@enbox/dids 0.0.1

package/dist/esm/utils.js

@@ -0,0 +1,458 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Convert, Multicodec } from '@enbox/common';
+import { computeJwkThumbprint } from '@enbox/crypto';
+import { DidError, DidErrorCode } from './did-error.js';
+import { DidVerificationRelationship, } from './types/did-core.js';
+/**
+ * Extracts the fragment part of a Decentralized Identifier (DID) verification method identifier.
+ *
+ * This function takes any input and aims to return only the fragment of a DID identifier,
+ * which comes after the '#' symbol in a DID string. It's designed specifically for handling
+ * DID verification method identifiers. The function returns undefined for non-string inputs, inputs
+ * that do not contain a '#', or complex data structures like objects or arrays, ensuring that only
+ * the fragment part of a DID string is extracted when present.
+ *
+ * @example
+ * ```ts
+ * console.log(extractDidFragment("did:example:123#key-1")); // Output: "key-1"
+ * console.log(extractDidFragment("did:example:123")); // Output: undefined
+ * console.log(extractDidFragment({ id: "did:example:123#0", type: "JsonWebKey" })); // Output: undefined
+ * console.log(extractDidFragment(undefined)); // Output: undefined
+ * ```
+ *
+ * @param input - The input to be processed. Can be of any type, but the function is designed
+ *                to work with strings that represent DID verification method identifiers.
+ * @returns The fragment part of the DID identifier if the input is a string containing a '#'.
+ *          Returns an empty string for all other inputs, including non-string types, strings
+ *          without a '#', and complex data structures.
+ */
+export function extractDidFragment(input) {
+    if (typeof input !== 'string')
+        return undefined;
+    if (input.length === 0)
+        return undefined;
+    return input.split('#').pop();
+}
+/**
+ * Retrieves services from a given DID document, optionally filtered by `id` or `type`.
+ *
+ * If no `id` or `type` filters are provided, all defined services are returned.
+ *
+ * The given DID Document must adhere to the
+ * {@link https://www.w3.org/TR/did-core/ | W3C DID Core Specification}.
+ *
+ * @example
+ * ```ts
+ * const didDocument = { ... }; // W3C DID document
+ * const services = getServices({ didDocument, type: 'DecentralizedWebNode' });
+ * ```
+ *
+ * @param params - An object containing input parameters for retrieving services.
+ * @param params.didDocument - The DID document from which services are retrieved.
+ * @param params.id - Optional. A string representing the specific service ID to match. If provided, only the service with this ID will be returned.
+ * @param params.type - Optional. A string representing the specific service type to match. If provided, only the service(s) of this type will be returned.
+ * @returns An array of services. If no matching service is found, an empty array is returned.
+ */
+export function getServices({ didDocument, id, type }) {
+    var _a, _b;
+    return (_b = (_a = didDocument === null || didDocument === void 0 ? void 0 : didDocument.service) === null || _a === void 0 ? void 0 : _a.filter(service => {
+        if (id && service.id !== id)
+            return false;
+        if (type && service.type !== type)
+            return false;
+        return true;
+    })) !== null && _b !== void 0 ? _b : [];
+}
+/**
+ * Retrieves a verification method object from a DID document if there is a match for the given
+ * public key.
+ *
+ * This function searches the verification methods in a given DID document for a match with the
+ * provided public key (either in JWK or multibase format). If a matching verification method is
+ * found it is returned. If no match is found `null` is returned.
+ *
+ *
+ * @example
+ * ```ts
+ * const didDocument = {
+ *   // ... contents of a DID document ...
+ * };
+ * const publicKeyJwk = { kty: 'OKP', crv: 'Ed25519', x: '...' };
+ *
+ * const verificationMethod = await getVerificationMethodByKey({
+ *   didDocument,
+ *   publicKeyJwk
+ * });
+ * ```
+ *
+ * @param params - An object containing input parameters for retrieving the verification method ID.
+ * @param params.didDocument - The DID document to search for the verification method.
+ * @param params.publicKeyJwk - The public key in JSON Web Key (JWK) format to match against the verification methods in the DID document.
+ * @param params.publicKeyMultibase - The public key as a multibase encoded string to match against the verification methods in the DID document.
+ * @returns A promise that resolves with the matching verification method, or `null` if no match is found.
+ * @throws Throws an `Error` if the `didDocument` parameter is missing or if the `didDocument` does not contain any verification methods.
+ */
+export function getVerificationMethodByKey(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ didDocument, publicKeyJwk, publicKeyMultibase }) {
+        // Collect all verification methods from the DID document.
