey.jwkTypeHumanDescription}. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(", ")}`);
105
105
  return new Mdoc(await document.sign({
106
106
  issuerPrivateKey: issuerKey.toJson(),
107
107
  alg,
package/build/modules/mdoc/Mdoc.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Mdoc.mjs","names":["issuerSignedDocument: IssuerSignedDocument | DeviceSignedDocument"],"sources":["../../../src/modules/mdoc/Mdoc.ts"],"sourcesContent":["import type { IssuerSignedDocument } from '@animo-id/mdoc'\nimport {\n COSEKey,\n cborEncode,\n DeviceSignedDocument,\n Document,\n parseDeviceSigned,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { isKnownJwaSignatureAlgorithm } from '../kms/jwk/jwa'\nimport { ClaimFormat } from '../vc/index'\nimport { X509Certificate, X509ModuleConfig } from '../x509'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type { MdocNameSpaces, MdocSignOptions, MdocVerifyOptions } from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from './mdocSupportedAlgs'\n\n/**\n * This class represents a IssuerSigned Mdoc Document,\n * which are the actual credentials being issued to holders.\n */\nexport class Mdoc {\n public base64Url: string\n #deviceKeyId?: string\n\n private constructor(public issuerSignedDocument: IssuerSignedDocument | DeviceSignedDocument) {\n const issuerSigned = issuerSignedDocument.prepare().get('issuerSigned')\n this.base64Url = TypedArrayEncoder.toBase64URL(cborEncode(issuerSigned))\n }\n\n /**\n * claim format is convenience method added to all credential instances\n */\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /**\n * Encoded is convenience method added to all credential instances\n */\n public get encoded() {\n return this.base64Url\n }\n\n /**\n * Get the device key to which the mdoc is bound\n */\n public get deviceKey(): PublicJwk {\n const deviceKeyRaw = this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.deviceKeyInfo?.deviceKey\n if (!deviceKeyRaw) throw new MdocError('Could not extract device key from mdoc')\n\n const publicJwk = PublicJwk.fromUnknown(COSEKey.import(deviceKeyRaw).toJWK())\n if (this.#deviceKeyId) publicJwk.keyId = this.#deviceKeyId\n return publicJwk\n }\n\n public set deviceKeyId(keyId: string | undefined) {\n this.#deviceKeyId = keyId\n }\n\n public get deviceKeyId() {\n const deviceKey = this.deviceKey\n\n if (deviceKey.hasKeyId) return deviceKey.keyId\n return undefined\n }\n\n public static fromBase64Url(mdocBase64Url: string, expectedDocType?: string): Mdoc {\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdocBase64Url), expectedDocType)\n return new Mdoc(issuerSignedDocument)\n }\n\n public static fromIssuerSignedDocument(issuerSignedBase64Url: string, expectedDocType?: string): Mdoc {\n return new Mdoc(parseIssuerSigned(TypedArrayEncoder.fromBase64(issuerSignedBase64Url), expectedDocType))\n }\n\n public static fromDeviceSignedDocument(\n issuerSignedBase64Url: string,\n deviceSignedBase64Url: string,\n expectedDocType?: string\n ): Mdoc {\n return new Mdoc(\n parseDeviceSigned(\n TypedArrayEncoder.fromBase64(deviceSignedBase64Url),\n TypedArrayEncoder.fromBase64(issuerSignedBase64Url),\n expectedDocType\n )\n )\n }\n\n public get docType(): string {\n return this.issuerSignedDocument.docType\n }\n\n public get alg(): KnownJwaSignatureAlgorithm {\n const algName = this.issuerSignedDocument.issuerSigned.issuerAuth.algName\n if (!algName) {\n throw new MdocError('Cannot extract the signature algorithm from the mdoc.')\n }\n if (isKnownJwaSignatureAlgorithm(algName)) {\n return algName\n }\n\n throw new MdocError(`Cannot parse mdoc. The signature algorithm '${algName}' is not supported.`)\n }\n\n public get validityInfo() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.validityInfo\n }\n\n public get deviceSignedNamespaces(): MdocNameSpaces | null {\n if (this.issuerSignedDocument instanceof DeviceSignedDocument === false) {\n return null\n }\n\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allDeviceSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public get issuerSignedCertificateChain() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain\n }\n\n public get signingCertificate() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificate\n }\n\n public get issuerSignedNamespaces(): MdocNameSpaces {\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allIssuerSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public static async sign(agentContext: AgentContext, options: MdocSignOptions) {\n const { docType, validityInfo, namespaces, holderKey, issuerCertificate } = options\n const mdocContext = getMdocContext(agentContext)\n\n const document = new Document(docType, mdocContext)\n .useDigestAlgorithm('SHA-256')\n .addValidityInfo(validityInfo)\n .addDeviceKeyInfo({ deviceKey: holderKey.toJson() })\n\n for (const [namespace, namespaceRecord] of Object.entries(namespaces)) {\n document.addIssuerNameSpace(namespace, namespaceRecord)\n }\n\n const issuerKey = issuerCertificate.publicJwk\n const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!alg) {\n throw new MdocError(\n `Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${\n issuerKey.jwkTypehumanDescription\n }. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(', ')}`\n )\n }\n\n const issuerSignedDocument = await document.sign(\n {\n issuerPrivateKey: issuerKey.toJson(),\n alg,\n issuerCertificate: issuerCertificate.rawCertificate,\n },\n mdocContext\n )\n\n return new Mdoc(issuerSignedDocument)\n }\n\n public async verify(\n agentContext: AgentContext,\n options?: MdocVerifyOptions\n ): Promise<{ isValid: true } | { isValid: false; error: string }> {\n const x509ModuleConfig = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain.map((certificate) =>\n X509Certificate.fromRawCertificate(certificate)\n )\n\n let trustedCertificates = options?.trustedCertificates\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509ModuleConfig.getTrustedCertificatesForVerification?.(agentContext, {\n verification: {\n type: 'credential',\n credential: this,\n },\n certificateChain,\n })) ?? x509ModuleConfig.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new MdocError('No trusted certificates found. Cannot verify mdoc.')\n }\n\n const mdocContext = getMdocContext(agentContext)\n try {\n const verifier = new Verifier()\n await verifier.verifyIssuerSignature(\n {\n trustedCertificates: trustedCertificates.map(\n (cert) => X509Certificate.fromEncodedCertificate(cert).rawCertificate\n ),\n issuerAuth: this.issuerSignedDocument.issuerSigned.issuerAuth,\n disableCertificateChainValidation: false,\n now: options?.now,\n },\n mdocContext\n )\n\n await verifier.verifyData({ mdoc: this.issuerSignedDocument }, mdocContext)\n return { isValid: true }\n } catch (error) {\n return { isValid: false, error: error.message }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,IAAa,OAAb,MAAa,KAAK;CAIhB,AAAQ,YAAY,AAAOA,sBAAmE;EAAnE;;EACzB,MAAM,eAAe,qBAAqB,SAAS,CAAC,IAAI,eAAe;AACvE,OAAK,YAAY,kBAAkB,YAAY,WAAW,aAAa,CAAC;;;;;CAM1E,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,IAAW,YAAuB;EAChC,MAAM,eAAe,KAAK,qBAAqB,aAAa,WAAW,eAAe,eAAe;AACrG,MAAI,CAAC,aAAc,OAAM,IAAI,UAAU,yCAAyC;EAEhF,MAAM,YAAY,UAAU,YAAY,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC;AAC7E,2CAAI,KAAiB,CAAE,WAAU,6CAAQ,KAAiB;AAC1D,SAAO;;CAGT,IAAW,YAAY,OAA2B;AAChD,6CAAoB,MAAK;;CAG3B,IAAW,cAAc;EACvB,MAAM,YAAY,KAAK;AAEvB,MAAI,UAAU,SAAU,QAAO,UAAU;;CAI3C,OAAc,cAAc,eAAuB,iBAAgC;AAEjF,SAAO,IAAI,KADkB,kBAAkB,kBAAkB,WAAW,cAAc,EAAE,gBAAgB,CACvE;;CAGvC,OAAc,yBAAyB,uBAA+B,iBAAgC;AACpG,SAAO,IAAI,KAAK,kBAAkB,kBAAkB,WAAW,sBAAsB,EAAE,gBAAgB,CAAC;;CAG1G,OAAc,yBACZ,uBACA,uBACA,iBACM;AACN,SAAO,IAAI,KACT,kBACE,kBAAkB,WAAW,sBAAsB,EACnD,kBAAkB,WAAW,sBAAsB,EACnD,gBACD,CACF;;CAGH,IAAW,UAAkB;AAC3B,SAAO,KAAK,qBAAqB;;CAGnC,IAAW,MAAkC;EAC3C,MAAM,UAAU,KAAK,qBAAqB,aAAa,WAAW;AAClE,MAAI,CAAC,QACH,OAAM,IAAI,UAAU,wDAAwD;AAE9E,MAAI,6BAA6B,QAAQ,CACvC,QAAO;AAGT,QAAM,IAAI,UAAU,+CAA+C,QAAQ,qBAAqB;;CAGlG,IAAW,eAAe;AACxB,SAAO,KAAK,qBAAqB,aAAa,WAAW,eAAe;;CAG1E,IAAW,yBAAgD;AACzD,MAAI,KAAK,gCAAgC,yBAAyB,MAChE,QAAO;AAGT,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,IAAW,+BAA+B;AACxC,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,qBAAqB;AAC9B,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,yBAAyC;AAClD,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,aAAoB,KAAK,cAA4B,SAA0B;EAC7E,MAAM,EAAE,SAAS,cAAc,YAAY,WAAW,sBAAsB;EAC5E,MAAM,cAAc,eAAe,aAAa;EAEhD,MAAM,WAAW,IAAI,SAAS,SAAS,YAAY,CAChD,mBAAmB,UAAU,CAC7B,gBAAgB,aAAa,CAC7B,iBAAiB,EAAE,WAAW,UAAU,QAAQ,EAAE,CAAC;AAEtD,OAAK,MAAM,CAAC,WAAW,oBAAoB,OAAO,QAAQ,WAAW,CACnE,UAAS,mBAAmB,WAAW,gBAAgB;EAGzD,MAAM,YAAY,kBAAkB;EACpC,MAAM,MAAM,UAAU,6BAA6B,KAAK,kCAAkC;AAC1F,MAAI,CAAC,IACH,OAAM,IAAI,UACR,oGACE,UAAU,wBACX,sBAAsB,UAAU,6BAA6B,KAC5D,KACD,CAAC,uBAAuB,gCAAgC,KAAK,KAAK,GACpE;AAYH,SAAO,IAAI,KATkB,MAAM,SAAS,KAC1C;GACE,kBAAkB,UAAU,QAAQ;GACpC;GACA,mBAAmB,kBAAkB;GACtC,EACD,YACD,CAEoC;;CAGvC,MAAa,OACX,cACA,SACgE;EAChE,MAAM,mBAAmB,aAAa,kBAAkB,QAAQ,iBAAiB;EACjF,MAAM,mBAAmB,KAAK,qBAAqB,aAAa,WAAW,iBAAiB,KAAK,gBAC/F,gBAAgB,mBAAmB,YAAY,CAChD;EAED,IAAI,sBAAsB,SAAS;AACnC,MAAI,CAAC,oBACH,uBACG,MAAM,iBAAiB,wCAAwC,cAAc;GAC5E,cAAc;IACZ,MAAM;IACN,YAAY;IACb;GACD;GACD,CAAC,IAAK,iBAAiB;AAG5B,MAAI,CAAC,oBACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,cAAc,eAAe,aAAa;AAChD,MAAI;GACF,MAAM,WAAW,IAAI,UAAU;AAC/B,SAAM,SAAS,sBACb;IACE,qBAAqB,oBAAoB,KACtC,SAAS,gBAAgB,uBAAuB,KAAK,CAAC,eACxD;IACD,YAAY,KAAK,qBAAqB,aAAa;IACnD,mCAAmC;IACnC,KAAK,SAAS;IACf,EACD,YACD;AAED,SAAM,SAAS,WAAW,EAAE,MAAM,KAAK,sBAAsB,EAAE,YAAY;AAC3E,UAAO,EAAE,SAAS,MAAM;WACjB,OAAO;AACd,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;IAAS"}
1
+ {"version":3,"file":"Mdoc.mjs","names":["issuerSignedDocument: IssuerSignedDocument | DeviceSignedDocument"],"sources":["../../../src/modules/mdoc/Mdoc.ts"],"sourcesContent":["import type { IssuerSignedDocument } from '@animo-id/mdoc'\nimport {\n COSEKey,\n cborEncode,\n DeviceSignedDocument,\n Document,\n parseDeviceSigned,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { isKnownJwaSignatureAlgorithm } from '../kms/jwk/jwa'\nimport { ClaimFormat } from '../vc/index'\nimport { X509Certificate, X509ModuleConfig } from '../x509'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type { MdocNameSpaces, MdocSignOptions, MdocVerifyOptions } from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from './mdocSupportedAlgs'\n\n/**\n * This class represents a IssuerSigned Mdoc Document,\n * which are the actual credentials being issued to holders.\n */\nexport class Mdoc {\n public base64Url: string\n #deviceKeyId?: string\n\n private constructor(public issuerSignedDocument: IssuerSignedDocument | DeviceSignedDocument) {\n const issuerSigned = issuerSignedDocument.prepare().get('issuerSigned')\n this.base64Url = TypedArrayEncoder.toBase64URL(cborEncode(issuerSigned))\n }\n\n /**\n * claim format is convenience method added to all credential instances\n */\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /**\n * Encoded is convenience method added to all credential instances\n */\n public get encoded() {\n return this.base64Url\n }\n\n /**\n * Get the device key to which the mdoc is bound\n */\n public get deviceKey(): PublicJwk {\n const deviceKeyRaw = this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.deviceKeyInfo?.deviceKey\n if (!deviceKeyRaw) throw new MdocError('Could not extract device key from mdoc')\n\n const publicJwk = PublicJwk.fromUnknown(COSEKey.import(deviceKeyRaw).toJWK())\n if (this.#deviceKeyId) publicJwk.keyId = this.#deviceKeyId\n return publicJwk\n }\n\n public set deviceKeyId(keyId: string | undefined) {\n this.#deviceKeyId = keyId\n }\n\n public get deviceKeyId() {\n const deviceKey = this.deviceKey\n\n if (deviceKey.hasKeyId) return deviceKey.keyId\n return undefined\n }\n\n public static fromBase64Url(mdocBase64Url: string, expectedDocType?: string): Mdoc {\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdocBase64Url), expectedDocType)\n return new Mdoc(issuerSignedDocument)\n }\n\n public static fromIssuerSignedDocument(issuerSignedBase64Url: string, expectedDocType?: string): Mdoc {\n return new Mdoc(parseIssuerSigned(TypedArrayEncoder.fromBase64(issuerSignedBase64Url), expectedDocType))\n }\n\n public static fromDeviceSignedDocument(\n issuerSignedBase64Url: string,\n deviceSignedBase64Url: string,\n expectedDocType?: string\n ): Mdoc {\n return new Mdoc(\n parseDeviceSigned(\n TypedArrayEncoder.fromBase64(deviceSignedBase64Url),\n TypedArrayEncoder.fromBase64(issuerSignedBase64Url),\n expectedDocType\n )\n )\n }\n\n public get docType(): string {\n return this.issuerSignedDocument.docType\n }\n\n public get alg(): KnownJwaSignatureAlgorithm {\n const algName = this.issuerSignedDocument.issuerSigned.issuerAuth.algName\n if (!algName) {\n throw new MdocError('Cannot extract the signature algorithm from the mdoc.')\n }\n if (isKnownJwaSignatureAlgorithm(algName)) {\n return algName\n }\n\n throw new MdocError(`Cannot parse mdoc. The signature algorithm '${algName}' is not supported.`)\n }\n\n public get validityInfo() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.validityInfo\n }\n\n public get deviceSignedNamespaces(): MdocNameSpaces | null {\n if (this.issuerSignedDocument instanceof DeviceSignedDocument === false) {\n return null\n }\n\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allDeviceSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public get issuerSignedCertificateChain() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain\n }\n\n public get signingCertificate() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificate\n }\n\n public get issuerSignedNamespaces(): MdocNameSpaces {\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allIssuerSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public static async sign(agentContext: AgentContext, options: MdocSignOptions) {\n const { docType, validityInfo, namespaces, holderKey, issuerCertificate } = options\n const mdocContext = getMdocContext(agentContext)\n\n const document = new Document(docType, mdocContext)\n .useDigestAlgorithm('SHA-256')\n .addValidityInfo(validityInfo)\n .addDeviceKeyInfo({ deviceKey: holderKey.toJson() })\n\n for (const [namespace, namespaceRecord] of Object.entries(namespaces)) {\n document.addIssuerNameSpace(namespace, namespaceRecord)\n }\n\n const issuerKey = issuerCertificate.publicJwk\n const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!alg) {\n throw new MdocError(\n `Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${\n issuerKey.jwkTypeHumanDescription\n }. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(', ')}`\n )\n }\n\n const issuerSignedDocument = await document.sign(\n {\n issuerPrivateKey: issuerKey.toJson(),\n alg,\n issuerCertificate: issuerCertificate.rawCertificate,\n },\n mdocContext\n )\n\n return new Mdoc(issuerSignedDocument)\n }\n\n public async verify(\n agentContext: AgentContext,\n options?: MdocVerifyOptions\n ): Promise<{ isValid: true } | { isValid: false; error: string }> {\n const x509ModuleConfig = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain.map((certificate) =>\n X509Certificate.fromRawCertificate(certificate)\n )\n\n let trustedCertificates = options?.trustedCertificates\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509ModuleConfig.getTrustedCertificatesForVerification?.(agentContext, {\n verification: {\n type: 'credential',\n credential: this,\n },\n certificateChain,\n })) ?? x509ModuleConfig.