npm - @credo-ts/core - Versions diffs - 0.6.2-alpha-20251211122719 → 0.6.2-alpha-20251211125344 - Mend

@credo-ts/core 0.6.2-alpha-20251211122719 → 0.6.2-alpha-20251211125344

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/build/agent/Agent.mjs CHANGED Viewed

@@ -1,10 +1,10 @@
 import { InjectionSymbols } from "../constants.mjs";
-import { AgentConfig } from "./AgentConfig.mjs";
-import { AgentContext } from "./context/AgentContext.mjs";
 import { CredoError } from "../error/CredoError.mjs";
 import "../error/index.mjs";
+import { AgentConfig } from "./AgentConfig.mjs";
+import { AgentContext } from "./context/AgentContext.mjs";
 import { DependencyManager } from "../plugins/DependencyManager.mjs";
 import "../plugins/index.mjs";
 import { DefaultAgentContextProvider } from "./context/DefaultAgentContextProvider.mjs";

package/build/agent/AgentConfig.d.mts CHANGED Viewed

@@ -10,12 +10,14 @@ declare class AgentConfig {
   constructor(initConfig: InitConfig, agentDependencies: AgentDependencies);
   get allowInsecureHttpUrls(): boolean;
   get autoUpdateStorageOnStartup(): boolean;
+  get validitySkewSeconds(): number;
   extend(config: Partial<InitConfig>): AgentConfig;
   toJSON(): {
     logger: LogLevel;
     agentDependencies: boolean;
     autoUpdateStorageOnStartup?: boolean;
     allowInsecureHttpUrls?: boolean;
+    validitySkewSeconds?: number;
   };
 }
 //#endregion

package/build/agent/AgentConfig.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AgentConfig.d.mts","names":[],"sources":["../../src/agent/AgentConfig.ts"],"sourcesContent":[],"mappings":";;;;;~~cAKa~~,WAAA;;UAEI;EAFJ,SAAA,iBAAW,EAGa,iBAHb;EAEP,WAAA,CAAA,UAAA,EAGgB,UAHhB,EAAA,iBAAA,EAG+C,iBAH/C;EACoB,IAAA,qBAAA,CAAA,CAAA,EAAA,OAAA;EAEJ,IAAA,0BAAA,CAAA,CAAA,EAAA,OAAA;EAA+B,MAAA,CAAA,MAAA,~~EAcxC~~,~~OAdwC~~,~~CAchC~~,~~UAdgC~~,CAAA,CAAA,~~EAclB~~,~~WAdkB~~;~~EAchC~~,MAAA,CAAA,CAAA,EAAA;~~IAAR~~,MAAA,UAAA~~;IAAsB,iBAAA,EAAA,OAAA~~"}
1	+ {"version":3,"file":"AgentConfig.d.mts","names":[],"sources":["../../src/agent/AgentConfig.ts"],"sourcesContent":[],"mappings":";;;;;cAMa,WAAA;;UAEI;EAFJ,SAAA,iBAAW,EAGa,iBAHb;EAEP,WAAA,CAAA,UAAA,EAGgB,UAHhB,EAAA,iBAAA,EAG+C,iBAH/C;EACoB,IAAA,qBAAA,CAAA,CAAA,EAAA,OAAA;EAEJ,IAAA,0BAAA,CAAA,CAAA,EAAA,OAAA;EAA+B,IAAA,mBAAA,CAAA,CAAA,EAAA,MAAA;EAkBhC,MAAA,CAAA,MAAA,EAAR,OAAQ,CAAA,UAAA,CAAA,CAAA,EAAc,WAAd;EAAR,MAAA,CAAA,CAAA,EAAA;IAAsB,MAAA,UAAA"}

package/build/agent/AgentConfig.mjs CHANGED Viewed

@@ -1,5 +1,6 @@
+import { DEFAULT_SKEW_TIME } from "../crypto/jose/jwt/JwtPayload.mjs";
 import { LogLevel } from "../logger/Logger.mjs";
 import { ConsoleLogger } from "../logger/ConsoleLogger.mjs";
@@ -16,6 +17,9 @@ var AgentConfig = class AgentConfig {
 	get autoUpdateStorageOnStartup() {
 		return this.initConfig.autoUpdateStorageOnStartup ?? false;
 	}
+	get validitySkewSeconds() {
+		return this.initConfig.validitySkewSeconds ?? DEFAULT_SKEW_TIME;
+	}
 	extend(config) {
 		return new AgentConfig({
 			...this.initConfig,

package/build/agent/AgentConfig.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AgentConfig.mjs","names":[],"sources":["../../src/agent/AgentConfig.ts"],"sourcesContent":["import type { Logger } from '../logger'\nimport { ConsoleLogger, LogLevel } from '../logger'\nimport type { InitConfig } from '../types'\nimport type { AgentDependencies } from './AgentDependencies'\n\nexport class AgentConfig {\n private initConfig: InitConfig\n public logger: Logger\n public readonly agentDependencies: AgentDependencies\n\n public constructor(initConfig: InitConfig, agentDependencies: AgentDependencies) {\n this.initConfig = initConfig\n this.logger = initConfig.logger ?? new ConsoleLogger(LogLevel.off)\n this.agentDependencies = agentDependencies\n }\n\n public get allowInsecureHttpUrls() {\n return this.initConfig.allowInsecureHttpUrls ?? false\n }\n\n public get autoUpdateStorageOnStartup() {\n return this.initConfig.autoUpdateStorageOnStartup ?? false\n }\n\n public extend(config: Partial<InitConfig>): AgentConfig {\n return new AgentConfig({ ...this.initConfig, logger: this.logger, ...config }, this.agentDependencies)\n }\n\n public toJSON() {\n return {\n ...this.initConfig,\n logger: this.logger.logLevel,\n agentDependencies: Boolean(this.agentDependencies),\n }\n }\n}\n"],"mappings":"~~;;;;;;AAKA~~,IAAa,cAAb,MAAa,YAAY;CAKvB,AAAO,YAAY,YAAwB,mBAAsC;AAC/E,OAAK,aAAa;AAClB,OAAK,SAAS,WAAW,UAAU,IAAI,cAAc,SAAS,IAAI;AAClE,OAAK,oBAAoB;;CAG3B,IAAW,wBAAwB;AACjC,SAAO,KAAK,WAAW,yBAAyB;;CAGlD,IAAW,6BAA6B;AACtC,SAAO,KAAK,WAAW,8BAA8B;;CAGvD,AAAO,OAAO,QAA0C;AACtD,SAAO,IAAI,YAAY;GAAE,GAAG,KAAK;GAAY,QAAQ,KAAK;GAAQ,GAAG;GAAQ,EAAE,KAAK,kBAAkB;;CAGxG,AAAO,SAAS;AACd,SAAO;GACL,GAAG,KAAK;GACR,QAAQ,KAAK,OAAO;GACpB,mBAAmB,QAAQ,KAAK,kBAAkB;GACnD"}
1	+ {"version":3,"file":"AgentConfig.mjs","names":[],"sources":["../../src/agent/AgentConfig.ts"],"sourcesContent":["import { DEFAULT_SKEW_TIME } from '../crypto/jose/jwt/JwtPayload'\nimport type { Logger } from '../logger'\nimport { ConsoleLogger, LogLevel } from '../logger'\nimport type { InitConfig } from '../types'\nimport type { AgentDependencies } from './AgentDependencies'\n\nexport class AgentConfig {\n private initConfig: InitConfig\n public logger: Logger\n public readonly agentDependencies: AgentDependencies\n\n public constructor(initConfig: InitConfig, agentDependencies: AgentDependencies) {\n this.initConfig = initConfig\n this.logger = initConfig.logger ?? new ConsoleLogger(LogLevel.off)\n this.agentDependencies = agentDependencies\n }\n\n public get allowInsecureHttpUrls() {\n return this.initConfig.allowInsecureHttpUrls ?? false\n }\n\n public get autoUpdateStorageOnStartup() {\n return this.initConfig.autoUpdateStorageOnStartup ?? false\n }\n\n public get validitySkewSeconds() {\n return this.initConfig.validitySkewSeconds ?? DEFAULT_SKEW_TIME\n }\n\n public extend(config: Partial<InitConfig>): AgentConfig {\n return new AgentConfig({ ...this.initConfig, logger: this.logger, ...config }, this.agentDependencies)\n }\n\n public toJSON() {\n return {\n ...this.initConfig,\n logger: this.logger.logLevel,\n agentDependencies: Boolean(this.agentDependencies),\n }\n }\n}\n"],"mappings":";;;;;;;AAMA,IAAa,cAAb,MAAa,YAAY;CAKvB,AAAO,YAAY,YAAwB,mBAAsC;AAC/E,OAAK,aAAa;AAClB,OAAK,SAAS,WAAW,UAAU,IAAI,cAAc,SAAS,IAAI;AAClE,OAAK,oBAAoB;;CAG3B,IAAW,wBAAwB;AACjC,SAAO,KAAK,WAAW,yBAAyB;;CAGlD,IAAW,6BAA6B;AACtC,SAAO,KAAK,WAAW,8BAA8B;;CAGvD,IAAW,sBAAsB;AAC/B,SAAO,KAAK,WAAW,uBAAuB;;CAGhD,AAAO,OAAO,QAA0C;AACtD,SAAO,IAAI,YAAY;GAAE,GAAG,KAAK;GAAY,QAAQ,KAAK;GAAQ,GAAG;GAAQ,EAAE,KAAK,kBAAkB;;CAGxG,AAAO,SAAS;AACd,SAAO;GACL,GAAG,KAAK;GACR,QAAQ,KAAK,OAAO;GACpB,mBAAmB,QAAQ,KAAK,kBAAkB;GACnD"}

