@interop/ezcap 7.0.0

package/dist/ZcapClient.js

@@ -0,0 +1,404 @@
+/*!
+ * Copyright (c) 2021-2026 Digital Bazaar, Inc. and Interop Alliance. All rights
+ * reserved.
+ */
+import { CapabilityDelegation, constants as zCapConstants, documentLoader as zcapDocumentLoader, extendDocumentLoader } from '@interop/zcap';
+import { DEFAULT_HEADERS, httpClient } from '@interop/http-client';
+import * as jsigs from '@interop/jsonld-signatures';
+import { signCapabilityInvocation } from '@interop/http-signature-zcap-invoke';
+import { generateZcapUri, getCapabilitySigners } from './util.js';
+const { ZCAP_ROOT_PREFIX, ZCAP_CONTEXT_URL } = zCapConstants;
+/**
+ * A client for performing HTTP requests authorized via Authorization
+ * Capabilities (zcaps): delegating zcaps and invoking them against zcap-
+ * protected HTTP servers in both the browser and Node.js.
+ */
+export class ZcapClient {
+    agent;
+    defaultHeaders;
+    SuiteClass;
+    invocationSigner;
+    delegationSigner;
+    documentLoader;
+    /**
+     * Creates a new ZcapClient instance that can be used to perform requests
+     * against HTTP URLs that are authorized via Authorization Capabilities
+     * (zcaps).
+     *
+     * @param options {ZcapClientOptions} - The options to use.
+     */
+    constructor({ SuiteClass, didDocument, keyPairs, delegationSigner, invocationSigner, agent, defaultHeaders = {}, documentLoader }) {
+        if (!SuiteClass) {
+            throw new TypeError('"SuiteClass" must be provided.');
+        }
+        this.agent = agent;
+        this.defaultHeaders = { ...DEFAULT_HEADERS, ...defaultHeaders };
+        this.SuiteClass = SuiteClass;
+        // set the appropriate invocation and delegation signers
+        if (didDocument && keyPairs) {
+            const signers = getCapabilitySigners({ didDocument, keyPairs });
+            this.invocationSigner = signers.invocationSigner;
+            this.delegationSigner = signers.delegationSigner;
+        }
+        else if (invocationSigner || delegationSigner) {
+            this.invocationSigner = invocationSigner;
+            this.delegationSigner = delegationSigner;
+        }
+        else {
+            throw new TypeError('Either `didDocument` and `keyPairs`, or `invocationSigner` and/or ' +
+                '`delegationSigner` must be provided.');
+        }
+        // auto generate doc loader as needed if suite context is provided
+        if (!documentLoader && SuiteClass.CONTEXT && SuiteClass.CONTEXT_URL) {
+            const suiteContext = SuiteClass.CONTEXT;
+            const suiteContextUrl = SuiteClass.CONTEXT_URL;
+            documentLoader = extendDocumentLoader(async function suiteContextLoader(url) {
+                if (url === suiteContextUrl) {
+                    return {
+                        contextUrl: null,
+                        document: suiteContext,
+                        documentUrl: url,
+                        tag: 'static'
+                    };
+                }
+                return jsigs.strictDocumentLoader(url);
+            });
+        }
+        this.documentLoader =
+            documentLoader ?? zcapDocumentLoader;
+    }
+    /**
+     * Delegates an Authorization Capability to a target delegate.
+     *
+     * @param options {DelegateOptions} - The options to use.
+     *
+     * @returns {Promise<ZcapObject>} - A promise that resolves to a delegated
+     *   capability.
