@keetanetwork/anchor 0.0.24 → 0.0.26

package/lib/certificates.d.ts

@@ -2,15 +2,18 @@ import * as KeetaNetClient from '@keetanetwork/keetanet-client';
 import { Buffer } from './utils/buffer.js';
 import type { CertificateAttributeValue } from '../services/kyc/iso20022.generated.js';
 import { CertificateAttributeOIDDB } from '../services/kyc/iso20022.generated.js';
-/**
- * Short alias for the KeetaNetAccount type
- */
-declare const KeetaNetAccount: typeof KeetaNetClient.lib.Account;
+type BaseCertificateClass = typeof KeetaNetClient.lib.Utils.Certificate.Certificate;
+type BaseCertificate = InstanceType<BaseCertificateClass>;
+declare const BaseCertificate: BaseCertificateClass;
+type BaseCertificateBuilderClass = typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;
+type BaseCertificateBuilder = InstanceType<BaseCertificateBuilderClass>;
+declare const BaseCertificateBuilder: BaseCertificateBuilderClass;
 type AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];
 /**
  * An alias for the KeetaNetAccount type
  */
 type KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;
+declare const KeetaNetAccount: typeof KeetaNetClient.lib.Account;
 declare function assertCertificateAttributeNames(name: string): asserts name is CertificateAttributeNames;
 declare class SensitiveAttribute<T = ArrayBuffer> {
     #private;
@@ -48,7 +51,7 @@ declare class SensitiveAttribute<T = ArrayBuffer> {
  * Type for certificate attribute names (derived from generated OID database)
  */
 type CertificateAttributeNames = keyof typeof CertificateAttributeOIDDB;
-type BaseCertificateBuilderParams = NonNullable<ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>[0]>;
+type BaseCertificateBuilderParams = NonNullable<ConstructorParameters<BaseCertificateBuilderClass>[0]>;
 type CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'issuer' | 'validFrom' | 'validTo' | 'serial' | 'hashLib' | 'issuerDN' | 'subjectDN' | 'isCA'> & {
     /**
      * The key of the subject -- used for Sensitive Attributes as well
@@ -57,7 +60,7 @@ type CertificateBuilderParams = Required<Pick<BaseCertificateBuilderParams, 'iss
     subject: BaseCertificateBuilderParams['subjectPublicKey'];
 }>;
 type CertificateAttributeInput<NAME extends CertificateAttributeNames> = CertificateAttributeValue<NAME>;
-export declare class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.CertificateBuilder {
+export declare class CertificateBuilder extends BaseCertificateBuilder {
     #private;
     /**
      * Map the parameters from the public interface to the internal
@@ -74,7 +77,7 @@ export declare class CertificateBuilder extends KeetaNetClient.lib.Utils.Certifi
      * value can be proven later without revealing it.
      */
     setAttribute<NAME extends CertificateAttributeNames>(name: NAME, sensitive: boolean, value: CertificateAttributeInput<NAME>): void;
-    protected addExtensions(...args: Parameters<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']>): ReturnType<InstanceType<typeof KeetaNetClient.lib.Utils.Certificate.CertificateBuilder>['addExtensions']>;
+    protected addExtensions(...args: Parameters<BaseCertificateBuilder['addExtensions']>): ReturnType<BaseCertificateBuilder['addExtensions']>;
     /**
      * Create a Certificate object from the builder
      *
@@ -83,7 +86,7 @@ export declare class CertificateBuilder extends KeetaNetClient.lib.Utils.Certifi
      */
     build(params?: Partial<CertificateBuilderParams>): Promise<Certificate>;
 }
-export declare class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificate {
+export declare class Certificate extends BaseCertificate {
     private readonly subjectKey;
     static readonly Builder: typeof CertificateBuilder;
     static readonly SharableAttributes: typeof SharableCertificateAttributes;
@@ -99,7 +102,7 @@ export declare class Certificate extends KeetaNetClient.lib.Utils.Certificate.Ce
             value: ArrayBuffer;
         };
     };
-    constructor(input: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[0], options?: ConstructorParameters<typeof KeetaNetClient.lib.Utils.Certificate.Certificate>[1] & {
+    constructor(input: ConstructorParameters<BaseCertificateClass>[0], options?: ConstructorParameters<BaseCertificateClass>[1] & {
         subjectKey?: KeetaNetAccount;
     });
     protected finalizeConstruction(): void;
@@ -132,6 +135,7 @@ export declare namespace SharableCertificateAttributesTypes {
     };
     type ContentsSchema = {
         certificate: string;
+        intermediates?: string[] | undefined;
         attributes: {
             [name: string]: {
                 sensitive: true;
@@ -162,11 +166,21 @@ export declare class SharableCertificateAttributes {
      * and a list of attribute names to include -- if no list is
      * provided, all attributes are included.