package/build/agent/context/DefaultAgentContextProvider.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { AgentContext } from "./AgentContext.mjs";
 import { CredoError } from "../../error/CredoError.mjs";
 import "../../error/index.mjs";
+import { AgentContext } from "./AgentContext.mjs";
 import { injectable } from "../../plugins/index.mjs";
 import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";

package/build/crypto/JwsService.mjs CHANGED Viewed

@@ -2,12 +2,13 @@
 import { CredoError } from "../error/CredoError.mjs";
 import "../error/index.mjs";
-import { injectable } from "../plugins/index.mjs";
-import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
-import { KeyManagementError } from "../modules/kms/error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../utils/TypedArrayEncoder.mjs";
 import { JsonEncoder } from "../utils/JsonEncoder.mjs";
 import "../utils/index.mjs";
+import { JwtPayload } from "./jose/jwt/JwtPayload.mjs";
+import { injectable } from "../plugins/index.mjs";
+import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
+import { KeyManagementError } from "../modules/kms/error/KeyManagementError.mjs";
 import { getJwkHumanDescription } from "../modules/kms/jwk/humanDescription.mjs";
 import { asymmetricPublicJwkMatches } from "../modules/kms/jwk/equals.mjs";
 import { isKnownJwaSignatureAlgorithm } from "../modules/kms/jwk/jwa.mjs";
@@ -20,7 +21,6 @@ import { X509Service } from "../modules/x509/X509Service.mjs";
 import "../modules/x509/index.mjs";
 import { isJsonObject } from "../types.mjs";
 import { JWS_COMPACT_FORMAT_MATCHER } from "./JwsTypes.mjs";
-import { JwtPayload } from "./jose/jwt/JwtPayload.mjs";
 import "./jose/jwt/index.mjs";
 //#region src/crypto/JwsService.ts

package/build/crypto/KmsKeyPair.mjs CHANGED Viewed

@@ -2,10 +2,10 @@
 import { CredoError } from "../error/CredoError.mjs";
 import "../error/index.mjs";
-import "../agent/index.mjs";
 import { MessageValidator } from "../utils/MessageValidator.mjs";
 import { JsonTransformer } from "../utils/JsonTransformer.mjs";
 import "../utils/index.mjs";
+import "../agent/index.mjs";
 import { KeyManagementApi } from "../modules/kms/KeyManagementApi.mjs";
 import "../modules/kms/index.mjs";
 import { VerificationMethod } from "../modules/dids/domain/verificationMethod/VerificationMethod.mjs";

package/build/crypto/index.mjs CHANGED Viewed

@@ -6,11 +6,11 @@ import { Sha384 } from "./hashes/Sha384.mjs";
 import { Sha512 } from "./hashes/Sha512.mjs";
 import { Hasher } from "./hashes/Hasher.mjs";
 import "./hashes/index.mjs";
+import { JwtPayload } from "./jose/jwt/JwtPayload.mjs";
 import { CredoWebCryptoKey } from "./webcrypto/CredoWebCryptoKey.mjs";
 import { publicJwkToCryptoKeyAlgorithm } from "./webcrypto/utils/keyAlgorithmConversion.mjs";
 import { CredoWebCrypto } from "./webcrypto/CredoWebCrypto.mjs";
 import "./webcrypto/index.mjs";
-import { JwtPayload } from "./jose/jwt/JwtPayload.mjs";
 import { Jwt } from "./jose/jwt/Jwt.mjs";
 import { JwsService } from "./JwsService.mjs";
 import "./jose/index.mjs";

package/build/crypto/jose/jwt/Jwt.mjs CHANGED Viewed

@@ -1,12 +1,12 @@
-import { replaceError } from "../../../logger/replaceError.mjs";
 import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
 import { TypedArrayEncoder } from "../../../utils/TypedArrayEncoder.mjs";
 import { JsonEncoder } from "../../../utils/JsonEncoder.mjs";
 import "../../../utils/index.mjs";
 import { JwtPayload } from "./JwtPayload.mjs";
+import { replaceError } from "../../../logger/replaceError.mjs";
 //#region src/crypto/jose/jwt/Jwt.ts
 var Jwt = class Jwt {

package/build/crypto/jose/jwt/JwtPayload.d.mts CHANGED Viewed

@@ -1,4 +1,5 @@
 //#region src/crypto/jose/jwt/JwtPayload.d.ts
 interface JwtPayloadJson {
   iss?: string;
   sub?: string;
@@ -94,7 +95,11 @@ declare class JwtPayload {
    *  - if `exp` is present, it must be greater than now
    */
   validate(options?: {
+    /**
+     * @deprecated use `skewSeconds` instead
+     */
     skewTime?: number;
+    skewSeconds?: number;
     now?: number;
   }): void;
   toJson(): JwtPayloadJson;

package/build/crypto/jose/jwt/JwtPayload.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JwtPayload.d.mts","names":[],"sources":["../../../../src/crypto/jose/jwt/JwtPayload.ts"],"sourcesContent":[],"mappings":"~~;UAWiB~~,cAAA~~;;;EAAA~~,~~GAAA,CAAA,EAAA,MAAA,GAAA,MAAc,EAAA~~;~~EAWd~~,GAAA,CAAA,EAAA,MAAA;~~EAWJ~~,GAAA,CAAA,EAAA,MAAA;~~EACkB,GAAA,CAAA,~~EAAA,~~MAAA;EAiFJ,~~GAAA,CAAA,EAAA,MAAA~~;EAyCR~~,~~CAAA,~~GAAA,~~EAAA,~~MAAA,~~CAAA,~~EAAA,~~OAAA;;AAaoC,UAnJtC,~~iBAAA~~,CAmJsC;EAAA,GAAA,CAAA,EAAA,MAAA;;;;;;;qBA3IlC~~;;cAGR,UAAA;wBACkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAiFJ~~;;;;;;;;;;;;;YAyCR~~;kCAasB,iBAAc"}
1	+ {"version":3,"file":"JwtPayload.d.mts","names":[],"sources":["../../../../src/crypto/jose/jwt/JwtPayload.ts"],"sourcesContent":[],"mappings":";;AAoKmB,UAxJF,cAAA,CAwJE;EAasB,GAAA,CAAA,EAAA,MAAA;EAAc,GAAA,CAAA,EAAA,MAAA;EAAA,GAAA,CAAA,EAAA,MAAA,GAAA,MAAA,EAAA;;;;;;;UA1JtC,iBAAA;;;;;;;;qBAQI;;cAGR,UAAA;wBACkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAiFJ;;;;;;;;;;;;;;;;;YAgDR;kCAasB,iBAAc"}

package/build/crypto/jose/jwt/JwtPayload.mjs CHANGED Viewed

@@ -2,6 +2,8 @@
 import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
+import { dateToSeconds } from "../../../utils/timestamp.mjs";
+import "../../../utils/index.mjs";
 //#region src/crypto/jose/jwt/JwtPayload.ts
 /**
@@ -11,7 +13,7 @@ import "../../../error/index.mjs";
 *
 * See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
 */
-const DEFAULT_SKEW_TIME = 300;
+const DEFAULT_SKEW_TIME = 30;
 var JwtPayload = class JwtPayload {
 	constructor(options) {
 		this.iss = options?.iss;
@@ -32,7 +34,7 @@ var JwtPayload = class JwtPayload {
 	*  - if `exp` is present, it must be greater than now
 	*/
 	validate(options) {
-		const { nowSkewedFuture, nowSkewedPast } = getNowSkewed(options?.now, options?.skewTime);
+		const { nowSkewedFuture, nowSkewedPast } = getNowSkewed(options?.now, options?.skewSeconds ?? options?.skewTime);
 		if (typeof this.nbf !== "number" && typeof this.nbf !== "undefined") throw new CredoError(`JWT payload 'nbf' must be a number if provided. Actual type is ${typeof this.nbf}`);
 		if (typeof this.nbf === "number" && this.nbf > nowSkewedFuture) throw new CredoError(`JWT not valid before ${this.nbf}`);
 		if (typeof this.iat !== "number" && typeof this.iat !== "undefined") throw new CredoError(`JWT payload 'iat' must be a number if provided. Actual type is ${typeof this.iat}`);
@@ -73,15 +75,15 @@ var JwtPayload = class JwtPayload {
 		});
 	}
 };
-function getNowSkewed(now, skewTime) {
-	const _now = typeof now === "number" ? now : Math.floor(Date.now() / 1e3);
-	const _skewTime = typeof skewTime !== "undefined" && skewTime >= 0 ? skewTime : DEFAULT_SKEW_TIME;
+function getNowSkewed(now, skewSeconds) {
+	const _now = now ?? dateToSeconds(/* @__PURE__ */ new Date());
+	const _skewSeconds = skewSeconds ?? DEFAULT_SKEW_TIME;
 	return {
-		nowSkewedPast: _now - _skewTime,
-		nowSkewedFuture: _now + _skewTime
+		nowSkewedPast: _now - _skewSeconds,
+		nowSkewedFuture: _now + _skewSeconds
 	};
 }
 //#endregion
-export { JwtPayload };
+export { DEFAULT_SKEW_TIME, JwtPayload };
 //# sourceMappingURL=JwtPayload.mjs.map