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new MdocError('No trusted certificates found. Cannot verify mdoc.')\n }\n\n const mdocContext = getMdocContext(agentContext)\n try {\n const verifier = new Verifier()\n await verifier.verifyIssuerSignature(\n {\n trustedCertificates: trustedCertificates.map(\n (cert) => X509Certificate.fromEncodedCertificate(cert).rawCertificate\n ),\n issuerAuth: this.issuerSignedDocument.issuerSigned.issuerAuth,\n disableCertificateChainValidation: false,\n now: options?.now,\n },\n mdocContext\n )\n\n await verifier.verifyData({ mdoc: this.issuerSignedDocument }, mdocContext)\n return { isValid: true }\n } catch (error) {\n return { isValid: false, error: error.message }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,IAAa,OAAb,MAAa,KAAK;CAIhB,AAAQ,YAAY,AAAOA,sBAAmE;EAAnE;;EACzB,MAAM,eAAe,qBAAqB,SAAS,CAAC,IAAI,eAAe;AACvE,OAAK,YAAY,kBAAkB,YAAY,WAAW,aAAa,CAAC;;;;;CAM1E,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,IAAW,YAAuB;EAChC,MAAM,eAAe,KAAK,qBAAqB,aAAa,WAAW,eAAe,eAAe;AACrG,MAAI,CAAC,aAAc,OAAM,IAAI,UAAU,yCAAyC;EAEhF,MAAM,YAAY,UAAU,YAAY,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC;AAC7E,2CAAI,KAAiB,CAAE,WAAU,6CAAQ,KAAiB;AAC1D,SAAO;;CAGT,IAAW,YAAY,OAA2B;AAChD,6CAAoB,MAAK;;CAG3B,IAAW,cAAc;EACvB,MAAM,YAAY,KAAK;AAEvB,MAAI,UAAU,SAAU,QAAO,UAAU;;CAI3C,OAAc,cAAc,eAAuB,iBAAgC;AAEjF,SAAO,IAAI,KADkB,kBAAkB,kBAAkB,WAAW,cAAc,EAAE,gBAAgB,CACvE;;CAGvC,OAAc,yBAAyB,uBAA+B,iBAAgC;AACpG,SAAO,IAAI,KAAK,kBAAkB,kBAAkB,WAAW,sBAAsB,EAAE,gBAAgB,CAAC;;CAG1G,OAAc,yBACZ,uBACA,uBACA,iBACM;AACN,SAAO,IAAI,KACT,kBACE,kBAAkB,WAAW,sBAAsB,EACnD,kBAAkB,WAAW,sBAAsB,EACnD,gBACD,CACF;;CAGH,IAAW,UAAkB;AAC3B,SAAO,KAAK,qBAAqB;;CAGnC,IAAW,MAAkC;EAC3C,MAAM,UAAU,KAAK,qBAAqB,aAAa,WAAW;AAClE,MAAI,CAAC,QACH,OAAM,IAAI,UAAU,wDAAwD;AAE9E,MAAI,6BAA6B,QAAQ,CACvC,QAAO;AAGT,QAAM,IAAI,UAAU,+CAA+C,QAAQ,qBAAqB;;CAGlG,IAAW,eAAe;AACxB,SAAO,KAAK,qBAAqB,aAAa,WAAW,eAAe;;CAG1E,IAAW,yBAAgD;AACzD,MAAI,KAAK,gCAAgC,yBAAyB,MAChE,QAAO;AAGT,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,IAAW,+BAA+B;AACxC,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,qBAAqB;AAC9B,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,yBAAyC;AAClD,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,aAAoB,KAAK,cAA4B,SAA0B;EAC7E,MAAM,EAAE,SAAS,cAAc,YAAY,WAAW,sBAAsB;EAC5E,MAAM,cAAc,eAAe,aAAa;EAEhD,MAAM,WAAW,IAAI,SAAS,SAAS,YAAY,CAChD,mBAAmB,UAAU,CAC7B,gBAAgB,aAAa,CAC7B,iBAAiB,EAAE,WAAW,UAAU,QAAQ,EAAE,CAAC;AAEtD,OAAK,MAAM,CAAC,WAAW,oBAAoB,OAAO,QAAQ,WAAW,CACnE,UAAS,mBAAmB,WAAW,gBAAgB;EAGzD,MAAM,YAAY,kBAAkB;EACpC,MAAM,MAAM,UAAU,6BAA6B,KAAK,kCAAkC;AAC1F,MAAI,CAAC,IACH,OAAM,IAAI,UACR,oGACE,UAAU,wBACX,sBAAsB,UAAU,6BAA6B,KAC5D,KACD,CAAC,uBAAuB,gCAAgC,KAAK,KAAK,GACpE;AAYH,SAAO,IAAI,KATkB,MAAM,SAAS,KAC1C;GACE,kBAAkB,UAAU,QAAQ;GACpC;GACA,mBAAmB,kBAAkB;GACtC,EACD,YACD,CAEoC;;CAGvC,MAAa,OACX,cACA,SACgE;EAChE,MAAM,mBAAmB,aAAa,kBAAkB,QAAQ,iBAAiB;EACjF,MAAM,mBAAmB,KAAK,qBAAqB,aAAa,WAAW,iBAAiB,KAAK,gBAC/F,gBAAgB,mBAAmB,YAAY,CAChD;EAED,IAAI,sBAAsB,SAAS;AACnC,MAAI,CAAC,oBACH,uBACG,MAAM,iBAAiB,wCAAwC,cAAc;GAC5E,cAAc;IACZ,MAAM;IACN,YAAY;IACb;GACD;GACD,CAAC,IAAK,iBAAiB;AAG5B,MAAI,CAAC,oBACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,cAAc,eAAe,aAAa;AAChD,MAAI;GACF,MAAM,WAAW,IAAI,UAAU;AAC/B,SAAM,SAAS,sBACb;IACE,qBAAqB,oBAAoB,KACtC,SAAS,gBAAgB,uBAAuB,KAAK,CAAC,eACxD;IACD,YAAY,KAAK,qBAAqB,aAAa;IACnD,mCAAmC;IACnC,KAAK,SAAS;IACf,EACD,YACD;AAED,SAAM,SAAS,WAAW,EAAE,MAAM,KAAK,sBAAsB,EAAE,YAAY;AAC3E,UAAO,EAAE,SAAS,MAAM;WACjB,OAAO;AACd,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;IAAS"}
package/build/modules/mdoc/MdocApi.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
4
4
  import { injectable } from "../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { Mdoc } from "./Mdoc.mjs";
9
9
  import { MdocService } from "./MdocService.mjs";
package/build/modules/mdoc/MdocDeviceResponse.mjs CHANGED
@@ -225,7 +225,7 @@ var MdocDeviceResponse = class MdocDeviceResponse {
225
225
  }
226
226
  static getAlgForDeviceKeyJwk(jwk) {
227
227
  const signatureAlgorithm = jwk.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm);
228
- if (!signatureAlgorithm) throw new MdocError(`Unable to create mdoc device response. No supported signature algorithm found to sign device response for jwk ${jwk.jwkTypehumanDescription}. Key supports algs ${jwk.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(", ")}`);
228
+ if (!signatureAlgorithm) throw new MdocError(`Unable to create mdoc device response. No supported signature algorithm found to sign device response for jwk ${jwk.jwkTypeHumanDescription}. Key supports algs ${jwk.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(", ")}`);
229
229
  return signatureAlgorithm;
230
230
  }
231
231
  };
package/build/modules/mdoc/MdocDeviceResponse.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"MdocDeviceResponse.mjs","names":["base64Url: string","documents: Mdoc[]","deviceResponses: MdocDeviceResponse[]","mdocLimitDisclosureToInputDescriptor","nonMdocPresentationDefinition: DifPresentationExchangeDefinition","this"],"sources":["../../../src/modules/mdoc/MdocDeviceResponse.ts"],"sourcesContent":["import type { MdocContext, PresentationDefinition } from '@animo-id/mdoc'\nimport {\n cborEncode,\n DataItem,\n DeviceRequest,\n DeviceResponse,\n DeviceSignedDocument,\n MDoc,\n MDocStatus,\n limitDisclosureToInputDescriptor as mdocLimitDisclosureToInputDescriptor,\n defaultCallback as onCheck,\n parseDeviceResponse,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { InputDescriptorV2 } from '@sphereon/pex-models'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { uuid } from '../../utils/uuid'\nimport type { DifPresentationExchangeDefinition } from '../dif-presentation-exchange'\nimport { PublicJwk } from '../kms'\nimport { ClaimFormat } from '../vc'\nimport { Mdoc } from './Mdoc'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type {\n MdocDeviceResponseOptions,\n MdocDeviceResponsePresentationDefinitionOptions,\n MdocDeviceResponseVerifyOptions,\n MdocSessionTranscriptOptions,\n} from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from './mdocSupportedAlgs'\nimport { nameSpacesRecordToMap } from './mdocUtil'\n\nexport class MdocDeviceResponse {\n private constructor(\n public base64Url: string,\n public documents: Mdoc[]\n ) {}\n\n /**\n * claim format is convenience method added to all credential instances\n */\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /**\n * Encoded is convenience method added to all credential instances\n */\n public get encoded() {\n return this.base64Url\n }\n\n /**\n * To support a single DeviceResponse with multiple documents in OpenID4VP\n */\n public splitIntoSingleDocumentResponses(): MdocDeviceResponse[] {\n const deviceResponses: MdocDeviceResponse[] = []\n\n if (this.documents.length === 0) {\n throw new MdocError('mdoc device response does not contain any mdocs')\n }\n\n for (const document of this.documents) {\n const deviceResponse = new MDoc()\n\n deviceResponse.addDocument(document.issuerSignedDocument)\n\n deviceResponses.push(MdocDeviceResponse.fromDeviceResponse(deviceResponse))\n }\n\n return deviceResponses\n }\n\n private static fromDeviceResponse(mdoc: MDoc) {\n const documents = mdoc.documents.map((doc) => {\n const prepared = doc.prepare()\n const docType = prepared.get('docType') as string\n const issuerSigned = cborEncode(prepared.get('issuerSigned'))\n const deviceSigned = cborEncode(prepared.get('deviceSigned'))\n\n return Mdoc.fromDeviceSignedDocument(\n TypedArrayEncoder.toBase64URL(issuerSigned),\n TypedArrayEncoder.toBase64URL(deviceSigned),\n docType\n )\n })\n\n return new MdocDeviceResponse(TypedArrayEncoder.toBase64URL(mdoc.encode()), documents)\n }\n\n public static fromBase64Url(base64Url: string) {\n const parsed = parseDeviceResponse(TypedArrayEncoder.fromBase64(base64Url))\n if (parsed.status !