@did-btcr2/api 0.2.2 → 0.3.1

package/dist/esm/crypto.js

@@ -0,0 +1,425 @@
+import { BIP340Cryptosuite, BIP340DataIntegrityProof, SchnorrMultikey } from '@did-btcr2/cryptosuite';
+import { CompressedSecp256k1PublicKey, SchnorrKeyPair, Secp256k1SecretKey } from '@did-btcr2/keypair';
+/**
+ * Schnorr keypair operations.
+ * @public
+ */
+export class KeyPairApi {
+    /**
+     * Generate a new Schnorr keypair.
+     * @returns The generated Schnorr keypair.
+     */
+    generate() {
+        return SchnorrKeyPair.generate();
+    }
+    /**
+     * Create a Schnorr keypair from secret key bytes or hex string.
+     * @param data The secret key bytes or hex string.
+     * @returns The created Schnorr keypair.
+     */
+    fromSecret(data) {
+        return SchnorrKeyPair.fromSecret(data);
+    }
+    /** Create a secret key from entropy (bytes or bigint). */
+    secretKeyFrom(ent) {
+        return new Secp256k1SecretKey(ent);
+    }
+    /** Create a compressed public key from bytes. */
+    publicKeyFrom(byt) {
+        return new CompressedSecp256k1PublicKey(byt);
+    }
+    /** Deserialize a keypair from a JSON object. */
+    fromJSON(obj) {
+        return SchnorrKeyPair.fromJSON(obj);
+    }
+    /** Serialize a keypair to a JSON object. */
+    toJSON(kp) {
+        return kp.exportJSON();
+    }
+    /** Compare two keypairs for equality. */
+    equals(kp1, kp2) {
+        return SchnorrKeyPair.equals(kp1, kp2);
+    }
+}
+/**
+ * Schnorr cryptosuite operations.
+ *
+ * Optionally stateful: call {@link use} to set a current cryptosuite, then
+ * call {@link createProof}, {@link verifyProof}, or {@link toDataIntegrityProof}
+ * without passing an explicit instance. Pass an explicit instance to any
+ * method to override the current one for that call.
+ * @public
+ */
+export class CryptosuiteApi {
+    #current;
+    /** The currently active cryptosuite, or `undefined` if none is set. */
+    get current() {
+        return this.#current;
+    }
+    /**
+     * Set the current cryptosuite for subsequent operations.
+     * @param cs The cryptosuite to activate.
+     * @returns `this` for chaining.
+     */
+    use(cs) {
+        this.#current = cs;
+        return this;
+    }
+    /** Clear the current cryptosuite. */
+    clear() {
+        this.#current = undefined;
+    }
+    /**
+     * Create a new Schnorr cryptosuite from a multikey.
+     * @param multikey The Schnorr multikey to use.
+     * @returns The created Schnorr cryptosuite.
+     */
+    create(multikey) {
+        return new BIP340Cryptosuite(multikey);
+    }
+    /**
+     * Convenience: resolve a key from the KMS and create a cryptosuite in one step.
+     * @param id The multikey ID (e.g. '#initialKey').
+     * @param controller The DID that controls this key.
+     * @param keyId The KMS key identifier to resolve.
+     * @param kms The KeyManagerApi instance holding the key.
+     * @returns The created Schnorr cryptosuite.
+     */
+    createFromKms(id, controller, keyId, kms) {
+        const pubBytes = kms.getPublicKey(keyId);
+        const mk = SchnorrMultikey.fromPublicKey({ id, controller, publicKeyBytes: pubBytes });
+        return new BIP340Cryptosuite(mk);
+    }
+    /**
+     * Convert a cryptosuite to a Data Integrity Proof instance.
+     * Uses the current cryptosuite when `cryptosuite` is omitted.
+     * @param cryptosuite Optional explicit cryptosuite to convert.
+     * @returns The Data Integrity Proof instance.
