@lindorm/aegis 0.4.4 → 0.5.0

package/CHANGELOG.md

@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.5.0](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.4...@lindorm/aegis@0.5.0) (2026-04-15)
+
+### Bug Fixes
+
+- **aegis:** accept AesContent in IAegisAes types, delegate mock to AesKit ([11b78df](https://github.com/lindorm-io/monorepo/commit/11b78df01112106280466a1824a8c47151ceee65))
+- **aegis:** adopt kryptos descriptive cert fields and drop SHA-1 x5t binding ([06e4d4d](https://github.com/lindorm-io/monorepo/commit/06e4d4dd4bc2f3311370335316d1ffb27df0a317))
+- **aegis:** resolve historical kryptos by id when verifying JWE/JWS ([24c81d4](https://github.com/lindorm-io/monorepo/commit/24c81d4dfa2da67eafcc6e1af432af1a75567b16))
+- **aegis:** string verifier for array-valued claims uses containment ([7cc2c7e](https://github.com/lindorm-io/monorepo/commit/7cc2c7e32140a29ffddd079f956dee9e611ae03c))
+
+### Features
+
+- **aegis:** add act, may_act, groups, entitlements claim types ([ed80767](https://github.com/lindorm-io/monorepo/commit/ed80767a029fded720bb9af44fb3cdeb2b5c30d6))
+- **aegis:** add AegisProfile claim type for ID token profile personalization ([929a9b6](https://github.com/lindorm-io/monorepo/commit/929a9b6ee7b051d50dda8aa8c6a1c3e88e23e4d5))
+- **aegis:** add baseFormat to parsed token headers ([43d37a0](https://github.com/lindorm-io/monorepo/commit/43d37a02a3ae1773fb166aabd7f7957dcf30e4ac))
+- **aegis:** add bindCertificate sign option and post-verify thumbprint check ([0d4e2a5](https://github.com/lindorm-io/monorepo/commit/0d4e2a5bdfbfa745b7b3e137ecf4b4a617c6d8f5)), closes [x5t#S256](https://github.com/x5t/issues/S256)
+- **aegis:** add certBindingMode strict/lax for cert-binding verify ([bfd2165](https://github.com/lindorm-io/monorepo/commit/bfd2165d65a1bdb0895e503466dfc287259f7a66))
+- **aegis:** add cnf claim support on sign and parse ([e7d7a28](https://github.com/lindorm-io/monorepo/commit/e7d7a28d1b82cf711c54d64aa51f2615b96c1e4d))
+- **aegis:** add isParsedJwt and isParsedJws guards ([1640977](https://github.com/lindorm-io/monorepo/commit/1640977405de7bc183e98b24857ce33cc21ad0d4))
+- **aegis:** add TokenType, AuthFactor, SessionHint, SubjectHint types ([fb7a15a](https://github.com/lindorm-io/monorepo/commit/fb7a15a2687ed0e1126ac94c23ed01472d0fa044))
+- **aegis:** add userinfo and introspection parse utilities ([ab2e14f](https://github.com/lindorm-io/monorepo/commit/ab2e14f4ef0b40c7a70ad0fe08079a88c99c5f33))
+- **aegis:** attach TokenIdentity to parsed results and add actor verify option ([7bcfdae](https://github.com/lindorm-io/monorepo/commit/7bcfdae0d4d1c83811ea8e03437fb284113f69e4))
+- **aegis:** auto-stamp thumbprint on sign when kryptos has cert, add none mode ([441630f](https://github.com/lindorm-io/monorepo/commit/441630f177b4264a791da9ce9e5409b4de15958a))
+- **aegis:** enforce algorithm allowlist in decodeJoseHeader ([5be80a1](https://github.com/lindorm-io/monorepo/commit/5be80a10aa7461323e1b620bed8a699f960e7089)), closes [PKCS#1](https://github.com/PKCS/issues/1)
+- **aegis:** expose parseUserinfo, parseIntrospection, and validateClaims on Aegis ([a29ec9c](https://github.com/lindorm-io/monorepo/commit/a29ec9c3568631c067d0984de07769a969ca1719))
+- **aegis:** reject JWE tokens with zip compression header ([644d37d](https://github.com/lindorm-io/monorepo/commit/644d37debea9a5bf0edab469ced8e2bc6467bf60))
+- **aegis:** validate tokenType input in computeTypHeader ([5d95fb6](https://github.com/lindorm-io/monorepo/commit/5d95fb69ab5625cd6812b5b29be91c436f8001a0))
+- **aegis:** verify DPoP proofs as part of JWT verification ([9795b7c](https://github.com/lindorm-io/monorepo/commit/9795b7c1d0b8925050fe82176515a47aeefd5957))
+
 ## [0.4.4](https://github.com/lindorm-io/monorepo/compare/@lindorm/aegis@0.4.3...@lindorm/aegis@0.4.4) (2026-04-01)
 