== MDocStatus.OK) {\n throw new MdocError('Parsing Mdoc Device Response failed.')\n }\n\n return MdocDeviceResponse.fromDeviceResponse(parsed)\n }\n\n private static assertMdocInputDescriptor(inputDescriptor: InputDescriptorV2) {\n if (!inputDescriptor.format || !inputDescriptor.format.mso_mdoc) {\n throw new MdocError(`Input descriptor must contain 'mso_mdoc' format property`)\n }\n\n if (!inputDescriptor.format.mso_mdoc.alg) {\n throw new MdocError(`Input descriptor mso_mdoc must contain 'alg' property`)\n }\n\n if (!inputDescriptor.constraints?.limit_disclosure || inputDescriptor.constraints.limit_disclosure !== 'required') {\n throw new MdocError(\n `Input descriptor must contain 'limit_disclosure' constraints property which is set to required`\n )\n }\n\n if (!inputDescriptor.constraints?.fields?.every((field) => field.intent_to_retain !== undefined)) {\n throw new MdocError(`Input descriptor must contain 'intent_to_retain' constraints property`)\n }\n\n return {\n ...inputDescriptor,\n format: {\n mso_mdoc: inputDescriptor.format.mso_mdoc,\n },\n constraints: {\n ...inputDescriptor.constraints,\n limit_disclosure: 'required',\n fields: (inputDescriptor.constraints.fields ?? []).map((field) => {\n return {\n ...field,\n intent_to_retain: field.intent_to_retain ?? false,\n }\n }),\n },\n } satisfies PresentationDefinition['input_descriptors'][number]\n }\n\n public static partitionPresentationDefinition = (pd: DifPresentationExchangeDefinition) => {\n const nonMdocPresentationDefinition: DifPresentationExchangeDefinition = {\n ...pd,\n input_descriptors: pd.input_descriptors.filter(\n (id) => !Object.keys((id as InputDescriptorV2).format ?? {}).includes('mso_mdoc')\n ),\n } as DifPresentationExchangeDefinition\n\n const mdocPresentationDefinition = {\n ...pd,\n format: { mso_mdoc: pd.format?.mso_mdoc },\n input_descriptors: (pd.input_descriptors as InputDescriptorV2[])\n .filter((id) => Object.keys(id.format ?? {}).includes('mso_mdoc'))\n .map(this.assertMdocInputDescriptor),\n }\n\n return { mdocPresentationDefinition, nonMdocPresentationDefinition }\n }\n\n private static createPresentationSubmission(input: {\n id: string\n presentationDefinition: {\n id: string\n input_descriptors: ReturnType<typeof MdocDeviceResponse.assertMdocInputDescriptor>[]\n }\n }) {\n const { id, presentationDefinition } = input\n if (presentationDefinition.input_descriptors.length !== 1) {\n throw new MdocError('Currently Mdoc Presentation Submissions can only be created for a sigle input descriptor')\n }\n return {\n id,\n definition_id: presentationDefinition.id,\n descriptor_map: [\n {\n id: presentationDefinition.input_descriptors[0].id,\n format: 'mso_mdoc',\n path: '$',\n },\n ],\n }\n }\n\n public static limitDisclosureToInputDescriptor(options: { inputDescriptor: InputDescriptorV2; mdoc: Mdoc }) {\n const { mdoc } = options\n\n const inputDescriptor = MdocDeviceResponse.assertMdocInputDescriptor(options.inputDescriptor)\n const _mdoc = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdoc.base64Url), mdoc.docType)\n\n const disclosure = mdocLimitDisclosureToInputDescriptor(_mdoc, inputDescriptor)\n const disclosedPayloadAsRecord = Object.fromEntries(\n Array.from(disclosure.entries()).map(([namespace, issuerSignedItem]) => {\n return [\n namespace,\n Object.fromEntries(issuerSignedItem.map((item) => [item.elementIdentifier, item.elementValue])),\n ]\n })\n )\n\n return disclosedPayloadAsRecord\n }\n\n public static async createPresentationDefinitionDeviceResponse(\n agentContext: AgentContext,\n options: MdocDeviceResponsePresentationDefinitionOptions\n ) {\n const presentationDefinition = MdocDeviceResponse.partitionPresentationDefinition(\n options.presentationDefinition\n ).mdocPresentationDefinition\n\n const docTypes = options.mdocs.map((i) => i.docType)\n\n const combinedDeviceResponseMdoc = new MDoc()\n\n for (const document of options.mdocs) {\n const deviceKeyJwk = document.deviceKey\n if (!deviceKeyJwk) throw new MdocError(`Device key is missing in mdoc with doctype ${document.docType}`)\n\n // Set keyId to legacy key id if it doesn't have a key id set\n if (!deviceKeyJwk.hasKeyId) {\n deviceKeyJwk.keyId = deviceKeyJwk.legacyKeyId\n }\n\n const alg = MdocDeviceResponse.getAlgForDeviceKeyJwk(deviceKeyJwk)\n\n // We do PEX filtering on a different layer, so we only include the needed input descriptor here\n const presentationDefinitionForDocument = {\n ...presentationDefinition,\n input_descriptors: presentationDefinition.input_descriptors.filter(\n (inputDescriptor) => inputDescriptor.id === document.docType\n ),\n }\n\n const mdocContext = getMdocContext(agentContext)\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(document.base64Url), document.docType)\n const deviceResponseBuilder = DeviceResponse.from(new MDoc([issuerSignedDocument]))\n .usingPresentationDefinition(presentationDefinitionForDocument)\n .authenticateWithSignature(deviceKeyJwk.toJson(), alg)\n .usingSessionTranscriptBytes(\n await MdocDeviceResponse.getSessionTranscriptBytesForOptions(mdocContext, options.sessionTranscriptOptions)\n )\n\n for (const [nameSpace, nameSpaceValue] of Object.entries(options.deviceNameSpaces ?? {})) {\n deviceResponseBuilder.addDeviceNameSpace(nameSpace, nameSpaceValue)\n }\n\n const deviceResponseMdoc = await deviceResponseBuilder.sign(mdocContext)\n combinedDeviceResponseMdoc.addDocument(deviceResponseMdoc.documents[0])\n }\n\n return {\n deviceResponseBase64Url: TypedArrayEncoder.toBase64URL(combinedDeviceResponseMdoc.encode()),\n presentationSubmission: MdocDeviceResponse.createPresentationSubmission({\n id: `MdocPresentationSubmission ${uuid()}`,\n presentationDefinition: {\n ...presentationDefinition,\n input_descriptors: presentationDefinition.input_descriptors.filter((i) => docTypes.includes(i.id)),\n },\n }),\n }\n }\n\n public static async createDeviceResponse(agentContext: AgentContext, options: MdocDeviceResponseOptions) {\n const combinedDeviceResponseMdoc = new MDoc()\n\n for (const document of options.mdocs) {\n const deviceKeyJwk = document.deviceKey\n if (!deviceKeyJwk) throw new MdocError(`Device key is missing in mdoc with doctype ${document.docType}`)\n const alg = MdocDeviceResponse.getAlgForDeviceKeyJwk(deviceKeyJwk)\n\n // Set keyId to legacy key id if it doesn't have a key id set\n if (!deviceKeyJwk.hasKeyId) {\n deviceKeyJwk.keyId = deviceKeyJwk.legacyKeyId\n }\n\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(document.base64Url), document.docType)\n\n const deviceRequestForDocument = DeviceRequest.from(\n '1.0',\n options.documentRequests\n .filter((request) => request.docType === issuerSignedDocument.docType)\n .map((request) => ({\n itemsRequestData: {\n docType: request.docType,\n nameSpaces: nameSpacesRecordToMap(request.nameSpaces),\n },\n }))\n )\n\n const mdocContext = getMdocContext(agentContext)\n const deviceResponseBuilder = DeviceResponse.from(new MDoc([issuerSignedDocument]))\n .authenticateWithSignature(deviceKeyJwk.toJson(), alg)\n .usingDeviceRequest(deviceRequestForDocument)\n .usingSessionTranscriptBytes(\n await MdocDeviceResponse.getSessionTranscriptBytesForOptions(mdocContext, options.sessionTranscriptOptions)\n )\n\n for (const [nameSpace, nameSpaceValue] of Object.entries(options.deviceNameSpaces ?? {})) {\n deviceResponseBuilder.addDeviceNameSpace(nameSpace, nameSpaceValue)\n }\n\n const deviceResponseMdoc = await deviceResponseBuilder.sign(mdocContext)\n combinedDeviceResponseMdoc.addDocument(deviceResponseMdoc.documents[0])\n }\n\n return combinedDeviceResponseMdoc.encode()\n }\n\n public async verify(agentContext: AgentContext, options: Omit<MdocDeviceResponseVerifyOptions, 'deviceResponse'>) {\n const verifier = new Verifier()\n const mdocContext = getMdocContext(agentContext)\n\n onCheck({\n status: this.documents.length > 0 ? 