+     */
+    toDataIntegrityProof(cryptosuite) {
+        const cs = cryptosuite ?? this.#requireCurrent();
+        return cs.toDataIntegrityProof();
+    }
+    /**
+     * Create a proof for a document.
+     * Uses the current cryptosuite when `cryptosuite` is omitted.
+     * @param document The document to create the proof for.
+     * @param config Configuration for the proof creation.
+     * @param cryptosuite Optional explicit cryptosuite; defaults to current.
+     * @returns The created proof.
+     */
+    createProof(document, config, cryptosuite) {
+        const cs = cryptosuite ?? this.#requireCurrent();
+        return cs.createProof(document, config);
+    }
+    /**
+     * Verify a proof for a document.
+     * Uses the current cryptosuite when `cryptosuite` is omitted.
+     * @param document The document to verify the proof for.
+     * @param cryptosuite Optional explicit cryptosuite; defaults to current.
+     * @returns The full verification result.
+     */
+    verifyProof(document, cryptosuite) {
+        const cs = cryptosuite ?? this.#requireCurrent();
+        return cs.verifyProof(document);
+    }
+    #requireCurrent() {
+        if (!this.#current) {
+            throw new Error('No current cryptosuite set. Call cryptosuite.use(cs) first, or pass an explicit instance.');
+        }
+        return this.#current;
+    }
+}
+/**
+ * Data Integrity Proof operations.
+ *
+ * Optionally stateful: call {@link use} to set a current proof instance, then
+ * call {@link addProof} or {@link verifyProof} without passing an explicit
+ * instance. Pass an explicit instance to override for that call.
+ * @public
+ */
+export class DataIntegrityProofApi {
+    #current;
+    /** The currently active proof instance, or `undefined` if none is set. */
+    get current() {
+        return this.#current;
+    }
+    /**
+     * Set the current proof instance for subsequent operations.
+     * @param p The proof instance to activate.
+     * @returns `this` for chaining.
+     */
+    use(p) {
+        this.#current = p;
+        return this;
+    }
+    /** Clear the current proof instance. */
+    clear() {
+        this.#current = undefined;
+    }
+    /**
+     * Create a BIP340DataIntegrityProof instance with the given cryptosuite.
+     * @param cryptosuite The cryptosuite to use for proof operations.
+     * @returns The created BIP340DataIntegrityProof instance.
+     */
+    create(cryptosuite) {
+        return new BIP340DataIntegrityProof(cryptosuite);
+    }
+    /**
+     * Add a proof to a document.
+     * Uses the current proof instance when `proof` is omitted.
+     * @param document The document to add the proof to.
+     * @param config Configuration for adding the proof.
+     * @param proof Optional explicit proof instance; defaults to current.
+     * @returns A document with a proof added.
+     */
+    addProof(document, config, proof) {
+        const p = proof ?? this.#requireCurrent();
+        return p.addProof(document, config);
+    }
+    /**
+     * Convenience: create a cryptosuite, proof instance, and sign a document
+     * in one call. Requires a multikey with signing capability.
+     * @param multikey The Schnorr multikey (must include secret key).
+     * @param document The unsigned document to sign.
+     * @param config The Data Integrity proof configuration.
+     * @returns The signed document with proof attached.
+     */
+    signDocument(multikey, document, config) {
+        const cs = new BIP340Cryptosuite(multikey);
+        const proofInst = new BIP340DataIntegrityProof(cs);
+        return proofInst.addProof(document, config);
+    }
+    /**
+     * Verify a proof using a BIP340DataIntegrityProof instance.
+     * Uses the current proof instance when `proof` is omitted.
+     * @param document The document to verify the proof for.
+     * @param expectedPurpose The expected proof purpose.
+     * @param mediaType The media type of the document.
+     * @param expectedDomain The expected domain for the proof.
+     * @param expectedChallenge The expected challenge for the proof.
+     * @param proof Optional explicit proof instance; defaults to current.
