@lindorm/aegis 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,10 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+# 0.1.0 (2024-05-19)
+
+### Features
+
+- initialise aegis package ([b0eb954](https://github.com/lindorm-io/monorepo/commit/b0eb954d9015bd965a3120980edaceaff55e9ccb))

package/README.md

@@ -0,0 +1 @@
+# @lindorm/aegis

package/dist/classes/Aegis.d.ts

@@ -0,0 +1,27 @@
+import { AegisOptions, IAegis, IAegisJwe, IAegisJws, IAegisJwt } from "../types";
+export declare class Aegis implements IAegis {
+    private readonly clockTolerance;
+    private readonly encAlgorithm;
+    private readonly encryption;
+    private readonly issuer;
+    private readonly kryptosMayOverrideEncryption;
+    private readonly logger;
+    private readonly sigAlgorithm;
+    private readonly vault;
+    constructor(options: AegisOptions);
+    get jwe(): IAegisJwe;
+    get jws(): IAegisJws;
+    get jwt(): IAegisJwt;
+    private jweKit;
+    private jweEncrypt;
+    private jweDecrypt;
+    private jwsKit;
+    private jwsSign;
+    private jwsVerify;
+    private jwtKit;
+    private jwtSign;
+    private jwtVerify;
+    private kryptosEnc;
+    private kryptosSig;
+}
+//# sourceMappingURL=Aegis.d.ts.map

package/dist/classes/Aegis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AASA,OAAO,EACL,YAAY,EAGZ,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EAYV,MAAM,UAAU,CAAC;AAKlB,qBAAa,KAAM,YAAW,MAAM;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAU;IACvD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAc;gBAEjB,OAAO,EAAE,YAAY;IAYxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;YAIa,MAAM;YAWN,UAAU;YAQV,UAAU;YAOV,MAAM;YAMN,OAAO;YAQP,SAAS;YAOT,MAAM;YAWN,OAAO;YAQP,SAAS;YAUT,UAAU;YAaV,UAAU;CAazB"}

package/dist/classes/Aegis.js

@@ -0,0 +1,113 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Aegis = void 0;
+const JweKit_1 = require("./JweKit");
+const JwsKit_1 = require("./JwsKit");
+const JwtKit_1 = require("./JwtKit");
+class Aegis {
+    clockTolerance;
+    encAlgorithm;
+    encryption;
+    issuer;
+    kryptosMayOverrideEncryption;
+    logger;
+    sigAlgorithm;
+    vault;
+    constructor(options) {
+        this.logger = options.logger.child(["AegisKit"]);
+        this.vault = options.vault;
+        this.issuer = options.issuer;
+        this.clockTolerance = options.clockTolerance ?? 0;
+        this.encAlgorithm = options.encAlgorithm;
+        this.encryption = options.encryption ?? "A256GCM";
+        this.kryptosMayOverrideEncryption = options.kryptosMayOverrideEncryption ?? true;
+        this.sigAlgorithm = options.sigAlgorithm;
+    }
+    get jwe() {
+        return {
+            encrypt: this.jweEncrypt.bind(this),
+            decrypt: this.jweDecrypt.bind(this),
+        };
+    }
+    get jws() {
+        return {
+            sign: this.jwsSign.bind(this),
+            verify: this.jwsVerify.bind(this),
+        };
+    }
+    get jwt() {
+        return {
+            sign: this.jwtSign.bind(this),
+            verify: this.jwtVerify.bind(this),
+        };
+    }
+    async jweKit(operation) {
+        const kryptos = await this.kryptosEnc(operation);
+        return new JweKit_1.JweKit({
+            encryption: this.encryption,
+            kryptos,
+            kryptosMayOverrideEncryption: this.kryptosMayOverrideEncryption,
+            logger: this.logger,
+        });
+    }
+    async jweEncrypt(data, options) {
+        const jweKit = await this.jweKit("encrypt");
+        return jweKit.encrypt(data, options);
+    }
+    async jweDecrypt(jwe) {
+        const jweKit = await this.jweKit("decrypt");
+        return jweKit.decrypt(jwe);
+    }
+    async jwsKit(operation) {
+        const kryptos = await this.kryptosSig(operation);
+        return new JwsKit_1.JwsKit({ kryptos, logger: this.logger });
+    }
+    async jwsSign(data, options) {
+        const jwsKit = await this.jwsKit("sign");
+        return jwsKit.sign(data, options);
+    }
+    async jwsVerify(jws) {
+        const jwsKit = await this.jwsKit("verify");
+        return jwsKit.verify(jws);
+    }
+    async jwtKit(operation) {
+        const kryptos = await this.kryptosSig(operation);
+        return new JwtKit_1.JwtKit({
+            clockTolerance: this.clockTolerance,
+            issuer: this.issuer,
+            kryptos,
+            logger: this.logger,
+        });
+    }
+    async jwtSign(content, options) {
+        const jwtKit = await this.jwtKit("sign");
+        return jwtKit.sign(content, options);
+    }
+    async jwtVerify(jwt, verify) {
+        const jwtKit = await this.jwtKit("verify");
+        return jwtKit.verify(jwt, verify);
+    }
+    async kryptosEnc(operation) {
+        const kryptos = await this.vault.find({
+            algorithm: this.encAlgorithm,
+            issuer: this.issuer,
+            operation,
+            use: "enc",
+        });
+        this.logger.silly("Kryptos found", { kryptos: kryptos.toJSON() });
+        return kryptos;
+    }
+    async kryptosSig(operation) {
+        const kryptos = await this.vault.find({
+            algorithm: this.sigAlgorithm,
+            issuer: this.issuer,
+            operation,
+            private: true,
+            use: "sig",
+        });
+        this.logger.silly("Kryptos found", { kryptos: kryptos.toJSON() });
+        return kryptos;
+    }
+}
+exports.Aegis = Aegis;
+//# sourceMappingURL=Aegis.js.map

