@lindorm/aegis 0.2.6 → 0.3.0

package/CHANGELOG.md

@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.3.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.6...@lindorm/aegis@0.3.0) (2025-06-17)
+
+### Bug Fixes
+
+- add missing header options to sign and encrypt ([d0007e7](https://github.com/lindorm-io/monorepo/commit/d0007e70c0afcf5945b223b27e7b8c02c07b3109))
+- add missing jwt options for verify ([c5b9439](https://github.com/lindorm-io/monorepo/commit/c5b9439b41a7de541e966c350102b7cffde389b5))
+- add optional key filter for aegis ([49a6d75](https://github.com/lindorm-io/monorepo/commit/49a6d75a89f435c40389fbee00840c011e369b00))
+- align with kryptos changes ([206eb38](https://github.com/lindorm-io/monorepo/commit/206eb38ae2a03b14973e706035c87a953cc753af))
+- amend bugs ([a68a77a](https://github.com/lindorm-io/monorepo/commit/a68a77a811ddfe33a0b487cd84cda6a18d3054b6))
+- amend errors in mock ([4e80b28](https://github.com/lindorm-io/monorepo/commit/4e80b28e2bd35ae7ae43da9d3b480bae935aef08))
+- handle correct typing ([630fa33](https://github.com/lindorm-io/monorepo/commit/630fa332c16557fa5f16c3cc673af563d5ea4e24))
+- improve content type method ([d12f1fd](https://github.com/lindorm-io/monorepo/commit/d12f1fd4484c5e6b1becbdd72feed010d2c5cd98))
+- merge domain with issuer for ease of understanding ([9123cc2](https://github.com/lindorm-io/monorepo/commit/9123cc2ede63962a5c226a9bed0d0541001384d9))
+- minor improvements ([0f7db68](https://github.com/lindorm-io/monorepo/commit/0f7db68cddefce258434258ea9f6c0d5f5ba4fc4))
+- rename kits ([da103bf](https://github.com/lindorm-io/monorepo/commit/da103bf21fc25f3477dd9b70a851e4bca5758283))
+- update types and fallback to amphora issuer ([8130b45](https://github.com/lindorm-io/monorepo/commit/8130b45bc7a1c2080e029e6e2efc8c58a65f1d7e))
+
+### Features
+
+- add aegis aes and improve key methods ([ac1800e](https://github.com/lindorm-io/monorepo/commit/ac1800e65f1e9fc82814bb84793678f8c3fd1f8d))
+- add decode and verify to aegis ([bd6c9c3](https://github.com/lindorm-io/monorepo/commit/bd6c9c3b041eb0ed398d01f8d52b44e74cbad429))
+- add signature kit ([ca99771](https://github.com/lindorm-io/monorepo/commit/ca99771955b69a41a1add2cbad6a9512783f54ab))
+- add static token parsing to aegis ([2b8803c](https://github.com/lindorm-io/monorepo/commit/2b8803c189ce2bc97fe49c977e6fbb58cace13f7))
+- implement cose-encrypt kit ([5f94faf](https://github.com/lindorm-io/monorepo/commit/5f94fafc28ab737b02cb3e7566da0d5c827d8c1a))
+- implement cose-sign kit ([fd92fa3](https://github.com/lindorm-io/monorepo/commit/fd92fa346401de76967f5d3c0cc5fd6531e4b4bd))
+- introduce cwt to aegis ([40a7efa](https://github.com/lindorm-io/monorepo/commit/40a7efa1ce2907c0e4671d20cd9d9fb457a346db))
+
 ## [0.2.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.2.5...@lindorm/aegis@0.2.6) (2025-01-28)
 
 **Note:** Version bump only for package @lindorm/aegis

package/dist/classes/Aegis.d.ts

@@ -1,17 +1,43 @@
-import { AegisOptions, IAegis, IAegisJwe, IAegisJws, IAegisJwt } from "../types";
+import { IAegis, IAegisAes, IAegisCwe, IAegisCws, IAegisCwt, IAegisJwe, IAegisJws, IAegisJwt } from "../interfaces";
+import { AegisOptions, DecodedCwe, DecodedCws, DecodedCwt, DecodedJwe, DecodedJws, DecodedJwt, ParsedCws, ParsedCwt, ParsedJws, ParsedJwt, TokenHeaderClaims, VerifyJwtOptions } from "../types";
 export declare class Aegis implements IAegis {
+    readonly issuer: string | null;
     private readonly amphora;
     private readonly clockTolerance;
     private readonly encAlgorithm;
     private readonly encryption;
-    private readonly issuer;
-    private readonly kryptosMayOverrideEncryption;
     private readonly logger;
     private readonly sigAlgorithm;
     constructor(options: AegisOptions);
+    get aes(): IAegisAes;
+    get cwe(): IAegisCwe;
+    get cws(): IAegisCws;
+    get cwt(): IAegisCwt;
     get jwe(): IAegisJwe;
     get jws(): IAegisJws;
     get jwt(): IAegisJwt;
+    verify<T extends ParsedJwt | ParsedJws<any> | ParsedCwt | ParsedCws<any>>(token: string, options?: VerifyJwtOptions): Promise<T>;
+    static header(token: string): TokenHeaderClaims;
+    static isJwe(jwe: string): boolean;