+     */
+    async delegate({ capability, controller, invocationTarget, expires, allowedActions }) {
+        if (!(typeof controller === 'string' && controller.includes(':'))) {
+            throw new Error('"controller" must be a string expressing an absolute URI.');
+        }
+        if (!this.delegationSigner) {
+            throw new Error('"delegationSigner" was not provided in constructor.');
+        }
+        const delegationSigner = this.delegationSigner;
+        if (invocationTarget !== undefined &&
+            !(typeof invocationTarget === 'string' && invocationTarget.includes(':'))) {
+            throw new Error('"invocationTarget" must be a string expressing an absolute URI.');
+        }
+        if (!(capability || invocationTarget)) {
+            throw new TypeError('At least one of "capability" and "invocationTarget" is required.');
+        }
+        let expiresValue;
+        if (expires === undefined) {
+            // default expiration is 5 minutes in the future
+            expiresValue =
+                new Date(Date.now() + 5 * 60 * 1000).toISOString().slice(0, -5) + 'Z';
+        }
+        else if (expires instanceof Date) {
+            if (isNaN(expires.getTime())) {
+                throw new Error('"expires" is not a valid date.');
+            }
+            // use second precision
+            expiresValue = expires.toISOString().slice(0, -5) + 'Z';
+        }
+        else if (typeof expires === 'string') {
+            // ensure expires is a valid date; keep the supplied string verbatim
+            if (isNaN(Date.parse(expires))) {
+                throw new Error('"expires" is not a valid date.');
+            }
+            expiresValue = expires;
+        }
+        else {
+            throw new TypeError('"expires" must be a string or a date.');
+        }
+        if (!capability) {
+            // generate root zcap ID from `invocationTarget`
+            capability = await generateZcapUri({ url: invocationTarget });
+        }
+        let parentCapability;
+        if (typeof capability === 'string') {
+            parentCapability = capability;
+        }
+        else if (typeof capability.id === 'string') {
+            parentCapability = capability.id;
+        }
+        else {
+            throw new TypeError('"capability" must be a string to delegate a root capability or ' +
+                'a capability object to delegate a delegated capability.');
+        }
+        if (invocationTarget === undefined) {
+            if (typeof capability === 'string') {
+                throw new Error('"invocationTarget" must be specified when "capability" is ' +
+                    'a string.');
+            }
+            // inherit `capability` invocation target
+            invocationTarget = capability.invocationTarget;
+        }
+        if (typeof invocationTarget !== 'string') {
+            throw new TypeError('"invocationTarget" must be a string.');
+        }
+        // default `allowedActions` to parent zcap's
+        let allowedActionsValue = allowedActions;
+        if (allowedActionsValue === undefined) {
+            if (typeof capability === 'string') {
+                allowedActionsValue = [];
+            }
+            else {
+                allowedActionsValue = capability.allowedAction ?? [];
+            }
+        }
+        if (typeof allowedActionsValue === 'string') {
+            // convert string value for allowedActions to array
+            allowedActionsValue = [allowedActionsValue];
+        }
+        if (!Array.isArray(allowedActionsValue)) {
+            throw new TypeError('"allowedActions" must be a string or an array of strings.');
+        }
+        const delegatedCapability = {
+            '@context': ZCAP_CONTEXT_URL,
+            id: await generateZcapUri(),
+            controller,
+            parentCapability,
+            invocationTarget,
+            expires: expiresValue
+        };
+        if (allowedActionsValue.length > 0) {
+            delegatedCapability.allowedAction = allowedActionsValue;
+        }
+        // ensure delegation date will not be at least after parent delegation date
+        let date = new Date();
+        const [parentProof] = _getDelegationProofs({ capability });
+        if (parentProof?.created) {
+            const parentDelegationDate = new Date(parentProof.created);
+            if (date < parentDelegationDate) {
+                date = parentDelegationDate;
+            }
+        }
+        const { documentLoader } = this;
+        const suite = new this.SuiteClass({ date, signer: delegationSigner });
+        // `parentCapability` must be the full object (when not delegating a root
+        // zcap) so the capability chain can be auto-computed; the local
+        // `parentCapability` string above holds only the id value.
+        const purpose = new CapabilityDelegation({
+            parentCapability: capability
+        });
+        const signedDelegatedCapability = await jsigs.sign(delegatedCapability, {
+            documentLoader,
+            suite: suite,
+            purpose
+        });
+        return signedDelegatedCapability;
+    }
+    /**
+     * Performs an HTTP request given an Authorization Capability (zcap) and/or
+     * a target URL. If no URL is given, the invocation target from the
+     * capability will be used. If a capability is given as a string, it MUST
+     * be a root capability. If both a capability and a URL are given, then
+     * the capability's invocation target MUST be a RESTful prefix of or
+     * equivalent to the URL.
+     *
+     * @param options {RequestOptions} - The options to use.
+     *
+     * @returns {Promise<HttpResponse>} - A promise that resolves to an HTTP
+     *   response.