package/build/crypto/jose/jwt/JwtPayload.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JwtPayload.mjs","names":["aud"],"sources":["../../../../src/crypto/jose/jwt/JwtPayload.ts"],"sourcesContent":["import { CredoError } from '../../../error'\n\n/*\n The maximum allowed clock skew time in seconds. If an time based validation\n * is performed against current time (`now`), the validation can be of by the skew\n * time.\n \n See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5\n /\~~nconst~~ DEFAULT_SKEW_TIME = ~~300~~\n\nexport interface JwtPayloadJson {\n iss?: string\n sub?: string\n aud?: string \| string[]\n exp?: number\n nbf?: number\n iat?: number\n jti?: string\n [key: string]: unknown\n}\n\nexport interface JwtPayloadOptions {\n iss?: string\n sub?: string\n aud?: string \| string[]\n exp?: number\n nbf?: number\n iat?: number\n jti?: string\n additionalClaims?: Record<string, unknown>\n}\n\nexport class JwtPayload {\n public constructor(options?: JwtPayloadOptions) {\n this.iss = options?.iss\n this.sub = options?.sub\n this.aud = options?.aud\n this.exp = options?.exp\n this.nbf = options?.nbf\n this.iat = options?.iat\n this.jti = options?.jti\n this.additionalClaims = options?.additionalClaims ?? {}\n }\n\n /\n identifies the principal that issued the JWT.\n * The processing of this claim is generally application specific.\n * The \"iss\" value is a case-sensitive string containing a StringOrURI\n * value.\n /\n public iss?: string\n\n /\n identifies the principal that is the\n * subject of the JWT. The Claims in a JWT are normally statements\n * about the subject. The subject value MUST either be scoped to be\n * locally unique in the context of the issuer or be globally unique.\n * The processing of this claim is generally application specific. The\n * \"sub\" value is a case-sensitive string containing a StringOrURI\n * value.\n /\n public sub?: string\n\n /\n identifies the recipients that the JWT is\n * intended for. Each principal intended to process the JWT MUST\n * identify itself with a value in the audience claim. If the principal\n * processing the claim does not identify itself with a value in the\n * \"aud\" claim when this claim is present, then the JWT MUST be\n * rejected.In the general case, the \"aud\" value is an array of case-\n * sensitive strings, each containing a StringOrURI value. In the\n * special case when the JWT has one audience, the \"aud\" value MAY be a\n * single case-sensitive string containing a StringOrURI value. The\n * interpretation of audience values is generally application specific.\n /\n public aud?: string \| string[]\n\n /\n identifies the expiration time on\n * or after which the JWT MUST NOT be accepted for processing. The\n * processing of the \"exp\" claim requires that the current date/time\n * MUST be before the expiration date/time listed in the \"exp\" claim.\n * Implementers MAY provide for some small leeway, usually no more than\n * a few minutes, to account for clock skew. Its value MUST be a number\n * containing a NumericDate value.\n /\n public exp?: number\n\n /\n identifies the time at which the JWT was\n * issued. This claim can be used to determine the age of the JWT. Its\n * value MUST be a number containing a NumericDate value.\n /\n public nbf?: number\n\n /\n identifies the time at which the JWT was\n * issued. This claim can be used to determine the age of the JWT. Its\n * value MUST be a number containing a NumericDate value.\n /\n public iat?: number\n\n /\n provides a unique identifier for the JWT.\n * The identifier value MUST be assigned in a manner that ensures that\n * there is a negligible probability that the same value will be\n * accidentally assigned to a different data object; if the application\n * uses multiple issuers, collisions MUST be prevented among values\n * produced by different issuers as well. The \"jti\" claim can be used\n * to prevent the JWT from being replayed. The \"jti\" value is a case-\n * sensitive string.\n /\n public jti?: string\n\n public additionalClaims: Record<string, unknown>\n\n /\n Validate the JWT payload. This does not verify the signature of the JWT itself.\n \n The following validations are performed:\n * - if `nbf` is present, it must be greater than now\n * - if `iat` is present, it must be less than now\n * - if `exp` is present, it must be greater than now\n */\n public validate(options?: { skewTime?: number; now?: number }) {\n const { nowSkewedFuture, nowSkewedPast } = getNowSkewed(options?.now, options?.skewTime)\n\n // Validate nbf\n if (typeof this.nbf !== 'number' && typeof this.nbf !== 'undefined') {\n throw new CredoError(`JWT payload 'nbf' must be a number if provided. Actual type is ${typeof this.nbf}`)\n }\n if (typeof this.nbf === 'number' && this.nbf > nowSkewedFuture) {\n throw new CredoError(`JWT not valid before ${this.nbf}`)\n }\n\n // Validate iat\n if (typeof this.iat !== 'number' && typeof this.iat !== 'undefined') {\n throw new CredoError(`JWT payload 'iat' must be a number if provided. Actual type is ${typeof this.iat}`)\n }\n if (typeof this.iat === 'number' && this.iat > nowSkewedFuture) {\n throw new CredoError(`JWT issued in the future at ${this.iat}`)\n }\n\n // Validate exp\n if (typeof this.exp !== 'number' && typeof this.exp !== 'undefined') {\n throw new CredoError(`JWT payload 'exp' must be a number if provided. Actual type is ${typeof this.exp}`)\n }\n if (typeof this.exp === 'number' && this.exp < nowSkewedPast) {\n throw new CredoError(`JWT expired at ${this.exp}`)\n }\n\n // NOTE: nonce and aud are not validated in here. We could maybe add\n // the values as input, so you can provide the expected nonce and aud values\n }\n\n public toJson(): JwtPayloadJson {\n return {\n ...this.additionalClaims,\n iss: this.iss,\n sub: this.sub,\n aud: this.aud,\n exp: this.exp,\n nbf: this.nbf,\n iat: this.iat,\n jti: this.jti,\n }\n }\n\n public static fromJson(jwtPayloadJson: JwtPayloadJson) {\n const { iss, sub, aud, exp, nbf, iat, jti, ...additionalClaims } = jwtPayloadJson\n\n // Validate iss\n if (iss && typeof iss !== 'string') {\n throw new CredoError('JWT payload iss must be a string')\n }\n\n // Validate sub\n if (sub && typeof sub !== 'string') {\n throw new CredoError('JWT payload sub must be a string')\n }\n\n // Validate aud\n if (aud && typeof aud !== 'string' && !(Array.isArray(aud) && aud.every((aud) => typeof aud === 'string'))) {\n throw new CredoError('JWT payload aud must be a string or an array of strings')\n }\n\n // Validate exp\n if (exp && (typeof exp !== 'number' \|\| exp < 0)) {\n throw new CredoError('JWT payload exp must be a positive number')\n }\n\n // Validate nbf\n if (nbf && (typeof nbf !== 'number' \|\| nbf < 0)) {\n throw new CredoError('JWT payload nbf must be a positive number')\n }\n\n // Validate iat\n if (iat && (typeof iat !== 'number' \|\| iat < 0)) {\n throw new CredoError('JWT payload iat must be a positive number')\n }\n\n // Validate jti\n if (jti && typeof jti !== 'string') {\n throw new CredoError('JWT payload jti must be a string')\n }\n\n const jwtPayload = new JwtPayload({\n iss,\n sub,\n aud,\n exp,\n nbf,\n iat,\n jti,\n additionalClaims,\n })\n\n return jwtPayload\n }\n}\n\nfunction getNowSkewed(now?: number, ~~skewTime~~?: number) {\n const _now = ~~typeof~~ now ~~===~~ ~~'number'~~ ~~? now : Math.floor(~~Date~~.now~~() ~~/ 1000~~)\n const ~~_skewTime~~ = ~~typeof~~ ~~skewTime~~ ~~!== 'undefined' && skewTime >= 0 ? skewTime :~~ DEFAULT_SKEW_TIME\n\n return {\n nowSkewedPast: _now - ~~_skewTime~~,\n nowSkewedFuture: _now + ~~_skewTime~~,\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;AASA~~,~~MAAM~~,oBAAoB;~~AAwB1B~~,IAAa,aAAb,MAAa,WAAW;CACtB,AAAO,YAAY,SAA6B;AAC9C,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,mBAAmB,SAAS,oBAAoB,EAAE;;;;;;;;;;CAmFzD,AAAO,SAAS,~~SAA+C~~;~~EAC7D~~,MAAM,EAAE,iBAAiB,kBAAkB,aAAa,SAAS,KAAK,SAAS,SAAS;~~AAGxF~~,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,gBAC7C,OAAM,IAAI,WAAW,wBAAwB,KAAK,MAAM;AAI1D,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,gBAC7C,OAAM,IAAI,WAAW,+BAA+B,KAAK,MAAM;AAIjE,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,cAC7C,OAAM,IAAI,WAAW,kBAAkB,KAAK,MAAM;;CAOtD,AAAO,SAAyB;AAC9B,SAAO;GACL,GAAG,KAAK;GACR,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACX;;CAGH,OAAc,SAAS,gBAAgC;EACrD,MAAM,EAAE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG,qBAAqB;AAGnE,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAI1D,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAI1D,MAAI,OAAO,OAAO,QAAQ,YAAY,EAAE,MAAM,QAAQ,IAAI,IAAI,IAAI,OAAO,UAAQ,OAAOA,UAAQ,SAAS,EACvG,OAAM,IAAI,WAAW,0DAA0D;AAIjF,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAc1D,SAXmB,IAAI,WAAW;GAChC;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;;AAMN,SAAS,aAAa,KAAc,~~UAAmB~~;~~CACrD~~,MAAM,OAAO,OAAO,~~QAAQ~~,~~WAAW~~,MAAM,~~KAAK,MAAM,KAAK,KAAK,GAAG,IAAK~~;~~CAC1E~~,MAAM,~~YAAY~~,~~OAAO,aAAa,~~eAAe~~,YAAY,IAAI,WAAW~~;~~AAEhF~~,QAAO;EACL,eAAe,OAAO;EACtB,iBAAiB,OAAO;EACzB"}