+        const verificationMethods = getVerificationMethods({ didDocument });
+        for (let method of verificationMethods) {
+            if (publicKeyJwk && method.publicKeyJwk) {
+                const publicKeyThumbprint = yield computeJwkThumbprint({ jwk: publicKeyJwk });
+                if (publicKeyThumbprint === (yield computeJwkThumbprint({ jwk: method.publicKeyJwk }))) {
+                    return method;
+                }
+            }
+            else if (publicKeyMultibase && method.publicKeyMultibase) {
+                if (publicKeyMultibase === method.publicKeyMultibase) {
+                    return method;
+                }
+            }
+        }
+        return null;
+    });
+}
+/**
+ * Retrieves all verification methods from a given DID document, including embedded methods.
+ *
+ * This function consolidates all verification methods into a single array for easy access and
+ * processing. It checks both the primary `verificationMethod` array and the individual verification
+ * relationship properties `authentication`, `assertionMethod`, `keyAgreement`,
+ * `capabilityInvocation`, and `capabilityDelegation` for embedded methods.
+ *
+ * The given DID Document must adhere to the
+ * {@link https://www.w3.org/TR/did-core/ | W3C DID Core Specification}.
+ *
+ * @example
+ * ```ts
+ * const didDocument = { ... }; // W3C DID document
+ * const verificationMethods = getVerificationMethods({ didDocument });
+ * ```
+ *
+ * @param params - An object containing input parameters for retrieving verification methods.
+ * @param params.didDocument - The DID document from which verification methods are retrieved.
+ * @returns An array of `DidVerificationMethod`. If no verification methods are found, an empty array is returned.
+ * @throws Throws an `TypeError` if the `didDocument` parameter is missing.
+ */
+export function getVerificationMethods({ didDocument }) {
+    var _a, _b;
+    if (!didDocument)
+        throw new TypeError(`Required parameter missing: 'didDocument'`);
+    const verificationMethods = [];
+    // Check the 'verificationMethod' array.
+    verificationMethods.push(...(_b = (_a = didDocument.verificationMethod) === null || _a === void 0 ? void 0 : _a.filter(isDidVerificationMethod)) !== null && _b !== void 0 ? _b : []);
+    // Check verification relationship properties for embedded verification methods.
+    Object.keys(DidVerificationRelationship).forEach((relationship) => {
+        var _a, _b;
+        verificationMethods.push(...(_b = (_a = didDocument[relationship]) === null || _a === void 0 ? void 0 : _a.filter(isDidVerificationMethod)) !== null && _b !== void 0 ? _b : []);
+    });
+    return verificationMethods;
+}
+/**
+ * Retrieves all DID verification method types from a given DID document.
+ *
+ * The given DID Document must adhere to the
+ * {@link https://www.w3.org/TR/did-core/ | W3C DID Core Specification}.
+ *
+ * @example
+ * ```ts
+ * const didDocument = {
+ *   verificationMethod: [
+ *     {
+ *       'id'              : 'did:example:123#key-0',
+ *       'type'            : 'Ed25519VerificationKey2018',
+ *       'controller'      : 'did:example:123',
+ *       'publicKeyBase58' : '3M5RCDjPTWPkKSN3sxUmmMqHbmRPegYP1tjcKyrDbt9J'
+ *     },
+ *     {
+ *       'id'              : 'did:example:123#key-1',
+ *       'type'            : 'X25519KeyAgreementKey2019',
+ *       'controller'      : 'did:example:123',
+ *       'publicKeyBase58' : 'FbQWLPRhTH95MCkQUeFYdiSoQt8zMwetqfWoxqPgaq7x'
+ *     },
+ *     {
+ *       'id'           : 'did:example:123#key-3',
+ *       'type'         : 'JsonWebKey2020',
+ *       'controller'   : 'did:example:123',
+ *       'publicKeyJwk' : {
+ *         'kty' : 'EC',
+ *         'crv' : 'P-256',
+ *         'x'   : 'Er6KSSnAjI70ObRWhlaMgqyIOQYrDJTE94ej5hybQ2M',
+ *         'y'   : 'pPVzCOTJwgikPjuUE6UebfZySqEJ0ZtsWFpj7YSPGEk'
+ *       }
+ *     }
+ *   ]
+ * },
+ * const vmTypes = getVerificationMethodTypes({ didDocument });
+ * console.log(vmTypes);
+ * // Output: ['Ed25519VerificationKey2018', 'X25519KeyAgreementKey2019', 'JsonWebKey2020']
+ * ```
+ *
+ * @param params - An object containing input parameters for retrieving types.