      */
+    static fromCertificate(certificate: Certificate, intermediates?: Set<BaseCertificate>, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;
+    /** @deprecated Use the overload with three parameters instead */
     static fromCertificate(certificate: Certificate, attributeNames?: CertificateAttributeNames[]): Promise<SharableCertificateAttributes>;
     grantAccess(principal: KeetaNetAccount): Promise<this>;
     revokeAccess(principal: KeetaNetAccount): Promise<this>;
     get principals(): KeetaNetAccount[];
     getCertificate(): Promise<Certificate>;
+    /**
+     * Get the intermediate certificates included in this sharable
+     * certificate container
+     *
+     * @return A set of BaseCertificate objects representing the
+     *         intermediate certificates attached to this container
+     */
+    getIntermediates(): Promise<Set<BaseCertificate>>;
     getAttributeBuffer(name: string): Promise<ArrayBuffer | undefined>;
     getAttribute<NAME extends CertificateAttributeNames>(name: NAME): Promise<CertificateAttributeValue<NAME> | undefined>;
     getAttributeNames(includeUnknown: true): Promise<string[]>;

package/lib/certificates.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAGhE,OAAO,EAAgD,MAAM,EAAuB,MAAM,mBAAmB,CAAC;AAG9G,OAAO,KAAK,EAA0B,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAC/G,OAAO,EAAE,yBAAyB,EAA8B,MAAM,uCAAuC,CAAC;AAY9G;;GAEG;AACH,QAAA,MAAM,eAAe,EAAE,OAAO,cAAc,CAAC,GAAG,CAAC,OAAoC,CAAC;AAGtF,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AAEtF;;GAEG;AACH,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AA+RnG,iBAAS,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,IAAI,yBAAyB,CAIhG;AAiKD,cAAM,kBAAkB,CAAC,CAAC,GAAG,WAAW;;gBAK3B,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,KAAK,CAAC;IAQ7G,OAAO,CAAC,MAAM;IAqEd;;;;;;;;OAQG;IACG,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC;IAK3B,QAAQ,IAAI,OAAO,CAAC,CAAC,CAAC;IAiB5B;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAC,CAAC;IAYnE;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAcnF,MAAM,IAAI,OAAO;CAGjB;AAED;;GAEG;AACH,KAAK,yBAAyB,GAAG,MAAM,OAAO,yBAAyB,CAAC;AAExE,KAAK,4BAA4B,GAAG,WAAW,CAAC,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1I,KAAK,wBAAwB,GAAG,QAAQ,CAAC,IAAI,CAAC,4BAA4B,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC,GAAG;IAC5K;;;OAGG;IACH,OAAO,EAAE,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;CAC1D,CAAC,CAAC;AAoCH,KAAK,yBAAyB,CAAC,IAAI,SAAS,yBAAyB,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;AAEzG,qBAAa,kBAAmB,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB;;IAK9F;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;gBAcZ,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAItD;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,yBAAyB,CAAC,IAAI,CAAC,GAAG,IAAI;cA2BlH,aAAa,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,CAAC,GAAG,UAAU,CAAC,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC,eAAe,CAAC,CAAC;IAmD5P;;;;;OAKG;IACG,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;CAgB7E;AAED,qBAAa,WAAY,SAAQ,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW;IAChF,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,kBAAkB,CAAsB;IACxE,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,6BAA6B,CAAC;IAEzE;;OAEM;IACN,QAAQ,CAAC,UAAU,EAAE;SACnB,IAAI,IAAI,yBAAyB,CAAC,CAAC,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC;YAChB,KAAK,EAAE,kBAAkB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,GAAG;YACH,SAAS,EAAE,KAAK,CAAC;YACjB,KAAK,EAAE,WAAW,CAAC;SACnB;KACD,CAAM;gBAEK,KAAK,EAAE,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,eAAe,CAAA;KAAE;IAQpO,SAAS,CAAC,oBAAoB,IAAI,IAAI;IAItC,OAAO,CAAC,iBAAiB;IAKzB,OAAO,CAAC,qBAAqB;IAW7B;;;;;OAKG;IACG,iBAAiB,CAAC,IAAI,SAAS,yBAAyB,EAAE,aAAa,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAmB9H,SAAS,CAAC,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO;CAiCnE;AAGD,yBAAiB,kCAAkC,CAAC;IACnD,KAAY,aAAa,GAAG;QAC3B;;;;WAIG;QACH,MAAM,CAAC,EAAE,QAAQ,GAAG,aAAa,CAAC;KAClC,CAAC;IACF,KAAY,aAAa,GAAG;QAC3B;;;WAGG;QACH,UAAU,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,GAAG,IAAI,CAAC;KAC/E,CAAC;IACF,KAAY,cAAc,GAAG;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE;YACX,CAAC,IAAI,EAAE,MAAM,GAAG;gBACf,SAAS,EAAE,IAAI,CAAC;gBAChB,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC3D,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