package/dist/classes/Aegis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Aegis.js","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":";;;AA6BA,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAElC,MAAa,KAAK;IACC,cAAc,CAAS;IACvB,YAAY,CAAkC;IAC9C,UAAU,CAAoB;IAC9B,MAAM,CAAS;IACf,4BAA4B,CAAU;IACtC,MAAM,CAAU;IAChB,YAAY,CAAkC;IAC9C,KAAK,CAAc;IAEpC,YAAmB,OAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE7B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;QAClD,IAAI,CAAC,4BAA4B,GAAG,OAAO,CAAC,4BAA4B,IAAI,IAAI,CAAC;QACjF,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,4BAA4B,EAAE,IAAI,CAAC,4BAA4B;YAC/D,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,OAA2B;QAE3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAO,EACP,OAAwB;QAExB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAuB,GAAW;QACvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,OAAwB;QAExB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,MAAyB;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAIO,KAAK,CAAC,UAAU,CAAC,SAA2B;QAClD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;YACpC,SAAS,EAAE,IAAI,CAAC,YAAY;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,SAA2B;QAClD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;YACpC,SAAS,EAAE,IAAI,CAAC,YAAY;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,OAAO,EAAE,IAAI;YACb,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAnJD,sBAmJC"}

package/dist/classes/AegisVault.d.ts

@@ -0,0 +1,24 @@
+import { IKryptos } from "@lindorm/kryptos";
+import { AegisVaultOptions, AegisVaultQuery, IAegisVault, VaultConfig } from "../types";
+export declare class AegisVault implements IAegisVault {
+    private readonly _conduit;
+    private readonly _config;
+    private readonly _external;
+    private readonly _logger;
+    private _vault;
+    constructor(options: AegisVaultOptions);
+    get config(): Array<VaultConfig>;
+    get vault(): Array<IKryptos>;
+    setup(): Promise<void>;
+    refresh(): Promise<void>;
+    add(kryptos: Array<IKryptos> | IKryptos): void;
+    find(query: AegisVaultQuery): Promise<IKryptos>;
+    filter(query: AegisVaultQuery): Promise<Array<IKryptos>>;
+    private addExternalConfig;
+    private filteredKeys;
+    private getJwks;
+    private issuerConfig;
+    private loadExternalConfig;
+    private refreshExternal;
+}
+//# sourceMappingURL=AegisVault.d.ts.map

package/dist/classes/AegisVault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AegisVault.d.ts","sourceRoot":"","sources":["../../src/classes/AegisVault.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAW,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,WAAW,EAGX,WAAW,EAEZ,MAAM,UAAU,CAAC;AAElB,qBAAa,UAAW,YAAW,WAAW;IAC5C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAU;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA6B;IACvD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAElC,OAAO,CAAC,MAAM,CAAkB;gBAEb,OAAO,EAAE,iBAAiB;IAmB7C,IAAW,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAEtC;IAED,IAAW,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,CAElC;IAIY,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAKtB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ9B,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,IAAI;IAoBxC,IAAI,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC;IAO/C,MAAM,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAgBvD,iBAAiB;IAmB/B,OAAO,CAAC,YAAY;YAoBN,OAAO;YAyBP,YAAY;YAcZ,kBAAkB;YAQlB,eAAe;CAK9B"}