'PASSED' : 'FAILED',\n check: 'Device Response must include at least one document.',\n category: 'DOCUMENT_FORMAT',\n })\n\n const deviceResponse = parseDeviceResponse(TypedArrayEncoder.fromBase64(this.base64Url))\n\n // NOTE: we do not use the verification from mdoc library, as it checks all documents\n // based on the same trusted certificates\n for (const documentIndex of this.documents.keys()) {\n const rawDocument = deviceResponse.documents[documentIndex]\n const document = this.documents[documentIndex]\n\n const verificationResult = await document.verify(agentContext, {\n now: options.now,\n trustedCertificates: options.trustedCertificates,\n })\n\n if (!verificationResult.isValid) {\n throw new MdocError(`Mdoc at index ${documentIndex} is not valid. ${verificationResult.error}`)\n }\n\n if (!(rawDocument instanceof DeviceSignedDocument)) {\n onCheck({\n status: 'FAILED',\n category: 'DEVICE_AUTH',\n check: `The document is not signed by the device. ${document.docType}`,\n })\n continue\n }\n\n await verifier.verifyDeviceSignature(\n {\n sessionTranscriptBytes: await MdocDeviceResponse.getSessionTranscriptBytesForOptions(\n mdocContext,\n options.sessionTranscriptOptions\n ),\n deviceSigned: rawDocument,\n },\n mdocContext\n )\n }\n\n if (deviceResponse.documentErrors.length > 1) {\n throw new MdocError('Device response verification failed.')\n }\n\n if (deviceResponse.status !== MDocStatus.OK) {\n throw new MdocError('Device response verification failed. An unknown error occurred.')\n }\n\n return this.documents\n }\n\n private static async getSessionTranscriptBytesForOptions(\n context: MdocContext,\n options: MdocSessionTranscriptOptions\n ) {\n if (options.type === 'sesionTranscriptBytes') {\n return options.sessionTranscriptBytes\n }\n\n // NOTE: temporary until we have updated to the new major version of mdoc\n // Based on https://github.com/animo/mdoc/blob/main/src/mdoc/models/session-transcript.ts#L84\n if (options.type === 'openId4Vp') {\n return cborEncode(\n DataItem.fromData([\n null,\n null,\n [\n 'OpenID4VPHandover',\n await context.crypto.digest({\n digestAlgorithm: 'SHA-256',\n bytes: cborEncode([\n options.clientId,\n options.verifierGeneratedNonce,\n options.encryptionJwk?.getJwkThumbprint('sha-256') ?? null,\n options.responseUri,\n ]),\n }),\n ],\n ])\n )\n }\n\n if (options.type === 'openId4VpDraft18') {\n return await DeviceResponse.calculateSessionTranscriptBytesForOID4VP({\n ...options,\n context,\n })\n }\n\n // NOTE: temporary until we have updated to the new major version of mdoc\n // Based on https://github.com/animo/mdoc/blob/main/src/mdoc/models/session-transcript.ts#L65\n if (options.type === 'openId4VpDcApi') {\n return cborEncode(\n DataItem.fromData([\n null,\n null,\n [\n 'OpenID4VPDCAPIHandover',\n await context.crypto.digest({\n digestAlgorithm: 'SHA-256',\n bytes: cborEncode([\n options.origin,\n options.verifierGeneratedNonce,\n options.encryptionJwk?.getJwkThumbprint('sha-256') ?? null,\n ]),\n }),\n ],\n ])\n )\n }\n\n if (options.type === 'openId4VpDcApiDraft24') {\n return await DeviceResponse.calculateSessionTranscriptBytesForOID4VPDCApi({\n ...options,\n context,\n })\n }\n\n throw new MdocError('Unsupported session transcript option')\n }\n\n private static getAlgForDeviceKeyJwk(jwk: PublicJwk) {\n const signatureAlgorithm = jwk.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!signatureAlgorithm) {\n throw new MdocError(\n `Unable to create mdoc device response. No supported signature algorithm found to sign device response for jwk ${\n jwk.jwkTypehumanDescription\n }. Key supports algs ${jwk.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(', ')}`\n )\n }\n\n return signatureAlgorithm\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAkCA,IAAa,qBAAb,MAAa,mBAAmB;CAC9B,AAAQ,YACN,AAAOA,WACP,AAAOC,WACP;EAFO;EACA;;;;;CAMT,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,AAAO,mCAAyD;EAC9D,MAAMC,kBAAwC,EAAE;AAEhD,MAAI,KAAK,UAAU,WAAW,EAC5B,OAAM,IAAI,UAAU,kDAAkD;AAGxE,OAAK,MAAM,YAAY,KAAK,WAAW;GACrC,MAAM,iBAAiB,IAAI,MAAM;AAEjC,kBAAe,YAAY,SAAS,qBAAqB;AAEzD,mBAAgB,KAAK,mBAAmB,mBAAmB,eAAe,CAAC;;AAG7E,SAAO;;CAGT,OAAe,mBAAmB,MAAY;EAC5C,MAAM,YAAY,KAAK,UAAU,KAAK,QAAQ;GAC5C,MAAM,WAAW,IAAI,SAAS;GAC9B,MAAM,UAAU,SAAS,IAAI,UAAU;GACvC,MAAM,eAAe,WAAW,SAAS,IAAI,eAAe,CAAC;GAC7D,MAAM,eAAe,WAAW,SAAS,IAAI,eAAe,CAAC;AAE7D,UAAO,KAAK,yBACV,kBAAkB,YAAY,aAAa,EAC3C,kBAAkB,YAAY,aAAa,EAC3C,QACD;IACD;AAEF,SAAO,IAAI,mBAAmB,kBAAkB,YAAY,KAAK,QAAQ,CAAC,EAAE,UAAU;;CAGxF,OAAc,cAAc,WAAmB;EAC7C,MAAM,SAAS,oBAAoB,kBAAkB,WAAW,UAAU,CAAC;AAC3E,MAAI,OAAO,WAAW,WAAW,GAC/B,OAAM,IAAI,UAAU,uCAAuC;AAG7D,SAAO,mBAAmB,mBAAmB,OAAO;;CAGtD,OAAe,0BAA0B,iBAAoC;AAC3E,MAAI,CAAC,gBAAgB,UAAU,CAAC,gBAAgB,OAAO,SACrD,OAAM,IAAI,UAAU,2DAA2D;AAGjF,MAAI,CAAC,gBAAgB,OAAO,SAAS,IACnC,OAAM,IAAI,UAAU,wDAAwD;AAG9E,MAAI,CAAC,gBAAgB,aAAa,oBAAoB,gBAAgB,YAAY,qBAAqB,WACrG,OAAM,IAAI,UACR,iGACD;AAGH,MAAI,CAAC,gBAAgB,aAAa,QAAQ,OAAO,UAAU,MAAM,qBAAqB,OAAU,CAC9F,OAAM,IAAI,UAAU,wEAAwE;AAG9F,SAAO;GACL,GAAG;GACH,QAAQ,EACN,UAAU,gBAAgB,OAAO,UAClC;GACD,aAAa;IACX,GAAG,gBAAgB;IACnB,kBAAkB;IAClB,SAAS,gBAAgB,YAAY,UAAU,EAAE,EAAE,KAAK,UAAU;AAChE,YAAO;MACL,GAAG;MACH,kBAAkB,MAAM,oBAAoB;MAC7C;MACD;IACH;GACF;;CAsBH,OAAe,6BAA6B,OAMzC;EACD,MAAM,EAAE,IAAI,2BAA2B;AACvC,MAAI,uBAAuB,kBAAkB,WAAW,EACtD,OAAM,IAAI,UAAU,2FAA2F;AAEjH,SAAO;GACL;GACA,eAAe,uBAAuB;GACtC,gBAAgB,CACd;IACE,IAAI,uBAAuB,kBAAkB,GAAG;IAChD,QAAQ;IACR,MAAM;IACP,CACF;GACF;;CAGH,OAAc,iCAAiC,SAA6D;EAC1G,MAAM,EAAE,SAAS;EAEjB,MAAM,kBAAkB,mBAAmB,0BAA0B,QAAQ,gBAAgB;EAG7F,MAAM,aAAaC,iCAFL,kBAAkB,kBAAkB,WAAW,KAAK,UAAU,EAAE,KAAK,QAAQ,EAE5B,gBAAgB;AAU/E,SATiC,OAAO,YACtC,MAAM,KAAK,WAAW,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,sBAAsB;AACtE,UAAO,CACL,WACA,OAAO,YAAY,iBAAiB,KAAK,SAAS,CAAC,KAAK,mBAAmB,KAAK,aAAa,CAAC,CAAC,CAChG;IACD,CACH;;CAKH,aAAoB,2CAClB,cACA,SACA;EACA,MAAM,yBAAyB,mBAAmB,gCAChD,QAAQ,uBACT,CAAC;EAEF,MAAM,WAAW,QAAQ,MAAM,KAAK,MAAM,EAAE,QAAQ;EAEpD,MAAM,6BAA6B,IAAI,MAAM;AAE7C,OAAK,MAAM,YAAY,QAAQ,OAAO;GACpC,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,aAAc,OAAM,IAAI,UAAU,8CAA8C,SAAS,UAAU;AAGxG,OAAI,CAAC,aAAa,SAChB,cAAa,QAAQ,aAAa;GAGpC,MAAM,MAAM,mBAAmB,sBAAsB,aAAa;GAGlE,MAAM,oCAAoC;IACxC,GAAG;IACH,mBAAmB,uBAAuB,kBAAkB,QACzD,oBAAoB,gBAAgB,OAAO,SAAS,QACtD;IACF;GAED,MAAM,cAAc,eAAe,aAAa;GAChD,MAAM,uBAAuB,kBAAkB,kBAAkB,WAAW,SAAS,UAAU,EAAE,SAAS,QAAQ;GAClH,MAAM,wBAAwB,eAAe,KAAK,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAChF,4BAA4B,kCAAkC,CAC9D,0BAA0B,aAAa,QAAQ,EAAE,IAAI,CACrD,4BACC,MAAM,mBAAmB,oCAAoC,aAAa,QAAQ,yBAAyB,CAC5G;AAEH,QAAK,MAAM,CAAC,WAAW,mBAAmB,OAAO,QAAQ,QAAQ,oBAAoB,EAAE,CAAC,CACtF,uBAAsB,mBAAmB,WAAW,eAAe;GAGrE,MAAM,qBAAqB,MAAM,sBAAsB,KAAK,YAAY;AACxE,8BAA2B,YAAY,mBAAmB,UAAU,GAAG;;AAGzE,SAAO;GACL,yBAAyB,kBAAkB,YAAY,2BAA2B,QAAQ,CAAC;GAC3F,wBAAwB,mBAAmB,6BAA6B;IACtE,IAAI,8BAA8B,MAAM;IACxC,wBAAwB;KACtB,GAAG;KACH,mBAAmB,uBAAuB,kBAAkB,QAAQ,MAAM,SAAS,SAAS,EAAE,GAAG,CAAC;KACnG;IACF,CAAC;GACH;;CAGH,aAAoB,qBAAqB,cAA4B,SAAoC;EACvG,MAAM,6BAA6B,IAAI,MAAM;AAE7C,OAAK,MAAM,YAAY,QAAQ,OAAO;GACpC,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,aAAc,OAAM,IAAI,UAAU,8CAA8C,SAAS,UAAU;GACxG,MAAM,MAAM,mBAAmB,sBAAsB,aAAa;AAGlE,OAAI,CAAC,aAAa,SAChB,cAAa,QAAQ,aAAa;GAGpC,MAAM,uBAAuB,kBAAkB,kBAAkB,WAAW,SAAS,UAAU,EAAE,SAAS,QAAQ;GAElH,MAAM,2BAA2B,cAAc,KAC7C,OACA,QAAQ,iBACL,QAAQ,YAAY,QAAQ,YAAY,qBAAqB,QAAQ,CACrE,KAAK,aAAa,EACjB,kBAAkB;IAChB,SAAS,QAAQ;IACjB,YAAY,sBAAsB,QAAQ,WAAW;IACtD,EACF,EAAE,CACN;GAED,MAAM,cAAc,eAAe,aAAa;GAChD,MAAM,wBAAwB,eAAe,KAAK,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAChF,0BAA0B,aAAa,QAAQ,EAAE,IAAI,CACrD,mBAAmB,yBAAyB,CAC5C,4BACC,MAAM,mBAAmB,oCAAoC,aAAa,QAAQ,yBAAyB,CAC5G;AAEH,QAAK,MAAM,CAAC,WAAW,mBAAmB,OAAO,QAAQ,QAAQ,oBAAoB,EAAE,CAAC,CACtF,uBAAsB,mBAAmB,WAAW,eAAe;GAGrE,MAAM,qBAAqB,MAAM,sBAAsB,KAAK,YAAY;AACxE,8BAA2B,YAAY,mBAAmB,UAAU,GAAG;;AAGzE,SAAO,2BAA2B,QAAQ;;CAG5C,MAAa,OAAO,cAA4B,SAAkE;EAChH,MAAM,WAAW,IAAI,UAAU;EAC/B,MAAM,cAAc,eAAe,aAAa;AAEhD,kBAAQ;GACN,QAAQ,KAAK,UAAU,SAAS,IAAI,WAAW;GAC/C,OAAO;GACP,UAAU;GACX,CAAC;EAEF,MAAM,iBAAiB,oBAAoB,kBAAkB,WAAW,KAAK,UAAU,CAAC;AAIxF,OAAK,MAAM,iBAAiB,KAAK,UAAU,MAAM,EAAE;GACjD,MAAM,cAAc,eAAe,UAAU;GAC7C,MAAM,WAAW,KAAK,UAAU;GAEhC,MAAM,qBAAqB,MAAM,SAAS,OAAO,cAAc;IAC7D,KAAK,QAAQ;IACb,qBAAqB,QAAQ;IAC9B,CAAC;AAEF,OAAI,CAAC,mBAAmB,QACtB,OAAM,IAAI,UAAU,iBAAiB,cAAc,iBAAiB,mBAAmB,QAAQ;AAGjG,OAAI,EAAE,uBAAuB,uBAAuB;AAClD,oBAAQ;KACN,QAAQ;KACR,UAAU;KACV,OAAO,6CAA6C,SAAS;KAC9D,CAAC;AACF;;AAGF,SAAM,SAAS,sBACb;IACE,wBAAwB,MAAM,mBAAmB,oCAC/C,aACA,QAAQ,yBACT;IACD,cAAc;IACf,EACD,YACD;;AAGH,MAAI,eAAe,eAAe,SAAS,EACzC,OAAM,IAAI,UAAU,uCAAuC;AAG7D,MAAI,eAAe,WAAW,WAAW,GACvC,OAAM,IAAI,UAAU,kEAAkE;AAGxF,SAAO,KAAK;;CAGd,aAAqB,oCACnB,SACA,SACA;AACA,MAAI,QAAQ,SAAS,wBACnB,QAAO,QAAQ;AAKjB,MAAI,QAAQ,SAAS,YACnB,QAAO,WACL,SAAS,SAAS;GAChB;GACA;GACA,CACE,qBACA,MAAM,QAAQ,OAAO,OAAO;IAC1B,iBAAiB;IACjB,OAAO,WAAW;KAChB,QAAQ;KACR,QAAQ;KACR,QAAQ,eAAe,iBAAiB,UAAU,IAAI;KACtD,QAAQ;KACT,CAAC;IACH,CAAC,CACH;GACF,CAAC,CACH;AAGH,MAAI,QAAQ,SAAS,mBACnB,QAAO,MAAM,eAAe,yCAAyC;GACnE,GAAG;GACH;GACD,CAAC;AAKJ,MAAI,QAAQ,SAAS,iBACnB,QAAO,WACL,SAAS,SAAS;GAChB;GACA;GACA,CACE,0BACA,MAAM,QAAQ,OAAO,OAAO;IAC1B,iBAAiB;IACjB,OAAO,WAAW;KAChB,QAAQ;KACR,QAAQ;KACR,QAAQ,eAAe,iBAAiB,UAAU,IAAI;KACvD,CAAC;IACH,CAAC,CACH;GACF,CAAC,CACH;AAGH,MAAI,QAAQ,SAAS,wBACnB,QAAO,MAAM,eAAe,8CAA8C;GACxE,GAAG;GACH;GACD,CAAC;AAGJ,QAAM,IAAI,UAAU,wCAAwC;;CAG9D,OAAe,sBAAsB,KAAgB;EACnD,MAAM,qBAAqB,IAAI,6BAA6B,KAAK,kCAAkC;AACnG,MAAI,CAAC,mBACH,OAAM,IAAI,UACR,kHACE,IAAI,wBACL,sBAAsB,IAAI,6BAA6B,KACtD,KACD,CAAC,uBAAuB,gCAAgC,KAAK,KAAK,GACpE;AAGH,SAAO;;;;mBArTK,mCAAmC,OAA0C;CACzF,MAAMC,gCAAmE;EACvE,GAAG;EACH,mBAAmB,GAAG,kBAAkB,QACrC,OAAO,CAAC,OAAO,KAAM,GAAyB,UAAU,EAAE,CAAC,CAAC,SAAS,WAAW,CAClF;EACF;AAUD,QAAO;EAAE,4BAR0B;GACjC,GAAG;GACH,QAAQ,EAAE,UAAU,GAAG,QAAQ,UAAU;GACzC,mBAAoB,GAAG,kBACpB,QAAQ,OAAO,OAAO,KAAK,GAAG,UAAU,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,CACjE,IAAIC,oBAAK,0BAA0B;GACvC;EAEoC;EAA+B"}
1
+ {"version":3,"file":"MdocDeviceResponse.mjs","names":["base64Url: string","documents: Mdoc[]","deviceResponses: MdocDeviceResponse[]","mdocLimitDisclosureToInputDescriptor","nonMdocPresentationDefinition: DifPresentationExchangeDefinition","this"],"sources":["../../../src/modules/mdoc/MdocDeviceResponse.ts"],"sourcesContent":["import type { MdocContext, PresentationDefinition } from '@animo-id/mdoc'\nimport {\n cborEncode,\n DataItem,\n DeviceRequest,\n DeviceResponse,\n DeviceSignedDocument,\n MDoc,\n MDocStatus,\n limitDisclosureToInputDescriptor as mdocLimitDisclosureToInputDescriptor,\n defaultCallback as onCheck,\n parseDeviceResponse,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { InputDescriptorV2 } from '@sphereon/pex-models'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { uuid } from '../../utils/uuid'\nimport type { DifPresentationExchangeDefinition } from '../dif-presentation-exchange'\nimport { PublicJwk } from '../kms'\nimport { ClaimFormat } from '../vc'\nimport { Mdoc } from './Mdoc'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type {\n MdocDeviceResponseOptions,\n MdocDeviceResponsePresentationDefinitionOptions,\n MdocDeviceResponseVerifyOptions,\n MdocSessionTranscriptOptions,\n} from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from './mdocSupportedAlgs'\nimport { nameSpacesRecordToMap } from './mdocUtil'\n\nexport class MdocDeviceResponse {\n private constructor(\n public base64Url: string,\n public documents: Mdoc[]\n ) {}\n\n /**\n * claim format is convenience method added to all credential instances\n */\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /**\n * Encoded is convenience method added to all credential instances\n */\n public get encoded() {\n return this.base64Url\n }\n\n /**\n * To support a single DeviceResponse with multiple documents in OpenID4VP\n */\n public splitIntoSingleDocumentResponses(): MdocDeviceResponse[] {\n const deviceResponses: MdocDeviceResponse[] = []\n\n if (this.documents.length === 0) {\n throw new MdocError('mdoc device response does not contain any mdocs')\n }\n\n for (const document of this.documents) {\n const deviceResponse = new MDoc()\n\n deviceResponse.addDocument(document.issuerSignedDocument)\n\n deviceResponses.push(MdocDeviceResponse.fromDeviceResponse(deviceResponse))\n }\n\n return deviceResponses\n }\n\n private static fromDeviceResponse(mdoc: MDoc) {\n const documents = mdoc.documents.map((doc) => {\n const prepared = doc.prepare()\n const docType = prepared.get('docType') as string\n const issuerSigned = cborEncode(prepared.get('issuerSigned'))\n const deviceSigned = cborEncode(prepared.get('deviceSigned'))\n\n return Mdoc.fromDeviceSignedDocument(\n TypedArrayEncoder.toBase64URL(issuerSigned),\n TypedArrayEncoder.toBase64URL(deviceSigned),\n docType\n )\n })\n\n return new MdocDeviceResponse(TypedArrayEncoder.toBase64URL(mdoc.encode()), documents)\n }\n\n public static fromBase64Url(base64Url: string) {\n const parsed = parseDeviceResponse(TypedArrayEncoder.fromBase64(base64Url))\n if (parsed.status !== MDocStatus.OK) {\n throw new MdocError('Parsing Mdoc Device Response failed.')\n }\n\n return MdocDeviceResponse.fromDeviceResponse(parsed)\n }\n\n private static assertMdocInputDescriptor(inputDescriptor: InputDescriptorV2) {\n if (!inputDescriptor.format || !inputDescriptor.format.mso_mdoc) {\n throw new MdocError(`Input descriptor must contain 'mso_mdoc' format property`)\n }\n\n if (!inputDescriptor.format.mso_mdoc.alg) {\n throw new MdocError(`Input descriptor mso_mdoc must contain 'alg' property`)\n }\n\n if (!inputDescriptor.constraints?.limit_disclosure || inputDescriptor.constraints.limit_disclosure !== 'required') {\n throw new MdocError(\n `Input descriptor must contain 'limit_disclosure' constraints property which is set to required`\n )\n }\n\n if (!inputDescriptor.constraints?.fields?.every((field) => field.intent_to_retain !== undefined)) {\n throw new MdocError(`Input descriptor must contain 'intent_to_retain' constraints property`)\n }\n\n return {\n ...inputDescriptor,\n format: {\n mso_mdoc: inputDescriptor.format.mso_mdoc,\n },\n constraints: {\n ...inputDescriptor.constraints,\n limit_disclosure: 'required',\n fields: (inputDescriptor.constraints.fields ?? []).map((field) => {\n return {\n ...field,\n intent_to_retain: field.intent_to_retain ?? false,\n }\n }),\n },\n } satisfies PresentationDefinition['input_descriptors'][number]\n }\n\n public static partitionPresentationDefinition = (pd: DifPresentationExchangeDefinition) => {\n const nonMdocPresentationDefinition: DifPresentationExchangeDefinition = {\n ...pd,\n input_descriptors: pd.input_descriptors.filter(\n (id) => !Object.keys((id as InputDescriptorV2).format ?? {}).includes('mso_mdoc')\n ),\n } as DifPresentationExchangeDefinition\n\n const mdocPresentationDefinition = {\n ...pd,\n format: { mso_mdoc: pd.format?.mso_mdoc },\n input_descriptors: (pd.input_descriptors as InputDescriptorV2[])\n .filter((id) => Object.keys(id.format ?? {}).includes('mso_mdoc'))\n .map(this.assertMdocInputDescriptor),\n }\n\n return { mdocPresentationDefinition, nonMdocPresentationDefinition }\n }\n\n private static createPresentationSubmission(input: {\n id: string\n presentationDefinition: {\n id: string\n input_descriptors: ReturnType<typeof MdocDeviceResponse.assertMdocInputDescriptor>[]\n }\n }) {\n const { id, presentationDefinition } = input\n if (presentationDefinition.input_descriptors.length !