 **Note:** Version bump only for package @lindorm/aegis

package/__tests__/jwt-interop.test.ts

@@ -65,7 +65,7 @@ describe("JWT interop: aegis <-> jose", () => {
 
       expect(result.payload.iss).toBe(ISSUER);
       expect(result.payload.sub).toBe(SUBJECT);
-      expect(result.payload.token_type).toBe("access_token");
+      expect(result.protectedHeader.typ).toBe("at+jwt");
       expect(result.payload.exp).toBeDefined();
     });
 
@@ -77,8 +77,8 @@ describe("JWT interop: aegis <-> jose", () => {
       const jwk = kryptos.export("jwk");
       const joseKey = await importJWK(jwk, jwk.alg);
 
-      const token = await new SignJWT({ token_type: "access_token" })
-        .setProtectedHeader({ alg: jwk.alg, typ: "JWT" })
+      const token = await new SignJWT({})
+        .setProtectedHeader({ alg: jwk.alg, typ: "at+jwt" })
         .setIssuer(ISSUER)
         .setSubject(SUBJECT)
         .setExpirationTime("1h")
@@ -89,7 +89,7 @@ describe("JWT interop: aegis <-> jose", () => {
 
       expect(result.payload.issuer).toBe(ISSUER);
       expect(result.payload.subject).toBe(SUBJECT);
-      expect(result.payload.tokenType).toBe("access_token");
+      expect(result.header.tokenType).toBe("access_token");
       expect(result.payload.expiresAt).toBeInstanceOf(Date);
     });
   });
@@ -116,7 +116,8 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       expect(result.iss).toBe(ISSUER);
       expect(result.sub).toBe(SUBJECT);
-      expect(result.token_type).toBe("access_token");
+      // token_type is no longer a claim; jsonwebtoken verify doesn't expose header
+      expect(jsonwebtoken.decode(token, { complete: true })?.header.typ).toBe("at+jwt");
       expect(result.exp).toBeDefined();
     });
 
@@ -126,9 +127,10 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       const { privateKey } = kryptos.export("pem");
 
-      const token = jsonwebtoken.sign({ token_type: "access_token" }, privateKey!, {
+      const token = jsonwebtoken.sign({}, privateKey!, {
         algorithm: "RS256",
         expiresIn: "1h",
+        header: { alg: "RS256", typ: "at+jwt" },
         issuer: ISSUER,
         subject: SUBJECT,
       });
@@ -137,7 +139,7 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       expect(result.payload.issuer).toBe(ISSUER);
       expect(result.payload.subject).toBe(SUBJECT);
-      expect(result.payload.tokenType).toBe("access_token");
+      expect(result.header.tokenType).toBe("access_token");
     });
   });
 
@@ -157,7 +159,7 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       expect(result.iss).toBe(ISSUER);
       expect(result.sub).toBe(SUBJECT);
-      expect(result.token_type).toBe("access_token");
+      expect(jsonwebtoken.decode(token, { complete: true })?.header.typ).toBe("at+jwt");
     });
 
     test("jsonwebtoken sign -> aegis verify", () => {
@@ -166,9 +168,10 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       const { privateKey } = kryptos.export("der");
 