package/dist/classes/AegisVault.js

@@ -0,0 +1,141 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AegisVault = void 0;
+const conduit_1 = require("@lindorm/conduit");
+const is_1 = require("@lindorm/is");
+const kryptos_1 = require("@lindorm/kryptos");
+const errors_1 = require("../errors");
+class AegisVault {
+    _conduit;
+    _config;
+    _external;
+    _logger;
+    _vault;
+    constructor(options) {
+        this._logger = options.logger.child(["AegisVault"]);
+        this._conduit = new conduit_1.Conduit({
+            alias: "AegisVault",
+            logger: this._logger,
+            middleware: [(0, conduit_1.conduitChangeResponseDataMiddleware)()],
+            retryOptions: {
+                maxAttempts: 10,
+            },
+        });
+        this._external = options.external ?? [];
+        this._config = [];
+        this._vault = [];
+    }
+    get config() {
+        return this._config;
+    }
+    get vault() {
+        return this._vault;
+    }
+    async setup() {
+        await this.loadExternalConfig();
+        await this.refresh();
+    }
+    async refresh() {
+        this._logger.verbose("Refreshing vault");
+        for (const config of this._config) {
+            await this.refreshExternal(config);
+        }
+    }
+    add(kryptos) {
+        const array = (0, is_1.isArray)(kryptos) ? kryptos : [kryptos];
+        for (const item of array) {
+            if (!item.id) {
+                throw new errors_1.AegisVaultError("Id is required when adding Kryptos");
+            }
+            if (!item.issuer) {
+                throw new errors_1.AegisVaultError("Issuer is required when adding Kryptos");
+            }
+            if (item.isExpired) {
+                throw new errors_1.AegisVaultError("Kryptos is expired");
+            }
+            this._vault = this._vault.filter((i) => i.id !== item.id).concat(item);
+        }
+    }
+    async find(query) {
+        const [key] = await this.filter(query);
+        if (key)
+            return key;
+        throw new errors_1.AegisVaultError("Kryptos not found using query");
+    }
+    async filter(query) {
+        const filtered = this.filteredKeys(query);
+        if (filtered.length)
+            return filtered;
+        if (!query.issuer) {
+            throw new errors_1.AegisVaultError("Unable to find Kryptos without issuer");
+        }
+        const config = await this.issuerConfig(query.issuer);
+        await this.refreshExternal(config);
+        return this.filteredKeys(query);
+    }
+    async addExternalConfig(options) {
+        if ((0, is_1.isUrlLike)(options.issuer) && (0, is_1.isUrlLike)(options.jwksUri)) {
+            this._config.push({ issuer: options.issuer, jwksUri: options.jwksUri });
+            return;
+        }
+        if (!(0, is_1.isUrlLike)(options.openIdConfigurationUri)) {
+            throw new errors_1.AegisVaultError("Invalid issuer options");
+        }
+        const { data: { issuer, jwksUri }, } = await this._conduit.get(options.openIdConfigurationUri);
+        this._config.push({ issuer, jwksUri });
+    }
+    filteredKeys(query) {
+        return this._vault
+            .filter((i) => i.isActive)
+            .filter((i) => ((0, is_1.isString)(query.issuer) ? query.issuer === i.issuer : true))
+            .filter((i) => ((0, is_1.isString)(query.id) ? i.id === query.id : true))
+            .filter((i) => ((0, is_1.isString)(query.algorithm) ? i.algorithm === query.algorithm : true))
+            .filter((i) => ((0, is_1.isBoolean)(query.external) ? i.isExternal === query.external : true))
+            .filter((i) => (0, is_1.isString)(query.operation) && i.operations.length
+            ? i.operations.includes(query.operation)
+            : true)
+            .filter((i) => ((0, is_1.isString)(query.ownerId) ? i.ownerId === query.ownerId : true))
+            .filter((i) => ((0, is_1.isBoolean)(query.private) ? i.hasPrivateKey : true))
+            .filter((i) => ((0, is_1.isBoolean)(query.public) ? i.hasPublicKey : true))
+            .filter((i) => ((0, is_1.isString)(query.type) ? i.type === query.type : true))
+            .filter((i) => ((0, is_1.isString)(query.use) ? i.use === query.use : true))
+            .sort((a, b) => b.createdAt.getTime() - a.createdAt.getTime());
+    }
+    async getJwks(issuer) {
+        this._logger.verbose("Finding JWKS", { issuer });
+        const config = await this.issuerConfig(issuer);
+        const { data: { keys }, } = await this._conduit.get(config.jwksUri);
+        const result = [];
+        for (const jwk of keys) {
+            const iss = jwk.iss ?? config.issuer;
+            const jku = jwk.jku ?? config.jwksUri;
+            const kryptos = kryptos_1.Kryptos.make({ ...jwk, iss, jku });
+            if (kryptos.isExpired)
+                continue;
+            result.push(kryptos);
+        }
+        return result;
+    }
+    async issuerConfig(issuer) {
+        if (this._external.length && !this._config.length) {
+            await this.loadExternalConfig();
+        }
+        const config = this._config.find((c) => c.issuer === issuer);
+        if (!config) {
+            throw new errors_1.AegisVaultError("Issuer not found in config");
+        }
+        return config;
+    }
+    async loadExternalConfig() {
+        this._logger.verbose("Loading external config");
+        for (const options of this._external) {
+            await this.addExternalConfig(options);
+        }
+    }
+    async refreshExternal(config) {
+        const keys = await this.getJwks(config.issuer);
+        this._vault = this._vault.filter((i) => i.issuer !== config.issuer).concat(keys);
+    }
+}
+exports.AegisVault = AegisVault;
+//# sourceMappingURL=AegisVault.js.map

