@enbox/dids 0.0.3 → 0.0.5

package/dist/esm/methods/did-dht-pkarr.js

@@ -0,0 +1,168 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import bencode from 'bencode';
+import { Convert } from '@enbox/common';
+import { Ed25519 } from '@enbox/crypto';
+import { DidError, DidErrorCode } from '../did-error.js';
+import { decode as dnsPacketDecode, encode as dnsPacketEncode } from '@dnsquery/dns-packet';
+/**
+ * Constructs a Pkarr URL from public key bytes and a gateway URI.
+ *
+ * @param publicKeyBytes - The public key bytes to z-base-32 encode.
+ * @param gatewayUri - The gateway URI to use as the base URL.
+ * @returns The full Pkarr URL.
+ */
+function pkarrUrl(publicKeyBytes, gatewayUri) {
+    const identifier = Convert.uint8Array(publicKeyBytes).toBase32Z();
+    return new URL(identifier, gatewayUri).href;
+}
+/**
+ * Retrieves a signed BEP44 message from a DID DHT Gateway or Pkarr Relay server.
+ *
+ * @see {@link https://github.com/Nuhvi/pkarr/blob/main/design/relays.md | Pkarr Relay design}
+ *
+ * @param params - The parameters for the get operation.
+ * @param params.gatewayUri - The DID DHT Gateway or Pkarr Relay URI.
+ * @param params.publicKeyBytes - The public key bytes of the Identity Key, z-base-32 encoded.
+ * @returns A promise resolving to a BEP44 message containing the signed DNS packet.
+ */
+export function pkarrGet(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ gatewayUri, publicKeyBytes }) {
+        // The identifier (key in the DHT) is the z-base-32 encoding of the Identity Key.
+        const identifier = Convert.uint8Array(publicKeyBytes).toBase32Z();
+        // Concatenate the gateway URI with the identifier to form the full URL.
+        const url = pkarrUrl(publicKeyBytes, gatewayUri);
+        // Transmit the Get request to the DID DHT Gateway or Pkarr Relay and get the response.
+        let response;
+        try {
+            response = yield fetch(url, { method: 'GET' });
+            if (!response.ok) {
+                throw new DidError(DidErrorCode.NotFound, `Pkarr record not found for: ${identifier}`);
+            }
+        }
+        catch (error) {
+            if (error instanceof DidError) {
+                throw error;
+            }
+            throw new DidError(DidErrorCode.InternalError, `Failed to fetch Pkarr record: ${error.message}`);
+        }
+        // Read the Fetch Response stream into a byte array.
+        const messageBytes = yield response.arrayBuffer();
+        if (!messageBytes) {
+            throw new DidError(DidErrorCode.NotFound, `Pkarr record not found for: ${identifier}`);
+        }
+        if (messageBytes.byteLength < 72) {
+            throw new DidError(DidErrorCode.InvalidDidDocumentLength, `Pkarr response must be at least 72 bytes but got: ${messageBytes.byteLength}`);
+        }
+        if (messageBytes.byteLength > 1072) {
+            throw new DidError(DidErrorCode.InvalidDidDocumentLength, `Pkarr response exceeds 1000 byte limit: ${messageBytes.byteLength}`);
+        }
+        // Decode the BEP44 message from the byte array.
+        const bep44Message = {
+            k: publicKeyBytes,
+            seq: Number(new DataView(messageBytes).getBigUint64(64)),
+            sig: new Uint8Array(messageBytes, 0, 64),
+            v: new Uint8Array(messageBytes, 72)
+        };
+        return bep44Message;
+    });
+}
+/**
+ * Publishes a signed BEP44 message to a DID DHT Gateway or Pkarr Relay server.
+ *
+ * @see {@link https://github.com/Nuhvi/pkarr/blob/main/design/relays.md | Pkarr Relay design}
+ *
+ * @param params - The parameters to use when publishing a signed BEP44 message to a Pkarr relay server.
+ * @param params.gatewayUri - The DID DHT Gateway or Pkarr Relay URI.
+ * @param params.bep44Message - The BEP44 message to be published, containing the signed DNS packet.
+ * @returns A promise resolving to `true` if the message was successfully published, otherwise `false`.