+     */
+    async request({ url, capability, method = 'GET', action, headers = {}, json, body }) {
+        if (!this.invocationSigner) {
+            throw new Error('"invocationSigner" was not provided in constructor.');
+        }
+        const invocationSigner = this.invocationSigner;
+        // By default, set the action to be the same as the HTTP method if missing
+        const capabilityAction = action ?? method;
+        // get invocation target from zcap
+        let invocationTarget;
+        if (typeof capability === 'string') {
+            // capability MUST be a root zcap
+            if (!capability.startsWith(ZCAP_ROOT_PREFIX)) {
+                throw new Error('When "capability" is a string, it must be a root authorization ' +
+                    'capability.');
+            }
+            invocationTarget = decodeURIComponent(capability.substring(ZCAP_ROOT_PREFIX.length));
+            if (!invocationTarget.startsWith('https://')) {
+                throw new Error('When "capability" is a string, it must be a root ' +
+                    'authorization capability with an HTTPS invocation target.');
+            }
+        }
+        else if (capability !== undefined) {
+            try {
+                _checkZcap({ capability });
+            }
+            catch (cause) {
+                throw new Error('"capability" must be a valid authorization capability object.', { cause });
+            }
+            invocationTarget = capability.invocationTarget;
+        }
+        // set `url` to invocation target if not given
+        if (url === undefined) {
+            if (invocationTarget === undefined) {
+                throw new TypeError('If no "url" is given, "capability" must be given.');
+            }
+            url = invocationTarget;
+        }
+        else if (invocationTarget !== undefined) {
+            // if `url` and `capability` are both given, then `invocationTarget`
+            // MUST be a RESTful prefix for `url` or equivalent to it to avoid
+            // confused deputy (don't invoke zcaps against URLs that are in different
+            // authority heirarchies)
+            if (!(url.startsWith(invocationTarget + '/') ||
+                url.startsWith(invocationTarget + '?') ||
+                url === invocationTarget)) {
+                throw new TypeError(`When "url" and "capability" are both given, the capability's ` +
+                    '"invocationTarget" must be a RESTful prefix of "url" or equal ' +
+                    'to "url".');
+            }
+        }
+        const { agent } = this;
+        // sign the zcap headers
+        const signatureHeaders = await signCapabilityInvocation({
+            url,
+            method,
+            headers: {
+                ...headers,
+                date: new Date().toUTCString()
+            },
+            json,
+            body,
+            invocationSigner,
+            capability: capability ?? (await generateZcapUri({ url })),
+            capabilityAction
+        });
+        // build the final request
+        const options = {
+            method,
+            agent,
+            headers: { ...this.defaultHeaders, ...signatureHeaders }
+        };
+        // handle blob vs json body
+        if (body !== undefined) {
+            options.body = body;
+        }
+        else if (json !== undefined) {
+            options.json = json;
+        }
+        return httpClient(url, options);
+    }
+    /**
+     * Convenience function that invokes an Authorization Capability against a
+     * given URL to perform a read operation.
+     *
+     * @param options {ReadOptions} - The options to use.
+     *
+     * @returns {Promise<HttpResponse>} - A promise that resolves to an HTTP
+     *   response.
+     */
+    async read({ url, headers = {}, capability }) {
+        return this.request({
+            url,
+            capability,
+            method: 'get',
+            action: 'read',
+            headers
+        });
+    }
+    /**
+     * Convenience function that invokes an Authorization Capability against a
+     * given URL to perform a write operation.
+     *
+     * @param options {WriteOptions} - The options to use.
+     *
+     * @returns {Promise<HttpResponse>} - A promise that resolves to an HTTP
+     *   response.
+     */
+    async write({ url, json, body, headers = {}, capability }) {
+        return this.request({
+            url,
+            capability,
+            method: 'post',
+            action: 'write',
+            headers,
+            json,
+            body
+        });
+    }
+}
+/**
+ * Validates that a capability object is a well-formed root or delegated zcap.
+ *
+ * @param options {object} - The options to use.
+ * @param options.capability {ZcapObject} - The authorization capability.
+ */
+function _checkZcap({ capability }) {
+    const { '@context': context, id, parentCapability, invocationTarget, allowedAction, expires } = capability;
+    const isRoot = parentCapability === undefined;
+    if (isRoot) {
+        if (context !== ZCAP_CONTEXT_URL) {
+            throw new Error('Root capability must have an "@context" value of ' +
+                `"${ZCAP_CONTEXT_URL}".`);
+        }
+        if (capability.expires !== undefined) {
+            throw new Error('Root capability must not have an "expires" field.');
+        }
+    }
+    else {
+        if (!(Array.isArray(context) && context[0] === ZCAP_CONTEXT_URL)) {
+            throw new Error('Delegated capability must have an "@context" array ' +
+                `with "${ZCAP_CONTEXT_URL}" in its first position.`);
+        }
+        if (!(typeof parentCapability === 'string' && parentCapability.includes(':'))) {
+            throw new Error('Delegated capability must have a "parentCapability" with a string ' +
+                'value that expresses an absolute URI.');
+        }
+        const [proof] = _getDelegationProofs({ capability });
+        if (!proof) {
+            throw new Error('Delegated capability must have a "proof".');
+        }
+        if (isNaN(Date.parse(proof.created ?? ''))) {
+            throw new Error('Delegated capability must have a valid proof "created" date.');
+        }
+        if (expires === undefined || isNaN(Date.parse(expires))) {
+            throw new Error('Delegated capability must have a valid expires date.');
+        }
+    }
+    if (!(typeof id === 'string' && id.includes(':'))) {
+        throw new Error('Capability must have an "id" with a string value that expresses an ' +
+            'absolute URI.');
+    }
+    if (!(typeof invocationTarget === 'string' && invocationTarget.includes(':'))) {
+        throw new Error('Capability must have an "invocationTarget" with a string value that ' +
+            'expresses an absolute URI.');
+    }
+    if (allowedAction !== undefined &&
+        !(typeof allowedAction === 'string' ||
+            (Array.isArray(allowedAction) && allowedAction.length > 0))) {
+        throw new Error('If present on a capability, "allowedAction" must be a string or a ' +
+            'non-empty array.');
+    }
+}
+/**
+ * Retrieves the delegation proof(s) for a capability that is associated with
+ * its parent capability. A capability that has no parent or no associated
+ * delegation proofs will cause this function to return an empty array.