+ * @param params.didDocument - The DID document from which types are retrieved.
+ * @returns An array of types. If no types were found, an empty array is returned.
+ */
+export function getVerificationMethodTypes({ didDocument }) {
+    // Collect all verification methods from the DID document.
+    const verificationMethods = getVerificationMethods({ didDocument });
+    // Map to extract 'type' from each verification method.
+    const types = verificationMethods.map(method => method.type);
+    return [...new Set(types)]; // Return only unique types.
+}
+/**
+ * Retrieves a list of DID verification relationships by a specific method ID from a DID document.
+ *
+ * This function examines the specified DID document to identify any verification relationships
+ * (e.g., `authentication`, `assertionMethod`) that reference a verification method by its method ID
+ * or contain an embedded verification method matching the method ID. The method ID is typically a
+ * fragment of a DID (e.g., `did:example:123#key-1`) that uniquely identifies a verification method
+ * within the DID document.
+ *
+ * The search considers both direct references to verification methods by their IDs and verification
+ * methods embedded within the verification relationship arrays. It returns an array of
+ * `DidVerificationRelationship` enums corresponding to the verification relationships that contain
+ * the specified method ID.
+ *
+ * @param params - An object containing input parameters for retrieving verification relationships.
+ * @param params.didDocument - The DID document to search for verification relationships.
+ * @param params.methodId - The method ID to search for within the verification relationships.
+ * @returns An array of `DidVerificationRelationship` enums representing the types of verification
+ *          relationships that reference the specified method ID.
+ *
+ * @example
+ * ```ts
+ * const didDocument: DidDocument = {
+ *   // ...contents of a DID document...
+ * };
+ *
+ * const relationships = getVerificationRelationshipsById({
+ *   didDocument,
+ *   methodId: 'key-1'
+ * });
+ * console.log(relationships);
+ * // Output might include ['authentication', 'assertionMethod'] if those relationships
+ * // reference or contain the specified method ID.
+ * ```
+ */
+export function getVerificationRelationshipsById({ didDocument, methodId }) {
+    const relationships = [];
+    Object.keys(DidVerificationRelationship).forEach((relationship) => {
+        if (Array.isArray(didDocument[relationship])) {
+            const relationshipMethods = didDocument[relationship];
+            const methodIdFragment = extractDidFragment(methodId);
+            // Check if the verification relationship property contains a matching method ID either
+            // directly referenced or as an embedded verification method.
+            const containsMethodId = relationshipMethods.some(method => {
+                const isByReferenceMatch = extractDidFragment(method) === methodIdFragment;
+                const isEmbeddedMethodMatch = isDidVerificationMethod(method) && extractDidFragment(method.id) === methodIdFragment;
+                return isByReferenceMatch || isEmbeddedMethodMatch;
+            });
+            if (containsMethodId) {
+                relationships.push(relationship);
+            }
+        }
+    });
+    return relationships;
+}
+/**
+ * Checks if a given object is a {@link DidService}.
+ *
+ * A {@link DidService} in the context of DID resources must include the properties `id`, `type`,
+ * and `serviceEndpoint`. The `serviceEndpoint` can be a `DidServiceEndpoint` or an array of
+ * `DidServiceEndpoint` objects.
+ *
+ * @example
+ * ```ts
+ * const service = {
+ *   id: "did:example:123#service-1",
+ *   type: "OidcService",
+ *   serviceEndpoint: "https://example.com/oidc"
+ * };
+ *
+ * if (isDidService(service)) {
+ *   console.log('The object is a DidService');
+ * } else {
+ *   console.log('The object is not a DidService');
+ * }
+ * ```
+ *
+ * @param obj - The object to be checked.
+ * @returns `true` if `obj` is a `DidService`; otherwise, `false`.
+ */
+export function isDidService(obj) {
+    // Validate that the given value is an object.
+    if (!obj || typeof obj !== 'object' || obj === null)
+        return false;
+    // Validate that the object has the necessary properties of DidService.
+    return 'id' in obj && 'type' in obj && 'serviceEndpoint' in obj;
+}
+/**
+ * Checks if a given object is a {@link DwnDidService}.
+ *
+ * A {@link DwnDidService} is defined as {@link DidService} object with a `type` of
+ * "DecentralizedWebNode" and `enc` and `sig` properties, where both properties are either strings
+ * or arrays of strings.