-      const token = jsonwebtoken.sign({ token_type: "access_token" }, privateKey!, {
+      const token = jsonwebtoken.sign({}, privateKey!, {
         algorithm: "HS256",
         expiresIn: "1h",
+        header: { alg: "HS256", typ: "at+jwt" },
         issuer: ISSUER,
         subject: SUBJECT,
       });
@@ -177,7 +180,7 @@ describe("JWT interop: aegis <-> jsonwebtoken", () => {
 
       expect(result.payload.issuer).toBe(ISSUER);
       expect(result.payload.subject).toBe(SUBJECT);
-      expect(result.payload.tokenType).toBe("access_token");
+      expect(result.header.tokenType).toBe("access_token");
     });
   });
 });

package/dist/classes/Aegis.d.ts

@@ -1,43 +1,36 @@
-import { IAegis, IAegisAes, IAegisCwe, IAegisCws, IAegisCwt, IAegisJwe, IAegisJws, IAegisJwt } from "../interfaces";
-import { AegisOptions, DecodedCwe, DecodedCws, DecodedCwt, DecodedJwe, DecodedJws, DecodedJwt, ParsedCws, ParsedCwt, ParsedJws, ParsedJwt, TokenHeaderClaims, VerifyJwtOptions } from "../types";
+import { Dict } from "@lindorm/types";
+import { IAegis, IAegisAes, IAegisJwe, IAegisJws, IAegisJwt } from "../interfaces";
+import { AegisIntrospection, AegisOptions, AegisUserinfo, DecodedJwe, DecodedJws, DecodedJwt, ParsedJws, ParsedJwt, TokenHeaderClaims, ValidateJwtOptions, VerifyJwtOptions } from "../types";
+import { IntrospectClaimsInput } from "#internal/utils/parse-introspection";
+import { UserinfoClaimsInput } from "#internal/utils/parse-userinfo";
 export declare class Aegis implements IAegis {
     readonly issuer: string | null;
     private readonly amphora;
+    private readonly certBindingMode;
     private readonly clockTolerance;
+    private readonly dpopMaxSkew;
     private readonly encAlgorithm;
     private readonly encryption;
     private readonly logger;
     private readonly sigAlgorithm;
     constructor(options: AegisOptions);
     get aes(): IAegisAes;
-    get cwe(): IAegisCwe;
-    get cws(): IAegisCws;
-    get cwt(): IAegisCwt;
     get jwe(): IAegisJwe;
     get jws(): IAegisJws;
     get jwt(): IAegisJwt;
-    verify<T extends ParsedJwt | ParsedJws<any> | ParsedCwt | ParsedCws<any>>(token: string, options?: VerifyJwtOptions): Promise<T>;
+    verify<T extends ParsedJwt | ParsedJws<any>>(token: string, options?: VerifyJwtOptions): Promise<T>;
     static header(token: string): TokenHeaderClaims;
     static isJwe(jwe: string): boolean;
     static isJws(jws: string): boolean;
     static isJwt(jwt: string): boolean;
-    static isCwe(cose: string): boolean;
-    static isCws(cose: string): boolean;
-    static isCwt(cwt: string): boolean;
-    static decode<T extends DecodedJwe | DecodedJws | DecodedJwt | DecodedCwt | DecodedCwe | DecodedCws<any>>(token: string): T;
-    static parse<T extends ParsedJwt | ParsedJws<any> | ParsedCwt | ParsedCws<any>>(token: string): T;
+    static decode<T extends DecodedJwe | DecodedJws | DecodedJwt>(token: string): T;
+    static parse<T extends ParsedJwt | ParsedJws<any>>(token: string): T;
+    static parseUserinfo(data: UserinfoClaimsInput): AegisUserinfo;
+    static parseIntrospection(data: IntrospectClaimsInput): AegisIntrospection;
+    static validateClaims(claims: Dict, matchers: ValidateJwtOptions): void;
     private aesKit;
     private aesEncrypt;
     private aesDecrypt;
-    private coseEncryptKit;
-    private coseEncrypt;
-    private coseDecrypt;
-    private coseSignKit;
-    private coseSign;
-    private coseVerify;
-    private cwtKit;
-    private cwtSign;
-    private cwtVerify;
     private jweKit;
     private jweEncrypt;
     private jweDecrypt;