+ *
+ * @param options {object} - The options to use.
+ * @param options.capability {string|ZcapObject} - The authorization capability.
+ *
+ * @returns {Proof[]} Any `capabilityDelegation` proof objects attached to the
+ *   given capability.
+ */
+function _getDelegationProofs({ capability }) {
+    // capability is root or capability has no `proof`, then it has no relevant
+    // delegation proofs
+    if (typeof capability === 'string' ||
+        !capability.parentCapability ||
+        !capability.proof) {
+        return [];
+    }
+    let proof = capability.proof;
+    if (!Array.isArray(proof)) {
+        proof = [proof];
+    }
+    return proof.filter(p => p && p.proofPurpose === 'capabilityDelegation');
+}
+//# sourceMappingURL=ZcapClient.js.map

package/dist/ZcapClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ZcapClient.js","sourceRoot":"","sources":["../src/ZcapClient.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EACL,oBAAoB,EACpB,SAAS,IAAI,aAAa,EAC1B,cAAc,IAAI,kBAAkB,EACpC,oBAAoB,EACrB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAElE,OAAO,KAAK,KAAK,MAAM,4BAA4B,CAAA;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAA;AAC9E,OAAO,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAGjE,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,aAAa,CAAA;AAqL5D;;;;GAIG;AACH,MAAM,OAAO,UAAU;IACrB,KAAK,CAAa;IAClB,cAAc,CAAwB;IACtC,UAAU,CAA+B;IACzC,gBAAgB,CAAS;IACzB,gBAAgB,CAAS;IACzB,cAAc,CAAgB;IAE9B;;;;;;OAMG;IACH,YAAY,EACV,UAAU,EACV,WAAW,EACX,QAAQ,EACR,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,EACL,cAAc,GAAG,EAAE,EACnB,cAAc,EACI;QAClB,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,SAAS,CAAC,gCAAgC,CAAC,CAAA;QACvD,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,cAAc,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,cAAc,EAAE,CAAA;QAC/D,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAE5B,wDAAwD;QACxD,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,oBAAoB,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAA;YAC/D,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAA;YAChD,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAA;QAClD,CAAC;aAAM,IAAI,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;YAChD,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAA;YACxC,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAA;QAC1C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CACjB,oEAAoE;gBAClE,sCAAsC,CACzC,CAAA;QACH,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;YACpE,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAA;YACvC,MAAM,eAAe,GAAG,UAAU,CAAC,WAAW,CAAA;YAC9C,cAAc,GAAG,oBAAoB,CAAC,KAAK,UAAU,kBAAkB,CACrE,GAAW;gBAEX,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;oBAC5B,OAAO;wBACL,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,YAAY;wBACtB,WAAW,EAAE,GAAG;wBAChB,GAAG,EAAE,QAAQ;qBACd,CAAA;gBACH,CAAC;gBACD,OAAO,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAA;YACxC,CAAC,CAAmB,CAAA;QACtB,CAAC;QACD,IAAI,CAAC,cAAc;YACjB,cAAc,IAAK,kBAAqC,CAAA;IAC5D,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,QAAQ,CAAC,EACb,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,OAAO,EACP,cAAc,EACE;QAChB,IAAI,CAAC,CAAC,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAA;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;QACxE,CAAC;QACD,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC9C,IACE,gBAAgB,KAAK,SAAS;YAC9B,CAAC,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACzE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAA;QACH,CAAC;QAED,IAAI,CAAC,CAAC,UAAU,IAAI,gBAAgB,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,SAAS,CACjB,kEAAkE,CACnE,CAAA;QACH,CAAC;QAED,IAAI,YAAoB,CAAA;QACxB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,gDAAgD;YAChD,YAAY;gBACV,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;QACzE,CAAC;aAAM,IAAI,OAAO,YAAY,IAAI,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;YACnD,CAAC;YACD,uBAAuB;YACvB,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAA;QACzD,CAAC;aAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YACvC,oEAAoE;YACpE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;YACnD,CAAC;YACD,YAAY,GAAG,OAAO,CAAA;QACxB,