1	+ {"version":3,"file":"JwtPayload.mjs","names":["aud"],"sources":["../../../../src/crypto/jose/jwt/JwtPayload.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { dateToSeconds } from '../../../utils'\n\n/*\n The maximum allowed clock skew time in seconds. If an time based validation\n * is performed against current time (`now`), the validation can be of by the skew\n * time.\n \n See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5\n /\nexport const DEFAULT_SKEW_TIME = 30\n\nexport interface JwtPayloadJson {\n iss?: string\n sub?: string\n aud?: string \| string[]\n exp?: number\n nbf?: number\n iat?: number\n jti?: string\n [key: string]: unknown\n}\n\nexport interface JwtPayloadOptions {\n iss?: string\n sub?: string\n aud?: string \| string[]\n exp?: number\n nbf?: number\n iat?: number\n jti?: string\n additionalClaims?: Record<string, unknown>\n}\n\nexport class JwtPayload {\n public constructor(options?: JwtPayloadOptions) {\n this.iss = options?.iss\n this.sub = options?.sub\n this.aud = options?.aud\n this.exp = options?.exp\n this.nbf = options?.nbf\n this.iat = options?.iat\n this.jti = options?.jti\n this.additionalClaims = options?.additionalClaims ?? {}\n }\n\n /\n identifies the principal that issued the JWT.\n * The processing of this claim is generally application specific.\n * The \"iss\" value is a case-sensitive string containing a StringOrURI\n * value.\n /\n public iss?: string\n\n /\n identifies the principal that is the\n * subject of the JWT. The Claims in a JWT are normally statements\n * about the subject. The subject value MUST either be scoped to be\n * locally unique in the context of the issuer or be globally unique.\n * The processing of this claim is generally application specific. The\n * \"sub\" value is a case-sensitive string containing a StringOrURI\n * value.\n /\n public sub?: string\n\n /\n identifies the recipients that the JWT is\n * intended for. Each principal intended to process the JWT MUST\n * identify itself with a value in the audience claim. If the principal\n * processing the claim does not identify itself with a value in the\n * \"aud\" claim when this claim is present, then the JWT MUST be\n * rejected.In the general case, the \"aud\" value is an array of case-\n * sensitive strings, each containing a StringOrURI value. In the\n * special case when the JWT has one audience, the \"aud\" value MAY be a\n * single case-sensitive string containing a StringOrURI value. The\n * interpretation of audience values is generally application specific.\n /\n public aud?: string \| string[]\n\n /\n identifies the expiration time on\n * or after which the JWT MUST NOT be accepted for processing. The\n * processing of the \"exp\" claim requires that the current date/time\n * MUST be before the expiration date/time listed in the \"exp\" claim.\n * Implementers MAY provide for some small leeway, usually no more than\n * a few minutes, to account for clock skew. Its value MUST be a number\n * containing a NumericDate value.\n /\n public exp?: number\n\n /\n identifies the time at which the JWT was\n * issued. This claim can be used to determine the age of the JWT. Its\n * value MUST be a number containing a NumericDate value.\n /\n public nbf?: number\n\n /\n identifies the time at which the JWT was\n * issued. This claim can be used to determine the age of the JWT. Its\n * value MUST be a number containing a NumericDate value.\n /\n public iat?: number\n\n /\n provides a unique identifier for the JWT.\n * The identifier value MUST be assigned in a manner that ensures that\n * there is a negligible probability that the same value will be\n * accidentally assigned to a different data object; if the application\n * uses multiple issuers, collisions MUST be prevented among values\n * produced by different issuers as well. The \"jti\" claim can be used\n * to prevent the JWT from being replayed. The \"jti\" value is a case-\n * sensitive string.\n /\n public jti?: string\n\n public additionalClaims: Record<string, unknown>\n\n /\n Validate the JWT payload. This does not verify the signature of the JWT itself.\n \n The following validations are performed:\n * - if `nbf` is present, it must be greater than now\n * - if `iat` is present, it must be less than now\n * - if `exp` is present, it must be greater than now\n /\n public validate(options?: {\n /\n @deprecated use `skewSeconds` instead\n */\n skewTime?: number\n skewSeconds?: number\n now?: number\n }) {\n const { nowSkewedFuture, nowSkewedPast } = getNowSkewed(options?.now, options?.skewSeconds ?? options?.skewTime)\n\n // Validate nbf\n if (typeof this.nbf !== 'number' && typeof this.nbf !== 'undefined') {\n throw new CredoError(`JWT payload 'nbf' must be a number if provided. Actual type is ${typeof this.nbf}`)\n }\n if (typeof this.nbf === 'number' && this.nbf > nowSkewedFuture) {\n throw new CredoError(`JWT not valid before ${this.nbf}`)\n }\n\n // Validate iat\n if (typeof this.iat !== 'number' && typeof this.iat !== 'undefined') {\n throw new CredoError(`JWT payload 'iat' must be a number if provided. Actual type is ${typeof this.iat}`)\n }\n if (typeof this.iat === 'number' && this.iat > nowSkewedFuture) {\n throw new CredoError(`JWT issued in the future at ${this.iat}`)\n }\n\n // Validate exp\n if (typeof this.exp !== 'number' && typeof this.exp !== 'undefined') {\n throw new CredoError(`JWT payload 'exp' must be a number if provided. Actual type is ${typeof this.exp}`)\n }\n if (typeof this.exp === 'number' && this.exp < nowSkewedPast) {\n throw new CredoError(`JWT expired at ${this.exp}`)\n }\n\n // NOTE: nonce and aud are not validated in here. We could maybe add\n // the values as input, so you can provide the expected nonce and aud values\n }\n\n public toJson(): JwtPayloadJson {\n return {\n ...this.additionalClaims,\n iss: this.iss,\n sub: this.sub,\n aud: this.aud,\n exp: this.exp,\n nbf: this.nbf,\n iat: this.iat,\n jti: this.jti,\n }\n }\n\n public static fromJson(jwtPayloadJson: JwtPayloadJson) {\n const { iss, sub, aud, exp, nbf, iat, jti, ...additionalClaims } = jwtPayloadJson\n\n // Validate iss\n if (iss && typeof iss !== 'string') {\n throw new CredoError('JWT payload iss must be a string')\n }\n\n // Validate sub\n if (sub && typeof sub !== 'string') {\n throw new CredoError('JWT payload sub must be a string')\n }\n\n // Validate aud\n if (aud && typeof aud !== 'string' && !(Array.isArray(aud) && aud.every((aud) => typeof aud === 'string'))) {\n throw new CredoError('JWT payload aud must be a string or an array of strings')\n }\n\n // Validate exp\n if (exp && (typeof exp !== 'number' \|\| exp < 0)) {\n throw new CredoError('JWT payload exp must be a positive number')\n }\n\n // Validate nbf\n if (nbf && (typeof nbf !== 'number' \|\| nbf < 0)) {\n throw new CredoError('JWT payload nbf must be a positive number')\n }\n\n // Validate iat\n if (iat && (typeof iat !== 'number' \|\| iat < 0)) {\n throw new CredoError('JWT payload iat must be a positive number')\n }\n\n // Validate jti\n if (jti && typeof jti !== 'string') {\n throw new CredoError('JWT payload jti must be a string')\n }\n\n const jwtPayload = new JwtPayload({\n iss,\n sub,\n aud,\n exp,\n nbf,\n iat,\n jti,\n additionalClaims,\n })\n\n return jwtPayload\n }\n}\n\nfunction getNowSkewed(now?: number, skewSeconds?: number) {\n const _now = now ?? dateToSeconds(new Date())\n const _skewSeconds = skewSeconds ?? DEFAULT_SKEW_TIME\n\n return {\n nowSkewedPast: _now - _skewSeconds,\n nowSkewedFuture: _now + _skewSeconds,\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAUA,MAAa,oBAAoB;AAwBjC,IAAa,aAAb,MAAa,WAAW;CACtB,AAAO,YAAY,SAA6B;AAC9C,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,MAAM,SAAS;AACpB,OAAK,mBAAmB,SAAS,oBAAoB,EAAE;;;;;;;;;;CAmFzD,AAAO,SAAS,SAOb;EACD,MAAM,EAAE,iBAAiB,kBAAkB,aAAa,SAAS,KAAK,SAAS,eAAe,SAAS,SAAS;AAGhH,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,gBAC7C,OAAM,IAAI,WAAW,wBAAwB,KAAK,MAAM;AAI1D,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,gBAC7C,OAAM,IAAI,WAAW,+BAA+B,KAAK,MAAM;AAIjE,MAAI,OAAO,KAAK,QAAQ,YAAY,OAAO,KAAK,QAAQ,YACtD,OAAM,IAAI,WAAW,kEAAkE,OAAO,KAAK,MAAM;AAE3G,MAAI,OAAO,KAAK,QAAQ,YAAY,KAAK,MAAM,cAC7C,OAAM,IAAI,WAAW,kBAAkB,KAAK,MAAM;;CAOtD,AAAO,SAAyB;AAC9B,SAAO;GACL,GAAG,KAAK;GACR,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACV,KAAK,KAAK;GACX;;CAGH,OAAc,SAAS,gBAAgC;EACrD,MAAM,EAAE,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG,qBAAqB;AAGnE,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAI1D,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAI1D,MAAI,OAAO,OAAO,QAAQ,YAAY,EAAE,MAAM,QAAQ,IAAI,IAAI,IAAI,OAAO,UAAQ,OAAOA,UAAQ,SAAS,EACvG,OAAM,IAAI,WAAW,0DAA0D;AAIjF,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,QAAQ,OAAO,QAAQ,YAAY,MAAM,GAC3C,OAAM,IAAI,WAAW,4CAA4C;AAInE,MAAI,OAAO,OAAO,QAAQ,SACxB,OAAM,IAAI,WAAW,mCAAmC;AAc1D,SAXmB,IAAI,WAAW;GAChC;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACD,CAAC;;;AAMN,SAAS,aAAa,KAAc,aAAsB;CACxD,MAAM,OAAO,OAAO,8BAAc,IAAI,MAAM,CAAC;CAC7C,MAAM,eAAe,eAAe;AAEpC,QAAO;EACL,eAAe,OAAO;EACtB,iBAAiB,OAAO;EACzB"}