+     * @returns The result of verifying the proof.
+     */
+    verifyProof(document, expectedPurpose, mediaType, expectedDomain, expectedChallenge, proof) {
+        const p = proof ?? this.#requireCurrent();
+        return p.verifyProof(document, expectedPurpose, mediaType, expectedDomain, expectedChallenge);
+    }
+    #requireCurrent() {
+        if (!this.#current) {
+            throw new Error('No current proof instance set. Call proof.use(p) first, or pass an explicit instance.');
+        }
+        return this.#current;
+    }
+}
+/**
+ * Schnorr multikey operations.
+ *
+ * Optionally stateful: call {@link use} to set a current multikey, then
+ * call {@link sign}, {@link verify}, or {@link toVerificationMethod} without
+ * passing an explicit instance. Pass an explicit instance to any method to
+ * override the current one for that call.
+ * @public
+ */
+export class MultikeyApi {
+    #current;
+    /** The currently active multikey, or `undefined` if none is set. */
+    get current() {
+        return this.#current;
+    }
+    /**
+     * Set the current multikey for subsequent operations.
+     * @param mk The multikey to activate.
+     * @returns `this` for chaining.
+     */
+    use(mk) {
+        this.#current = mk;
+        return this;
+    }
+    /** Clear the current multikey. */
+    clear() {
+        this.#current = undefined;
+    }
+    /**
+     * Create a new Schnorr multikey from a keypair.
+     * @param id The multikey ID.
+     * @param controller The multikey controller.
+     * @param keyPair The Schnorr keypair to use.
+     * @returns The created Schnorr multikey.
+     */
+    create(id, controller, keyPair) {
+        return new SchnorrMultikey({ id, controller, keyPair });
+    }
+    /**
+     * Create a Schnorr multikey from raw secret key bytes.
+     * @param id The multikey ID.
+     * @param controller The multikey controller.
+     * @param secretKeyBytes The secret key bytes.
+     * @returns The created Schnorr multikey.
+     */
+    fromSecretKey(id, controller, secretKeyBytes) {
+        return SchnorrMultikey.fromSecretKey(id, controller, secretKeyBytes);
+    }
+    /**
+     * Create a verification-only multikey from public key bytes.
+     * @param params The id, controller, and publicKeyBytes.
+     * @returns The created Multikey.
+     */
+    fromPublicKey(params) {
+        return SchnorrMultikey.fromPublicKey(params);
+    }
+    /**
+     * Convenience: resolve a key from the KMS and create a multikey in one step.
+     * @param id The multikey ID.
+     * @param controller The multikey controller DID.
+     * @param keyId The KMS key identifier to resolve.
+     * @param kms The KeyManagerApi instance holding the key.
+     * @returns The created Multikey (verification-only; public key from KMS).
+     */
+    fromKms(id, controller, keyId, kms) {
+        const pubBytes = kms.getPublicKey(keyId);
+        return SchnorrMultikey.fromPublicKey({ id, controller, publicKeyBytes: pubBytes });
+    }
+    /**
+     * Reconstruct a multikey from a DID document's verification method.
+     * @param verificationMethod The verification method to convert.
+     * @returns The reconstructed multikey.
+     */
+    fromVerificationMethod(verificationMethod) {
+        return SchnorrMultikey.fromVerificationMethod(verificationMethod);
+    }
+    /**
+     * Produce a DID Verification Method JSON from a multikey.
+     * Uses the current multikey when `mk` is omitted.
+     * @param mk Optional explicit multikey; defaults to current.
+     */
+    toVerificationMethod(mk) {
+        const m = mk ?? this.#requireCurrent();
+        return m.toVerificationMethod();
+    }
+    /**
+     * Sign bytes via the multikey (requires secret).
+     * Uses the current multikey when `mk` is omitted.
+     * @param data The data to sign.
+     * @param mk Optional explicit multikey; defaults to current.