,GAAG;gBACH,SAAS,EAAE,KAAK,CAAC;gBACjB,KAAK,EAAE,MAAM,CAAC;gBACd,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,CAAA;SACD,CAAC;KACF,CAAC;CACF;AACD,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AACnG,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AAGnG,qBAAa,6BAA6B;;IAUzC,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,iBAAiB,CAAS;IAElC,MAAM,CAAC,8BAA8B,EAAE,OAAO,+BAA+B,CAAmC;gBAEpG,KAAK,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,0CAA0C;IA2DtG;;;;OAIG;WACU,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAyGtI,WAAW,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7D,IAAI,UAAU,IAAI,eAAe,EAAE,CAElC;IAoFK,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAQtC,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAMlE,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAkEtH,iBAAiB,CAAC,cAAc,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1D,iBAAiB,CAAC,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAgBrF,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,CAAC,EAAE,KAAK,CAAC;KAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IACxH,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IAC/H,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACnH,MAAM,CAAC,OAAO,CAAC,EAAE,0CAA0C,GAAG,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;CA8B3F"}
+{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../src/lib/certificates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,cAAc,MAAM,+BAA+B,CAAC;AAKhE,OAAO,EAAgD,MAAM,EAAuB,MAAM,mBAAmB,CAAC;AAG9G,OAAO,KAAK,EAA0B,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAC/G,OAAO,EAAE,yBAAyB,EAA8B,MAAM,uCAAuC,CAAC;AAe9G,KAAK,oBAAoB,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC;AACpF,KAAK,eAAe,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;AAC1D,QAAA,MAAM,eAAe,EAAE,oBAAuE,CAAC;AAC/F,KAAK,2BAA2B,GAAG,OAAO,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAClG,KAAK,sBAAsB,GAAG,YAAY,CAAC,2BAA2B,CAAC,CAAC;AACxE,QAAA,MAAM,sBAAsB,EAAE,2BAAqF,CAAC;AAGpH,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AAEtF;;GAEG;AACH,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AACnG,QAAA,MAAM,eAAe,EAAE,OAAO,cAAc,CAAC,GAAG,CAAC,OAAoC,CAAC;AA0JtF,iBAAS,+BAA+B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,IAAI,yBAAyB,CAIhG;AAqJD,cAAM,kBAAkB,CAAC,CAAC,GAAG,WAAW;;gBAK3B,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,KAAK,CAAC;IAQ7G,OAAO,CAAC,MAAM;IAqEd;;;;;;;;OAQG;IACG,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC;IAK3B,QAAQ,IAAI,OAAO,CAAC,CAAC,CAAC;IAiB5B;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAC,CAAC;IAYnE;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAcnF,MAAM,IAAI,OAAO;CAGjB;AAED;;GAEG;AACH,KAAK,yBAAyB,GAAG,MAAM,OAAO,yBAAyB,CAAC;AAExE,KAAK,4BAA4B,GAAG,WAAW,CAAC,qBAAqB,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvG,KAAK,wBAAwB,GAAG,QAAQ,CAAC,IAAI,CAAC,4BAA4B,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC,GAAG;IAC5K;;;OAGG;IACH,OAAO,EAAE,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;CAC1D,CAAC,CAAC;AAoCH,KAAK,yBAAyB,CAAC,IAAI,SAAS,yBAAyB,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;AAEzG,qBAAa,kBAAmB,SAAQ,sBAAsB;;IAK7D;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;gBAcZ,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC;IAItD;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE,yBAAyB,CAAC,IAAI,CAAC,GAAG,IAAI;cA2BlH,aAAa,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC,GAAG,UAAU,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;IAmDhJ;;;;;OAKG;IACG,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;CAgB7E;AAED,qBAAa,WAAY,SAAQ,eAAe;IAC/C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;IAC7C,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,kBAAkB,CAAsB;IACxE,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,6BAA6B,CAAC;IAEzE;;OAEM;IACN,QAAQ,CAAC,UAAU,EAAE;SACnB,IAAI,IAAI,yBAAyB,CAAC,CAAC,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC;YAChB,KAAK,EAAE,kBAAkB,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,GAAG;YACH,SAAS,EAAE,KAAK,CAAC;YACjB,KAAK,EAAE,WAAW,CAAC;SACnB;KACD,CAAM;gBAEK,KAAK,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,GAAG;QAAE,UAAU,CAAC,EAAE,eAAe,CAAA;KAAE;IAQ9J,SAAS,CAAC,oBAAoB,IAAI,IAAI;IAItC,OAAO,CAAC,iBAAiB;IAKzB,OAAO,CAAC,qBAAqB;IAW7B;;;;;OAKG;IACG,iBAAiB,CAAC,IAAI,SAAS,yBAAyB,EAAE,aAAa,