package/build/index.mjs CHANGED Viewed

@@ -1,23 +1,12 @@
 import 'reflect-metadata'
 import { InjectionSymbols } from "./constants.mjs";
-import { LogLevel } from "./logger/Logger.mjs";
-import { BaseLogger } from "./logger/BaseLogger.mjs";
-import { replaceError } from "./logger/replaceError.mjs";
-import { ConsoleLogger } from "./logger/ConsoleLogger.mjs";
-import { AgentConfig } from "./agent/AgentConfig.mjs";
-import { AgentContext } from "./agent/context/AgentContext.mjs";
 import { CredoError } from "./error/CredoError.mjs";
 import { ClassValidationError } from "./error/ClassValidationError.mjs";
 import { RecordDuplicateError } from "./error/RecordDuplicateError.mjs";
 import { RecordNotFoundError } from "./error/RecordNotFoundError.mjs";
 import { ZodValidationError } from "./error/ZodValidationError.mjs";
 import "./error/index.mjs";
-import { DependencyManager } from "./plugins/DependencyManager.mjs";
-import { getApiForModuleByName, getRegisteredModuleByInstance, getRegisteredModuleByName } from "./plugins/utils.mjs";
-import { inject, injectAll, injectable } from "./plugins/index.mjs";
-import { DefaultAgentContextProvider } from "./agent/context/DefaultAgentContextProvider.mjs";
-import "./agent/index.mjs";
 import { asArray } from "./utils/array.mjs";
 import { Buffer } from "./utils/buffer.mjs";
 import { areObjectsEqual } from "./utils/objectEquality.mjs";
@@ -40,6 +29,18 @@ import { Metadata } from "./storage/Metadata.mjs";
 import { DateTransformer, IsStringOrStringArray } from "./utils/transformers.mjs";
 import { IsStringOrInstance, IsStringOrInstanceOrArrayOfInstances, IsUri } from "./utils/validators.mjs";
 import "./utils/index.mjs";
+import { JwtPayload } from "./crypto/jose/jwt/JwtPayload.mjs";
+import { LogLevel } from "./logger/Logger.mjs";
+import { BaseLogger } from "./logger/BaseLogger.mjs";
+import { replaceError } from "./logger/replaceError.mjs";
+import { ConsoleLogger } from "./logger/ConsoleLogger.mjs";
+import { AgentConfig } from "./agent/AgentConfig.mjs";
+import { AgentContext } from "./agent/context/AgentContext.mjs";
+import { DependencyManager } from "./plugins/DependencyManager.mjs";
+import { getApiForModuleByName, getRegisteredModuleByInstance, getRegisteredModuleByName } from "./plugins/utils.mjs";
+import { inject, injectAll, injectable } from "./plugins/index.mjs";
+import { DefaultAgentContextProvider } from "./agent/context/DefaultAgentContextProvider.mjs";
+import "./agent/index.mjs";
 import { kms_exports } from "./modules/kms/index.mjs";
 import { CredoWebCryptoKey } from "./crypto/webcrypto/CredoWebCryptoKey.mjs";
 import { publicJwkToCryptoKeyAlgorithm } from "./crypto/webcrypto/utils/keyAlgorithmConversion.mjs";
@@ -55,7 +56,6 @@ import { X509Api } from "./modules/x509/X509Api.mjs";
 import { X509Module } from "./modules/x509/X509Module.mjs";
 import "./modules/x509/index.mjs";
 import { isJsonObject, isNonEmptyArray, mapNonEmptyArray } from "./types.mjs";
-import { JwtPayload } from "./crypto/jose/jwt/JwtPayload.mjs";
 import { Jwt } from "./crypto/jose/jwt/Jwt.mjs";
 import { JwsService } from "./crypto/JwsService.mjs";
 import { BaseRecord } from "./storage/BaseRecord.mjs";

package/build/modules/cache/CachedStorageService.mjs CHANGED Viewed

@@ -1,12 +1,12 @@
 import { InjectionSymbols } from "../../constants.mjs";
+import { JsonTransformer } from "../../utils/JsonTransformer.mjs";
+import "../../utils/index.mjs";
 import { inject, injectable } from "../../plugins/index.mjs";
 import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import "../../agent/index.mjs";
-import { JsonTransformer } from "../../utils/JsonTransformer.mjs";
-import "../../utils/index.mjs";
 import "../../storage/BaseRecord.mjs";
 import { __decorateParam } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
 import { CacheModuleConfig } from "./CacheModuleConfig.mjs";

package/build/modules/dcql/DcqlService.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { asArray } from "../../utils/array.mjs";
 import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
 import "../../utils/index.mjs";
+import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { X509Certificate } from "../x509/X509Certificate.mjs";
 import "../x509/index.mjs";
 import { isNonEmptyArray, mapNonEmptyArray } from "../../types.mjs";

package/build/modules/dids/DidsApi.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { AgentContext } from "../../agent/context/AgentContext.mjs";
 import { CredoError } from "../../error/CredoError.mjs";
 import { RecordNotFoundError } from "../../error/RecordNotFoundError.mjs";
 import "../../error/index.mjs";
+import { AgentContext } from "../../agent/context/AgentContext.mjs";
 import { injectable } from "../../plugins/index.mjs";
 import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";

package/build/modules/dids/domain/DidDocument.mjs CHANGED Viewed

@@ -2,12 +2,12 @@
 import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
-import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { TypedArrayEncoder } from "../../../utils/TypedArrayEncoder.mjs";
 import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
 import { IsStringOrStringArray } from "../../../utils/transformers.mjs";
 import "../../../utils/index.mjs";
+import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { X25519PublicJwk } from "../../kms/jwk/kty/okp/X25519PublicJwk.mjs";
 import { Ed25519PublicJwk } from "../../kms/jwk/kty/okp/Ed25519PublicJwk.mjs";
 import { PublicJwk } from "../../kms/jwk/PublicJwk.mjs";

package/build/modules/dids/domain/service/DidCommV1Service.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { IsUri } from "../../../../utils/validators.mjs";
 import "../../../../utils/index.mjs";
+import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { getProtocolScheme } from "../../../../utils/uri.mjs";
 import { DidDocumentService } from "./DidDocumentService.mjs";
 import { ArrayNotEmpty, IsOptional, IsString } from "class-validator";

package/build/modules/dids/domain/service/DidCommV2Service.mjs CHANGED Viewed

@@ -2,10 +2,10 @@
 import { CredoError } from "../../../../error/CredoError.mjs";
 import "../../../../error/index.mjs";
-import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { IsInstanceOrArrayOfInstances, IsUri } from "../../../../utils/validators.mjs";
 import "../../../../utils/index.mjs";
+import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { DidDocumentService } from "./DidDocumentService.mjs";
 import { Type } from "class-transformer";
 import { IsOptional, IsString, ValidateNested } from "class-validator";

package/build/modules/dids/domain/service/IndyAgentService.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { IsUri } from "../../../../utils/validators.mjs";
 import "../../../../utils/index.mjs";
+import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { getProtocolScheme } from "../../../../utils/uri.mjs";
 import { DidDocumentService } from "./DidDocumentService.mjs";
 import { ArrayNotEmpty, IsOptional, IsString } from "class-validator";

package/build/modules/dids/domain/service/LegacyDidCommV2Service.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { IsUri } from "../../../../utils/validators.mjs";
 import "../../../../utils/index.mjs";
+import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { DidDocumentService } from "./DidDocumentService.mjs";
 import { DidCommV2Service, DidCommV2ServiceEndpoint } from "./DidCommV2Service.mjs";
 import { IsOptional, IsString } from "class-validator";

package/build/modules/dids/services/DidResolverService.mjs CHANGED Viewed

@@ -3,11 +3,11 @@
 import { InjectionSymbols } from "../../../constants.mjs";
 import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
+import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
+import "../../../utils/index.mjs";
 import { inject, injectable } from "../../../plugins/index.mjs";
 import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
-import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
-import "../../../utils/index.mjs";
 import { parseDid } from "../domain/parse.mjs";
 import { DidDocument } from "../domain/DidDocument.mjs";
 import "../domain/index.mjs";

package/build/modules/dif-presentation-exchange/DifPresentationExchangeService.mjs CHANGED Viewed

@@ -2,10 +2,10 @@
 import { CredoError } from "../../error/CredoError.mjs";
 import "../../error/index.mjs";
-import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
-import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { JsonTransformer } from "../../utils/JsonTransformer.mjs";
 import "../../utils/index.mjs";
+import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
+import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
 import { getJwkHumanDescription } from "../kms/jwk/humanDescription.mjs";
 import "../kms/index.mjs";
 import { getPublicJwkFromVerificationMethod } from "../dids/domain/key-type/keyDidMapping.mjs";

package/build/modules/kms/jwk/PublicJwk.mjs CHANGED Viewed

@@ -2,11 +2,11 @@
 import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
-import { KeyManagementError } from "../error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../../utils/TypedArrayEncoder.mjs";
 import { MultiBaseEncoder } from "../../../utils/MultiBaseEncoder.mjs";
 import { VarintEncoder } from "../../../utils/VarintEncoder.mjs";
 import "../../../utils/index.mjs";
+import { KeyManagementError } from "../error/KeyManagementError.mjs";
 import { getJwkHumanDescription } from "./humanDescription.mjs";
 import { asymmetricPublicJwkMatches } from "./equals.mjs";
 import { zParseWithErrorHandling } from "../../../utils/zod.mjs";

package/build/modules/kms/jwk/alg/encryption.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { KeyManagementError } from "../../error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../../../utils/TypedArrayEncoder.mjs";
 import "../../../../utils/index.mjs";
+import { KeyManagementError } from "../../error/KeyManagementError.mjs";
 import { getJwkHumanDescription } from "../humanDescription.mjs";
 //#region src/modules/kms/jwk/alg/encryption.ts