+     */
+    sign(data, mk) {
+        const m = mk ?? this.#requireCurrent();
+        return m.sign(data);
+    }
+    /**
+     * Verify signature via multikey.
+     * Uses the current multikey when `mk` is omitted.
+     * @param data The data that was signed.
+     * @param signature The signature to verify.
+     * @param mk Optional explicit multikey; defaults to current.
+     */
+    verify(data, signature, mk) {
+        const m = mk ?? this.#requireCurrent();
+        return m.verify(signature, data);
+    }
+    #requireCurrent() {
+        if (!this.#current) {
+            throw new Error('No current multikey set. Call multikey.use(mk) first, or pass an explicit instance.');
+        }
+        return this.#current;
+    }
+}
+/**
+ * Aggregated cryptographic operations sub-facade.
+ *
+ * Provides direct access to the four sub-facades ({@link keypair},
+ * {@link multikey}, {@link cryptosuite}, {@link proof}) plus top-level
+ * convenience methods that orchestrate the full signing/verification
+ * pipeline using their stateful defaults.
+ *
+ * @example Stateful pipeline
+ * ```ts
+ * const api = createApi();
+ * const kp  = api.crypto.keypair.generate();
+ * const mk  = api.crypto.multikey.create('#key-1', 'did:btcr2:test', kp);
+ *
+ * // Set the active multikey — flows through to cryptosuite and proof
+ * api.crypto.activate(mk);
+ *
+ * // Now sign without threading instances
+ * const signed = api.crypto.signDocument(unsignedDoc, proofConfig);
+ * ```
+ * @public
+ */
+export class CryptoApi {
+    /** Schnorr keypair operations. */
+    keypair = new KeyPairApi();
+    /** Schnorr Multikey operations (optionally stateful). */
+    multikey = new MultikeyApi();
+    /** Schnorr Cryptosuite operations (optionally stateful). */
+    cryptosuite = new CryptosuiteApi();
+    /** Data Integrity Proof operations (optionally stateful). */
+    proof = new DataIntegrityProofApi();
+    /**
+     * Activate a multikey and propagate through the full pipeline.
+     * Sets the current multikey, creates a cryptosuite from it, and creates
+     * a proof instance from the cryptosuite — all three sub-facades become
+     * ready for stateful operations.
+     * @param mk The multikey to activate (must include a secret key for signing).
+     * @returns `this` for chaining.
+     */
+    activate(mk) {
+        this.multikey.use(mk);
+        const cs = this.cryptosuite.create(mk);
+        this.cryptosuite.use(cs);
+        const p = this.proof.create(cs);
+        this.proof.use(p);
+        return this;
+    }
+    /**
+     * Clear stateful defaults from all sub-facades.
+     */
+    deactivate() {
+        this.multikey.clear();
+        this.cryptosuite.clear();
+        this.proof.clear();
+    }
+    /**
+     * Sign data using the current multikey.
+     * Shorthand for `crypto.multikey.sign(data)`.
+     * @param data The data to sign.
+     * @returns The signature bytes.
+     */
+    sign(data) {
+        return this.multikey.sign(data);
+    }
+    /**
+     * Verify a signature using the current multikey.
+     * Shorthand for `crypto.multikey.verify(data, signature)`.
+     * @param data The data that was signed.
+     * @param signature The signature to verify.
+     * @returns `true` if the signature is valid.
+     */
+    verify(data, signature) {
+        return this.multikey.verify(data, signature);
+    }
+    /**
+     * Sign a BTCR2 update document using the current proof instance.
+     * Shorthand for `crypto.proof.addProof(document, config)`.
+     *
+     * Requires {@link activate} to have been called first, or the three
+     * sub-facades to have been configured individually.
+     * @param document The unsigned BTCR2 update document.
+     * @param config The Data Integrity proof configuration.
+     * @returns The signed document with proof attached.