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAmB9H,SAAS,CAAC,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,OAAO;CAiCnE;AAGD,yBAAiB,kCAAkC,CAAC;IACnD,KAAY,aAAa,GAAG;QAC3B;;;;WAIG;QACH,MAAM,CAAC,EAAE,QAAQ,GAAG,aAAa,CAAC;KAClC,CAAC;IACF,KAAY,aAAa,GAAG;QAC3B;;;WAGG;QACH,UAAU,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,GAAG,IAAI,CAAC;KAC/E,CAAC;IACF,KAAY,cAAc,GAAG;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QACrC,UAAU,EAAE;YACX,CAAC,IAAI,EAAE,MAAM,GAAG;gBACf,SAAS,EAAE,IAAI,CAAC;gBAChB,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC3D,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,GAAG;gBACH,SAAS,EAAE,KAAK,CAAC;gBACjB,KAAK,EAAE,MAAM,CAAC;gBACd,UAAU,CAAC,EAAE;oBAAE,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAAA;iBAAE,CAAC;aACtC,CAAA;SACD,CAAC;KACF,CAAC;CACF;AACD,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AACnG,KAAK,0CAA0C,GAAG,kCAAkC,CAAC,aAAa,CAAC;AAGnG,qBAAa,6BAA6B;;IAWzC,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,iBAAiB,CAAS;IAElC,MAAM,CAAC,8BAA8B,EAAE,OAAO,+BAA+B,CAAmC;gBAEpG,KAAK,EAAE,WAAW,GAAG,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,0CAA0C;IA2DtG;;;;OAIG;WACU,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,EAAE,GAAG,CAAC,eAAe,CAAC,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAClL,iEAAiE;WACpD,eAAe,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA6ItI,WAAW,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtD,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7D,IAAI,UAAU,IAAI,eAAe,EAAE,CAElC;IA0FK,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IAQ5C;;;;;;OAMG;IACG,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAQjD,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAMlE,YAAY,CAAC,IAAI,SAAS,yBAAyB,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;IAiEtH,iBAAiB,CAAC,cAAc,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAC1D,iBAAiB,CAAC,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAgBrF,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,CAAC,EAAE,KAAK,CAAC;KAAE,GAAG,OAAO,CAAC,WAAW,CAAC;IACxH,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC;IAC/H,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,0CAA0C,EAAE,QAAQ,CAAC,GAAG;QAAE,MAAM,EAAE,QAAQ,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACnH,MAAM,CAAC,OAAO,CAAC,EAAE,0CAA0C,GAAG,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;CA8B3F"}

package/lib/certificates.generated.js

@@ -1,7 +1,7 @@
 import * as __typia_transform__assertGuard from "typia/lib/internal/_assertGuard.js";
 import * as __typia_transform__accessExpressionAsString from "typia/lib/internal/_accessExpressionAsString.js";
 import * as typia from 'typia';
-export const assertSharableCertificateAttributesContentsSchema = (() => { const _io0 = input => "string" === typeof input.certificate && ("object" === typeof input.attributes && null !== input.attributes && false === Array.isArray(input.attributes) && _io1(input.attributes)); const _io1 = input => Object.keys(input).every(key => {
+export const assertSharableCertificateAttributesContentsSchema = (() => { const _io0 = input => "string" === typeof input.certificate && (undefined === input.intermediates || Array.isArray(input.intermediates) && input.intermediates.every(elem => "string" === typeof elem)) && ("object" === typeof input.attributes && null !== input.attributes && false === Array.isArray(input.attributes) && _io1(input.attributes)); const _io1 = input => Object.keys(input).every(key => {
     const value = input[key];
     if (undefined === value)
         return true;
@@ -28,6 +28,21 @@ export const assertSharableCertificateAttributesContentsSchema = (() => { const
     path: _path + ".certificate",
     expected: "string",
     value: input.certificate
+}, _errorFactory)) && (undefined === input.intermediates || (Array.isArray(input.intermediates) || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "typia.createAssert",
+    path: _path + ".intermediates",
+    expected: "(Array<string> | undefined)",
+    value: input.intermediates
+}, _errorFactory)) && input.intermediates.every((elem, _index2) => "string" === typeof elem || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "typia.createAssert",
+    path: _path + ".intermediates[" + _index2 + "]",
+    expected: "string",
+    value: elem