package/dist/classes/AegisVault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AegisVault.js","sourceRoot":"","sources":["../../src/classes/AegisVault.ts"],"names":[],"mappings":";;;AAAA,8CAAgF;AAChF,oCAAsE;AACtE,8CAAqD;AAErD,sCAA4C;AAW5C,MAAa,UAAU;IACJ,QAAQ,CAAU;IAClB,OAAO,CAAqB;IAC5B,SAAS,CAA6B;IACtC,OAAO,CAAU;IAE1B,MAAM,CAAkB;IAEhC,YAAmB,OAA0B;QAC3C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,IAAI,CAAC,QAAQ,GAAG,IAAI,iBAAO,CAAC;YAC1B,KAAK,EAAE,YAAY;YACnB,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,UAAU,EAAE,CAAC,IAAA,6CAAmC,GAAE,CAAC;YACnD,YAAY,EAAE;gBACZ,WAAW,EAAE,EAAE;aAChB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;IAID,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAIM,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAChC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,OAAO;QAClB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAEzC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAEM,GAAG,CAAC,OAAmC;QAC5C,MAAM,KAAK,GAAG,IAAA,YAAO,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,wBAAe,CAAC,oCAAoC,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,wBAAe,CAAC,wCAAwC,CAAC,CAAC;YACtE,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;YAClD,CAAC;YAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,KAAsB;QACtC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;QAEpB,MAAM,IAAI,wBAAe,CAAC,+BAA+B,CAAC,CAAC;IAC7D,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,KAAsB;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,QAAQ,CAAC,MAAM;YAAE,OAAO,QAAQ,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,wBAAe,CAAC,uCAAuC,CAAC,CAAC;QACrE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAEnC,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAIO,KAAK,CAAC,iBAAiB,CAAC,OAA4B;QAC1D,IAAI,IAAA,cAAS,EAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAA,cAAS,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAA,cAAS,EAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,wBAAe,CAAC,wBAAwB,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,EACJ,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,GAC1B,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CACzB,OAAO,CAAC,sBAAsB,CAC/B,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IACzC,CAAC;IAEO,YAAY,CAAC,KAAsB;QACzC,OAAO,IAAI,CAAC,MAAM;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;aACzB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aAC1E,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACnF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,cAAS,EAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACnF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACZ,IAAA,aAAQ,EAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM;YAC9C,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC;YACxC,CAAC,CAAC,IAAI,CACT;aACA,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aAC7E,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,cAAS,EAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aAClE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,cAAS,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aAChE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACpE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACjE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,MAAc;QAClC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE/C,MAAM,EACJ,IAAI,EAAE,EAAE,IAAI,EAAE,GACf,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAqB,MAAM,CAAC,OAAO,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAoB,EAAE,CAAC;QAEnC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC;YACrC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC;YAEtC,MAAM,OAAO,GAAG,iBAAO,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YAEnD,IAAI,OAAO,CAAC,SAAS;gBAAE,SAAS;YAEhC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,MAAc;QACvC,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YAClD,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAE7D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,wBAAe,CAAC,4BAA4B,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QAEhD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,MAAmB;QAC/C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnF,CAAC;CACF;AAxLD,gCAwLC"}