+     */
+    signDocument(document, config) {
+        return this.proof.addProof(document, config);
+    }
+    /**
+     * Verify a signed BTCR2 update document using the current cryptosuite.
+     * Shorthand for `crypto.cryptosuite.verifyProof(document)`.
+     * @param document The signed document to verify.
+     * @returns The full verification result.
+     */
+    verifyDocument(document) {
+        return this.cryptosuite.verifyProof(document);
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/esm/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EAMxB,eAAe,EAIhB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,4BAA4B,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAKtG;;;GAGG;AACH,MAAM,OAAO,UAAU;IACrB;;;OAGG;IACH,QAAQ;QACN,OAAO,cAAc,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAED;;;;OAIG;IACH,UAAU,CAAC,IAA0B;QACnC,OAAO,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,0DAA0D;IAC1D,aAAa,CAAC,GAAY;QACxB,OAAO,IAAI,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,iDAAiD;IACjD,aAAa,CAAC,GAAU;QACtB,OAAO,IAAI,4BAA4B,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,gDAAgD;IAChD,QAAQ,CAAC,GAAyB;QAChC,OAAO,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,4CAA4C;IAC5C,MAAM,CAAC,EAAkB;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,CAAC;IACzB,CAAC;IAED,yCAAyC;IACzC,MAAM,CAAC,GAAmB,EAAE,GAAmB;QAC7C,OAAO,cAAc,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,cAAc;IACzB,QAAQ,CAAqB;IAE7B,uEAAuE;IACvE,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,EAAqB;QACvB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,KAAK;QACH,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,QAAyB;QAC9B,OAAO,IAAI,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;;OAOG;IACH,aAAa,CACX,EAAU,EACV,UAAkB,EAClB,KAAoB,EACpB,GAAkB;QAElB,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,eAAe,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvF,OAAO,IAAI,iBAAiB,CAAC,EAAqB,CAAC,CAAC;IACtD,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAAC,WAA+B;QAClD,MAAM,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACjD,OAAO,EAAE,CAAC,oBAAoB,EAAE,CAAC;IACnC,CAAC;IAED;;;;;;;OAOG;IACH,WAAW,CACT,QAAqB,EACrB,MAA2B,EAC3B,WAA+B;QAE/B,MAAM,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACjD,OAAO,EAAE,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CAAC,QAA2B,EAAE,WAA+B;QACtE,MAAM,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACjD,OAAO,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,qBAAqB;IAChC,QAAQ,CAA4B;IAEpC,0EAA0E;IAC1E,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,CAA2B;QAC7B,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wCAAwC;IACxC,KAAK;QACH,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,WAA8B;QACnC,OAAO,IAAI,wBAAwB,CAAC,WAAW,CAAC,CAAC;IACnD,CAAC;IAED;;;;;;;OAOG;IACH,QAAQ,CACN,QAA6B,EAC7B,MAA2B,EAC3B,KAAgC;QAEhC,MAAM,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CACV,QAAyB,EACzB,QAA6B,EAC7B,MAA2B;QAE3B,MAAM,EAAE,GAAG,IAAI,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,wBAAwB,CAAC,EAAE,CAAC,CAAC;QACnD,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;OAUG;IACH,WAAW,CACT,QAAgB,EAChB,eAAuB,EACvB,SAAkB,EAClB,cAAuB,EACvB,iBAA0B,EAC1B,KAAgC;QAEhC,MAAM,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAC1C,OAAO,CAAC,CAAC,WAAW,CAClB,QAAQ,EACR,eAAe,EACf,SAAS,EACT,cAAc,EACd,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAED,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,WAAW;IACtB,QAAQ,CAAmB;IAE3B,oEAAoE;IACpE,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,EAAmB;QACrB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kCAAkC;IAClC,KAAK;QACH,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,EAAU,EAAE,UAAkB,EAAE,OAAuB;QAC5D,OAAO,IAAI,eAAe,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;OAMG;IACH,aAAa,CAAC,EAAU,EAAE,UAAkB,EAAE,cAAqB;QACjE,OAAO,eAAe,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACvE,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,MAAqB;QACjC,OAAO,eAAe,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;OAOG;IACH,OAAO,CAAC,EAAU,EAAE,UAAkB,EAAE,KAAoB,EAAE,GAAkB;QAC9E,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO,eAAe,CAAC,aAAa,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,CAAC,CAAC;IACrF,CAAC;IAED;;;;OAIG;IACH,sBAAsB,CAAC,kBAAyC;QAC9D,OAAO,eAAe,CAAC,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;IACpE,CAAC;IAED;;;;OAIG;IACH,oBAAoB,CAAC,EAAoB;QACvC,MAAM,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACvC,OAAO,CAAC,CAAC,oBAAoB,EAAE,CAAC;IAClC,CAAC;IAED;;;;;OAKG;IACH,IAAI,CAAC,IAAW,EAAE,EAAoB;QACpC,MAAM,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACvC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,IAAW,EAAE,SAAyB,EAAE,EAAoB;QACjE,MAAM,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACvC,OAAO,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,qFAAqF,CACtF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,SAAS;IACpB,kCAAkC;IACzB,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;IAEpC,yDAAyD;IAChD,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC;IAEtC,4DAA4D;IACnD,WAAW,GAAG,IAAI,cAAc,EAAE,CAAC;IAE5C,6DAA6D;IACpD,KAAK,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAE7C;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAmB;QAC1B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACH,IAAI,CAAC,IAAW;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,IAAW,EAAE,SAAyB;QAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;;;;;OASG;IACH,YAAY,CAAC,QAA6B,EAAE,MAA2B;QACrE,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,QAA2B;QACxC,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;CACF"}

package/dist/esm/did.js

@@ -0,0 +1,70 @@
+import { IdentifierTypes } from '@did-btcr2/common';
+import { SchnorrKeyPair } from '@did-btcr2/keypair';
+import { Identifier } from '@did-btcr2/method';
+import { Did } from '@web5/dids';
+import { assertBytes, assertString } from './helpers.js';
+/**
+ * DID identifier operations sub-facade (encode, decode, generate, parse).
+ * @public
+ */
+export class DidApi {
+    /**
+     * Encode a DID from genesis bytes and options.
+     * @param genesisBytes The genesis document bytes.
+     * @param options The creation options.
+     * @returns The encoded DID string.
+     */
+    encode(genesisBytes, options) {
+        assertBytes(genesisBytes, 'genesisBytes');
+        return Identifier.encode(genesisBytes, options);
+    }
+    /**
+     * Decode a DID into its components.
+     * @param did The DID string to decode.
+     * @returns The decoded identifier components.
+     */
+    decode(did) {
+        assertString(did, 'did');
+        return Identifier.decode(did);
+    }
+    /**
+     * Generate a new DID along with its keypair.
+     *
+     * When no `network` is given, defaults to `'regtest'` (upstream default).
+     * Pass an explicit network to generate DIDs for other networks.
+     *
+     * @param network Optional network to generate the DID for.
+     * @returns The generated keypair and DID string.
+     */
+    generate(network) {
+        if (!network)
+            return Identifier.generate();
+        const kp = SchnorrKeyPair.generate();
+        const did = Identifier.encode(kp.publicKey.compressed, {
+            idType: IdentifierTypes.KEY,
+            network,
+        });
+        return { keyPair: kp.exportJSON(), did };
+    }
+    /**
+     * Check if a DID string is valid.
+     * @param did The DID string to validate.
+     * @returns `true` if valid, `false` otherwise.
+     */
+    isValid(did) {
+        if (typeof did !== 'string' || did.length === 0)
+            return false;
+        return Identifier.isValid(did);
+    }
+    /**
+     * Parse a DID string into a Did instance.
+     * @param did The DID string to parse.