+}, _errorFactory)) || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "typia.createAssert",
+    path: _path + ".intermediates",
+    expected: "(Array<string> | undefined)",
+    value: input.intermediates
 }, _errorFactory)) && (("object" === typeof input.attributes && null !== input.attributes && false === Array.isArray(input.attributes) || __typia_transform__assertGuard._assertGuard(_exceptionable, {
     method: "typia.createAssert",
     path: _path + ".attributes",

package/lib/certificates.generated.js.map

@@ -1 +1 @@
-{"version":3,"file":"certificates.generated.js","sourceRoot":"","sources":["../../src/lib/certificates.generated.ts"],"names":[],"mappings":";;AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,MAAM,CAAC,MAAM,iDAAiD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAAiJ,CAAC","sourcesContent":["import * as typia from 'typia';\nimport type { SharableCertificateAttributesTypes } from './certificates.js';\n\nexport const assertSharableCertificateAttributesContentsSchema: (input: unknown) => SharableCertificateAttributesTypes.ContentsSchema = typia.createAssert<SharableCertificateAttributesTypes.ContentsSchema>();\n"]}
+{"version":3,"file":"certificates.generated.js","sourceRoot":"","sources":["../../src/lib/certificates.generated.ts"],"names":[],"mappings":";;AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,MAAM,CAAC,MAAM,iDAAiD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAAiJ,CAAC","sourcesContent":["import * as typia from 'typia';\nimport type { SharableCertificateAttributesTypes } from './certificates.js';\n\nexport const assertSharableCertificateAttributesContentsSchema: (input: unknown) => SharableCertificateAttributesTypes.ContentsSchema = typia.createAssert<SharableCertificateAttributesTypes.ContentsSchema>();\n"]}

package/lib/certificates.js

@@ -1,6 +1,7 @@
 import * as KeetaNetClient from '@keetanetwork/keetanet-client';
 import * as oids from '../services/kyc/oids.generated.js';
 import * as ASN1 from './utils/asn1.js';
+import { ASN1toJS, contextualizeStructSchema, encodeValueBySchema, normalizeDecodedASN1 } from './utils/asn1.js';
 import { arrayBufferLikeToBuffer, arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';
 import crypto from './utils/crypto.js';
 import { assertNever } from './utils/never.js';
@@ -14,127 +15,9 @@ import { checkHashWithOID } from './utils/external.js';
  * Short alias for printing a debug representation of an object
  */
 const DPO = KeetaNetClient.lib.Utils.Helper.debugPrintableObject.bind(KeetaNetClient.lib.Utils.Helper);
-/**
- * Short alias for the KeetaNetAccount type
- */
+const BaseCertificate = KeetaNetClient.lib.Utils.Certificate.Certificate;
+const BaseCertificateBuilder = KeetaNetClient.lib.Utils.Certificate.CertificateBuilder;
 const KeetaNetAccount = KeetaNetClient.lib.Account;
-function isPlainObject(value) {
-    return (typeof value === 'object' && value !== null && !Array.isArray(value));
-}
-/**
- * Recursively normalize object properties
- */
-function normalizeDecodedASN1Object(obj, principals) {
-    const result = {};
-    for (const [key, value] of Object.entries(obj)) {
-        // eslint-disable-next-line @typescript-eslint/no-use-before-define
-        result[key] = normalizeDecodedASN1(value, principals);
-    }
-    return (result);
-}
-/**
- * Post-process the output from toJavaScriptObject() to:
- * 1. Unwrap any remaining ASN.1-like objects (from IsAnyString/IsAnyDate)
- * 2. Add domain-specific $blob function to Reference objects
- */
-function normalizeDecodedASN1(input, principals) {
-    // Handle primitives
-    if (input === undefined || input === null || typeof input !== 'object') {
-        return (input);
-    }
-    if (input instanceof Date || Buffer.isBuffer(input) || input instanceof ArrayBuffer) {
-        return (input);
-    }
-    // Handle arrays
-    if (Array.isArray(input)) {
-        return (input.map(item => normalizeDecodedASN1(item, principals)));
-    }
-    // Unwrap ASN.1-like objects from ambiguous schemas (IsAnyString, IsAnyDate, IsBitString)
-    // These are plain objects like { type: 'string', kind: 'utf8', value: 'text' }
-    // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-    const obj = input;
-    if (obj.type === 'string' && 'value' in obj && typeof obj.value === 'string') {
-        return (obj.value);
-    }