+ *
+ * @example
+ * ```ts
+ * const didDocument: DidDocument = {
+ *   id: 'did:example:123',
+ *   verificationMethod: [
+ *     {
+ *       id: 'did:example:123#key-1',
+ *       type: 'JsonWebKey2020',
+ *       controller: 'did:example:123',
+ *       publicKeyJwk: { ... }
+ *     },
+ *     {
+ *       id: 'did:example:123#key-2',
+ *       type: 'JsonWebKey2020',
+ *       controller: 'did:example:123',
+ *       publicKeyJwk: { ... }
+ *     }
+ *   ],
+ *   service: [
+ *     {
+ *       id: 'did:example:123#dwn',
+ *       type: 'DecentralizedWebNode',
+ *       serviceEndpoint: 'https://enbox-production.up.railway.app',
+ *       enc: 'did:example:123#key-1',
+ *       sig: 'did:example:123#key-2'
+ *     }
+ *   ]
+ * };
+ *
+ * if (isDwnService(didDocument.service[0])) {
+ *   console.log('The object is a DwnDidService');
+ * } else {
+ *   console.log('The object is not a DwnDidService');
+ * }
+ * ```
+ *
+ * @see {@link https://identity.foundation/decentralized-web-node/spec/ | Decentralized Web Node (DWN) Specification}
+ *
+ * @param obj - The object to be checked.
+ * @returns `true` if `obj` is a DwnDidService; otherwise, `false`.
+ */
+export function isDwnDidService(obj) {
+    // Validate that the given value is a {@link DidService}.
+    if (!isDidService(obj))
+        return false;
+    // Validate that the `type` property is `DecentralizedWebNode`.
+    if (obj.type !== 'DecentralizedWebNode')
+        return false;
+    // Validate that the given object has the `enc` and `sig` properties.
+    if (!('enc' in obj && 'sig' in obj))
+        return false;
+    // Validate that the `enc` and `sig` properties are either strings or arrays of strings.
+    const isStringOrStringArray = (prop) => typeof prop === 'string' || Array.isArray(prop) && prop.every(item => typeof item === 'string');
+    return (isStringOrStringArray(obj.enc)) && (isStringOrStringArray(obj.sig));
+}
+/**
+ * Checks if a given object is a DID Verification Method.
+ *
+ * A {@link DidVerificationMethod} in the context of DID resources must include the properties `id`,
+ * `type`, and `controller`.
+ *
+ * @example
+ * ```ts
+ * const resource = {
+ *  id           : "did:example:123#0",
+ *  type         : "JsonWebKey2020",
+ *  controller   : "did:example:123",
+ *  publicKeyJwk : { ... }
+ * };
+ *
+ * if (isDidVerificationMethod(resource)) {
+ *   console.log('The resource is a DidVerificationMethod');
+ * } else {
+ *   console.log('The resource is not a DidVerificationMethod');
+ * }
+ * ```
+ *
+ * @param obj - The object to be checked.
+ * @returns `true` if `obj` is a `DidVerificationMethod`; otherwise, `false`.
+ */
+export function isDidVerificationMethod(obj) {
+    // Validate that the given value is an object.
+    if (!obj || typeof obj !== 'object' || obj === null)
+        return false;
+    // Validate that the object has the necessary properties of a DidVerificationMethod.
+    if (!('id' in obj && 'type' in obj && 'controller' in obj))
+        return false;
+    if (typeof obj.id !== 'string')
+        return false;
+    if (typeof obj.type !== 'string')
+        return false;
+    if (typeof obj.controller !== 'string')
+        return false;
+    return true;
+}
+/**
+ * Converts a cryptographic key to a multibase identifier.
+ *
+ * @remarks
+ * This method provides a way to represent a cryptographic key as a multibase identifier.
+ * It takes a `Uint8Array` representing the key, and either the multicodec code or multicodec name
+ * as input. The method first adds the multicodec prefix to the key, then encodes it into Base58
+ * format. Finally, it converts the Base58 encoded key into a multibase identifier.
+ *
+ * @example
+ * ```ts
+ * const key = new Uint8Array([...]); // Cryptographic key as Uint8Array
+ * const multibaseId = keyBytesToMultibaseId({ key, multicodecName: 'ed25519-pub' });
+ * ```
+ *
+ * @param params - The parameters for the conversion.
+ * @returns The multibase identifier as a string.
+ */
+export function keyBytesToMultibaseId({ keyBytes, multicodecCode, multicodecName }) {
+    const prefixedKey = Multicodec.addPrefix({
+        code: multicodecCode,
+        data: keyBytes,
+        name: multicodecName
+    });
+    const prefixedKeyB58 = Convert.uint8Array(prefixedKey).toBase58Btc();
+    const multibaseKeyId = Convert.base58Btc(prefixedKeyB58).toMultibase();
+    return multibaseKeyId;
+}
+/**
+ * Converts a multibase identifier to a cryptographic key.