+    static isJws(jws: string): boolean;
+    static isJwt(jwt: string): boolean;
+    static isCwe(cose: string): boolean;
+    static isCws(cose: string): boolean;
+    static isCwt(cwt: string): boolean;
+    static decode<T extends DecodedJwe | DecodedJws | DecodedJwt | DecodedCwt | DecodedCwe | DecodedCws<any>>(token: string): T;
+    static parse<T extends ParsedJwt | ParsedJws<any> | ParsedCwt | ParsedCws<any>>(token: string): T;
+    private aesKit;
+    private aesEncrypt;
+    private aesDecrypt;
+    private coseEncryptKit;
+    private coseEncrypt;
+    private coseDecrypt;
+    private coseSignKit;
+    private coseSign;
+    private coseVerify;
+    private cwtKit;
+    private cwtSign;
+    private cwtVerify;
     private jweKit;
     private jweEncrypt;
     private jweDecrypt;

package/dist/classes/Aegis.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,YAAY,EAGZ,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EAWV,MAAM,UAAU,CAAC;AAKlB,qBAAa,KAAM,YAAW,MAAM;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,QAAQ,CAAC,4BAA4B,CAAU;IACvD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAYxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;YAIa,MAAM;YAWN,UAAU;YAQV,UAAU;YAOV,MAAM;YAMN,OAAO;YAQP,SAAS;YAOT,MAAM;YAWN,OAAO;YAQP,SAAS;YAUT,UAAU;YAaV,UAAU;CAazB"}
+{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAkBA,OAAO,EACL,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACV,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EAIZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EAOV,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EAYT,iBAAiB,EAEjB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AA2BlB,qBAAa,KAAM,YAAW,MAAM;IAClC,SAAgB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAWxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAEY,MAAM,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACnF,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,CAAC,CAAC;WA0BC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;WAKxC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;WAI5B,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;WAI5B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAClB,CAAC,SACG,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,CAAC,GAAG,CAAC,EACnB,KAAK,EAAE,MAAM,GAAG,CAAC;WAsBL,KAAK,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACnF,KAAK,EAAE,MAAM,GACZ,CAAC;YAkBU,MAAM;YAMN,UAAU;YASV,UAAU;YAYV,cAAc;YAUd,WAAW;YASX,WAAW;YAaX,WAAW;YASX,QAAQ;YASR,UAAU;YAeV,MAAM;YAWN,OAAO;YASP,SAAS;YAgBT,MAAM;YAUN,UAAU;YASV,UAAU;YAaV,MAAM;YAMN,OAAO;YASP,SAAS;YAaT,MAAM;YAWN,OAAO;YASP,SAAS;YAgBT,UAAU;YA8BV,UAAU;CAqBzB"}

package/dist/classes/Aegis.js

@@ -1,28 +1,56 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Aegis = void 0;
+const aes_1 = require("@lindorm/aes");
+const errors_1 = require("../errors");
+const private_1 = require("../utils/private");
+const CweKit_1 = require("./CweKit");
+const CwsKit_1 = require("./CwsKit");
+const CwtKit_1 = require("./CwtKit");
 const JweKit_1 = require("./JweKit");
 const JwsKit_1 = require("./JwsKit");
 const JwtKit_1 = require("./JwtKit");
 class Aegis {
+    issuer;
     amphora;
     clockTolerance;
     encAlgorithm;
     encryption;
-    issuer;
-    kryptosMayOverrideEncryption;
     logger;
     sigAlgorithm;
     constructor(options) {
         this.logger = options.logger.child(["AegisKit"]);
         this.amphora = options.amphora;
-        this.issuer = options.issuer;
+        this.issuer = options.issuer ?? this.amphora.domain;
         this.clockTolerance = options.clockTolerance ?? 0;
         this.encAlgorithm = options.encAlgorithm;
         this.encryption = options.encryption ?? "A256GCM";
-        this.kryptosMayOverrideEncryption = options.kryptosMayOverrideEncryption ?? true;
         this.sigAlgorithm = options.sigAlgorithm;
     }
+    get aes() {
+        return {
+            encrypt: this.aesEncrypt.bind(this),
+            decrypt: this.aesDecrypt.bind(this),
+        };
+    }
+    get cwe() {
+        return {
+            encrypt: this.coseEncrypt.bind(this),
+            decrypt: this.coseDecrypt.bind(this),
+        };
+    }