-    if (obj.type === 'date' && 'value' in obj && obj.value instanceof Date) {
-        return (obj.value);
-    }
-    if (obj.type === 'bitstring' && 'value' in obj && Buffer.isBuffer(obj.value)) {
-        return (obj.value);
-    }
-    // Check if this is a Reference object (has external.url and digest fields)
-    if ('external' in obj && 'digest' in obj && isPlainObject(obj.external) && isPlainObject(obj.digest)) {
-        // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-        const ref = obj;
-        const url = ref.external.url;
-        const mimeType = ref.external.contentType;
-        // After toJavaScriptObject(), OIDs are strings, not {oid: string}
-        const encryptionAlgoOID = typeof ref.encryptionAlgorithm === 'string'
-            ? ref.encryptionAlgorithm
-            : ref.encryptionAlgorithm?.oid;
-        const digestInfo = ref.digest;
-        if (typeof url === 'string' && typeof mimeType === 'string' && digestInfo) {
-            let cachedValue = null;
-            return ({
-                ...normalizeDecodedASN1Object(obj, principals),
-                $blob: async function (additionalPrincipals) {
-                    if (cachedValue) {
-                        return (cachedValue);
-                    }
-                    const fetchResult = await fetch(url);
-                    if (!fetchResult.ok) {
-                        throw (new Error(`Failed to fetch remote data from ${url}: ${fetchResult.status} ${fetchResult.statusText}`));
-                    }
-                    const dataBlob = await fetchResult.blob();
-                    let data = await dataBlob.arrayBuffer();
-                    // Handle JSON base64 encoding
-                    if (dataBlob.type === 'application/json') {
-                        try {
-                            const asJSON = JSON.parse(Buffer.from(data).toString('utf-8'));
-                            if (isPlainObject(asJSON) && Object.keys(asJSON).length === 2) {
-                                if ('data' in asJSON && typeof asJSON.data === 'string' && 'mimeType' in asJSON && typeof asJSON.mimeType === 'string') {
-                                    data = bufferToArrayBuffer(Buffer.from(asJSON.data, 'base64'));
-                                }
-                            }
-                        }
-                        catch {
-                            /* Ignored */
-                        }
-                    }
-                    // Decrypt if needed
-                    if (encryptionAlgoOID) {
-                        switch (encryptionAlgoOID) {
-                            case '1.3.6.1.4.1.62675.2':
-                            case 'KeetaEncryptedContainerV1': {
-                                const container = EncryptedContainer.fromEncryptedBuffer(data, [
-                                    ...principals,
-                                    ...(additionalPrincipals ?? [])
-                                ]);
-                                data = await container.getPlaintext();
-                                break;
-                            }
-                            default:
-                                throw (new Error(`Unsupported encryption algorithm OID: ${encryptionAlgoOID}`));
-                        }
-                    }
-                    // Verify hash (checkHashWithOID now accepts string OIDs directly)
-                    if (!Buffer.isBuffer(digestInfo.digest)) {
-                        throw (new TypeError('Digest value is not a buffer'));
-                    }
-                    const validHash = await checkHashWithOID(data, digestInfo);
-                    if (validHash !== true) {
-                        throw (validHash);
-                    }
-                    const blob = new Blob([data], { type: mimeType });
-                    cachedValue = blob;
-                    return (blob);
-                }
-            });
-        }
-    }
-    // Recursively process plain objects
-    return (normalizeDecodedASN1Object(obj, principals));
-}
 function isBlob(input) {
     if (typeof input !== 'object' || input === null) {
         return (false);
@@ -254,16 +137,12 @@ function asCertificateAttributeNames(name) {
     assertCertificateAttributeNames(name);
     return (name);
 }
+function resolveSchema(name, schema) {