+ *
+ * @remarks
+ * This function decodes a multibase identifier back into a cryptographic key. It first decodes the
+ * identifier from multibase format into Base58 format, and then converts it into a `Uint8Array`.
+ * Afterward, it removes the multicodec prefix, extracting the raw key data along with the
+ * multicodec code and name.
+ *
+ * @example
+ * ```ts
+ * const multibaseKeyId = '...'; // Multibase identifier of the key
+ * const { key, multicodecCode, multicodecName } = multibaseIdToKey({ multibaseKeyId });
+ * ```
+ *
+ * @param params - The parameters for the conversion.
+ * @param params.multibaseKeyId - The multibase identifier string of the key.
+ * @returns An object containing the key as a `Uint8Array` and its multicodec code and name.
+ * @throws `DidError` if the multibase identifier is invalid.
+ */
+export function multibaseIdToKeyBytes({ multibaseKeyId }) {
+    try {
+        const prefixedKeyB58 = Convert.multibase(multibaseKeyId).toBase58Btc();
+        const prefixedKey = Convert.base58Btc(prefixedKeyB58).toUint8Array();
+        const { code, data, name } = Multicodec.removePrefix({ prefixedData: prefixedKey });
+        return { keyBytes: data, multicodecCode: code, multicodecName: name };
+    }
+    catch (error) {
+        throw new DidError(DidErrorCode.InvalidDid, `Invalid multibase identifier: ${multibaseKeyId}`);
+    }
+}
+//# sourceMappingURL=utils.js.map

package/dist/esm/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";;;;;;;;;AAGA,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAIrD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAIL,2BAA2B,GAC5B,MAAM,qBAAqB,CAAC;AAwC7B;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,WAAW,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,IAAI,EAIlD;;IACC,OAAO,MAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,OAAO,0CAAE,MAAM,CAAC,OAAO,CAAC,EAAE;QAC5C,IAAI,EAAE,IAAI,OAAO,CAAC,EAAE,KAAK,EAAE;YAAE,OAAO,KAAK,CAAC;QAC1C,IAAI,IAAI,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,KAAK,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,mCAAI,EAAE,CAAC;AACX,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAgB,0BAA0B;yDAAC,EAAE,WAAW,EAAE,YAAY,EAAE,kBAAkB,EAI/F;QACC,0DAA0D;QAC1D,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;QAEpE,KAAK,IAAI,MAAM,IAAI,mBAAmB,EAAE,CAAC;YACvC,IAAI,YAAY,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxC,MAAM,mBAAmB,GAAG,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;gBAC9E,IAAI,mBAAmB,MAAK,MAAM,oBAAoB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA,EAAE,CAAC;oBACrF,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;iBAAM,IAAI,kBAAkB,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;gBAC3D,IAAI,kBAAkB,KAAK,MAAM,CAAC,kBAAkB,EAAE,CAAC;oBACrD,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CAAA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,sBAAsB,CAAC,EAAE,WAAW,EAEnD;;IACC,IAAI,CAAC,WAAW;QAAE,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAC;IAEnF,MAAM,mBAAmB,GAA4B,EAAE,CAAC;IAExD,wCAAwC;IACxC,mBAAmB,CAAC,IAAI,CAAC,GAAG,MAAA,MAAA,WAAW,CAAC,kBAAkB,0CAAE,MAAM,CAAC,uBAAuB,CAAC,mCAAI,EAAE,CAAC,CAAC;IAEnG,gFAAgF;IAChF,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;;QAChE,mBAAmB,CAAC,IAAI,CACtB,GAAG,MAAA,MAAC,WAAW,CAAC,YAAiC,CAAwC,0CACrF,MAAM,CAAC,uBAAuB,CAAC,mCAAI,EAAE,CAC1C,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,MAAM,UAAU,0BAA0B,CAAC,EAAE,WAAW,EAEvD;IACC,0DAA0D;IAC1D,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;IAEpE,uDAAuD;IACvD,MAAM,KAAK,GAAG,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAE7D,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,4BAA4B;AAC1D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,UAAU,gCAAgC,CAAC,EAAE,WAAW,EAAE,QAAQ,EAGvE;IACC,MAAM,aAAa,GAAkC,EAAE,CAAC;IAExD,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QAChE,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,YAAiC,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,mBAAmB,GAAG,WAAW,CAAC,YAAiC,CAAuC,CAAC;YAEjH,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAEtD,uFAAuF;YACvF,6DAA6D;YAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;gBACzD,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,gBAAgB,CAAC;gBAC3E,MAAM,qBAAqB,GAAG,uBAAuB,CAAC,MAAM,CAAC,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,gBAAgB,CAAC;gBACpH,OAAO,kBAAkB,IAAI,qBAAqB,CAAC;YACrD,CAAC,CAAC,CAAC;YAEH,IAAI,gBAAgB,EAAE,CAAC;gBACrB,aAAa,CAAC,IAAI,CAAC,YAA2C,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,8CAA8C;IAC9C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAElE,uEAAuE;IACvE,OAAO,IAAI,IAAI,GAAG,IAAI,MAAM,IAAI,GAAG,IAAI,iBAAiB,IAAI,GAAG,CAAC;AAClE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,yDAAyD;IACzD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,+DAA+D;IAC/D,IAAI,GAAG,CAAC,IAAI,KAAK,sBAAsB;QAAE,OAAO,KAAK,CAAC;IAEtD,qEAAqE;IACrE,IAAI,CAAC,CAAC,KAAK,IAAI,GAAG,IAAI,KAAK,IAAI,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAElD,wFAAwF;IACxF,MAAM,qBAAqB,GAAG,CAAC,IAAS,EAAW,EAAE,CACnD,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC;IAClG,OAAO,CAAC,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAY;IAClD,8CAA8C;IAC9C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAElE,oFAAoF;IACpF,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,IAAI,MAAM,IAAI,GAAG,IAAI,YAAY,IAAI,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzE,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAErD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,cAAc,EACpC;IAE1C,MAAM,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC;QACvC,IAAI,EAAG,cAAc;QACrB,IAAI,EAAG,QAAQ;QACf,IAAI,EAAG,cAAc;KACtB,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;IAEvE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAE,cAAc,EAErD;IACC,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,YAAY,EAAE,CAAC;QACrE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,YAAY,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;QAEpF,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IACxE,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,UAAU,EAAE,iCAAiC,cAAc,EAAE,CAAC,CAAC;IACjG,CAAC;AACH,CAAC"}

package/dist/types/bearer-did.d.ts

@@ -0,0 +1,143 @@
+import type { Signer, CryptoApi, KeyIdentifier, KmsExportKeyParams, KmsImportKeyParams, KeyImporterExporter } from '@enbox/crypto';
+import type { DidDocument } from './types/did-core.js';
+import type { DidMetadata, PortableDid } from './types/portable-did.js';
+/**
+ * A `BearerDidSigner` extends the {@link Signer} interface to include specific properties for
+ * signing with a Decentralized Identifier (DID). It encapsulates the algorithm and key identifier,
+ * which are often needed when signing JWTs, JWSs, JWEs, and other data structures.
+ *
+ * Typically, the algorithm and key identifier are used to populate the `alg` and `kid` fields of a
+ * JWT or JWS header.
+ */
+export interface BearerDidSigner extends Signer {
+    /**
+     * The cryptographic algorithm identifier used for signing operations.
+     *
+     * Typically, this value is used to populate the `alg` field of a JWT or JWS header. The
+     * registered algorithm names are defined in the
+     * {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | IANA JSON Web Signature and Encryption Algorithms registry}.
+     *
+     * @example
+     * "ES256" // ECDSA using P-256 and SHA-256
+     */
+    algorithm: string;
+    /**
+     * The unique identifier of the key within the DID document that is used for signing and
+     * verification operations.
+     *
+     * This identifier must be a DID URI with a fragment (e.g., did:method:123#key-0) that references
+     * a specific verification method in the DID document. It allows users of a `BearerDidSigner` to
+     * determine the DID and key that will be used for signing and verification operations.
+     *
+     * @example
+     * "did:dht:123#key-1" // A fragment identifier referring to a key in the DID document
+     */
+    keyId: string;
+}
+/**
+ * Represents a Decentralized Identifier (DID) along with its DID document, key manager, metadata,
+ * and convenience functions.
+ */
+export declare class BearerDid {
+    /** {@inheritDoc Did#uri} */
+    uri: string;
+    /**
+     * The DID document associated with this DID.
+     *
+     * @see {@link https://www.w3.org/TR/did-core/#dfn-diddocument | DID Core Specification, § DID Document}
+     */
+    document: DidDocument;
+    /** {@inheritDoc DidMetadata} */
+    metadata: DidMetadata;
+    /**
+     * Key Management System (KMS) used to manage the DIDs keys and sign data.
+     *
+     * Each DID method requires at least one key be present in the provided `keyManager`.