+    get cws() {
+        return {
+            sign: this.coseSign.bind(this),
+            verify: this.coseVerify.bind(this),
+        };
+    }
+    get cwt() {
+        return {
+            sign: this.cwtSign.bind(this),
+            verify: this.cwtVerify.bind(this),
+        };
+    }
     get jwe() {
         return {
             encrypt: this.jweEncrypt.bind(this),
@@ -41,71 +69,255 @@ class Aegis {
             verify: this.jwtVerify.bind(this),
         };
     }
-    async jweKit(operation) {
-        const kryptos = await this.kryptosEnc(operation);
+    async verify(token, options) {
+        if (Aegis.isJwt(token)) {
+            return (await this.jwtVerify(token, options));
+        }
+        if (Aegis.isJwe(token)) {
+            const decrypt = await this.jweDecrypt(token);
+            return (await this.verify(decrypt.payload));
+        }
+        if (Aegis.isJws(token)) {
+            return (await this.jwsVerify(token));
+        }
+        if (Aegis.isCwt(token)) {
+            return (await this.cwtVerify(token, options));
+        }
+        if (Aegis.isCwe(token)) {
+            const decrypt = await this.coseDecrypt(token);
+            return (await this.verify(decrypt.payload));
+        }
+        if (Aegis.isCws(token)) {
+            return (await this.coseVerify(token));
+        }
+        throw new errors_1.AegisError("Invalid token type", { debug: { token } });
+    }
+    static header(token) {
+        const [header] = token.split(".");
+        return (0, private_1.decodeJoseHeader)(header);
+    }
+    static isJwe(jwe) {
+        return JweKit_1.JweKit.isJwe(jwe);
+    }
+    static isJws(jws) {
+        return JwsKit_1.JwsKit.isJws(jws);
+    }
+    static isJwt(jwt) {
+        return JwtKit_1.JwtKit.isJwt(jwt);
+    }
+    static isCwe(cose) {
+        return CweKit_1.CweKit.isCwe(cose);
+    }
+    static isCws(cose) {
+        return CwsKit_1.CwsKit.isCws(cose);
+    }
+    static isCwt(cwt) {
+        return CwtKit_1.CwtKit.isCwt(cwt);
+    }
+    static decode(token) {
+        if (Aegis.isJwe(token)) {
+            return JweKit_1.JweKit.decode(token);
+        }
+        if (Aegis.isJws(token)) {
+            return JwsKit_1.JwsKit.decode(token);
+        }
+        if (Aegis.isJwt(token)) {
+            return JwtKit_1.JwtKit.decode(token);
+        }
+        if (Aegis.isCwt(token)) {
+            return CwtKit_1.CwtKit.decode(token);
+        }
+        if (Aegis.isCwe(token)) {
+            return CweKit_1.CweKit.decode(token);
+        }
+        if (Aegis.isCws(token)) {
+            return CwsKit_1.CwsKit.decode(token);
+        }
+        throw new errors_1.AegisError("Invalid token type", { debug: { token } });
+    }
+    static parse(token) {
+        if (Aegis.isJwt(token)) {
+            return JwtKit_1.JwtKit.parse(token);
+        }
+        if (Aegis.isJws(token)) {
+            return JwsKit_1.JwsKit.parse(token);
+        }
+        if (Aegis.isCwt(token)) {
+            return CwtKit_1.CwtKit.parse(token);
+        }
+        if (Aegis.isCws(token)) {
+            return CwsKit_1.CwsKit.parse(token);
+        }
+        throw new errors_1.AegisError("Invalid token type", { debug: { token } });
+    }
+    async aesKit(options = {}) {
+        const kryptos = await this.kryptosEnc(options);
+        return new aes_1.AesKit({ encryption: this.encryption, kryptos });
+    }
+    async aesEncrypt(data, mode = "encoded") {
+        const kit = await this.aesKit({ encrypt: true });
+        return kit.encrypt(data, mode);
+    }
+    async aesDecrypt(data) {
+        const parsed = aes_1.AesKit.parse(data);
+        const kit = await this.aesKit({ id: parsed.keyId, algorithm: parsed.algorithm });
+        return kit.decrypt(data);
+    }
+    async coseEncryptKit(options = {}) {
+        const kryptos = await this.kryptosEnc(options);
+        return new CweKit_1.CweKit({
+            encryption: this.encryption,
+            kryptos,
+            logger: this.logger,
+        });
+    }
+    async coseEncrypt(data, options = {}) {
+        const kit = await this.coseEncryptKit({ encrypt: true });
+        return kit.encrypt(data, options);