package/dist/classes/JweKit.d.ts

@@ -0,0 +1,13 @@
+import { DecodedJwe, DecryptedJwe, EncryptedJwe, IJweKit, JweEncryptOptions, JweKitOptions } from "../types";
+export declare class JweKit implements IJweKit {
+    private readonly encryption;
+    private readonly logger;
+    private readonly kryptos;
+    private readonly kryptosMayOverrideEncryption;
+    constructor(options: JweKitOptions);
+    encrypt(data: string, options?: JweEncryptOptions): EncryptedJwe;
+    decrypt(jwe: string): DecryptedJwe;
+    static decode(jwe: string): DecodedJwe;
+    private contentType;
+}
+//# sourceMappingURL=JweKit.d.ts.map

package/dist/classes/JweKit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,OAAO,EACP,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAOlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAU;gBAEpC,OAAO,EAAE,aAAa;IAQlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IAqEpE,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY;WA4E3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAiB7C,OAAO,CAAC,WAAW;CASpB"}

package/dist/classes/JweKit.js

@@ -0,0 +1,154 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JweKit = void 0;
+const aes_1 = require("@lindorm/aes");
+const b64_1 = require("@lindorm/b64");
+const utils_1 = require("@lindorm/utils");
+const crypto_1 = require("crypto");
+const errors_1 = require("../errors");
+const token_header_1 = require("../utils/private/token-header");
+class JweKit {
+    encryption;
+    logger;
+    kryptos;
+    kryptosMayOverrideEncryption;
+    constructor(options) {
+        this.logger = options.logger.child(["JweKit"]);
+        this.kryptos = options.kryptos;
+        this.encryption = options.encryption = "A256GCM";
+        this.kryptosMayOverrideEncryption = options.kryptosMayOverrideEncryption ?? false;
+    }
+    encrypt(data, options = {}) {
+        const encryption = this.kryptosMayOverrideEncryption && this.kryptos.encryption
+            ? this.kryptos.encryption
+            : this.encryption;
+        const aes = new aes_1.AesKit({
+            encryption,
+            format: "base64url",
+            kryptos: this.kryptos,
+        });
+        const { authTag, content, hkdfSalt, initialisationVector, pbkdfIterations, pbkdfSalt, publicEncryptionJwk, publicEncryptionKey, } = aes.encrypt(data, "object");
+        const jwksUri = this.kryptos.jwksUri;
+        const keyId = this.kryptos.id;
+        const objectId = options.objectId ?? (0, crypto_1.randomUUID)();
+        const critical = [
+            "algorithm",
+            "encryption",
+        ];
+        if (publicEncryptionJwk)
+            critical.push("publicEncryptionJwk");
+        if (hkdfSalt)
+            critical.push("hkdfSalt");
+        if (pbkdfIterations)
+            critical.push("pbkdfIterations");
+        if (pbkdfSalt)
+            critical.push("pbkdfSalt");
+        const headerOptions = {
+            algorithm: this.kryptos.algorithm,
+            contentType: this.contentType(data),
+            critical,
+            encryption,
+            headerType: "JWE",
+            hkdfSalt: hkdfSalt ? b64_1.B64.encode(hkdfSalt, "base64url") : undefined,
+            jwksUri,
+            keyId,
+            objectId,
+            pbkdfIterations,
+            pbkdfSalt: pbkdfSalt ? b64_1.B64.encode(pbkdfSalt, "base64url") : undefined,
+            publicEncryptionJwk,
+        };
+        const header = (0, token_header_1._encodeTokenHeader)(headerOptions);
+        this.logger.silly("Token header encoded", { header, options: headerOptions });
+        const token = (0, utils_1.removeUndefined)([
+            header,
+            publicEncryptionKey ? b64_1.B64.encode(publicEncryptionKey, "base64url") : "",
+            b64_1.B64.encode(initialisationVector, "base64url"),