+ */
+export function pkarrPut(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ gatewayUri, bep44Message }) {
+        // The identifier (key in the DHT) is the z-base-32 encoding of the Identity Key.
+        const identifier = Convert.uint8Array(bep44Message.k).toBase32Z();
+        // Concatenate the gateway URI with the identifier to form the full URL.
+        const url = pkarrUrl(bep44Message.k, gatewayUri);
+        // Construct the body of the request according to the Pkarr relay specification.
+        const body = new Uint8Array(bep44Message.v.length + 72);
+        body.set(bep44Message.sig, 0);
+        new DataView(body.buffer).setBigUint64(bep44Message.sig.length, BigInt(bep44Message.seq));
+        body.set(bep44Message.v, bep44Message.sig.length + 8);
+        // Transmit the Put request to the Pkarr relay and get the response.
+        let response;
+        try {
+            response = yield fetch(url, {
+                method: 'PUT',
+                headers: { 'Content-Type': 'application/octet-stream' },
+                body
+            });
+        }
+        catch (error) {
+            throw new DidError(DidErrorCode.InternalError, `Failed to put Pkarr record for identifier ${identifier}: ${error.message}`);
+        }
+        // Return `true` if the DHT request was successful, otherwise return `false`.
+        return response.ok;
+    });
+}
+/**
+ * Creates a BEP44 put message, which is used to publish a DID document to the DHT network.
+ *
+ * @param params - The parameters to use when creating the BEP44 put message.
+ * @param params.dnsPacket - The DNS packet to encode in the BEP44 message.
+ * @param params.publicKeyBytes - The public key bytes of the Identity Key.
+ * @param params.signer - Signer that can sign and verify data using the Identity Key.
+ * @returns A promise that resolves to a BEP44 put message.
+ */
+export function createBep44PutMessage(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ dnsPacket, publicKeyBytes, signer }) {
+        // BEP44 requires that the sequence number be a monotoically increasing integer, so we use the
+        // current time in seconds since Unix epoch as a simple solution. Higher precision is not
+        // recommended since DID DHT documents are not expected to change frequently and there are
+        // small differences in system clocks that can cause issues if multiple clients are publishing
+        // updates to the same DID document.
+        const sequenceNumber = Math.ceil(Date.now() / 1000);
+        // Encode the DNS packet into a byte array containing a UDP payload.
+        const encodedDnsPacket = dnsPacketEncode(dnsPacket);
+        // Encode the sequence and DNS byte array to bencode format.
+        const bencodedData = bencode.encode({ seq: sequenceNumber, v: encodedDnsPacket }).subarray(1, -1);
+        if (bencodedData.length > 1000) {
+            throw new DidError(DidErrorCode.InvalidDidDocumentLength, `DNS packet exceeds the 1000 byte maximum size: ${bencodedData.length} bytes`);
+        }
+        // Sign the BEP44 message.
+        const signature = yield signer.sign({ data: bencodedData });
+        return { k: publicKeyBytes, seq: sequenceNumber, sig: signature, v: encodedDnsPacket };
+    });
+}
+/**
+ * Parses and verifies a BEP44 Get message, converting it to a DNS packet.
+ *
+ * @param params - The parameters to use when verifying and parsing the BEP44 Get response message.
+ * @param params.bep44Message - The BEP44 message to verify and parse.
+ * @returns A promise that resolves to a DNS packet.
+ */
+export function parseBep44GetMessage(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ bep44Message }) {
+        // Convert the public key byte array to JWK format.
+        const publicKey = yield Ed25519.bytesToPublicKey({ publicKeyBytes: bep44Message.k });
+        // Encode the sequence and DNS byte array to bencode format.
+        const bencodedData = bencode.encode({ seq: bep44Message.seq, v: bep44Message.v }).subarray(1, -1);
+        // Verify the signature of the BEP44 message.