+    }
+    async coseDecrypt(token) {
+        const decode = CweKit_1.CweKit.decode(token);
+        const kit = await this.coseEncryptKit({
+            id: decode.recipient.unprotected.kid,
+            algorithm: decode.protected.alg,
+        });
+        return kit.decrypt(token);
+    }
+    async coseSignKit(options = {}) {
+        const kryptos = await this.kryptosSig(options);
+        return new CwsKit_1.CwsKit({
+            kryptos,
+            logger: this.logger,
+        });
+    }
+    async coseSign(content, options = {}) {
+        const kit = await this.coseSignKit({ sign: true });
+        return kit.sign(content, options);
+    }
+    async coseVerify(token) {
+        const decode = CwsKit_1.CwsKit.decode(token);
+        const kit = await this.coseSignKit({
+            id: decode.unprotected.kid,
+            algorithm: decode.protected.alg,
+        });
+        return kit.verify(token);
+    }
+    async cwtKit(options = {}) {
+        const kryptos = await this.kryptosSig(options);
+        return new CwtKit_1.CwtKit({
+            clockTolerance: this.clockTolerance,
+            issuer: this.issuer ?? undefined,
+            kryptos,
+            logger: this.logger,
+        });
+    }
+    async cwtSign(content, options = {}) {
+        const kit = await this.cwtKit({ sign: true });
+        return kit.sign(content, options);
+    }
+    async cwtVerify(cwt, verify = {}) {
+        const decode = CwtKit_1.CwtKit.decode(cwt);
+        const kit = await this.cwtKit({
+            id: decode.unprotected.kid,
+            algorithm: decode.protected.alg,
+        });
+        return kit.verify(cwt, verify);
+    }
+    async jweKit(options = {}) {
+        const kryptos = await this.kryptosEnc(options);
         return new JweKit_1.JweKit({
             encryption: this.encryption,
             kryptos,
-            kryptosMayOverrideEncryption: this.kryptosMayOverrideEncryption,
             logger: this.logger,
         });
     }
-    async jweEncrypt(data, options) {
-        const jweKit = await this.jweKit("encrypt");
-        return jweKit.encrypt(data, options);
+    async jweEncrypt(data, options = {}) {
+        const kit = await this.jweKit({ encrypt: true });
+        return kit.encrypt(data, options);
     }
     async jweDecrypt(jwe) {
-        const jweKit = await this.jweKit("decrypt");
-        return jweKit.decrypt(jwe);
+        const decode = JweKit_1.JweKit.decode(jwe);
+        const kit = await this.jweKit({
+            id: decode.header.kid,
+            algorithm: decode.header.alg,
+        });
+        return kit.decrypt(jwe);
     }
-    async jwsKit(operation) {
-        const kryptos = await this.kryptosSig(operation);
+    async jwsKit(options = {}) {
+        const kryptos = await this.kryptosSig(options);
         return new JwsKit_1.JwsKit({ kryptos, logger: this.logger });
     }
-    async jwsSign(data, options) {
-        const jwsKit = await this.jwsKit("sign");
-        return jwsKit.sign(data, options);
+    async jwsSign(data, options = {}) {
+        const kit = await this.jwsKit({ sign: true });
+        return kit.sign(data, options);
     }
     async jwsVerify(jws) {
-        const jwsKit = await this.jwsKit("verify");
-        return jwsKit.verify(jws);
+        const decode = JwsKit_1.JwsKit.decode(jws);
+        const kit = await this.jwsKit({
+            id: decode.header.kid,
+            algorithm: decode.header.alg,
+        });
+        return kit.verify(jws);
     }
-    async jwtKit(operation) {
-        const kryptos = await this.kryptosSig(operation);
+    async jwtKit(options = {}) {
+        const kryptos = await this.kryptosSig(options);
         return new JwtKit_1.JwtKit({
             clockTolerance: this.clockTolerance,
-            issuer: this.issuer,
+            issuer: this.issuer ?? undefined,
             kryptos,
             logger: this.logger,
         });
     }
-    async jwtSign(content, options) {
-        const jwtKit = await this.jwtKit("sign");
-        return jwtKit.sign(content, options);
+    async jwtSign(content, options = {}) {
+        const kit = await this.jwtKit({ sign: true });