== 1) {\n throw new MdocError('Currently Mdoc Presentation Submissions can only be created for a sigle input descriptor')\n }\n return {\n id,\n definition_id: presentationDefinition.id,\n descriptor_map: [\n {\n id: presentationDefinition.input_descriptors[0].id,\n format: 'mso_mdoc',\n path: '$',\n },\n ],\n }\n }\n\n public static limitDisclosureToInputDescriptor(options: { inputDescriptor: InputDescriptorV2; mdoc: Mdoc }) {\n const { mdoc } = options\n\n const inputDescriptor = MdocDeviceResponse.assertMdocInputDescriptor(options.inputDescriptor)\n const _mdoc = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdoc.base64Url), mdoc.docType)\n\n const disclosure = mdocLimitDisclosureToInputDescriptor(_mdoc, inputDescriptor)\n const disclosedPayloadAsRecord = Object.fromEntries(\n Array.from(disclosure.entries()).map(([namespace, issuerSignedItem]) => {\n return [\n namespace,\n Object.fromEntries(issuerSignedItem.map((item) => [item.elementIdentifier, item.elementValue])),\n ]\n })\n )\n\n return disclosedPayloadAsRecord\n }\n\n public static async createPresentationDefinitionDeviceResponse(\n agentContext: AgentContext,\n options: MdocDeviceResponsePresentationDefinitionOptions\n ) {\n const presentationDefinition = MdocDeviceResponse.partitionPresentationDefinition(\n options.presentationDefinition\n ).mdocPresentationDefinition\n\n const docTypes = options.mdocs.map((i) => i.docType)\n\n const combinedDeviceResponseMdoc = new MDoc()\n\n for (const document of options.mdocs) {\n const deviceKeyJwk = document.deviceKey\n if (!deviceKeyJwk) throw new MdocError(`Device key is missing in mdoc with doctype ${document.docType}`)\n\n // Set keyId to legacy key id if it doesn't have a key id set\n if (!deviceKeyJwk.hasKeyId) {\n deviceKeyJwk.keyId = deviceKeyJwk.legacyKeyId\n }\n\n const alg = MdocDeviceResponse.getAlgForDeviceKeyJwk(deviceKeyJwk)\n\n // We do PEX filtering on a different layer, so we only include the needed input descriptor here\n const presentationDefinitionForDocument = {\n ...presentationDefinition,\n input_descriptors: presentationDefinition.input_descriptors.filter(\n (inputDescriptor) => inputDescriptor.id === document.docType\n ),\n }\n\n const mdocContext = getMdocContext(agentContext)\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(document.base64Url), document.docType)\n const deviceResponseBuilder = DeviceResponse.from(new MDoc([issuerSignedDocument]))\n .usingPresentationDefinition(presentationDefinitionForDocument)\n .authenticateWithSignature(deviceKeyJwk.toJson(), alg)\n .usingSessionTranscriptBytes(\n await MdocDeviceResponse.getSessionTranscriptBytesForOptions(mdocContext, options.sessionTranscriptOptions)\n )\n\n for (const [nameSpace, nameSpaceValue] of Object.entries(options.deviceNameSpaces ?? {})) {\n deviceResponseBuilder.addDeviceNameSpace(nameSpace, nameSpaceValue)\n }\n\n const deviceResponseMdoc = await deviceResponseBuilder.sign(mdocContext)\n combinedDeviceResponseMdoc.addDocument(deviceResponseMdoc.documents[0])\n }\n\n return {\n deviceResponseBase64Url: TypedArrayEncoder.toBase64URL(combinedDeviceResponseMdoc.encode()),\n presentationSubmission: MdocDeviceResponse.createPresentationSubmission({\n id: `MdocPresentationSubmission ${uuid()}`,\n presentationDefinition: {\n ...presentationDefinition,\n input_descriptors: presentationDefinition.input_descriptors.filter((i) => docTypes.includes(i.id)),\n },\n }),\n }\n }\n\n public static async createDeviceResponse(agentContext: AgentContext, options: MdocDeviceResponseOptions) {\n const combinedDeviceResponseMdoc = new MDoc()\n\n for (const document of options.mdocs) {\n const deviceKeyJwk = document.deviceKey\n if (!deviceKeyJwk) throw new MdocError(`Device key is missing in mdoc with doctype ${document.docType}`)\n const alg = MdocDeviceResponse.getAlgForDeviceKeyJwk(deviceKeyJwk)\n\n // Set keyId to legacy key id if it doesn't have a key id set\n if (!deviceKeyJwk.hasKeyId) {\n deviceKeyJwk.keyId = deviceKeyJwk.legacyKeyId\n }\n\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(document.base64Url), document.docType)\n\n const deviceRequestForDocument = DeviceRequest.from(\n '1.0',\n options.documentRequests\n .filter((request) => request.docType === issuerSignedDocument.docType)\n .map((request) => ({\n itemsRequestData: {\n docType: request.docType,\n nameSpaces: nameSpacesRecordToMap(request.nameSpaces),\n },\n }))\n )\n\n const mdocContext = getMdocContext(agentContext)\n const deviceResponseBuilder = DeviceResponse.from(new MDoc([issuerSignedDocument]))\n .authenticateWithSignature(deviceKeyJwk.toJson(), alg)\n .usingDeviceRequest(deviceRequestForDocument)\n .usingSessionTranscriptBytes(\n await MdocDeviceResponse.getSessionTranscriptBytesForOptions(mdocContext, options.sessionTranscriptOptions)\n )\n\n for (const [nameSpace, nameSpaceValue] of Object.entries(options.deviceNameSpaces ?? {})) {\n deviceResponseBuilder.addDeviceNameSpace(nameSpace, nameSpaceValue)\n }\n\n const deviceResponseMdoc = await deviceResponseBuilder.sign(mdocContext)\n combinedDeviceResponseMdoc.addDocument(deviceResponseMdoc.documents[0])\n }\n\n return combinedDeviceResponseMdoc.encode()\n }\n\n public async verify(agentContext: AgentContext, options: Omit<MdocDeviceResponseVerifyOptions, 'deviceResponse'>) {\n const verifier = new Verifier()\n const mdocContext = getMdocContext(agentContext)\n\n onCheck({\n status: this.documents.length > 0 ? 'PASSED' : 'FAILED',\n check: 'Device Response must include at least one document.',\n category: 'DOCUMENT_FORMAT',\n })\n\n const deviceResponse = parseDeviceResponse(TypedArrayEncoder.fromBase64(this.base64Url))\n\n // NOTE: we do not use the verification from mdoc library, as it checks all documents\n // based on the same trusted certificates\n for (const documentIndex of this.documents.keys()) {\n const rawDocument = deviceResponse.documents[documentIndex]\n const document = this.documents[documentIndex]\n\n const verificationResult = await document.verify(agentContext, {\n now: options.now,\n trustedCertificates: options.trustedCertificates,\n })\n\n if (!verificationResult.isValid) {\n throw new MdocError(`Mdoc at index ${documentIndex} is not valid. ${verificationResult.error}`)\n }\n\n if (!(rawDocument instanceof DeviceSignedDocument)) {\n onCheck({\n status: 'FAILED',\n category: 'DEVICE_AUTH',\n check: `The document is not signed by the device. ${document.docType}`,\n })\n continue\n }\n\n await verifier.verifyDeviceSignature(\n {\n sessionTranscriptBytes: await MdocDeviceResponse.getSessionTranscriptBytesForOptions(\n mdocContext,\n options.sessionTranscriptOptions\n ),\n deviceSigned: rawDocument,\n },\n mdocContext\n )\n }\n\n if (deviceResponse.documentErrors.length > 1) {\n throw new MdocError('Device response verification failed.')\n }\n\n if (deviceResponse.status !== MDocStatus.OK) {\n throw new MdocError('Device response verification failed. An unknown error occurred.')