+        const isValid = yield Ed25519.verify({
+            key: publicKey,
+            signature: bep44Message.sig,
+            data: bencodedData
+        });
+        if (!isValid) {
+            throw new DidError(DidErrorCode.InvalidSignature, `Invalid signature for DHT BEP44 message`);
+        }
+        return dnsPacketDecode(bep44Message.v);
+    });
+}
+//# sourceMappingURL=did-dht-pkarr.js.map

package/dist/esm/methods/did-dht-pkarr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-dht-pkarr.js","sourceRoot":"","sources":["../../../src/methods/did-dht-pkarr.ts"],"names":[],"mappings":";;;;;;;;;AAKA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,MAAM,IAAI,eAAe,EAAE,MAAM,IAAI,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5F;;;;;;GAMG;AACH,SAAS,QAAQ,CAAC,cAA0B,EAAE,UAAkB;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC;IAClE,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAgB,QAAQ;yDAAC,EAAE,UAAU,EAAE,cAAc,EAG1D;QACC,iFAAiF;QACjF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC;QAElE,wEAAwE;QACxE,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAEjD,uFAAuF;QACvF,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YAE/C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,+BAA+B,UAAU,EAAE,CAAC,CAAC;YACzF,CAAC;QAEH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;gBAAA,MAAM,KAAK,CAAC;YAAA,CAAC;YAC7C,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACnG,CAAC;QAED,oDAAoD;QACpD,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAElD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,+BAA+B,UAAU,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,IAAI,YAAY,CAAC,UAAU,GAAG,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,qDAAqD,YAAY,CAAC,UAAU,EAAE,CAAC,CAAC;QAC5I,CAAC;QAED,IAAI,YAAY,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,2CAA2C,YAAY,CAAC,UAAU,EAAE,CAAC,CAAC;QAClI,CAAC;QAED,gDAAgD;QAChD,MAAM,YAAY,GAAiB;YACjC,CAAC,EAAK,cAAc;YACpB,GAAG,EAAG,MAAM,CAAC,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACzD,GAAG,EAAG,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,CAAC,EAAK,IAAI,UAAU,CAAC,YAAY,EAAE,EAAE,CAAC;SACvC,CAAC;QAEF,OAAO,YAAY,CAAC;IACtB,CAAC;CAAA;AAED;;;;;;;;;GASG;AACH,MAAM,UAAgB,QAAQ;yDAAC,EAAE,UAAU,EAAE,YAAY,EAGxD;QACC,iFAAiF;QACjF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;QAElE,wEAAwE;QACxE,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAEjD,gFAAgF;QAChF,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9B,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1F,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEtD,oEAAoE;QACpE,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAC1B,MAAM,EAAI,KAAK;gBACf,OAAO,EAAG,EAAE,cAAc,EAAE,0BAA0B,EAAE;gBACxD,IAAI;aACL,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,aAAa,EAAE,6CAA6C,UAAU,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9H,CAAC;QAED,6EAA6E;QAC7E,OAAO,QAAQ,CAAC,EAAE,CAAC;IACrB,CAAC;CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,UAAgB,qBAAqB;yDAAC,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,EAI9E;QACC,8FAA8F;QAC9F,yFAAyF;QACzF,0FAA0F;QAC1F,8FAA8F;QAC9F,oCAAoC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEpD,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;QAEpD,4DAA4D;QAC5D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAElG,IAAI,YAAY,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,wBAAwB,EAAE,kDAAkD,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAC;QAC3I,CAAC;QAED,0BAA0B;QAC1B,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QAE5D,OAAO,EAAE,CAAC,EAAE,cAAc,EAAE,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACzF,CAAC;CAAA;AAED;;;;;;GAMG;AACH,MAAM,UAAgB,oBAAoB;yDAAC,EAAE,YAAY,EAExD;QACC,mDAAmD;QACnD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;QAErF,4DAA4D;QAC5D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAElG,6CAA6C;QAC7C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;YACnC,GAAG,EAAS,SAAS;YACrB,SAAS,EAAG,YAAY,CAAC,GAAG;YAC5B,IAAI,EAAQ,YAAY;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,gBAAgB,EAAE,yCAAyC,CAAC,CAAC;QAC/F,CAAC;QAED,OAAO,eAAe,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;CAAA"}

package/dist/esm/methods/did-dht-types.js

@@ -0,0 +1,116 @@
+/**
+ * Represents an optional extension to a DID Document's DNS packet representation exposed as a
+ * type index.
+ *
+ * Type indexing is an OPTIONAL feature that enables DIDs to become discoverable. DIDs that wish to
+ * be discoverable and resolveable by type can include one or more types when publishing their DID
+ * document to a DID DHT Gateway.