+        return kit.sign(content, options);
     }
-    async jwtVerify(jwt, verify) {
-        const jwtKit = await this.jwtKit("verify");
-        return jwtKit.verify(jwt, verify);
-    }
-    async kryptosEnc(operation) {
-        const kryptos = await this.amphora.find({
-            algorithm: this.encAlgorithm,
-            issuer: this.issuer,
-            operation,
-            use: "enc",
+    async jwtVerify(jwt, verify = {}) {
+        const decode = JwtKit_1.JwtKit.decode(jwt);
+        const kit = await this.jwtKit({
+            id: decode.header.kid,
+            algorithm: decode.header.alg,
         });
-        this.logger.silly("Kryptos found", { kryptos: kryptos.toJSON() });
+        return kit.verify(jwt, verify);
+    }
+    async kryptosEnc(options = {}) {
+        const query = options.encrypt
+            ? {
+                $or: [
+                    { operations: ["encrypt"] },
+                    { operations: ["deriveKey"] },
+                    { operations: ["wrapKey"] },
+                ],
+                algorithm: this.encAlgorithm,
+                issuer: this.issuer ?? undefined,
+                ...(options.keyFilter ? { purpose: options.keyFilter.purpose } : {}),
+            }
+            : {
+                $or: [
+                    { operations: ["decrypt"] },
+                    { operations: ["deriveKey"] },
+                    { operations: ["unwrapKey"] },
+                ],
+                algorithm: options.algorithm ?? this.encAlgorithm,
+            };
+        const kryptos = await this.amphora.find(options.id ? { id: options.id } : { ...query, use: "enc" });
+        this.logger.debug("Kryptos found", { kryptos: kryptos.toJSON() });
         return kryptos;
     }
-    async kryptosSig(operation) {
-        const kryptos = await this.amphora.find({
-            algorithm: this.sigAlgorithm,
-            issuer: this.issuer,
-            operation,
-            private: true,
-            use: "sig",
-        });
-        this.logger.silly("Kryptos found", { kryptos: kryptos.toJSON() });
+    async kryptosSig(options = {}) {
+        const query = options.sign
+            ? {
+                algorithm: this.encAlgorithm,
+                issuer: this.issuer ?? undefined,
+                operations: ["sign"],
+                ...(options.keyFilter ? { purpose: options.keyFilter.purpose } : {}),
+            }
+            : {
+                algorithm: options.algorithm ?? this.sigAlgorithm,
+                operations: ["verify"],
+            };
+        const kryptos = await this.amphora.find(options.id ? { id: options.id } : { ...query, use: "sig" });
+        this.logger.debug("Kryptos found", { kryptos: kryptos.toJSON() });
         return kryptos;
     }
 }

package/dist/classes/Aegis.js.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.js","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":";;;AA6BA,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAElC,MAAa,KAAK;IACC,OAAO,CAAW;IAClB,cAAc,CAAS;IACvB,YAAY,CAAkC;IAC9C,UAAU,CAAoB;IAC9B,MAAM,CAAqB;IAC3B,4BAA4B,CAAU;IACtC,MAAM,CAAU;IAChB,YAAY,CAAkC;IAE/D,YAAmB,OAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE7B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;QAClD,IAAI,CAAC,4BAA4B,GAAG,OAAO,CAAC,4BAA4B,IAAI,IAAI,CAAC;QACjF,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,4BAA4B,EAAE,IAAI,CAAC,4BAA4B;YAC/D,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,OAA2B;QAE3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAO,EACP,OAAwB;QAExB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAuB,GAAW;QACvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,SAA2B;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,OAAwB;QAExB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,MAAyB;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAIO,KAAK,CAAC,UAAU,CAAC,SAA2B;QAClD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YACtC,SAAS,EAAE,IAAI,CAAC,YAAY;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,SAA2B;QAClD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YACtC,SAAS,EAAE,IAAI,CAAC,YAAY;YAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS;YACT,OAAO,EAAE,IAAI;YACb,GAAG,EAAE,KAAK;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAnJD,sBAmJC"}
+{"version":3,"file":"Aegis.js","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":";;;AAAA,sCAMsB;AAWtB,sCAAuC;AA+CvC,8CAAoD;AACpD,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAoBlC,MAAa,KAAK;IACA,MAAM,CAAgB;IAErB,OAAO,CAAW;IAClB,cAAc,CAAS;IACvB,YAAY,CAAkC;IAC9C,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,YAAY,CAAkC;IAE/D,YAAmB,OAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAEpD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAyB;YAC3D,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YACpC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;SACrC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACnC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,KAAa,EACb,OAA0B;QAE1B,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAM,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC7C,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAM,CAAC;QACnD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAM,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9C,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAM,CAAC;QACnD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAM,CAAC;QAC7C,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAIM,MAAM,CAAC,MAAM,CAAC,KAAa;QAChC,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,IAAY;QAC9B,OAAO,eAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,IAAY;QAC9B,OAAO,eAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,MAAM,CAQlB,KAAa;QACb,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAEM,MAAM,CAAC,KAAK,CACjB,KAAa;QAEb,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,OAA0D,SAAS;QAEnE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAiB,CAAC,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAA4D;QAE5D,MAAM,MAAM,GAAG,YAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAEjF,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAIO,KAAK,CAAC,cAAc,CAAC,UAAsB,EAAE;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,IAAgB,EAChB,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,KAAiB;QAEjB,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;YACpC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACpC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG;SAChC,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,UAAsB,EAAE;QAChD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,QAAQ,CACpB,OAAU,EACV,UAA0C,EAAE;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnD,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,KAAsB;QAEtB,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC;YACjC,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG;YAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG;SAChC,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;YAChC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,UAA0C,EAAE;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,SAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG;YAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG;SAChC,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAO,EACP,UAA0C,EAAE;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAuB,GAAW;QACvD,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;YAChC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,UAA0C,EAAE;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,SAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAIO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAC/C,MAAM,KAAK,GAAiB,OAAO,CAAC,OAAO;YACzC,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;iBAC5B;gBACD,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACrE;YACH,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;iBAC9B;gBACD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;aAClD,CAAC;QAEN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CACrC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAC3D,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAC/C,MAAM,KAAK,GAAiB,OAAO,CAAC,IAAI;YACtC,CAAC,CAAC;gBACE,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,UAAU,EAAE,CAAC,MAAM,CAAC;gBACpB,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACrE;YACH,CAAC,CAAC;gBACE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;gBACjD,UAAU,EAAE,CAAC,QAAQ,CAAC;aACvB,CAAC;QAEN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CACrC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAC3D,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AArcD,sBAqcC"}