package/build/modules/kms/jwk/alg/signing.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { KeyManagementError } from "../../error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../../../utils/TypedArrayEncoder.mjs";
 import "../../../../utils/index.mjs";
+import { KeyManagementError } from "../../error/KeyManagementError.mjs";
 import { getJwkHumanDescription } from "../humanDescription.mjs";
 //#region src/modules/kms/jwk/alg/signing.ts

package/build/modules/kms/jwk/kty/ec/ecPublicKey.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { KeyManagementError } from "../../../error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../../../../utils/TypedArrayEncoder.mjs";
 import "../../../../../utils/index.mjs";
+import { KeyManagementError } from "../../../error/KeyManagementError.mjs";
 import { AffinePoint, Secp256k1, Secp256r1, Secp384r1, Secp521r1, isValidCompressedPublicKeyFormat, isValidDecompressedPublicKeyFormat } from "ec-compression";
 //#region src/modules/kms/jwk/kty/ec/ecPublicKey.ts

package/build/modules/kms/jwk/kty/rsa/RsaPublicJwk.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { KeyManagementError } from "../../../error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../../../../utils/TypedArrayEncoder.mjs";
 import "../../../../../utils/index.mjs";
+import { KeyManagementError } from "../../../error/KeyManagementError.mjs";
 import { rsaPublicJwkToPublicKey, rsaPublicKeyToPublicJwk } from "./rsaPublicKey.mjs";
 //#region src/modules/kms/jwk/kty/rsa/RsaPublicJwk.ts

package/build/modules/kms/legacy.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
-import { KeyManagementError } from "./error/KeyManagementError.mjs";
 import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
 import "../../utils/index.mjs";
+import { KeyManagementError } from "./error/KeyManagementError.mjs";
 import "./jwk/index.mjs";
 //#region src/modules/kms/legacy.ts

package/build/modules/mdoc/Mdoc.mjs CHANGED Viewed

@@ -15,7 +15,7 @@ import { ClaimFormat } from "../vc/models/ClaimFormat.mjs";
 import "../vc/index.mjs";
 import { getMdocContext } from "./MdocContext.mjs";
 import { MdocError } from "./MdocError.mjs";
-import { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from "./mdocSupportedAlgs.mjs";
+import { isMdocSupportedSignatureAlgorithm, mdocSupportedSignatureAlgorithms } from "./mdocSupportedAlgs.mjs";
 import { COSEKey, DeviceSignedDocument, Document, Verifier, cborEncode, parseDeviceSigned, parseIssuerSigned } from "@animo-id/mdoc";
 //#region src/modules/mdoc/Mdoc.ts
@@ -101,7 +101,7 @@ var Mdoc = class Mdoc {
 		for (const [namespace, namespaceRecord] of Object.entries(namespaces)) document.addIssuerNameSpace(namespace, namespaceRecord);
 		const issuerKey = issuerCertificate.publicJwk;
 		const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm);
-		if (!alg) throw new MdocError(`Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${issuerKey.jwkTypeHumanDescription}. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(", ")}`);
+		if (!alg) throw new MdocError(`Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${issuerKey.jwkTypeHumanDescription}. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(", ")}. mdoc supports algs ${mdocSupportedSignatureAlgorithms.join(", ")}`);
 		return new Mdoc(await document.sign({
 			issuerPrivateKey: issuerKey.toJson(),
 			alg,