+ *
+ * The registered DID types are published in the {@link https://did-dht.com/registry/index.html#indexed-types | DID DHT Registry}.
+ */
+export var DidDhtRegisteredDidType;
+(function (DidDhtRegisteredDidType) {
+    /**
+     * Type 0 is reserved for DIDs that do not wish to associate themselves with a specific type but
+     * wish to make themselves discoverable.
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["Discoverable"] = 0] = "Discoverable";
+    /**
+     * Organization
+     * @see {@link https://schema.org/Organization | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["Organization"] = 1] = "Organization";
+    /**
+     * Government Organization
+     * @see {@link https://schema.org/GovernmentOrganization | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["Government"] = 2] = "Government";
+    /**
+     * Corporation
+     * @see {@link https://schema.org/Corporation | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["Corporation"] = 3] = "Corporation";
+    /**
+     * Corporation
+     * @see {@link https://schema.org/Corporation | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["LocalBusiness"] = 4] = "LocalBusiness";
+    /**
+     * Software Package
+     * @see {@link https://schema.org/SoftwareSourceCode | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["SoftwarePackage"] = 5] = "SoftwarePackage";
+    /**
+     * Web App
+     * @see {@link https://schema.org/WebApplication | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["WebApp"] = 6] = "WebApp";
+    /**
+     * Financial Institution
+     * @see {@link https://schema.org/FinancialService | schema definition}
+     */
+    DidDhtRegisteredDidType[DidDhtRegisteredDidType["FinancialInstitution"] = 7] = "FinancialInstitution";
+})(DidDhtRegisteredDidType || (DidDhtRegisteredDidType = {}));
+/**
+ * Enumerates the types of keys that can be used in a DID DHT document.
+ *
+ * The DID DHT method supports various cryptographic key types. These key types are essential for
+ * the creation and management of DIDs and their associated cryptographic operations like signing
+ * and encryption. The registered key types are published in the DID DHT Registry and each is
+ * assigned a unique numerical value for use by client and gateway implementations.
+ *
+ * The registered key types are published in the {@link https://did-dht.com/registry/index.html#key-type-index | DID DHT Registry}.
+ */
+export var DidDhtRegisteredKeyType;
+(function (DidDhtRegisteredKeyType) {
+    /**
+     * Ed25519: A public-key signature system using the EdDSA (Edwards-curve Digital Signature
+     * Algorithm) and Curve25519.
+     */
+    DidDhtRegisteredKeyType[DidDhtRegisteredKeyType["Ed25519"] = 0] = "Ed25519";
+    /**
+     * secp256k1: A cryptographic curve used for digital signatures in a range of decentralized
+     * systems.
+     */
+    DidDhtRegisteredKeyType[DidDhtRegisteredKeyType["secp256k1"] = 1] = "secp256k1";
+    /**
+     * secp256r1: Also known as P-256 or prime256v1, this curve is used for cryptographic operations
+     * and is widely supported in various cryptographic libraries and standards.
+     */
+    DidDhtRegisteredKeyType[DidDhtRegisteredKeyType["secp256r1"] = 2] = "secp256r1";
+    /**
+     * X25519: A public key used for Diffie-Hellman key exchange using Curve25519.
+     */
+    DidDhtRegisteredKeyType[DidDhtRegisteredKeyType["X25519"] = 3] = "X25519";
+})(DidDhtRegisteredKeyType || (DidDhtRegisteredKeyType = {}));
+/**
+ * Maps {@link https://www.w3.org/TR/did-core/#verification-relationships | DID Core Verification Relationship}
+ * values to the corresponding record name in the DNS packet representation of a DHT DID document.
+ */
+export var DidDhtVerificationRelationship;
+(function (DidDhtVerificationRelationship) {
+    /**
+     * Specifies how the DID subject is expected to be authenticated.
+     */
+    DidDhtVerificationRelationship["authentication"] = "auth";
+    /**
+     * Specifies how the DID subject is expected to express claims, such as for issuing Verifiable
+     * Credentials.