+            b64_1.B64.encode(content, "base64url"),
+            authTag ? b64_1.B64.encode(authTag, "base64url") : undefined,
+        ]).join(".");
+        this.logger.silly("Token created", { keyId, token });
+        return { token };
+    }
+    decrypt(jwe) {
+        const encryption = this.kryptosMayOverrideEncryption && this.kryptos.encryption
+            ? this.kryptos.encryption
+            : this.encryption;
+        const decoded = JweKit.decode(jwe);
+        if (decoded.header.typ !== "JWE") {
+            throw new errors_1.JweError("Invalid token", {
+                data: { typ: decoded.header.typ },
+            });
+        }
+        if (this.kryptos.algorithm !== decoded.header.alg) {
+            throw new errors_1.JweError("Invalid token", {
+                data: { alg: decoded.header.alg },
+                debug: { expected: this.kryptos.algorithm },
+            });
+        }
+        const header = (0, token_header_1._parseTokenHeader)(decoded.header);
+        const aes = new aes_1.AesKit({
+            encryption,
+            format: "base64url",
+            kryptos: this.kryptos,
+        });
+        const authTag = decoded.authTag ? b64_1.B64.toBuffer(decoded.authTag) : undefined;
+        const content = b64_1.B64.toBuffer(decoded.content);
+        const hkdfSalt = header.hkdfSalt
+            ? b64_1.B64.toBuffer(header.hkdfSalt, "base64url")
+            : undefined;
+        const initialisationVector = b64_1.B64.toBuffer(decoded.initialisationVector);
+        const pbkdfIterations = header.pbkdfIterations;
+        const pbkdfSalt = header.pbkdfSalt
+            ? b64_1.B64.toBuffer(header.pbkdfSalt, "base64url")
+            : undefined;
+        const publicEncryptionKey = decoded.publicEncryptionKey
+            ? b64_1.B64.toBuffer(decoded.publicEncryptionKey)
+            : undefined;
+        const publicEncryptionJwk = header.publicEncryptionJwk;
+        if (header.critical.includes("publicEncryptionJwk") && !publicEncryptionJwk) {
+            throw new errors_1.JweError("Missing public encryption JWK");
+        }
+        if (header.critical.includes("hkdfSalt") && !hkdfSalt) {
+            throw new errors_1.JweError("Missing salt");
+        }
+        if (header.critical.includes("pbkdfIterations") && !pbkdfIterations) {
+            throw new errors_1.JweError("Missing iterations");
+        }
+        if (header.critical.includes("pbkdfSalt") && !pbkdfSalt) {
+            throw new errors_1.JweError("Missing salt");
+        }
+        const payload = aes.decrypt({
+            authTag,
+            content,
+            encryption,
+            hkdfSalt,
+            initialisationVector,
+            pbkdfIterations,
+            pbkdfSalt,
+            publicEncryptionJwk,
+            publicEncryptionKey,
+        });
+        this.logger.silly("Token decrypted", { payload });
+        return { __jwe: decoded, header, payload };
+    }
+    static decode(jwe) {
+        const [header, publicEncryptionKey, initialisationVector, content, authTag] = jwe.split(".");
+        const result = {
+            header: (0, token_header_1._decodeTokenHeader)(header),
+            publicEncryptionKey: publicEncryptionKey?.length ? publicEncryptionKey : undefined,
+            initialisationVector,
+            content,
+            authTag: authTag?.length ? authTag : undefined,
+        };
+        return result;
+    }
+    contentType(input) {
+        if (!input.startsWith("eyJ") && !input.includes(".")) {
+            return "text/plain";
+        }
+        const [header] = input.split(".");
+        return (0, token_header_1._decodeTokenHeader)(header).typ;
+    }
+}
+exports.JweKit = JweKit;
+//# sourceMappingURL=JweKit.js.map