+     */
+    keyManager: CryptoApi;
+    constructor({ uri, document, metadata, keyManager }: {
+        uri: string;
+        document: DidDocument;
+        metadata: DidMetadata;
+        keyManager: CryptoApi;
+    });
+    /**
+     * Converts a `BearerDid` object to a portable format containing the URI and verification methods
+     * associated with the DID.
+     *
+     * This method is useful when you need to represent the key material and metadata associated with
+     * a DID in format that can be used independently of the specific DID method implementation. It
+     * extracts both public and private keys from the DID's key manager and organizes them into a
+     * `PortableDid` structure.
+     *
+     * @remarks
+     * If the DID's key manager does not allow private keys to be exported, the `PortableDid` returned
+     * will not contain a `privateKeys` property. This enables the importing and exporting DIDs that
+     * use the same underlying KMS even if the KMS does not support exporting private keys. Examples
+     * include hardware security modules (HSMs) and cloud-based KMS services like AWS KMS.
+     *
+     * If the DID's key manager does support exporting private keys, the resulting `PortableDid` will
+     * include a `privateKeys` property which contains the same number of entries as there are
+     * verification methods as the DID document, each with its associated private key and the
+     * purpose(s) for which the key can be used (e.g., `authentication`, `assertionMethod`, etc.).
+     *
+     * @example
+     * ```ts
+     * // Assuming `did` is an instance of BearerDid
+     * const portableDid = await did.export();
+     * // portableDid now contains the DID URI, document, metadata, and optionally, private keys.
+     * ```
+     *
+     * @returns A `PortableDid` containing the URI, DID document, metadata, and optionally private
+     *          keys associated with the `BearerDid`.
+     * @throws An error if the DID document does not contain any verification methods or the keys for
+     *         any verification method are missing in the key manager.
+     */
+    export(): Promise<PortableDid>;
+    /**
+     * Return a {@link Signer} that can be used to sign messages, credentials, or arbitrary data.
+     *
+     * If given, the `methodId` parameter is used to select a key from the verification methods
+     * present in the DID Document.
+     *
+     * If `methodID` is not given, the first verification method intended for signing claims is used.
+     *
+     * @param params - The parameters for the `getSigner` operation.
+     * @param params.methodId - ID of the verification method key that will be used for sign and
+     *                          verify operations. Optional.
+     * @returns An instantiated {@link Signer} that can be used to sign and verify data.
+     */
+    getSigner(params?: {
+        methodId: string;
+    }): Promise<BearerDidSigner>;
+    /**
+     * Instantiates a {@link BearerDid} object from a given {@link PortableDid}.
+     *
+     * This method allows for the creation of a `BearerDid` object using a previously created DID's
+     * key material, DID document, and metadata.
+     *
+     * @example
+     * ```ts
+     * // Export an existing BearerDid to PortableDid format.
+     * const portableDid = await did.export();
+     * // Reconstruct a BearerDid object from the PortableDid.
+     * const did = await BearerDid.import({ portableDid });
+     * ```
+     *
+     * @param params - The parameters for the import operation.
+     * @param params.portableDid - The PortableDid object to import.
+     * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to
+     *                            generate keys and sign data. If not given, a new
+     *                            {@link LocalKeyManager} instance will be created and
+     *                            used.
+     * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the
+     *          provided PortableDid.
+     * @throws An error if the PortableDid document does not contain any verification methods or the
+     *         keys for any verification method are missing in the key manager.
+     */
+    static import({ portableDid, keyManager }: {
+        keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
+        portableDid: PortableDid;
+    }): Promise<BearerDid>;
+}
+//# sourceMappingURL=bearer-did.d.ts.map

package/dist/types/bearer-did.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bearer-did.d.ts","sourceRoot":"","sources":["../../src/bearer-did.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,MAAM,EACN,SAAS,EACT,aAAa,EAEb,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,eAAe,CAAC;AAIvB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAKxE;;;;;;;GAOG;AACH,MAAM,WAAW,eAAgB,SAAQ,MAAM;IAC7C;;;;;;;;;OASG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;OAUG;IACH,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;GAGG;AACH,qBAAa,SAAS;IACpB,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;IAEZ;;;;OAIG;IACH,QAAQ,EAAE,WAAW,CAAC;IAEtB,gCAAgC;IAChC,QAAQ,EAAE,WAAW,CAAC;IAEtB;;;;OAIG;IACH,UAAU,EAAE,SAAS,CAAC;gBAEV,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE;QACnD,GAAG,EAAE,MAAM,CAAC;QACZ,QAAQ,EAAE,WAAW,CAAC;QACtB,QAAQ,EAAE,WAAW,CAAC;QACtB,UAAU,EAAE,SAAS,CAAA;KACtB;IAOD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACU,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC;IAoC3C;;;;;;;;;;;;OAYG;IACU,SAAS,CAAC,MAAM,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,eAAe,CAAC;IAwC/E;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;WACiB,MAAM,CAAC,EAAE,WAAW,EAAE,UAAkC,EAAE,EAAE;QAC9E,UAAU,CAAC,EAAE,SAAS,GAAG,mBAAmB,CAAC,kBAAkB,EAAE,aAAa,EAAE,kBAAkB,CAAC,CAAC;QACpG,WAAW,EAAE,WAAW,CAAC;KAC1B,GAAG,OAAO,CAAC,SAAS,CAAC;CA6CvB"}

package/dist/types/did-error.d.ts

@@ -0,0 +1,50 @@
+/**
+ * A custom error class for DID-related errors.