+     */
+    DidDhtVerificationRelationship["assertionMethod"] = "asm";
+    /**
+     * Specifies a mechanism used by the DID subject to delegate a cryptographic capability to another
+     * party
+     */
+    DidDhtVerificationRelationship["capabilityDelegation"] = "del";
+    /**
+     * Specifies a verification method used by the DID subject to invoke a cryptographic capability.
+     */
+    DidDhtVerificationRelationship["capabilityInvocation"] = "inv";
+    /**
+     * Specifies how an entity can generate encryption material to communicate confidentially with the
+     * DID subject.
+     */
+    DidDhtVerificationRelationship["keyAgreement"] = "agm";
+})(DidDhtVerificationRelationship || (DidDhtVerificationRelationship = {}));
+//# sourceMappingURL=did-dht-types.js.map

package/dist/esm/methods/did-dht-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-dht-types.js","sourceRoot":"","sources":["../../../src/methods/did-dht-types.ts"],"names":[],"mappings":"AA4LA;;;;;;;;;GASG;AACH,MAAM,CAAN,IAAY,uBAgDX;AAhDD,WAAY,uBAAuB;IACjC;;;OAGG;IACH,qFAAgB,CAAA;IAEhB;;;OAGG;IACH,qFAAgB,CAAA;IAEhB;;;OAGG;IACH,iFAAc,CAAA;IAEd;;;OAGG;IACH,mFAAe,CAAA;IAEf;;;OAGG;IACH,uFAAiB,CAAA;IAEjB;;;OAGG;IACH,2FAAmB,CAAA;IAEnB;;;OAGG;IACH,yEAAU,CAAA;IAEV;;;OAGG;IACH,qGAAwB,CAAA;AAC1B,CAAC,EAhDW,uBAAuB,KAAvB,uBAAuB,QAgDlC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAN,IAAY,uBAuBX;AAvBD,WAAY,uBAAuB;IACjC;;;OAGG;IACH,2EAAW,CAAA;IAEX;;;OAGG;IACH,+EAAa,CAAA;IAEb;;;OAGG;IACH,+EAAa,CAAA;IAEb;;OAEG;IACH,yEAAU,CAAA;AACZ,CAAC,EAvBW,uBAAuB,KAAvB,uBAAuB,QAuBlC;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,8BA4BX;AA5BD,WAAY,8BAA8B;IACxC;;OAEG;IACH,yDAAuB,CAAA;IAEvB;;;OAGG;IACH,yDAAuB,CAAA;IAEvB;;;OAGG;IACH,8DAA4B,CAAA;IAE5B;;OAEG;IACH,8DAA4B,CAAA;IAE5B;;;OAGG;IACH,sDAAoB,CAAA;AACtB,CAAC,EA5BW,8BAA8B,KAA9B,8BAA8B,QA4BzC"}

package/dist/esm/methods/did-dht-utils.js

@@ -0,0 +1,143 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Convert } from '@enbox/common';
+import { Ed25519, Secp256k1, Secp256r1, X25519 } from '@enbox/crypto';
+import { Did } from '../did.js';
+import { DidError, DidErrorCode } from '../did-error.js';
+/**
+ * The DID DHT method name.
+ */
+const DID_DHT_METHOD_NAME = 'dht';
+/**
+ * Converts a DID URI to a JSON Web Key (JWK) representing the Identity Key.
+ *
+ * @param params - The parameters to use for the conversion.
+ * @param params.didUri - The DID URI containing the Identity Key.
+ * @returns A promise that resolves to a JWK representing the Identity Key.
+ */
+export function identifierToIdentityKey(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ didUri }) {
+        // Decode the method-specific identifier from z-base-32 to a byte array.
+        const identityKeyBytes = identifierToIdentityKeyBytes({ didUri });
+        // Convert the byte array to a JWK.
+        const identityKey = yield Ed25519.bytesToPublicKey({ publicKeyBytes: identityKeyBytes });
+        return identityKey;
+    });
+}
+/**
+ * Converts a DID URI to the byte array representation of the Identity Key.
+ *
+ * @param params - The parameters to use for the conversion.
+ * @param params.didUri - The DID URI containing the Identity Key.
+ * @returns A byte array representation of the Identity Key.
+ */
+export function identifierToIdentityKeyBytes({ didUri }) {
+    // Parse the DID URI.