package/dist/classes/JweKit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JweKit.js","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AACtC,sCAAmC;AAGnC,0CAAiD;AACjD,mCAAoC;AACpC,sCAAqC;AAWrC,gEAIuC;AAEvC,MAAa,MAAM;IACA,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,OAAO,CAAW;IAClB,4BAA4B,CAAU;IAEvD,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAE/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;QACjD,IAAI,CAAC,4BAA4B,GAAG,OAAO,CAAC,4BAA4B,IAAI,KAAK,CAAC;IACpF,CAAC;IAEM,OAAO,CAAC,IAAY,EAAE,UAA6B,EAAE;QAC1D,MAAM,UAAU,GACd,IAAI,CAAC,4BAA4B,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU;YAC1D,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU;YACzB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;QAEtB,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC;YACrB,UAAU;YACV,MAAM,EAAE,WAAW;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QAEH,MAAM,EACJ,OAAO,EACP,OAAO,EACP,QAAQ,EACR,oBAAoB,EACpB,eAAe,EACf,SAAS,EACT,mBAAmB,EACnB,mBAAmB,GACpB,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEhC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;QAElD,MAAM,QAAQ,GAA6D;YACzE,WAAW;YACX,YAAY;SACb,CAAC;QAEF,IAAI,mBAAmB;YAAE,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC9D,IAAI,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,eAAe;YAAE,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACtD,IAAI,SAAS;YAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE1C,MAAM,aAAa,GAA2B;YAC5C,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;YACnC,QAAQ;YACR,UAAU;YACV,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YAClE,OAAO;YACP,KAAK;YACL,QAAQ;YACR,eAAe;YACf,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACrE,mBAAmB;SACpB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,iCAAkB,EAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;QAE9E,MAAM,KAAK,GAAG,IAAA,uBAAe,EAAC;YAC5B,MAAM;YACN,mBAAmB,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE;YACvE,SAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,WAAW,CAAC;YAC7C,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC;YAChC,OAAO,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;SACvD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAErD,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;IAEM,OAAO,CAAC,GAAW;QACxB,MAAM,UAAU,GACd,IAAI,CAAC,4BAA4B,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU;YAC1D,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU;YACzB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;QAEtB,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAClD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBACjC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAiB,EAAqB,OAAO,CAAC,MAAM,CAAC,CAAC;QAErE,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC;YACrB,UAAU;YACV,MAAM,EAAE,WAAW;YACnB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC5E,MAAM,OAAO,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ;YAC9B,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC;YAC5C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,oBAAoB,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACxE,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB;YACrD,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC;YAC3C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAC;QAEvD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC5E,MAAM,IAAI,iBAAQ,CAAC,+BAA+B,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,iBAAQ,CAAC,cAAc,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACpE,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACxD,MAAM,IAAI,iBAAQ,CAAC,cAAc,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;YAC1B,OAAO;YACP,OAAO;YACP,UAAU;YACV,QAAQ;YACR,oBAAoB;YACpB,eAAe;YACf,SAAS;YACT,mBAAmB;YACnB,mBAAmB;SACpB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAElD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7C,CAAC;IAIM,MAAM,CAAC,MAAM,CAAC,GAAW;QAC9B,MAAM,CAAC,MAAM,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,CAAC,GACzE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,MAAM,MAAM,GAAe;YACzB,MAAM,EAAE,IAAA,iCAAkB,EAAC,MAAM,CAAC;YAClC,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;YAClF,oBAAoB;YACpB,OAAO;YACP,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;SAC/C,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAIO,WAAW,CAAC,KAAa;QAC/B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,OAAO,YAAY,CAAC;QACtB,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAElC,OAAO,IAAA,iCAAkB,EAAC,MAAM,CAAC,CAAC,GAAG,CAAC;IACxC,CAAC;CACF;AAzLD,wBAyLC"}