+    return (contextualizeStructSchema(schema));
+}
 function encodeAttribute(name, value) {
-    const schema = CertificateAttributeSchema[name];
-    let encodedJS;
-    try {
-        encodedJS = new ASN1.ValidateASN1(schema).fromJavaScriptObject(value);
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        throw (new Error(`Attribute ${name}: ${message} (value: ${JSON.stringify(DPO(value))})`));
-    }
+    const schema = resolveSchema(name, CertificateAttributeSchema[name]);
+    const encodedJS = encodeValueBySchema(schema, value, { attributeName: name });
     if (encodedJS === undefined) {
         throw (new Error(`Unsupported attribute value for encoding: ${JSON.stringify(DPO(value))}`));
     }
@@ -299,18 +178,11 @@ function encodeForSensitive(name, value) {
     return (Buffer.from(String(value), 'utf-8'));
 }
 async function decodeAttribute(name, value, principals) {
-    const schema = CertificateAttributeSchema[name];
-    const decodedASN1 = new ASN1.BufferStorageASN1(value, schema).getASN1();
-    const validator = new ASN1.ValidateASN1(schema);
+    const schema = resolveSchema(name, CertificateAttributeSchema[name]);
     // XXX:TODO Fix depth issue
-    // @ts-expect-error
-    const plainObject = validator.toJavaScriptObject(decodedASN1);
-    // Post-process to:
-    // 1. Unwrap any remaining ASN.1-like objects
-    // 2. Add domain-specific $blob function to Reference objects
-    // XXX:TODO Fix depth issue
-    // @ts-expect-error
-    const candidate = normalizeDecodedASN1(plainObject, principals);
+    // @ts-ignore
+    const decodedUnknown = new ASN1.BufferStorageASN1(value, schema).getASN1();
+    const candidate = normalizeDecodedASN1(decodedUnknown, principals);
     return (asAttributeValue(name, candidate));
 }
 class SensitiveAttributeBuilder {
@@ -411,7 +283,7 @@ class SensitiveAttribute {
             decodedAttribute = dataObject.getASN1();
         }
         catch {
-            const js = ASN1.ASN1toJS(data);
+            const js = ASN1toJS(data);
             throw (new Error(`SensitiveAttribute.decode: unexpected DER shape ${JSON.stringify(DPO(js))}`));
         }
         const decodedVersion = decodedAttribute[0] + 1n;
@@ -552,7 +424,7 @@ const CertificateKYCAttributeSchemaValidation = {
             ]
         }]
 };
-export class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.CertificateBuilder {
+export class CertificateBuilder extends BaseCertificateBuilder {
     #attributes = {};
     /**
      * Map the parameters from the public interface to the internal
@@ -651,7 +523,7 @@ export class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.Cer
                 }]);
         }
         if (certAttributes.length > 0) {
-            retval.push(KeetaNetClient.lib.Utils.Certificate.CertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes));
+            retval.push(BaseCertificateBuilder.extension(oids.keeta.KYC_ATTRIBUTES, certAttributes));
         }
         return (retval);
     }
@@ -677,7 +549,7 @@ export class CertificateBuilder extends KeetaNetClient.lib.Utils.Certificate.Cer
         return (certificateObject);
     }
 }
-export class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificate {
+export class Certificate extends BaseCertificate {
     subjectKey;
     static Builder = CertificateBuilder;
     static SharableAttributes;
@@ -694,7 +566,7 @@ export class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificat
         /* Do nothing, we call the super method in the constructor */
     }
     setPlainAttribute(name, value) {
-        // @ts-expect-error
+        // @ts-ignore
         this.attributes[name] = { sensitive: false, value };
     }
     setSensitiveAttribute(name, value) {
@@ -760,6 +632,7 @@ export class Certificate extends KeetaNetClient.lib.Utils.Certificate.Certificat
 ;
 export class SharableCertificateAttributes {
     #certificate;
+    #intermediates;
     #attributes = {};
     container;
     populatedFromInit = false;
@@ -821,12 +694,28 @@ export class SharableCertificateAttributes {
         }
         this.container = EncryptedContainer.fromEncodedBuffer(containerBuffer, principals);
     }
-    /**
-     * Create a SharableCertificateAttributes from a Certificate
-     * and a list of attribute names to include -- if no list is
-     * provided, all attributes are included.