+    const parsedDid = Did.parse(didUri);
+    // Verify that the DID URI is valid.
+    if (!parsedDid) {
+        throw new DidError(DidErrorCode.InvalidDid, `Invalid DID URI: ${didUri}`);
+    }
+    // Verify the DID method is supported.
+    if (parsedDid.method !== DID_DHT_METHOD_NAME) {
+        throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`);
+    }
+    // Decode the method-specific identifier from z-base-32 to a byte array.
+    let identityKeyBytes;
+    try {
+        identityKeyBytes = Convert.base32Z(parsedDid.id).toUint8Array();
+    }
+    catch (_a) {
+        throw new DidError(DidErrorCode.InvalidPublicKey, `Failed to decode method-specific identifier`);
+    }
+    if (identityKeyBytes.length !== 32) {
+        throw new DidError(DidErrorCode.InvalidPublicKeyLength, `Invalid public key length: ${identityKeyBytes.length}`);
+    }
+    return identityKeyBytes;
+}
+/**
+ * Encodes a DID DHT Identity Key into a DID identifier.
+ *
+ * This method first z-base-32 encodes the Identity Key. The resulting string is prefixed with
+ * `did:dht:` to form the DID identifier.
+ *
+ * @param params - The parameters to use for the conversion.
+ * @param params.identityKey The Identity Key from which the DID identifier is computed.
+ * @returns A promise that resolves to a string containing the DID identifier.
+ */
+export function identityKeyToIdentifier(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ identityKey }) {
+        // Convert the key from JWK format to a byte array.
+        const publicKeyBytes = yield Ed25519.publicKeyToBytes({ publicKey: identityKey });
+        // Encode the byte array as a z-base-32 string.
+        const identifier = Convert.uint8Array(publicKeyBytes).toBase32Z();
+        return `did:${DID_DHT_METHOD_NAME}:${identifier}`;
+    });
+}
+/**
+ * Returns the appropriate key converter for the specified cryptographic curve.
+ *
+ * @param curve - The cryptographic curve to use for the key conversion.
+ * @returns An `AsymmetricKeyConverter` for the specified curve.
+ */
+export function keyConverter(curve) {
+    const converters = {
+        'Ed25519': Ed25519,
+        'P-256': {
+            // Wrap the key converter which produces uncompressed public key bytes to produce compressed key bytes as required by the DID DHT spec.
+            // See https://did-dht.com/#representing-keys for more info.
+            publicKeyToBytes: (_a) => __awaiter(this, [_a], void 0, function* ({ publicKey }) {
+                const publicKeyBytes = yield Secp256r1.publicKeyToBytes({ publicKey });
+                const compressedPublicKey = yield Secp256r1.compressPublicKey({ publicKeyBytes });
+                return compressedPublicKey;
+            }),
+            bytesToPublicKey: Secp256r1.bytesToPublicKey,
+            privateKeyToBytes: Secp256r1.privateKeyToBytes,
+            bytesToPrivateKey: Secp256r1.bytesToPrivateKey,
+        },
+        'secp256k1': {
+            // Wrap the key converter which produces uncompressed public key bytes to produce compressed key bytes as required by the DID DHT spec.
+            // See https://did-dht.com/#representing-keys for more info.
+            publicKeyToBytes: (_a) => __awaiter(this, [_a], void 0, function* ({ publicKey }) {
+                const publicKeyBytes = yield Secp256k1.publicKeyToBytes({ publicKey });
+                const compressedPublicKey = yield Secp256k1.compressPublicKey({ publicKeyBytes });
+                return compressedPublicKey;
+            }),
+            bytesToPublicKey: Secp256k1.bytesToPublicKey,
+            privateKeyToBytes: Secp256k1.privateKeyToBytes,
+            bytesToPrivateKey: Secp256k1.bytesToPrivateKey,
+        },
+        X25519: X25519,
+    };
+    const converter = converters[curve];
+    if (!converter) {
+        throw new DidError(DidErrorCode.InvalidPublicKeyType, `Unsupported curve: ${curve}`);
+    }
+    return converter;
+}
+/**
+ * Validates the proof of previous DID given.
+ *
+ * @param params - The parameters to validate the previous DID proof.