package/dist/classes/JwsKit.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+import { DecodedJws, IJwsKit, JwsKitOptions, SignJwsOptions, SignedJws, VerifiedJws } from "../types";
+export declare class JwsKit implements IJwsKit {
+    private readonly logger;
+    private readonly kryptos;
+    constructor(options: JwsKitOptions);
+    sign<T extends Buffer | string>(data: T, options?: SignJwsOptions): SignedJws;
+    verify<T extends Buffer | string>(jws: string): VerifiedJws<T>;
+    static decode(jws: string): DecodedJws;
+}
+//# sourceMappingURL=JwsKit.d.ts.map

package/dist/classes/JwsKit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":";AAMA,OAAO,EACL,UAAU,EACV,OAAO,EACP,aAAa,EACb,cAAc,EACd,SAAS,EAET,WAAW,EAEZ,MAAM,UAAU,CAAC;AASlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EACnC,IAAI,EAAE,CAAC,EACP,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAiDL,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC;WAwCvD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;CAY9C"}

package/dist/classes/JwsKit.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwsKit = void 0;
+const b64_1 = require("@lindorm/b64");
+const is_1 = require("@lindorm/is");
+const crypto_1 = require("crypto");
+const errors_1 = require("../errors");
+const create_token_signature_1 = require("../utils/private/create-token-signature");
+const token_header_1 = require("../utils/private/token-header");
+const verify_token_signature_1 = require("../utils/private/verify-token-signature");
+class JwsKit {
+    logger;
+    kryptos;
+    constructor(options) {
+        this.logger = options.logger.child(["JwsKit"]);
+        this.kryptos = options.kryptos;
+    }
+    sign(data, options = {}) {
+        const algorithm = this.kryptos.algorithm;
+        const jwksUri = this.kryptos.jwksUri;
+        const keyId = this.kryptos.id;
+        const objectId = options.objectId ?? (0, crypto_1.randomUUID)();
+        const contentType = options.contentType
+            ? options.contentType
+            : (0, is_1.isString)(data)
+                ? "text/plain"
+                : "application/buffer";
+        const headerOptions = {
+            algorithm,
+            contentType,
+            headerType: "JWS",
+            jwksUri,
+            keyId,
+            objectId,
+        };
+        const header = (0, token_header_1._encodeTokenHeader)(headerOptions);
+        this.logger.silly("Token header encoded", { header, options: headerOptions });
+        const payload = (0, is_1.isBuffer)(data)
+            ? data.toString("base64url")
+            : b64_1.B64.encode(data, "base64url");
+        this.logger.silly("Token payload encoded", { payload, options });
+        const signature = (0, create_token_signature_1._createTokenSignature)({
+            header,
+            payload,
+            kryptos: this.kryptos,
+        });
+        this.logger.silly("Token signature created", { signature });
+        const token = `${header}.${payload}.${signature}`;
+        this.logger.silly("Token signed", {
+            keyId,
+            objectId,
+            token,
+        });
+        return { objectId, token };
+    }
+    verify(jws) {
+        const decoded = JwsKit.decode(jws);
+        if (decoded.header.typ !== "JWS") {
+            throw new errors_1.JwsError("Invalid token", {
+                data: { typ: decoded.header.typ },
+            });
+        }
+        if (this.kryptos.algorithm !== decoded.header.alg) {
+            throw new errors_1.JwsError("Invalid token", {
+                data: { alg: decoded.header.alg },
+                debug: { expected: this.kryptos.algorithm },
+            });
+        }
+        const verified = (0, verify_token_signature_1._verifyTokenSignature)(this.kryptos, jws);
+        this.logger.silly("Token signature verified", { verified, token: jws });
+        if (!verified) {
+            throw new errors_1.JwsError("Invalid token", {
+                data: { verified, token: jws },
+            });
+        }
+        const header = (0, token_header_1._parseTokenHeader)(decoded.header);
+        const payload = header.contentType === "text/plain"
+            ? decoded.payload
+            : b64_1.B64.toBuffer(decoded.payload, "base64url");
+        this.logger.silly("Token verified", { header, payload });
+        return { __jws: decoded, header, payload: payload };
+    }
+    static decode(jws) {
+        const [header, payload, signature] = jws.split(".");
+        const decodedHeader = (0, token_header_1._decodeTokenHeader)(header);
+        const result = {
+            header: decodedHeader,
+            payload: decodedHeader.cty === "text/plain" ? b64_1.B64.toString(payload) : payload,
+            signature,
+        };
+        return result;
+    }
+}
+exports.JwsKit = JwsKit;
+//# sourceMappingURL=JwsKit.js.map

package/dist/classes/JwsKit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwsKit.js","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,oCAAiD;AAGjD,mCAAoC;AACpC,sCAAqC;AAWrC,oFAAgF;AAChF,gEAIuC;AACvC,oFAAgF;AAEhF,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CACT,IAAO,EACP,UAA0B,EAAE;QAE5B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;QAClD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW;YACrC,CAAC,CAAC,OAAO,CAAC,WAAW;YACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;gBACd,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,oBAAoB,CAAC;QAE3B,MAAM,aAAa,GAA2B;YAC5C,SAAS;YACT,WAAW;YACX,UAAU,EAAE,KAAK;YACjB,OAAO;YACP,KAAK;YACL,QAAQ;SACT,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,iCAAkB,EAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;QAE9E,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC;YAC5B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC5B,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAElC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEjE,MAAM,SAAS,GAAG,IAAA,8CAAqB,EAAC;YACtC,MAAM;YACN,OAAO;YACP,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QAE5D,MAAM,KAAK,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;QAElD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;YAChC,KAAK;YACL,QAAQ;YACR,KAAK;SACN,CAAC,CAAC;QAEH,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAEM,MAAM,CAA4B,GAAW;QAClD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAClD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBACjC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,8CAAqB,EAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAE1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAExE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAiB,EAAoB,OAAO,CAAC,MAAM,CAAC,CAAC;QAEpE,MAAM,OAAO,GACX,MAAM,CAAC,WAAW,KAAK,YAAY;YACjC,CAAC,CAAC,OAAO,CAAC,OAAO;YACjB,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAEjD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAY,EAAE,CAAC;IAC3D,CAAC;IAIM,MAAM,CAAC,MAAM,CAAC,GAAW;QAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpD,MAAM,aAAa,GAAG,IAAA,iCAAkB,EAAC,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAe;YACzB,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,aAAa,CAAC,GAAG,KAAK,YAAY,CAAC,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO;YAC7E,SAAS;SACV,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAjHD,wBAiHC"}