\n }\n\n return this.documents\n }\n\n private static async getSessionTranscriptBytesForOptions(\n context: MdocContext,\n options: MdocSessionTranscriptOptions\n ) {\n if (options.type === 'sesionTranscriptBytes') {\n return options.sessionTranscriptBytes\n }\n\n // NOTE: temporary until we have updated to the new major version of mdoc\n // Based on https://github.com/animo/mdoc/blob/main/src/mdoc/models/session-transcript.ts#L84\n if (options.type === 'openId4Vp') {\n return cborEncode(\n DataItem.fromData([\n null,\n null,\n [\n 'OpenID4VPHandover',\n await context.crypto.digest({\n digestAlgorithm: 'SHA-256',\n bytes: cborEncode([\n options.clientId,\n options.verifierGeneratedNonce,\n options.encryptionJwk?.getJwkThumbprint('sha-256') ?? null,\n options.responseUri,\n ]),\n }),\n ],\n ])\n )\n }\n\n if (options.type === 'openId4VpDraft18') {\n return await DeviceResponse.calculateSessionTranscriptBytesForOID4VP({\n ...options,\n context,\n })\n }\n\n // NOTE: temporary until we have updated to the new major version of mdoc\n // Based on https://github.com/animo/mdoc/blob/main/src/mdoc/models/session-transcript.ts#L65\n if (options.type === 'openId4VpDcApi') {\n return cborEncode(\n DataItem.fromData([\n null,\n null,\n [\n 'OpenID4VPDCAPIHandover',\n await context.crypto.digest({\n digestAlgorithm: 'SHA-256',\n bytes: cborEncode([\n options.origin,\n options.verifierGeneratedNonce,\n options.encryptionJwk?.getJwkThumbprint('sha-256') ?? null,\n ]),\n }),\n ],\n ])\n )\n }\n\n if (options.type === 'openId4VpDcApiDraft24') {\n return await DeviceResponse.calculateSessionTranscriptBytesForOID4VPDCApi({\n ...options,\n context,\n })\n }\n\n throw new MdocError('Unsupported session transcript option')\n }\n\n private static getAlgForDeviceKeyJwk(jwk: PublicJwk) {\n const signatureAlgorithm = jwk.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!signatureAlgorithm) {\n throw new MdocError(\n `Unable to create mdoc device response. No supported signature algorithm found to sign device response for jwk ${\n jwk.jwkTypeHumanDescription\n }. Key supports algs ${jwk.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(', ')}`\n )\n }\n\n return signatureAlgorithm\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAkCA,IAAa,qBAAb,MAAa,mBAAmB;CAC9B,AAAQ,YACN,AAAOA,WACP,AAAOC,WACP;EAFO;EACA;;;;;CAMT,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,AAAO,mCAAyD;EAC9D,MAAMC,kBAAwC,EAAE;AAEhD,MAAI,KAAK,UAAU,WAAW,EAC5B,OAAM,IAAI,UAAU,kDAAkD;AAGxE,OAAK,MAAM,YAAY,KAAK,WAAW;GACrC,MAAM,iBAAiB,IAAI,MAAM;AAEjC,kBAAe,YAAY,SAAS,qBAAqB;AAEzD,mBAAgB,KAAK,mBAAmB,mBAAmB,eAAe,CAAC;;AAG7E,SAAO;;CAGT,OAAe,mBAAmB,MAAY;EAC5C,MAAM,YAAY,KAAK,UAAU,KAAK,QAAQ;GAC5C,MAAM,WAAW,IAAI,SAAS;GAC9B,MAAM,UAAU,SAAS,IAAI,UAAU;GACvC,MAAM,eAAe,WAAW,SAAS,IAAI,eAAe,CAAC;GAC7D,MAAM,eAAe,WAAW,SAAS,IAAI,eAAe,CAAC;AAE7D,UAAO,KAAK,yBACV,kBAAkB,YAAY,aAAa,EAC3C,kBAAkB,YAAY,aAAa,EAC3C,QACD;IACD;AAEF,SAAO,IAAI,mBAAmB,kBAAkB,YAAY,KAAK,QAAQ,CAAC,EAAE,UAAU;;CAGxF,OAAc,cAAc,WAAmB;EAC7C,MAAM,SAAS,oBAAoB,kBAAkB,WAAW,UAAU,CAAC;AAC3E,MAAI,OAAO,WAAW,WAAW,GAC/B,OAAM,IAAI,UAAU,uCAAuC;AAG7D,SAAO,mBAAmB,mBAAmB,OAAO;;CAGtD,OAAe,0BAA0B,iBAAoC;AAC3E,MAAI,CAAC,gBAAgB,UAAU,CAAC,gBAAgB,OAAO,SACrD,OAAM,IAAI,UAAU,2DAA2D;AAGjF,MAAI,CAAC,gBAAgB,OAAO,SAAS,IACnC,OAAM,IAAI,UAAU,wDAAwD;AAG9E,MAAI,CAAC,gBAAgB,aAAa,oBAAoB,gBAAgB,YAAY,qBAAqB,WACrG,OAAM,IAAI,UACR,iGACD;AAGH,MAAI,CAAC,gBAAgB,aAAa,QAAQ,OAAO,UAAU,MAAM,qBAAqB,OAAU,CAC9F,OAAM,IAAI,UAAU,wEAAwE;AAG9F,SAAO;GACL,GAAG;GACH,QAAQ,EACN,UAAU,gBAAgB,OAAO,UAClC;GACD,aAAa;IACX,GAAG,gBAAgB;IACnB,kBAAkB;IAClB,SAAS,gBAAgB,YAAY,UAAU,EAAE,EAAE,KAAK,UAAU;AAChE,YAAO;MACL,GAAG;MACH,kBAAkB,MAAM,oBAAoB;MAC7C;MACD;IACH;GACF;;CAsBH,OAAe,6BAA6B,OAMzC;EACD,MAAM,EAAE,IAAI,2BAA2B;AACvC,MAAI,uBAAuB,kBAAkB,WAAW,EACtD,OAAM,IAAI,UAAU,2FAA2F;AAEjH,SAAO;GACL;GACA,eAAe,uBAAuB;GACtC,gBAAgB,CACd;IACE,IAAI,uBAAuB,kBAAkB,GAAG;IAChD,QAAQ;IACR,MAAM;IACP,CACF;GACF;;CAGH,OAAc,iCAAiC,SAA6D;EAC1G,MAAM,EAAE,SAAS;EAEjB,MAAM,kBAAkB,mBAAmB,0BAA0B,QAAQ,gBAAgB;EAG7F,MAAM,aAAaC,iCAFL,kBAAkB,kBAAkB,WAAW,KAAK,UAAU,EAAE,KAAK,QAAQ,EAE5B,gBAAgB;AAU/E,SATiC,OAAO,YACtC,MAAM,KAAK,WAAW,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,sBAAsB;AACtE,UAAO,CACL,WACA,OAAO,YAAY,iBAAiB,KAAK,SAAS,CAAC,KAAK,mBAAmB,KAAK,aAAa,CAAC,CAAC,CAChG;IACD,CACH;;CAKH,aAAoB,2CAClB,cACA,SACA;EACA,MAAM,yBAAyB,mBAAmB,gCAChD,QAAQ,uBACT,CAAC;EAEF,MAAM,WAAW,QAAQ,MAAM,KAAK,MAAM,EAAE,QAAQ;EAEpD,MAAM,6BAA6B,IAAI,MAAM;AAE7C,OAAK,MAAM,YAAY,QAAQ,OAAO;GACpC,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,aAAc,OAAM,IAAI,UAAU,8CAA8C,SAAS,UAAU;AAGxG,OAAI,CAAC,aAAa,SAChB,cAAa,QAAQ,aAAa;GAGpC,MAAM,MAAM,mBAAmB,sBAAsB,aAAa;GAGlE,MAAM,oCAAoC;IACxC,GAAG;IACH,mBAAmB,uBAAuB,kBAAkB,QACzD,oBAAoB,gBAAgB,OAAO,SAAS,QACtD;IACF;GAED,MAAM,cAAc,eAAe,aAAa;GAChD,MAAM,uBAAuB,kBAAkB,kBAAkB,WAAW,SAAS,UAAU,EAAE,SAAS,QAAQ;GAClH,MAAM,wBAAwB,eAAe,KAAK,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAChF,4BAA4B,kCAAkC,CAC9D,0BAA0B,aAAa,QAAQ,EAAE,IAAI,CACrD,4BACC,MAAM,mBAAmB,oCAAoC,aAAa,QAAQ,yBAAyB,CAC5G;AAEH,QAAK,MAAM,CAAC,WAAW,mBAAmB,OAAO,QAAQ,QAAQ,oBAAoB,EAAE,CAAC,CACtF,uBAAsB,mBAAmB,WAAW,eAAe;GAGrE,MAAM,qBAAqB,MAAM,sBAAsB,KAAK,YAAY;AACxE,8BAA2B,YAAY,mBAAmB,UAAU,GAAG;;AAGzE,SAAO;GACL,yBAAyB,kBAAkB,YAAY,2BAA2B,QAAQ,CAAC;GAC3F,wBAAwB,mBAAmB,6BAA6B;IACtE,IAAI,8BAA8B,MAAM;IACxC,wBAAwB;KACtB,GAAG;KACH,mBAAmB,uBAAuB,kBAAkB,QAAQ,MAAM,SAAS,SAAS,EAAE,GAAG,CAAC;KACnG;IACF,CAAC;GACH;;CAGH,aAAoB,qBAAqB,cAA4B,SAAoC;EACvG,MAAM,6BAA6B,IAAI,MAAM;AAE7C,OAAK,MAAM,YAAY,QAAQ,OAAO;GACpC,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,aAAc,OAAM,IAAI,UAAU,8CAA8C,SAAS,UAAU;GACxG,MAAM,MAAM,mBAAmB,sBAAsB,aAAa;AAGlE,OAAI,CAAC,aAAa,SAChB,cAAa,QAAQ,aAAa;GAGpC,MAAM,uBAAuB,kBAAkB,kBAAkB,WAAW,SAAS,UAAU,EAAE,SAAS,QAAQ;GAElH,MAAM,2BAA2B,cAAc,KAC7C,OACA,QAAQ,iBACL,QAAQ,YAAY,QAAQ,YAAY,qBAAqB,QAAQ,CACrE,KAAK,aAAa,EACjB,kBAAkB;IAChB,SAAS,QAAQ;IACjB,YAAY,sBAAsB,QAAQ,WAAW;IACtD,EACF,EAAE,CACN;GAED,MAAM,cAAc,eAAe,aAAa;GAChD,MAAM,wBAAwB,eAAe,KAAK,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAChF,0BAA0B,aAAa,QAAQ,EAAE,IAAI,CACrD,mBAAmB,yBAAyB,CAC5C,4BACC,MAAM,mBAAmB,oCAAoC,aAAa,QAAQ,yBAAyB,CAC5G;AAEH,QAAK,MAAM,CAAC,WAAW,mBAAmB,OAAO,QAAQ,QAAQ,oBAAoB,EAAE,CAAC,CACtF,uBAAsB,mBAAmB,WAAW,eAAe;GAGrE,MAAM,qBAAqB,MAAM,sBAAsB,KAAK,YAAY;AACxE,8BAA2B,YAAY,mBAAmB,UAAU,GAAG;;AAGzE,SAAO,2BAA2B,QAAQ;;CAG5C,MAAa,OAAO,cAA4B,SAAkE;EAChH,MAAM,WAAW,IAAI,UAAU;EAC/B,MAAM,cAAc,eAAe,aAAa;AAEhD,kBAAQ;GACN,QAAQ,KAAK,UAAU,SAAS,IAAI,WAAW;GAC/C,OAAO;GACP,UAAU;GACX,CAAC;EAEF,MAAM,iBAAiB,oBAAoB,kBAAkB,WAAW,KAAK,UAAU,CAAC;AAIxF,OAAK,MAAM,iBAAiB,KAAK,UAAU,MAAM,EAAE;GACjD,MAAM,cAAc,eAAe,UAAU;GAC7C,MAAM,WAAW,KAAK,UAAU;GAEhC,MAAM,qBAAqB,MAAM,SAAS,OAAO,cAAc;IAC7D,KAAK,QAAQ;IACb,qBAAqB,QAAQ;IAC9B,CAAC;AAEF,OAAI,CAAC,mBAAmB,QACtB,OAAM,IAAI,UAAU,iBAAiB,cAAc,iBAAiB,mBAAmB,QAAQ;AAGjG,OAAI,EAAE,uBAAuB,uBAAuB;AAClD,oBAAQ;KACN,QAAQ;KACR,UAAU;KACV,OAAO,6CAA6C,SAAS;KAC9D,CAAC;AACF;;AAGF,SAAM,SAAS,sBACb;IACE,wBAAwB,MAAM,mBAAmB,oCAC/C,aACA,QAAQ,yBACT;IACD,cAAc;IACf,EACD,YACD;;AAGH,MAAI,eAAe,eAAe,SAAS,EACzC,OAAM,IAAI,UAAU,uCAAuC;AAG7D,MAAI,eAAe,WAAW,WAAW,GACvC,OAAM,IAAI,UAAU,kEAAkE;AAGxF,SAAO,KAAK;;CAGd,aAAqB,oCACnB,SACA,SACA;AACA,MAAI,QAAQ,SAAS,wBACnB,QAAO,QAAQ;AAKjB,MAAI,QAAQ,SAAS,YACnB,QAAO,WACL,SAAS,SAAS;GAChB;GACA;GACA,CACE,qBACA,MAAM,QAAQ,OAAO,OAAO;IAC1B,iBAAiB;IACjB,OAAO,WAAW;KAChB,QAAQ;KACR,QAAQ;KACR,QAAQ,eAAe,iBAAiB,UAAU,IAAI;KACtD,QAAQ;KACT,CAAC;IACH,CAAC,CACH;GACF,CAAC,CACH;AAGH,MAAI,QAAQ,SAAS,mBACnB,QAAO,MAAM,eAAe,yCAAyC;GACnE,GAAG;GACH;GACD,CAAC;AAKJ,MAAI,QAAQ,SAAS,iBACnB,QAAO,WACL,SAAS,SAAS;GAChB;GACA;GACA,CACE,0BACA,MAAM,QAAQ,OAAO,OAAO;IAC1B,iBAAiB;IACjB,OAAO,WAAW;KAChB,QAAQ;KACR,QAAQ;KACR,QAAQ,eAAe,iBAAiB,UAAU,IAAI;KACvD,CAAC;IACH,CAAC,CACH;GACF,CAAC,CACH;AAGH,MAAI,QAAQ,SAAS,wBACnB,QAAO,MAAM,eAAe,8CAA8C;GACxE,GAAG;GACH;GACD,CAAC;AAGJ,QAAM,IAAI,UAAU,wCAAwC;;CAG9D,OAAe,sBAAsB,KAAgB;EACnD,MAAM,qBAAqB,IAAI,6BAA6B,KAAK,kCAAkC;AACnG,MAAI,CAAC,mBACH,OAAM,IAAI,UACR,kHACE,IAAI,wBACL,sBAAsB,IAAI,6BAA6B,KACtD,KACD,CAAC,uBAAuB,gCAAgC,KAAK,KAAK,GACpE;AAGH,SAAO;;;;mBArTK,mCAAmC,OAA0C;CACzF,MAAMC,gCAAmE;EACvE,GAAG;EACH,mBAAmB,GAAG,kBAAkB,QACrC,OAAO,CAAC,OAAO,KAAM,GAAyB,UAAU,EAAE,CAAC,CAAC,SAAS,WAAW,CAClF;EACF;AAUD,QAAO;EAAE,4BAR0B;GACjC,GAAG;GACH,QAAQ,EAAE,UAAU,GAAG,QAAQ,UAAU;GACzC,mBAAoB,GAAG,kBACpB,QAAQ,OAAO,OAAO,KAAK,GAAG,UAAU,EAAE,CAAC,CAAC,SAAS,WAAW,CAAC,CACjE,IAAIC,oBAAK,0BAA0B;GACvC;EAEoC;EAA+B"}
package/build/modules/mdoc/MdocService.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import "../../agent/index.mjs";
6
6
  import { Mdoc } from "./Mdoc.mjs";
7
7
  import { MdocRepository } from "./repository/MdocRepository.mjs";