+ */
+export declare class DidError extends Error {
+    code: DidErrorCode;
+    /**
+     * Constructs an instance of DidError, a custom error class for handling DID-related errors.
+     *
+     * @param code - A {@link DidErrorCode} representing the specific type of error encountered.
+     * @param message - A human-readable description of the error.
+     */
+    constructor(code: DidErrorCode, message: string);
+}
+/**
+ * An enumeration of possible DID error codes.
+ */
+export declare enum DidErrorCode {
+    /** The DID supplied does not conform to valid syntax. */
+    InvalidDid = "invalidDid",
+    /** The supplied method name is not supported by the DID method and/or DID resolver implementation. */
+    MethodNotSupported = "methodNotSupported",
+    /** An unexpected error occurred during the requested DID operation. */
+    InternalError = "internalError",
+    /** The DID document supplied does not conform to valid syntax. */
+    InvalidDidDocument = "invalidDidDocument",
+    /** The byte length of a DID document does not match the expected value. */
+    InvalidDidDocumentLength = "invalidDidDocumentLength",
+    /** The DID URL supplied to the dereferencing function does not conform to valid syntax. */
+    InvalidDidUrl = "invalidDidUrl",
+    /** The given proof of a previous DID is invalid */
+    InvalidPreviousDidProof = "invalidPreviousDidProof",
+    /** An invalid public key is detected during a DID operation. */
+    InvalidPublicKey = "invalidPublicKey",
+    /** The byte length of a public key does not match the expected value. */
+    InvalidPublicKeyLength = "invalidPublicKeyLength",
+    /** An invalid public key type was detected during a DID operation. */
+    InvalidPublicKeyType = "invalidPublicKeyType",
+    /** Verification of a signature failed during a DID operation. */
+    InvalidSignature = "invalidSignature",
+    /** The DID resolver was unable to find the DID document resulting from the resolution request. */
+    NotFound = "notFound",
+    /**
+     * The representation requested via the `accept` input metadata property is not supported by the
+     * DID method and/or DID resolver implementation.
+     */
+    RepresentationNotSupported = "representationNotSupported",
+    /** The type of a public key is not supported by the DID method and/or DID resolver implementation. */
+    UnsupportedPublicKeyType = "unsupportedPublicKeyType"
+}
+//# sourceMappingURL=did-error.d.ts.map

package/dist/types/did-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-error.d.ts","sourceRoot":"","sources":["../../src/did-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IAOd,IAAI,EAAE,YAAY;IANrC;;;;;OAKG;gBACgB,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM;CAcvD;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,yDAAyD;IACzD,UAAU,eAAe;IAEzB,sGAAsG;IACtG,kBAAkB,uBAAuB;IAEzC,uEAAuE;IACvE,aAAa,kBAAkB;IAE/B,kEAAkE;IAClE,kBAAkB,uBAAuB;IAEzC,2EAA2E;IAC3E,wBAAwB,6BAA6B;IAErD,2FAA2F;IAC3F,aAAa,kBAAkB;IAE/B,mDAAmD;IACnD,uBAAuB,4BAA4B;IAEnD,gEAAgE;IAChE,gBAAgB,qBAAqB;IAErC,yEAAyE;IACzE,sBAAsB,2BAA2B;IAEjD,sEAAsE;IACtE,oBAAoB,yBAAyB;IAE7C,iEAAiE;IACjE,gBAAgB,qBAAqB;IAErC,kGAAkG;IAClG,QAAQ,aAAa;IAErB;;;OAGG;IACH,0BAA0B,+BAA+B;IAEzD,sGAAsG;IACtG,wBAAwB,6BAA6B;CACtD"}