package/build/modules/mdoc/Mdoc.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Mdoc.mjs","names":["issuerSignedDocument: IssuerSignedDocument \| DeviceSignedDocument"],"sources":["../../../src/modules/mdoc/Mdoc.ts"],"sourcesContent":["import type { IssuerSignedDocument } from '@animo-id/mdoc'\nimport {\n COSEKey,\n cborEncode,\n DeviceSignedDocument,\n Document,\n parseDeviceSigned,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { isKnownJwaSignatureAlgorithm } from '../kms/jwk/jwa'\nimport { ClaimFormat } from '../vc/index'\nimport { X509Certificate, X509ModuleConfig } from '../x509'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type { MdocNameSpaces, MdocSignOptions, MdocVerifyOptions } from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupporteSignatureAlgorithms } from './mdocSupportedAlgs'\n\n/*\n This class represents a IssuerSigned Mdoc Document,\n * which are the actual credentials being issued to holders.\n /\nexport class Mdoc {\n public base64Url: string\n #deviceKeyId?: string\n\n private constructor(public issuerSignedDocument: IssuerSignedDocument \| DeviceSignedDocument) {\n const issuerSigned = issuerSignedDocument.prepare().get('issuerSigned')\n this.base64Url = TypedArrayEncoder.toBase64URL(cborEncode(issuerSigned))\n }\n\n /\n claim format is convenience method added to all credential instances\n /\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /\n Encoded is convenience method added to all credential instances\n /\n public get encoded() {\n return this.base64Url\n }\n\n /\n Get the device key to which the mdoc is bound\n */\n public get deviceKey(): PublicJwk {\n const deviceKeyRaw = this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.deviceKeyInfo?.deviceKey\n if (!deviceKeyRaw) throw new MdocError('Could not extract device key from mdoc')\n\n const publicJwk = PublicJwk.fromUnknown(COSEKey.import(deviceKeyRaw).toJWK())\n if (this.#deviceKeyId) publicJwk.keyId = this.#deviceKeyId\n return publicJwk\n }\n\n public set deviceKeyId(keyId: string \| undefined) {\n this.#deviceKeyId = keyId\n }\n\n public get deviceKeyId() {\n const deviceKey = this.deviceKey\n\n if (deviceKey.hasKeyId) return deviceKey.keyId\n return undefined\n }\n\n public static fromBase64Url(mdocBase64Url: string, expectedDocType?: string): Mdoc {\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdocBase64Url), expectedDocType)\n return new Mdoc(issuerSignedDocument)\n }\n\n public static fromIssuerSignedDocument(issuerSignedBase64Url: string, expectedDocType?: string): Mdoc {\n return new Mdoc(parseIssuerSigned(TypedArrayEncoder.fromBase64(issuerSignedBase64Url), expectedDocType))\n }\n\n public static fromDeviceSignedDocument(\n issuerSignedBase64Url: string,\n deviceSignedBase64Url: string,\n expectedDocType?: string\n ): Mdoc {\n return new Mdoc(\n parseDeviceSigned(\n TypedArrayEncoder.fromBase64(deviceSignedBase64Url),\n TypedArrayEncoder.fromBase64(issuerSignedBase64Url),\n expectedDocType\n )\n )\n }\n\n public get docType(): string {\n return this.issuerSignedDocument.docType\n }\n\n public get alg(): KnownJwaSignatureAlgorithm {\n const algName = this.issuerSignedDocument.issuerSigned.issuerAuth.algName\n if (!algName) {\n throw new MdocError('Cannot extract the signature algorithm from the mdoc.')\n }\n if (isKnownJwaSignatureAlgorithm(algName)) {\n return algName\n }\n\n throw new MdocError(`Cannot parse mdoc. The signature algorithm '${algName}' is not supported.`)\n }\n\n public get validityInfo() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.validityInfo\n }\n\n public get deviceSignedNamespaces(): MdocNameSpaces \| null {\n if (this.issuerSignedDocument instanceof DeviceSignedDocument === false) {\n return null\n }\n\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allDeviceSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public get issuerSignedCertificateChain() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain\n }\n\n public get signingCertificate() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificate\n }\n\n public get issuerSignedNamespaces(): MdocNameSpaces {\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allIssuerSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public static async sign(agentContext: AgentContext, options: MdocSignOptions) {\n const { docType, validityInfo, namespaces, holderKey, issuerCertificate } = options\n const mdocContext = getMdocContext(agentContext)\n\n const document = new Document(docType, mdocContext)\n .useDigestAlgorithm('SHA-256')\n .addValidityInfo(validityInfo)\n .addDeviceKeyInfo({ deviceKey: holderKey.toJson() })\n\n for (const [namespace, namespaceRecord] of Object.entries(namespaces)) {\n document.addIssuerNameSpace(namespace, namespaceRecord)\n }\n\n const issuerKey = issuerCertificate.publicJwk\n const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!alg) {\n throw new MdocError(\n `Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${\n issuerKey.jwkTypeHumanDescription\n }. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupporteSignatureAlgorithms.join(', ')}`\n )\n }\n\n const issuerSignedDocument = await document.sign(\n {\n issuerPrivateKey: issuerKey.toJson(),\n alg,\n issuerCertificate: issuerCertificate.rawCertificate,\n },\n mdocContext\n )\n\n return new Mdoc(issuerSignedDocument)\n }\n\n public async verify(\n agentContext: AgentContext,\n options?: MdocVerifyOptions\n ): Promise<{ isValid: true } \| { isValid: false; error: string }> {\n const x509ModuleConfig = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain.map((certificate) =>\n X509Certificate.fromRawCertificate(certificate)\n )\n\n let trustedCertificates = options?.trustedCertificates\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509ModuleConfig.getTrustedCertificatesForVerification?.(agentContext, {\n verification: {\n type: 'credential',\n credential: this,\n },\n certificateChain,\n })) ?? x509ModuleConfig.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new MdocError('No trusted certificates found. Cannot verify mdoc.')\n }\n\n const mdocContext = getMdocContext(agentContext)\n try {\n const verifier = new Verifier()\n await verifier.verifyIssuerSignature(\n {\n trustedCertificates: trustedCertificates.map(\n (cert) => X509Certificate.fromEncodedCertificate(cert).rawCertificate\n ),\n issuerAuth: this.issuerSignedDocument.issuerSigned.issuerAuth,\n disableCertificateChainValidation: false,\n now: options?.now,\n },\n mdocContext\n )\n\n await verifier.verifyData({ mdoc: this.issuerSignedDocument }, mdocContext)\n return { isValid: true }\n } catch (error) {\n return { isValid: false, error: error.message }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,IAAa,OAAb,MAAa,KAAK;CAIhB,AAAQ,YAAY,AAAOA,sBAAmE;EAAnE;;EACzB,MAAM,eAAe,qBAAqB,SAAS,CAAC,IAAI,eAAe;AACvE,OAAK,YAAY,kBAAkB,YAAY,WAAW,aAAa,CAAC;;;;;CAM1E,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,IAAW,YAAuB;EAChC,MAAM,eAAe,KAAK,qBAAqB,aAAa,WAAW,eAAe,eAAe;AACrG,MAAI,CAAC,aAAc,OAAM,IAAI,UAAU,yCAAyC;EAEhF,MAAM,YAAY,UAAU,YAAY,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC;AAC7E,2CAAI,KAAiB,CAAE,WAAU,6CAAQ,KAAiB;AAC1D,SAAO;;CAGT,IAAW,YAAY,OAA2B;AAChD,6CAAoB,MAAK;;CAG3B,IAAW,cAAc;EACvB,MAAM,YAAY,KAAK;AAEvB,MAAI,UAAU,SAAU,QAAO,UAAU;;CAI3C,OAAc,cAAc,eAAuB,iBAAgC;AAEjF,SAAO,IAAI,KADkB,kBAAkB,kBAAkB,WAAW,cAAc,EAAE,gBAAgB,CACvE;;CAGvC,OAAc,yBAAyB,uBAA+B,iBAAgC;AACpG,SAAO,IAAI,KAAK,kBAAkB,kBAAkB,WAAW,sBAAsB,EAAE,gBAAgB,CAAC;;CAG1G,OAAc,yBACZ,uBACA,uBACA,iBACM;AACN,SAAO,IAAI,KACT,kBACE,kBAAkB,WAAW,sBAAsB,EACnD,kBAAkB,WAAW,sBAAsB,EACnD,gBACD,CACF;;CAGH,IAAW,UAAkB;AAC3B,SAAO,KAAK,qBAAqB;;CAGnC,IAAW,MAAkC;EAC3C,MAAM,UAAU,KAAK,qBAAqB,aAAa,WAAW;AAClE,MAAI,CAAC,QACH,OAAM,IAAI,UAAU,wDAAwD;AAE9E,MAAI,6BAA6B,QAAQ,CACvC,QAAO;AAGT,QAAM,IAAI,UAAU,+CAA+C,QAAQ,qBAAqB;;CAGlG,IAAW,eAAe;AACxB,SAAO,KAAK,qBAAqB,aAAa,WAAW,eAAe;;CAG1E,IAAW,yBAAgD;AACzD,MAAI,KAAK,gCAAgC,yBAAyB,MAChE,QAAO;AAGT,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,IAAW,+BAA+B;AACxC,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,qBAAqB;AAC9B,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,yBAAyC;AAClD,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,aAAoB,KAAK,cAA4B,SAA0B;EAC7E,MAAM,EAAE,SAAS,cAAc,YAAY,WAAW,sBAAsB;EAC5E,MAAM,cAAc,eAAe,aAAa;EAEhD,MAAM,WAAW,IAAI,SAAS,SAAS,YAAY,CAChD,mBAAmB,UAAU,CAC7B,gBAAgB,aAAa,CAC7B,iBAAiB,EAAE,WAAW,UAAU,QAAQ,EAAE,CAAC;AAEtD,OAAK,MAAM,CAAC,WAAW,oBAAoB,OAAO,QAAQ,WAAW,CACnE,UAAS,mBAAmB,WAAW,gBAAgB;EAGzD,MAAM,YAAY,kBAAkB;EACpC,MAAM,MAAM,UAAU,6BAA6B,KAAK,kCAAkC;AAC1F,MAAI,CAAC,IACH,OAAM,IAAI,UACR,oGACE,UAAU,wBACX,sBAAsB,UAAU,6BAA6B,KAC5D,KACD,CAAC,uBAAuB,gCAAgC,KAAK,KAAK,GACpE;AAYH,SAAO,IAAI,KATkB,MAAM,SAAS,KAC1C;GACE,kBAAkB,UAAU,QAAQ;GACpC;GACA,mBAAmB,kBAAkB;GACtC,EACD,YACD,CAEoC;;CAGvC,MAAa,OACX,cACA,SACgE;EAChE,MAAM,mBAAmB,aAAa,kBAAkB,QAAQ,iBAAiB;EACjF,MAAM,mBAAmB,KAAK,qBAAqB,aAAa,WAAW,iBAAiB,KAAK,gBAC/F,gBAAgB,mBAAmB,YAAY,CAChD;EAED,IAAI,sBAAsB,SAAS;AACnC,MAAI,CAAC,oBACH,uBACG,MAAM,iBAAiB,wCAAwC,cAAc;GAC5E,cAAc;IACZ,MAAM;IACN,YAAY;IACb;GACD;GACD,CAAC,IAAK,iBAAiB;AAG5B,MAAI,CAAC,oBACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,cAAc,eAAe,aAAa;AAChD,MAAI;GACF,MAAM,WAAW,IAAI,UAAU;AAC/B,SAAM,SAAS,sBACb;IACE,qBAAqB,oBAAoB,KACtC,SAAS,gBAAgB,uBAAuB,KAAK,CAAC,eACxD;IACD,YAAY,KAAK,qBAAqB,aAAa;IACnD,mCAAmC;IACnC,KAAK,SAAS;IACf,EACD,YACD;AAED,SAAM,SAAS,WAAW,EAAE,MAAM,KAAK,sBAAsB,EAAE,YAAY;AAC3E,UAAO,EAAE,SAAS,MAAM;WACjB,OAAO;AACd,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;IAAS"}