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;QAC9D,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,gDAAgD;YAChD,UAAU,GAAG,MAAM,eAAe,CAAC,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,gBAAwB,CAAA;QAC5B,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,gBAAgB,GAAG,UAAU,CAAA;QAC/B,CAAC;aAAM,IAAI,OAAO,UAAU,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC7C,gBAAgB,GAAG,UAAU,CAAC,EAAE,CAAA;QAClC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CACjB,iEAAiE;gBAC/D,yDAAyD,CAC5D,CAAA;QACH,CAAC;QAED,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CACb,4DAA4D;oBAC1D,WAAW,CACd,CAAA;YACH,CAAC;YACD,yCAAyC;YACzC,gBAAgB,GAAG,UAAU,CAAC,gBAAgB,CAAA;QAChD,CAAC;QAED,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAA;QAC7D,CAAC;QAED,4CAA4C;QAC5C,IAAI,mBAAmB,GAAkC,cAAc,CAAA;QACvE,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,mBAAmB,GAAG,EAAE,CAAA;YAC1B,CAAC;iBAAM,CAAC;gBACN,mBAAmB,GAAG,UAAU,CAAC,aAAa,IAAI,EAAE,CAAA;YACtD,CAAC;QACH,CAAC;QAED,IAAI,OAAO,mBAAmB,KAAK,QAAQ,EAAE,CAAC;YAC5C,mDAAmD;YACnD,mBAAmB,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAC7C,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CACjB,2DAA2D,CAC5D,CAAA;QACH,CAAC;QAED,MAAM,mBAAmB,GAAe;YACtC,UAAU,EAAE,gBAAgB;YAC5B,EAAE,EAAE,MAAM,eAAe,EAAE;YAC3B,UAAU;YACV,gBAAgB;YAChB,gBAAgB;YAChB,OAAO,EAAE,YAAY;SACtB,CAAA;QACD,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,mBAAmB,CAAC,aAAa,GAAG,mBAAmB,CAAA;QACzD,CAAC;QAED,2EAA2E;QAC3E,IAAI,IAAI,GAAG,IAAI,IAAI,EAAE,CAAA;QACrB,MAAM,CAAC,WAAW,CAAC,GAAG,oBAAoB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;QAC1D,IAAI,WAAW,EAAE,OAAO,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YAC1D,IAAI,IAAI,GAAG,oBAAoB,EAAE,CAAC;gBAChC,IAAI,GAAG,oBAAoB,CAAA;YAC7B,CAAC;QACH,CAAC;QAED,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;QAC/B,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACrE,yEAAyE;QACzE,gEAAgE;QAChE,2DAA2D;QAC3D,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC;YACvC,gBAAgB,EAAE,UAAU;SAC7B,CAAC,CAAA;QAEF,MAAM,yBAAyB,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE;YACtE,cAAc;YACd,KAAK,EAAE,KAA8B;YACrC,OAAO;SACR,CAAC,CAAA;QAEF,OAAO,yBAAuC,CAAA;IAChD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,OAAO,CAAC,EACZ,GAAG,EACH,UAAU,EACV,MAAM,GAAG,KAAK,EACd,MAAM,EACN,OAAO,GAAG,EAAE,EACZ,IAAI,EACJ,IAAI,EACW;QACf,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;QACxE,CAAC;QACD,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAA;QAC9C,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,MAAM,IAAI,MAAM,CAAA;QAEzC,kCAAkC;QAClC,IAAI,gBAAoC,CAAA;QACxC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,iCAAiC;YACjC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CACb,iEAAiE;oBAC/D,aAAa,CAChB,CAAA;YACH,CAAC;YACD,gBAAgB,GAAG,kBAAkB,CACnC,UAAU,CAAC,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAC9C,CAAA;YACD,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,KAAK,CACb,mDAAmD;oBACjD,2DAA2D,CAC9D,CAAA;YACH,CAAC;QACH,CAAC;aAAM,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,+DAA+D,EAC/D,EAAE,KAAK,EAAE,CACV,CAAA;YACH,CAAC;YACD,gBAAgB,GAAG,UAAU,CAAC,gBAAgB,CAAA;QAChD,CAAC;QAED,8CAA8C;QAC9C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;YAC1E,CAAC;YACD,GAAG,GAAG,gBAAgB,CAAA;QACxB,CAAC;aAAM,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC1C,oEAAoE;YACpE,kEAAkE;YAClE,yEAAyE;YACzE,yBAAyB;YACzB,IACE,CAAC,CACC,GAAG,CAAC,UAAU,CAAC,gBAAgB,GAAG,GAAG,CAAC;gBACtC,GAAG,CAAC,UAAU,CAAC,gBAAgB,GAAG,GAAG,CAAC;gBACtC,GAAG,KAAK,gBAAgB,CACzB,EACD,CAAC;gBACD,MAAM,IAAI,SAAS,CACjB,+DAA+D;oBAC7D,gEAAgE;oBAChE,WAAW,CACd,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAEtB,wBAAwB;QACxB,MAAM,gBAAgB,GAAG,MAAM,wBAAwB,CAAC;YACtD,GAAG;YACH,MAAM;YACN,OAAO,EAAE;gBACP,GAAG,OAAO;gBACV,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aAC/B;YACD,IAAI;YACJ,IAAI;YACJ,gBAAgB;YAChB,UAAU,EAAE,UAAU,IAAI,CAAC,MAAM,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YAC1D,gBAAgB;SACjB,CAAC,CAAA;QAEF,0BAA0B;QAC1B,MAAM,OAAO,GAAsB;YACjC,MAAM;YACN,KAAK;YACL,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,gBAAgB,EAAE;SACzD,CAAA;QAED,2BAA2B;QAC3B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,GAAG,IAAgB,CAAA;QACjC,CAAC;aAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QACrB,CAAC;QAED,OAAO,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACjC,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CAAC,EACT,GAAG,EACH,OAAO,GAAG,EAAE,EACZ,UAAU,EACE;QACZ,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,GAAG;YACH,UAAU;YACV,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,MAAM;YACd,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,KAAK,CAAC,EACV,GAAG,EACH,IAAI,EACJ,IAAI,EACJ,OAAO,GAAG,EAAE,EACZ,UAAU,EACG;QACb,OAAO,IAAI,CAAC,OAAO,CAAC;YAClB,GAAG;YACH,UAAU;YACV,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,OAAO;YACf,OAAO;YACP,IAAI;YACJ,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAC,EAAE,UAAU,EAA8B;IAC5D,MAAM,EACJ,UAAU,EAAE,OAAO,EACnB,EAAE,EACF,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,EACb,OAAO,EACR,GAAG,UAAU,CAAA;IAEd,MAAM,MAAM,GAAG,gBAAgB,KAAK,SAAS,CAAA;IAC7C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,OAAO,KAAK,gBAAgB,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,mDAAmD;gBACjD,IAAI,gBAAgB,IAAI,CAC3B,CAAA;QACH,CAAC;QACD,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,gBAAgB,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CACb,qDAAqD;gBACnD,SAAS,gBAAgB,0BAA0B,CACtD,CAAA;QACH,CAAC;QACD,IACE,CAAC,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACzE,CAAC;YACD,MAAM,IAAI,KAAK,CACb,oEAAoE;gBAClE,uCAAuC,CAC1C,CAAA;QACH,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,oBAAoB,CAAC,EAAE,UAAU,EAAE,CAAC,CAAA;QACpD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QACD,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAA;QACH,CAAC;QACD,IAAI,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,qEAAqE;YACnE,eAAe,CAClB,CAAA;IACH,CAAC;IACD,IACE,CAAC,CAAC,OAAO,gBAAgB,KAAK,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EACzE,CAAC;QACD,MAAM,IAAI,KAAK,CACb,sEAAsE;YACpE,4BAA4B,CAC/B,CAAA;IACH,CAAC;IACD,IACE,aAAa,KAAK,SAAS;QAC3B,CAAC,CACC,OAAO,aAAa,KAAK,QAAQ;YACjC,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAC3D,EACD,CAAC;QACD,MAAM,IAAI,KAAK,CACb,oEAAoE;YAClE,kBAAkB,CACrB,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,oBAAoB,CAAC,EAC5B,UAAU,EAGX;IACC,2EAA2E;IAC3E,oBAAoB;IACpB,IACE,OAAO,UAAU,KAAK,QAAQ;QAC9B,CAAC,UAAU,CAAC,gBAAgB;QAC5B,CAAC,UAAU,CAAC,KAAK,EACjB,CAAC;QACD,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAI,KAAK,GAAG,UAAU,CAAC,KAAK,CAAA;IAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,GAAG,CAAC,KAAK,CAAC,CAAA;IACjB,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,KAAK,sBAAsB,CAAC,CAAA;AAC1E,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+/*!
+ * Copyright (c) 2020-2026 Digital Bazaar, Inc. and Interop Alliance. All rights
+ * reserved.
+ */
+export { ZcapClient } from './ZcapClient.js';
+export type { DocumentLoader, HttpsAgent, LinkedDataSignatureSuiteClass, Proof, ZcapObject, ZcapClientOptions, DelegateOptions, RequestOptions, ReadOptions, WriteOptions } from './ZcapClient.js';
+export { getCapabilitySigners } from './util.js';
+export type { Signer, VerificationMethodReference, DidDocument, KeyPair, CapabilitySigners } from './util.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,YAAY,EACV,cAAc,EACd,UAAU,EACV,6BAA6B,EAC7B,KAAK,EACL,UAAU,EACV,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,WAAW,EACX,YAAY,EACb,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAChD,YAAY,EACV,MAAM,EACN,2BAA2B,EAC3B,WAAW,EACX,OAAO,EACP,iBAAiB,EAClB,MAAM,WAAW,CAAA"}

package/dist/index.js

@@ -0,0 +1,7 @@
+/*!
+ * Copyright (c) 2020-2026 Digital Bazaar, Inc. and Interop Alliance. All rights
+ * reserved.
+ */
+export { ZcapClient } from './ZcapClient.js';
+export { getCapabilitySigners } from './util.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAa5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA"}

package/dist/util.d.ts

@@ -0,0 +1,70 @@
+/**
+ * A signer instance with a sign function and id and controller properties.
+ */
+export interface Signer {
+    id: string;
+    controller: string;
+    sign(options: {
+        data: Uint8Array;
+    }): Promise<Uint8Array>;
+}
+/**
+ * A verification method entry in a DID Document, either as a string ID or
+ * an embedded object with an `id` property.