+     * @returns The parsed Did instance, or `null` if parsing failed.
+     */
+    parse(did) {
+        if (typeof did !== 'string' || did.length === 0)
+            return null;
+        return Did.parse(did);
+    }
+}
+//# sourceMappingURL=did.js.map

package/dist/esm/did.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.js","sourceRoot":"","sources":["../../src/did.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAGpD,OAAO,EAAE,UAAU,EAAwB,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEzD;;;GAGG;AACH,MAAM,OAAO,MAAM;IACjB;;;;;OAKG;IACH,MAAM,CAAC,YAA2B,EAAE,OAAyB;QAC3D,WAAW,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;QAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,GAAW;QAChB,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzB,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAqB;QAC5B,IAAI,CAAC,OAAO;YAAE,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE;YACrD,MAAM,EAAG,eAAe,CAAC,GAAG;YAC5B,OAAO;SACR,CAAC,CAAC;QACH,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE,GAAG,EAAE,CAAC;IAC3C,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,GAAW;QACjB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9D,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAW;QACf,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7D,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;CACF"}

package/dist/esm/helpers.js

@@ -0,0 +1,28 @@
+const noopFn = () => { };
+/** @internal */
+export const NOOP_LOGGER = {
+    debug: noopFn,
+    info: noopFn,
+    warn: noopFn,
+    error: noopFn,
+};
+/** @internal */
+export function assertString(value, name) {
+    if (typeof value !== 'string' || value.length === 0) {
+        throw new Error(`${name} must be a non-empty string.`);
+    }
+}
+/** @internal */
+export function assertBytes(value, name) {
+    if (!(value instanceof Uint8Array) || value.length === 0) {
+        throw new Error(`${name} must be a non-empty Uint8Array.`);
+    }
+}
+/** @internal */
+export function assertCompressedPubkey(value, name) {
+    assertBytes(value, name);
+    if (value.length !== 33) {
+        throw new Error(`${name} must be a 33-byte compressed public key, got ${value.length} bytes.`);
+    }
+}
+//# sourceMappingURL=helpers.js.map

package/dist/esm/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../src/helpers.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;AAExB,gBAAgB;AAChB,MAAM,CAAC,MAAM,WAAW,GAAW;IACjC,KAAK,EAAG,MAAM;IACd,IAAI,EAAI,MAAM;IACd,IAAI,EAAI,MAAM;IACd,KAAK,EAAG,MAAM;CACf,CAAC;AAEF,gBAAgB;AAChB,MAAM,UAAU,YAAY,CAAC,KAAc,EAAE,IAAY;IACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,8BAA8B,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,WAAW,CAAC,KAAc,EAAE,IAAY;IACtD,IAAI,CAAC,CAAC,KAAK,YAAY,UAAU,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,kCAAkC,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,gBAAgB;AAChB,MAAM,UAAU,sBAAsB,CAAC,KAAc,EAAE,IAAY;IACjE,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACzB,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACb,GAAG,IAAI,iDAAiD,KAAK,CAAC,MAAM,SAAS,CAC9E,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/esm/index.js

@@ -1,2 +1,14 @@
+// Upstream re-exports
+export { DidDocument, DidDocumentBuilder, Identifier } from '@did-btcr2/method';
+export { IdentifierTypes } from '@did-btcr2/common';
+// Local modules
+export * from './types.js';
+export * from './helpers.js';
+export * from './bitcoin.js';
+export * from './cas.js';
+export * from './kms.js';
+export * from './crypto.js';
+export * from './did.js';
+export * from './method.js';
 export * from './api.js';
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,sBAAsB;AACtB,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAyBpD,gBAAgB;AAChB,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC"}

package/dist/esm/kms.js

@@ -0,0 +1,73 @@
+import { Kms, } from '@did-btcr2/kms';
+import { assertBytes } from './helpers.js';
+/**
+ * Key management operations sub-facade.