package/dist/classes/CweKit.d.ts

@@ -0,0 +1,14 @@
+import { ICweKit } from "../interfaces";
+import { CweContent, CweEncryptOptions, CweKitOptions, DecodedCwe, DecryptedCwe, EncryptedCwe } from "../types";
+export declare class CweKit implements ICweKit {
+    private readonly encryption;
+    private readonly logger;
+    private readonly kryptos;
+    constructor(options: CweKitOptions);
+    encrypt(data: CweContent, options?: CweEncryptOptions): EncryptedCwe;
+    decrypt<T extends CweContent = string>(token: CweContent): DecryptedCwe<T>;
+    static isCwe(token: Buffer | string): boolean;
+    static decode(token: CweContent): DecodedCwe;
+    private contentType;
+}
+//# sourceMappingURL=CweKit.d.ts.map

package/dist/classes/CweKit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CweKit.d.ts","sourceRoot":"","sources":["../../src/classes/CweKit.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,UAAU,EACV,YAAY,EAEZ,YAAY,EACb,MAAM,UAAU,CAAC;AASlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAMlC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IA+DxE,OAAO,CAAC,CAAC,SAAS,UAAU,GAAG,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC;WA0EnE,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;WAStC,MAAM,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU;IAgCnD,OAAO,CAAC,WAAW;CAMpB"}

package/dist/classes/CweKit.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CweKit = void 0;
+const aes_1 = require("@lindorm/aes");
+const is_1 = require("@lindorm/is");
+const cbor_1 = require("cbor");
+const crypto_1 = require("crypto");
+const errors_1 = require("../errors");
+const private_1 = require("../utils/private");
+class CweKit {
+    encryption;
+    logger;
+    kryptos;
+    constructor(options) {
+        this.logger = options.logger.child(["CoseEncryptKit"]);
+        this.kryptos = options.kryptos;
+        this.encryption = options.encryption ?? options.kryptos.encryption ?? "A256GCM";
+    }
+    encrypt(data, options = {}) {
+        const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
+        this.logger.debug("Encrypting token", { options });
+        const objectId = options.objectId ?? (0, crypto_1.randomBytes)(20).toString("base64url");
+        const { authTag, content, hkdfSalt, initialisationVector, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = kit.encrypt(data, "record");
+        const protectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
+            algorithm: this.kryptos.algorithm,
+            contentType: this.contentType(data),
+            headerType: "application/cose; cose-type=cose-encrypt",
+        }));
+        const protectedCbor = (0, cbor_1.encode)(protectedHeader);
+        const unprotectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
+            ...(options.header ?? {}),
+            initialisationVector,
+            objectId,
+        }));
+        const ciphertext = Buffer.concat([content, authTag]);
+        const recipientHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
+            encryption: this.encryption,
+            hkdfSalt,
+            initialisationVector: publicEncryptionIv,
+            jwksUri: this.kryptos.jwksUri ?? undefined,
+            keyId: this.kryptos.id,
+            pbkdfIterations,
+            pbkdfSalt,
+            publicEncryptionJwk,
+            publicEncryptionTag,
+        }));
+        const recipientPublicKey = publicEncryptionKey ?? null;
+        const recipients = [[(0, cbor_1.encode)({}), recipientHeader, recipientPublicKey]];
+        const buffer = (0, cbor_1.encode)([protectedCbor, unprotectedHeader, ciphertext, recipients]);
+        const token = buffer.toString("base64url");
+        this.logger.debug("Token encrypted", { token });
+        return { buffer, token };
+    }
+    decrypt(token) {