+ */
+export type VerificationMethodReference = string | {
+    id: string;
+    [key: string]: unknown;
+};
+/**
+ * A DID Document containing verification relationships for capability
+ * invocation and delegation.
+ */
+export interface DidDocument {
+    id: string;
+    capabilityInvocation?: VerificationMethodReference[];
+    capabilityDelegation?: VerificationMethodReference[];
+    [key: string]: unknown;
+}
+/**
+ * A cryptographic key pair with a signer factory method.
+ */
+export interface KeyPair {
+    signer(): Signer;
+    [key: string]: unknown;
+}
+/**
+ * A pair of signers derived from a DID Document and key pairs.
+ */
+export interface CapabilitySigners {
+    invocationSigner?: Signer;
+    delegationSigner?: Signer;
+}
+/**
+ * Retrieves the first set of capability invocation and delegation signers
+ * associated with the `didDocument` from the `keyPairs`.
+ *
+ * @param options {object} - The options to use.
+ * @param options.didDocument {DidDocument} - A DID Document containing
+ *   verification relationships for capability invocation and delegation.
+ * @param options.keyPairs {Map} - A map containing keypairs indexed by key ID.
+ *
+ * @returns {CapabilitySigners} - A valid `invocationSigner` and
+ *   `delegationSigner` associated with the didDocument.
+ */
+export declare function getCapabilitySigners({ didDocument, keyPairs }: {
+    didDocument: DidDocument;
+    keyPairs: Map<string, KeyPair>;
+}): CapabilitySigners;
+/**
+ * Generate a zcap URI given a root capability URL or a delegated flag.
+ *
+ * @param options {object} - The options to use.
+ * @param [options.url] {string} - Optional URL identifying the root capability.
+ *
+ * @returns {Promise<string>} - A zcap URI.
+ */
+export declare function generateZcapUri({ url }?: {
+    url?: string;
+}): Promise<string>;
+//# sourceMappingURL=util.d.ts.map

package/dist/util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AASA;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,OAAO,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;CACzD;AAED;;;GAGG;AACH,MAAM,MAAM,2BAA2B,GACnC,MAAM,GACN;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAA;AAE1C;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,oBAAoB,CAAC,EAAE,2BAA2B,EAAE,CAAA;IACpD,oBAAoB,CAAC,EAAE,2BAA2B,EAAE,CAAA;IACpD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,MAAM,IAAI,MAAM,CAAA;IAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAAC,EACnC,WAAW,EACX,QAAQ,EACT,EAAE;IACD,WAAW,EAAE,WAAW,CAAA;IACxB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC/B,GAAG,iBAAiB,CA8DpB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,EACpC,GAAG,EACJ,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAKzC"}

package/dist/util.js

@@ -0,0 +1,92 @@
+/*!
+ * Copyright (c) 2021-2026 Digital Bazaar, Inc. and Interop Alliance. All rights
+ * reserved.
+ */
+import { constants } from '@interop/zcap';
+import { v4 as uuid } from 'uuid';
+const { ZCAP_ROOT_PREFIX } = constants;
+/**
+ * Retrieves the first set of capability invocation and delegation signers
+ * associated with the `didDocument` from the `keyPairs`.
+ *
+ * @param options {object} - The options to use.
+ * @param options.didDocument {DidDocument} - A DID Document containing
+ *   verification relationships for capability invocation and delegation.
+ * @param options.keyPairs {Map} - A map containing keypairs indexed by key ID.
+ *
+ * @returns {CapabilitySigners} - A valid `invocationSigner` and
+ *   `delegationSigner` associated with the didDocument.
+ */
+export function getCapabilitySigners({ didDocument, keyPairs }) {
+    const { capabilityDelegation, capabilityInvocation } = didDocument;
+    // ensure didDocument and keyPairs contain the information necessary
+    if (!(capabilityDelegation || capabilityInvocation)) {
+        throw new Error('didDocument must include "capabilityInvocation" or ' +
+            '"capabilityDelegation" properties.');
+    }
+    const capabilityDelegationId = _verificationMethodId(capabilityDelegation?.[0]);
+    const capabilityInvocationId = _verificationMethodId(capabilityInvocation?.[0]);
+    if (capabilityDelegation && !capabilityDelegationId) {
+        throw new Error('Could not determine didDocument capabilityDelegation identifier.');
+    }
+    if (capabilityInvocation && !capabilityInvocationId) {
+        throw new Error('Could not determine didDocument capabilityInvocation identifier.');
+    }
+    let delegationKeyPair;
+    if (capabilityDelegationId) {
+        delegationKeyPair = keyPairs.get(capabilityDelegationId);
+    }
+    let invocationKeyPair;
+    if (capabilityInvocationId) {
+        invocationKeyPair = keyPairs.get(capabilityInvocationId);
+    }
+    if (!(delegationKeyPair || invocationKeyPair)) {
+        throw new Error(`didDocument keyPairs contains neither capabilityDelegation key ` +
+            `(${capabilityDelegationId}) nor capabilityInvocation key ` +
+            `(${capabilityInvocationId}).`);
+    }
+    let delegationSigner;
+    if (delegationKeyPair && capabilityDelegationId) {
+        delegationSigner = delegationKeyPair.signer();
+        delegationSigner.id = capabilityDelegationId;
+        delegationSigner.controller = didDocument.id;
+    }
+    let invocationSigner;
+    if (invocationKeyPair && capabilityInvocationId) {
+        invocationSigner = invocationKeyPair.signer();
+        invocationSigner.id = capabilityInvocationId;
+        invocationSigner.controller = didDocument.id;
+    }
+    return { invocationSigner, delegationSigner };
+}
+/**
+ * Generate a zcap URI given a root capability URL or a delegated flag.