1	+ {"version":3,"file":"Mdoc.mjs","names":["issuerSignedDocument: IssuerSignedDocument \| DeviceSignedDocument"],"sources":["../../../src/modules/mdoc/Mdoc.ts"],"sourcesContent":["import type { IssuerSignedDocument } from '@animo-id/mdoc'\nimport {\n COSEKey,\n cborEncode,\n DeviceSignedDocument,\n Document,\n parseDeviceSigned,\n parseIssuerSigned,\n Verifier,\n} from '@animo-id/mdoc'\nimport type { AgentContext } from '../../agent'\nimport { TypedArrayEncoder } from './../../utils'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { isKnownJwaSignatureAlgorithm } from '../kms/jwk/jwa'\nimport { ClaimFormat } from '../vc/index'\nimport { X509Certificate, X509ModuleConfig } from '../x509'\nimport { getMdocContext } from './MdocContext'\nimport { MdocError } from './MdocError'\nimport type { MdocNameSpaces, MdocSignOptions, MdocVerifyOptions } from './MdocOptions'\nimport { isMdocSupportedSignatureAlgorithm, mdocSupportedSignatureAlgorithms } from './mdocSupportedAlgs'\n\n/*\n This class represents a IssuerSigned Mdoc Document,\n * which are the actual credentials being issued to holders.\n /\nexport class Mdoc {\n public base64Url: string\n #deviceKeyId?: string\n\n private constructor(public issuerSignedDocument: IssuerSignedDocument \| DeviceSignedDocument) {\n const issuerSigned = issuerSignedDocument.prepare().get('issuerSigned')\n this.base64Url = TypedArrayEncoder.toBase64URL(cborEncode(issuerSigned))\n }\n\n /\n claim format is convenience method added to all credential instances\n /\n public get claimFormat() {\n return ClaimFormat.MsoMdoc as const\n }\n\n /\n Encoded is convenience method added to all credential instances\n /\n public get encoded() {\n return this.base64Url\n }\n\n /\n Get the device key to which the mdoc is bound\n */\n public get deviceKey(): PublicJwk {\n const deviceKeyRaw = this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.deviceKeyInfo?.deviceKey\n if (!deviceKeyRaw) throw new MdocError('Could not extract device key from mdoc')\n\n const publicJwk = PublicJwk.fromUnknown(COSEKey.import(deviceKeyRaw).toJWK())\n if (this.#deviceKeyId) publicJwk.keyId = this.#deviceKeyId\n return publicJwk\n }\n\n public set deviceKeyId(keyId: string \| undefined) {\n this.#deviceKeyId = keyId\n }\n\n public get deviceKeyId() {\n const deviceKey = this.deviceKey\n\n if (deviceKey.hasKeyId) return deviceKey.keyId\n return undefined\n }\n\n public static fromBase64Url(mdocBase64Url: string, expectedDocType?: string): Mdoc {\n const issuerSignedDocument = parseIssuerSigned(TypedArrayEncoder.fromBase64(mdocBase64Url), expectedDocType)\n return new Mdoc(issuerSignedDocument)\n }\n\n public static fromIssuerSignedDocument(issuerSignedBase64Url: string, expectedDocType?: string): Mdoc {\n return new Mdoc(parseIssuerSigned(TypedArrayEncoder.fromBase64(issuerSignedBase64Url), expectedDocType))\n }\n\n public static fromDeviceSignedDocument(\n issuerSignedBase64Url: string,\n deviceSignedBase64Url: string,\n expectedDocType?: string\n ): Mdoc {\n return new Mdoc(\n parseDeviceSigned(\n TypedArrayEncoder.fromBase64(deviceSignedBase64Url),\n TypedArrayEncoder.fromBase64(issuerSignedBase64Url),\n expectedDocType\n )\n )\n }\n\n public get docType(): string {\n return this.issuerSignedDocument.docType\n }\n\n public get alg(): KnownJwaSignatureAlgorithm {\n const algName = this.issuerSignedDocument.issuerSigned.issuerAuth.algName\n if (!algName) {\n throw new MdocError('Cannot extract the signature algorithm from the mdoc.')\n }\n if (isKnownJwaSignatureAlgorithm(algName)) {\n return algName\n }\n\n throw new MdocError(`Cannot parse mdoc. The signature algorithm '${algName}' is not supported.`)\n }\n\n public get validityInfo() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.decodedPayload.validityInfo\n }\n\n public get deviceSignedNamespaces(): MdocNameSpaces \| null {\n if (this.issuerSignedDocument instanceof DeviceSignedDocument === false) {\n return null\n }\n\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allDeviceSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public get issuerSignedCertificateChain() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain\n }\n\n public get signingCertificate() {\n return this.issuerSignedDocument.issuerSigned.issuerAuth.certificate\n }\n\n public get issuerSignedNamespaces(): MdocNameSpaces {\n return Object.fromEntries(\n Array.from(this.issuerSignedDocument.allIssuerSignedNamespaces.entries()).map(([namespace, value]) => [\n namespace,\n Object.fromEntries(Array.from(value.entries())),\n ])\n )\n }\n\n public static async sign(agentContext: AgentContext, options: MdocSignOptions) {\n const { docType, validityInfo, namespaces, holderKey, issuerCertificate } = options\n const mdocContext = getMdocContext(agentContext)\n\n const document = new Document(docType, mdocContext)\n .useDigestAlgorithm('SHA-256')\n .addValidityInfo(validityInfo)\n .addDeviceKeyInfo({ deviceKey: holderKey.toJson() })\n\n for (const [namespace, namespaceRecord] of Object.entries(namespaces)) {\n document.addIssuerNameSpace(namespace, namespaceRecord)\n }\n\n const issuerKey = issuerCertificate.publicJwk\n const alg = issuerKey.supportedSignatureAlgorithms.find(isMdocSupportedSignatureAlgorithm)\n if (!alg) {\n throw new MdocError(\n `Unable to create sign mdoc. No supported signature algorithm found to sign mdoc for jwk with key ${\n issuerKey.jwkTypeHumanDescription\n }. Key supports algs ${issuerKey.supportedSignatureAlgorithms.join(\n ', '\n )}. mdoc supports algs ${mdocSupportedSignatureAlgorithms.join(', ')}`\n )\n }\n\n const issuerSignedDocument = await document.sign(\n {\n issuerPrivateKey: issuerKey.toJson(),\n alg,\n issuerCertificate: issuerCertificate.rawCertificate,\n },\n mdocContext\n )\n\n return new Mdoc(issuerSignedDocument)\n }\n\n public async verify(\n agentContext: AgentContext,\n options?: MdocVerifyOptions\n ): Promise<{ isValid: true } \| { isValid: false; error: string }> {\n const x509ModuleConfig = agentContext.dependencyManager.resolve(X509ModuleConfig)\n const certificateChain = this.issuerSignedDocument.issuerSigned.issuerAuth.certificateChain.map((certificate) =>\n X509Certificate.fromRawCertificate(certificate)\n )\n\n let trustedCertificates = options?.trustedCertificates\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509ModuleConfig.getTrustedCertificatesForVerification?.(agentContext, {\n verification: {\n type: 'credential',\n credential: this,\n },\n certificateChain,\n })) ?? x509ModuleConfig.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new MdocError('No trusted certificates found. Cannot verify mdoc.')\n }\n\n const mdocContext = getMdocContext(agentContext)\n try {\n const verifier = new Verifier()\n await verifier.verifyIssuerSignature(\n {\n trustedCertificates: trustedCertificates.map(\n (cert) => X509Certificate.fromEncodedCertificate(cert).rawCertificate\n ),\n issuerAuth: this.issuerSignedDocument.issuerSigned.issuerAuth,\n disableCertificateChainValidation: false,\n now: options?.now,\n },\n mdocContext\n )\n\n await verifier.verifyData({ mdoc: this.issuerSignedDocument }, mdocContext)\n return { isValid: true }\n } catch (error) {\n return { isValid: false, error: error.message }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,IAAa,OAAb,MAAa,KAAK;CAIhB,AAAQ,YAAY,AAAOA,sBAAmE;EAAnE;;EACzB,MAAM,eAAe,qBAAqB,SAAS,CAAC,IAAI,eAAe;AACvE,OAAK,YAAY,kBAAkB,YAAY,WAAW,aAAa,CAAC;;;;;CAM1E,IAAW,cAAc;AACvB,SAAO,YAAY;;;;;CAMrB,IAAW,UAAU;AACnB,SAAO,KAAK;;;;;CAMd,IAAW,YAAuB;EAChC,MAAM,eAAe,KAAK,qBAAqB,aAAa,WAAW,eAAe,eAAe;AACrG,MAAI,CAAC,aAAc,OAAM,IAAI,UAAU,yCAAyC;EAEhF,MAAM,YAAY,UAAU,YAAY,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC;AAC7E,2CAAI,KAAiB,CAAE,WAAU,6CAAQ,KAAiB;AAC1D,SAAO;;CAGT,IAAW,YAAY,OAA2B;AAChD,6CAAoB,MAAK;;CAG3B,IAAW,cAAc;EACvB,MAAM,YAAY,KAAK;AAEvB,MAAI,UAAU,SAAU,QAAO,UAAU;;CAI3C,OAAc,cAAc,eAAuB,iBAAgC;AAEjF,SAAO,IAAI,KADkB,kBAAkB,kBAAkB,WAAW,cAAc,EAAE,gBAAgB,CACvE;;CAGvC,OAAc,yBAAyB,uBAA+B,iBAAgC;AACpG,SAAO,IAAI,KAAK,kBAAkB,kBAAkB,WAAW,sBAAsB,EAAE,gBAAgB,CAAC;;CAG1G,OAAc,yBACZ,uBACA,uBACA,iBACM;AACN,SAAO,IAAI,KACT,kBACE,kBAAkB,WAAW,sBAAsB,EACnD,kBAAkB,WAAW,sBAAsB,EACnD,gBACD,CACF;;CAGH,IAAW,UAAkB;AAC3B,SAAO,KAAK,qBAAqB;;CAGnC,IAAW,MAAkC;EAC3C,MAAM,UAAU,KAAK,qBAAqB,aAAa,WAAW;AAClE,MAAI,CAAC,QACH,OAAM,IAAI,UAAU,wDAAwD;AAE9E,MAAI,6BAA6B,QAAQ,CACvC,QAAO;AAGT,QAAM,IAAI,UAAU,+CAA+C,QAAQ,qBAAqB;;CAGlG,IAAW,eAAe;AACxB,SAAO,KAAK,qBAAqB,aAAa,WAAW,eAAe;;CAG1E,IAAW,yBAAgD;AACzD,MAAI,KAAK,gCAAgC,yBAAyB,MAChE,QAAO;AAGT,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,IAAW,+BAA+B;AACxC,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,qBAAqB;AAC9B,SAAO,KAAK,qBAAqB,aAAa,WAAW;;CAG3D,IAAW,yBAAyC;AAClD,SAAO,OAAO,YACZ,MAAM,KAAK,KAAK,qBAAqB,0BAA0B,SAAS,CAAC,CAAC,KAAK,CAAC,WAAW,WAAW,CACpG,WACA,OAAO,YAAY,MAAM,KAAK,MAAM,SAAS,CAAC,CAAC,CAChD,CAAC,CACH;;CAGH,aAAoB,KAAK,cAA4B,SAA0B;EAC7E,MAAM,EAAE,SAAS,cAAc,YAAY,WAAW,sBAAsB;EAC5E,MAAM,cAAc,eAAe,aAAa;EAEhD,MAAM,WAAW,IAAI,SAAS,SAAS,YAAY,CAChD,mBAAmB,UAAU,CAC7B,gBAAgB,aAAa,CAC7B,iBAAiB,EAAE,WAAW,UAAU,QAAQ,EAAE,CAAC;AAEtD,OAAK,MAAM,CAAC,WAAW,oBAAoB,OAAO,QAAQ,WAAW,CACnE,UAAS,mBAAmB,WAAW,gBAAgB;EAGzD,MAAM,YAAY,kBAAkB;EACpC,MAAM,MAAM,UAAU,6BAA6B,KAAK,kCAAkC;AAC1F,MAAI,CAAC,IACH,OAAM,IAAI,UACR,oGACE,UAAU,wBACX,sBAAsB,UAAU,6BAA6B,KAC5D,KACD,CAAC,uBAAuB,iCAAiC,KAAK,KAAK,GACrE;AAYH,SAAO,IAAI,KATkB,MAAM,SAAS,KAC1C;GACE,kBAAkB,UAAU,QAAQ;GACpC;GACA,mBAAmB,kBAAkB;GACtC,EACD,YACD,CAEoC;;CAGvC,MAAa,OACX,cACA,SACgE;EAChE,MAAM,mBAAmB,aAAa,kBAAkB,QAAQ,iBAAiB;EACjF,MAAM,mBAAmB,KAAK,qBAAqB,aAAa,WAAW,iBAAiB,KAAK,gBAC/F,gBAAgB,mBAAmB,YAAY,CAChD;EAED,IAAI,sBAAsB,SAAS;AACnC,MAAI,CAAC,oBACH,uBACG,MAAM,iBAAiB,wCAAwC,cAAc;GAC5E,cAAc;IACZ,MAAM;IACN,YAAY;IACb;GACD;GACD,CAAC,IAAK,iBAAiB;AAG5B,MAAI,CAAC,oBACH,OAAM,IAAI,UAAU,qDAAqD;EAG3E,MAAM,cAAc,eAAe,aAAa;AAChD,MAAI;GACF,MAAM,WAAW,IAAI,UAAU;AAC/B,SAAM,SAAS,sBACb;IACE,qBAAqB,oBAAoB,KACtC,SAAS,gBAAgB,uBAAuB,KAAK,CAAC,eACxD;IACD,YAAY,KAAK,qBAAqB,aAAa;IACnD,mCAAmC;IACnC,KAAK,SAAS;IACf,EACD,YACD;AAED,SAAM,SAAS,WAAW,EAAE,MAAM,KAAK,sBAAsB,EAAE,YAAY;AAC3E,UAAO,EAAE,SAAS,MAAM;WACjB,OAAO;AACd,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;IAAS"}