+        const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
+        this.logger.debug("Decrypting token", { token });
+        const decoded = CweKit.decode(token);
+        if (this.kryptos.algorithm !== decoded.protected.alg) {
+            throw new errors_1.CoseEncryptError("Invalid token", {
+                debug: {
+                    expect: this.kryptos.algorithm,
+                    actual: decoded.protected.alg,
+                },
+            });
+        }
+        if (decoded.recipient.unprotected.enc !== this.encryption) {
+            throw new errors_1.CoseEncryptError("Unexpected encryption", {
+                debug: {
+                    expect: this.encryption,
+                    actual: decoded.recipient.unprotected.enc,
+                },
+            });
+        }
+        const hkdfSalt = decoded.recipient.unprotected.hkdf_salt;
+        const initialisationVector = decoded.unprotected.iv;
+        const pbkdfIterations = decoded.recipient.unprotected.p2c;
+        const pbkdfSalt = decoded.recipient.unprotected.p2s;
+        const publicEncryptionIv = decoded.recipient.unprotected.iv;
+        const publicEncryptionJwk = decoded.recipient.unprotected.epk;
+        const publicEncryptionTag = decoded.recipient.unprotected.tag;
+        const publicEncryptionKey = decoded.recipient.publicEncryptionKey;
+        if (!initialisationVector) {
+            throw new errors_1.CoseEncryptError("Missing iv");
+        }
+        const header = (0, private_1.parseTokenHeader)({
+            ...decoded.protected,
+            enc: decoded.recipient.unprotected.enc,
+            epk: decoded.recipient.unprotected.epk,
+            jku: decoded.recipient.unprotected.jku,
+            kid: decoded.recipient.unprotected.kid,
+            oid: decoded.unprotected.oid,
+        });
+        const payload = kit.decrypt({
+            authTag: decoded.authTag,
+            content: decoded.content,
+            contentType: decoded.protected.cty ?? "text/plain",
+            encryption: this.encryption,
+            hkdfSalt,
+            initialisationVector,
+            pbkdfIterations,
+            pbkdfSalt,
+            publicEncryptionIv,
+            publicEncryptionJwk,
+            publicEncryptionKey,
+            publicEncryptionTag,
+        });
+        this.logger.debug("Token decrypted");
+        return {
+            decoded,
+            header,
+            payload,
+            token: (0, is_1.isString)(token) ? token : token.toString("base64url"),
+        };
+    }
+    static isCwe(token) {
+        try {
+            const decode = CweKit.decode(token);
+            return decode.protected.typ === "application/cose; cose-type=cose-encrypt";
+        }
+        catch {
+            return false;
+        }
+    }
+    static decode(token) {
+        const [protectedCbor, unprotectedCose, ciphertext, recipients] = (0, cbor_1.decode)((0, is_1.isBuffer)(token) ? token : Buffer.from(token, "base64url"));
+        const protectedDict = (0, private_1.decodeCoseHeader)((0, cbor_1.decode)(protectedCbor));
+        const unprotectedDict = (0, private_1.decodeCoseHeader)(unprotectedCose);
+        const [recipient] = recipients;
+        const [_, recipientHeader, publicEncryptionKey] = recipient;
+        const recipientDict = (0, private_1.decodeCoseHeader)(recipientHeader);
+        const length = (0, private_1.authTagLength)(recipientDict.enc);
+        const authTag = ciphertext.slice(-length);
+        const content = ciphertext.slice(0, -length);
+        return {
+            protected: protectedDict,
+            unprotected: unprotectedDict,
+            recipient: {
+                unprotected: recipientDict,
+                initialisationVector: recipientDict.iv,
+                publicEncryptionKey,
+            },
+            initialisationVector: unprotectedDict.iv,
+            content,
+            authTag,
+        };
+    }
+    contentType(input) {
+        if ((0, is_1.isBuffer)(input)) {
+            return "application/octet-stream";
+        }
+        return "text/plain";
+    }
+}
+exports.CweKit = CweKit;
+//# sourceMappingURL=CweKit.js.map