+ *
+ * Wraps a {@link KeyManager} interface. By default uses the built-in
+ * {@link Kms} implementation; a custom implementation can be injected
+ * via {@link ApiConfig}.
+ * @public
+ */
+export class KeyManagerApi {
+    /** The backing KeyManager instance. */
+    kms;
+    /** Create a new KeyManagerApi, optionally backed by a custom KeyManager. */
+    constructor(kms) {
+        this.kms = kms ?? new Kms();
+    }
+    /** Generate a new key directly in the KMS. */
+    generateKey(options) {
+        return this.kms.generateKey(options);
+    }
+    /** Set the active key by its identifier. */
+    setActive(id) {
+        this.kms.setActiveKey(id);
+    }
+    /** Get the public key bytes for a key identifier. */
+    getPublicKey(id) {
+        return this.kms.getPublicKey(id);
+    }
+    /** Import a Schnorr keypair into the KMS. */
+    import(kp, options) {
+        return this.kms.importKey(kp, options);
+    }
+    /**
+     * Export a Schnorr keypair from the KMS.
+     * Only supported when the backing KMS is the built-in {@link Kms} class.
+     * @throws {Error} If the backing KMS does not support key export.
+     */
+    export(id) {
+        if (!(this.kms instanceof Kms)) {
+            throw new Error('Key export is not supported by the current KeyManager implementation. '
+                + 'Export is only available with the built-in Kms class.');
+        }
+        return this.kms.exportKey(id);
+    }
+    /** List all managed key identifiers. */
+    listKeys() {
+        return this.kms.listKeys();
+    }
+    /** Remove a key from the KMS. */
+    removeKey(id, options = {}) {
+        return this.kms.removeKey(id, options);
+    }
+    /**
+     * Sign data via the KMS.
+     * @param data The data to sign (must be non-empty).
+     * @param id Optional key identifier; uses the active key if omitted.
+     * @param options Signing options (scheme defaults to 'schnorr').
+     */
+    sign(data, id, options) {
+        assertBytes(data, 'data');
+        return this.kms.sign(data, id, options);
+    }
+    /** Verify a signature via the KMS. */
+    verify(signature, data, id, options) {
+        return this.kms.verify(signature, data, id, options);
+    }
+    /** Compute a SHA-256 digest. */
+    digest(data) {
+        return this.kms.digest(data);
+    }
+}
+//# sourceMappingURL=kms.js.map

package/dist/esm/kms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../src/kms.ts"],"names":[],"mappings":"AAEA,OAAO,EAKL,GAAG,GAEJ,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C;;;;;;;GAOG;AACH,MAAM,OAAO,aAAa;IACxB,uCAAuC;IAC9B,GAAG,CAAa;IAEzB,4EAA4E;IAC5E,YAAY,GAAgB;QAC1B,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC;IAC9B,CAAC;IAED,8CAA8C;IAC9C,WAAW,CAAC,OAA4B;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,4CAA4C;IAC5C,SAAS,CAAC,EAAiB;QACzB,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,qDAAqD;IACrD,YAAY,CAAC,EAAkB;QAC7B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,EAAkB,EAAE,OAA0B;QACnD,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,EAAiB;QACtB,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,YAAY,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,wEAAwE;kBACtE,uDAAuD,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,wCAAwC;IACxC,QAAQ;QACN,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,CAAC;IAED,iCAAiC;IACjC,SAAS,CAAC,EAAiB,EAAE,UAA+B,EAAE;QAC5D,OAAO,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACH,IAAI,CAAC,IAAW,EAAE,EAAkB,EAAE,OAAqB;QACzD,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,sCAAsC;IACtC,MAAM,CAAC,SAAyB,EAAE,IAAW,EAAE,EAAkB,EAAE,OAAqB;QACtF,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED,gCAAgC;IAChC,MAAM,CAAC,IAAgB;QACrB,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;CACF"}