+ *
+ * @param options {object} - The options to use.
+ * @param [options.url] {string} - Optional URL identifying the root capability.
+ *
+ * @returns {Promise<string>} - A zcap URI.
+ */
+export async function generateZcapUri({ url } = {}) {
+    if (url) {
+        return `${ZCAP_ROOT_PREFIX}${encodeURIComponent(url)}`;
+    }
+    return `urn:uuid:${uuid()}`;
+}
+/**
+ * Resolves a verification method reference to its string id.
+ *
+ * @param verificationMethod {VerificationMethodReference} - A string id or an
+ *   embedded verification method object.
+ *
+ * @returns {string|undefined} - The verification method id, if any.
+ */
+function _verificationMethodId(verificationMethod) {
+    if (verificationMethod === undefined) {
+        return undefined;
+    }
+    return typeof verificationMethod === 'string'
+        ? verificationMethod
+        : verificationMethod.id;
+}
+//# sourceMappingURL=util.js.map

package/dist/util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM,CAAA;AAEjC,MAAM,EAAE,gBAAgB,EAAE,GAAG,SAAS,CAAA;AA8CtC;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAAC,EACnC,WAAW,EACX,QAAQ,EAIT;IACC,MAAM,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,GAAG,WAAW,CAAA;IAElE,oEAAoE;IACpE,IAAI,CAAC,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,qDAAqD;YACnD,oCAAoC,CACvC,CAAA;IACH,CAAC;IAED,MAAM,sBAAsB,GAAG,qBAAqB,CAClD,oBAAoB,EAAE,CAAC,CAAC,CAAC,CAC1B,CAAA;IACD,MAAM,sBAAsB,GAAG,qBAAqB,CAClD,oBAAoB,EAAE,CAAC,CAAC,CAAC,CAC1B,CAAA;IAED,IAAI,oBAAoB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAA;IACH,CAAC;IACD,IAAI,oBAAoB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAA;IACH,CAAC;IAED,IAAI,iBAAsC,CAAA;IAC1C,IAAI,sBAAsB,EAAE,CAAC;QAC3B,iBAAiB,GAAG,QAAQ,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;IAC1D,CAAC;IAED,IAAI,iBAAsC,CAAA;IAC1C,IAAI,sBAAsB,EAAE,CAAC;QAC3B,iBAAiB,GAAG,QAAQ,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAA;IAC1D,CAAC;IAED,IAAI,CAAC,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,iEAAiE;YAC/D,IAAI,sBAAsB,iCAAiC;YAC3D,IAAI,sBAAsB,IAAI,CACjC,CAAA;IACH,CAAC;IAED,IAAI,gBAAoC,CAAA;IACxC,IAAI,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;QAChD,gBAAgB,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAA;QAC7C,gBAAgB,CAAC,EAAE,GAAG,sBAAsB,CAAA;QAC5C,gBAAgB,CAAC,UAAU,GAAG,WAAW,CAAC,EAAE,CAAA;IAC9C,CAAC;IAED,IAAI,gBAAoC,CAAA;IACxC,IAAI,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;QAChD,gBAAgB,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAA;QAC7C,gBAAgB,CAAC,EAAE,GAAG,sBAAsB,CAAA;QAC5C,gBAAgB,CAAC,UAAU,GAAG,WAAW,CAAC,EAAE,CAAA;IAC9C,CAAC;IAED,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAA;AAC/C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EACpC,GAAG,KACiB,EAAE;IACtB,IAAI,GAAG,EAAE,CAAC;QACR,OAAO,GAAG,gBAAgB,GAAG,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAA;IACxD,CAAC;IACD,OAAO,YAAY,IAAI,EAAE,EAAE,CAAA;AAC7B,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAC5B,kBAA2D;IAE3D,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,OAAO,OAAO,kBAAkB,KAAK,QAAQ;QAC3C,CAAC,CAAC,kBAAkB;QACpB,CAAC,CAAC,kBAAkB,CAAC,EAAE,CAAA;AAC3B,CAAC"}