+ * @param params.newDid - The new DID that the previous DID is linking to.
+ * @param params.previousDidProof - The proof of the previous DID, containing the previous DID and signature signed by the previous DID.
+ */
+export function validatePreviousDidProof(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ newDid, previousDidProof }) {
+        const key = yield identifierToIdentityKey({ didUri: previousDidProof.previousDid });
+        const data = identifierToIdentityKeyBytes({ didUri: newDid });
+        const signature = Convert.base64Url(previousDidProof.signature).toUint8Array();
+        const isValid = yield Ed25519.verify({ key, data, signature });
+        if (!isValid) {
+            throw new DidError(DidErrorCode.InvalidPreviousDidProof, 'The previous DID proof is invalid.');
+        }
+    });
+}
+//# sourceMappingURL=did-dht-utils.js.map

package/dist/esm/methods/did-dht-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-dht-utils.js","sourceRoot":"","sources":["../../../src/methods/did-dht-utils.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAItE,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEzD;;GAEG;AACH,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAElC;;;;;;GAMG;AACH,MAAM,UAAgB,uBAAuB;yDAAC,EAAE,MAAM,EAErD;QACC,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,4BAA4B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAElE,mCAAmC;QACnC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,EAAE,cAAc,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEzF,OAAO,WAAW,CAAC;IACrB,CAAC;CAAA;AAED;;;;;;GAMG;AACH,MAAM,UAAU,4BAA4B,CAAC,EAAE,MAAM,EAEpD;IACC,qBAAqB;IACrB,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEpC,oCAAoC;IACpC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,UAAU,EAAE,oBAAoB,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,CAAC,MAAM,KAAK,mBAAmB,EAAE,CAAC;QAC7C,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,kBAAkB,EAAE,yBAAyB,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,wEAAwE;IACxE,IAAI,gBAA4B,CAAC;IACjC,IAAI,CAAC;QACH,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC;IAClE,CAAC;IAAC,WAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,gBAAgB,EAAE,6CAA6C,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,sBAAsB,EAAE,8BAA8B,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IACnH,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAgB,uBAAuB;yDAAC,EAAE,WAAW,EAE1D;QACC,mDAAmD;QACnD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAElF,+CAA+C;QAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC;QAElE,OAAO,OAAO,mBAAmB,IAAI,UAAU,EAAE,CAAC;IACpD,CAAC;CAAA;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,UAAU,GAA2C;QACzD,SAAS,EAAG,OAAO;QACnB,OAAO,EAAK;YACV,uIAAuI;YACvI,4DAA4D;YAC5D,gBAAgB,EAAE,KAA+D,EAAE,0CAA1D,EAAE,SAAS,EAAsB;gBACxD,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;gBACvE,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;gBAClF,OAAO,mBAAmB,CAAC;YAC7B,CAAC,CAAA;YACD,gBAAgB,EAAI,SAAS,CAAC,gBAAgB;YAC9C,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;YAC/C,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;SAChD;QACD,WAAW,EAAE;YACX,uIAAuI;YACvI,4DAA4D;YAC5D,gBAAgB,EAAE,KAA+D,EAAE,0CAA1D,EAAE,SAAS,EAAsB;gBACxD,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;gBACvE,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;gBAClF,OAAO,mBAAmB,CAAC;YAC7B,CAAC,CAAA;YACD,gBAAgB,EAAI,SAAS,CAAC,gBAAgB;YAC9C,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;YAC/C,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;SAChD;QACD,MAAM,EAAE,MAAM;KACf,CAAC;IAEF,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAEpC,IAAI,CAAC,SAAS,EAAE,CAAC;QAAA,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,oBAAoB,EAAE,sBAAsB,KAAK,EAAE,CAAC,CAAC;IAAA,CAAC;IAEvG,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAgB,wBAAwB;yDAAC,EAAE,MAAM,EAAE,gBAAgB,EAGxE;QACC,MAAM,GAAG,GAAG,MAAM,uBAAuB,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,WAAW,EAAE,CAAC,CAAC;QACpF,MAAM,IAAI,GAAG,4BAA4B,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,YAAY,EAAE,CAAC;QAC/E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAE/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,uBAAuB,EAAE,oCAAoC,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;CAAA"}