-     */
-    static async fromCertificate(certificate, attributeNames) {
+    static async fromCertificate(certificate, intermediatesOrAttributeNames, definitelyAttributeNames) {
+        let intermediates = undefined;
+        let attributeNames = undefined;
+        if (definitelyAttributeNames === undefined) {
+            if (intermediatesOrAttributeNames !== undefined) {
+                if (Array.isArray(intermediatesOrAttributeNames)) {
+                    attributeNames = intermediatesOrAttributeNames;
+                }
+                else {
+                    intermediates = intermediatesOrAttributeNames;
+                }
+            }
+        }
+        else {
+            if (intermediatesOrAttributeNames !== undefined) {
+                if (Array.isArray(intermediatesOrAttributeNames)) {
+                    throw (new TypeError('Expected Set<BaseCertificate> for intermediates'));
+                }
+                intermediates = intermediatesOrAttributeNames;
+            }
+            attributeNames = definitelyAttributeNames;
+        }
         if (attributeNames === undefined) {
             /*
              * We know the keys are whatever the Certificate says they are, so
@@ -910,15 +799,28 @@ export class SharableCertificateAttributes {
                 };
             }
         }
+        let intermediatesJSON;
+        intermediates ??= new Set();
+        if (intermediates.size === 0) {
+            intermediatesJSON = undefined;
+        }
+        else {
+            intermediatesJSON = Array.from(intermediates).map(function (intermediateCertificate) {
+                return (intermediateCertificate.toPEM());
+            });
+        }
         const contentsString = JSON.stringify({
             certificate: certificate.toPEM(),
+            intermediates: intermediatesJSON,
             attributes: attributes
         });
         const temporaryUser = KeetaNetAccount.fromSeed(KeetaNetAccount.generateRandomSeed(), 0);
         const contentsBuffer = Buffer.from(contentsString, 'utf-8');
         const container = EncryptedContainer.fromPlaintext(bufferToArrayBuffer(contentsBuffer), [temporaryUser], true);
         const containerBuffer = await container.getEncodedBuffer();
-        const retval = new SharableCertificateAttributes(containerBuffer, { principals: temporaryUser });
+        const retval = new SharableCertificateAttributes(containerBuffer, {
+            principals: temporaryUser
+        });
         await retval.revokeAccess(temporaryUser);
         return (retval);
     }
@@ -954,6 +856,11 @@ export class SharableCertificateAttributes {
         const contentsString = Buffer.from(contentsBufferDecompressed).toString('utf-8');
         const contentsJSON = JSON.parse(contentsString);
         const contents = assertSharableCertificateAttributesContentsSchema(contentsJSON);
+        this.#intermediates = new Set();
+        for (const intermediatePEM of contents.intermediates ?? []) {
+            const intermediateCert = new BaseCertificate(intermediatePEM);
+            this.#intermediates.add(intermediateCert);
+        }
         this.#certificate = new Certificate(contents.certificate);
         const attributePromises = Object.entries(contents.attributes).map(async ([name, attr]) => {
             /*
@@ -1009,6 +916,20 @@ export class SharableCertificateAttributes {
         }
         return (this.#certificate);
     }
+    /**
+     * Get the intermediate certificates included in this sharable
+     * certificate container
+     *
+     * @return A set of BaseCertificate objects representing the
+     *         intermediate certificates attached to this container
+     */
+    async getIntermediates() {
+        await this.#populate();
+        if (this.#intermediates && this.#intermediates.size > 0) {
+            return (new Set(this.#intermediates));
+        }
+        return (new Set());
+    }
     async getAttributeBuffer(name) {
         await this.#populate();
         const attr = this.#attributes[name];
@@ -1117,10 +1038,6 @@ Certificate.SharableAttributes = SharableCertificateAttributes;
 /** @internal */
 export const _Testing = {
     SensitiveAttributeBuilder,
-    SensitiveAttribute,
-    ValidateASN1: ASN1.ValidateASN1,
-    BufferStorageASN1: ASN1.BufferStorageASN1,
-    JStoASN1: ASN1.JStoASN1,
-    normalizeDecodedASN1
+    SensitiveAttribute
 };
 //# sourceMappingURL=certificates.js.map