package/dist/classes/Aegis.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAiBA,OAAO,EACL,MAAM,EACN,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EACV,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EAKZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EACV,UAAU,EAOV,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,EAWT,iBAAiB,EAEjB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAyBlB,qBAAa,KAAM,YAAW,MAAM;IAClC,SAAgB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAWxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAEY,MAAM,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACnF,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,CAAC,CAAC;WA0BC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;WAKxC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;WAI5B,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;WAI5B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAClB,CAAC,SACG,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,GACV,UAAU,CAAC,GAAG,CAAC,EACnB,KAAK,EAAE,MAAM,GAAG,CAAC;WAsBL,KAAK,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACnF,KAAK,EAAE,MAAM,GACZ,CAAC;YAkBU,MAAM;YAMN,UAAU;YASV,UAAU;YAeV,cAAc;YAUd,WAAW;YASX,WAAW;YAcX,WAAW;YASX,QAAQ;YASR,UAAU;YAeV,MAAM;YAWN,OAAO;YASP,SAAS;YAgBT,MAAM;YAUN,UAAU;YASV,UAAU;YAaV,MAAM;YAMN,OAAO;YASP,SAAS;YAaT,MAAM;YAWN,OAAO;YASP,SAAS;YAgBT,UAAU;YA+BV,UAAU;CAsBzB"}
+{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAEtC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACnF,OAAO,EACL,kBAAkB,EAClB,YAAY,EAEZ,aAAa,EAEb,UAAU,EACV,UAAU,EACV,UAAU,EAKV,SAAS,EACT,SAAS,EAMT,iBAAiB,EACjB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAIlB,OAAO,EACL,qBAAqB,EAEtB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,EAAiB,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAqBpF,qBAAa,KAAM,YAAW,MAAM;IAClC,SAAgB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;IAC/D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAkC;gBAE5C,OAAO,EAAE,YAAY;IAaxC,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAED,IAAW,GAAG,IAAI,SAAS,CAK1B;IAEY,MAAM,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EACtD,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,CAAC,CAAC;WAgBC,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,iBAAiB;WAKxC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,GAAG,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAaxE,KAAK,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC;WAU7D,aAAa,CAAC,IAAI,EAAE,mBAAmB,GAAG,aAAa;WAIvD,kBAAkB,CAAC,IAAI,EAAE,qBAAqB,GAAG,kBAAkB;WAYnE,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;YAOhE,MAAM;YAMN,UAAU;YASV,UAAU;YAeV,MAAM;YAWN,UAAU;YASV,UAAU;YAaV,MAAM;YAUN,OAAO;YASP,SAAS;YAaT,MAAM;YAaN,OAAO;YASP,SAAS;YAgBT,UAAU;YA+BV,UAAU;CAgCzB"}

package/dist/classes/Aegis.js

@@ -3,17 +3,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Aegis = void 0;
 const aes_1 = require("@lindorm/aes");
 const errors_1 = require("../errors");
+const jwt_validate_1 = require("#internal/utils/jwt-validate");
+const validate_1 = require("#internal/utils/validate");
 const jose_header_1 = require("#internal/utils/jose-header");
-const CweKit_1 = require("./CweKit");
-const CwsKit_1 = require("./CwsKit");
-const CwtKit_1 = require("./CwtKit");
+const parse_introspection_1 = require("#internal/utils/parse-introspection");
+const parse_userinfo_1 = require("#internal/utils/parse-userinfo");
 const JweKit_1 = require("./JweKit");
 const JwsKit_1 = require("./JwsKit");
 const JwtKit_1 = require("./JwtKit");
 class Aegis {
     issuer;
     amphora;
+    certBindingMode;
     clockTolerance;
+    dpopMaxSkew;
     encAlgorithm;
     encryption;
     logger;
@@ -22,7 +25,9 @@ class Aegis {
         this.logger = options.logger.child(["AegisKit"]);
         this.amphora = options.amphora;
         this.issuer = options.issuer ?? this.amphora.domain;
+        this.certBindingMode = options.certBindingMode ?? "strict";
         this.clockTolerance = options.clockTolerance ?? 0;
+        this.dpopMaxSkew = options.dpopMaxSkew;
         this.encAlgorithm = options.encAlgorithm;
         this.encryption = options.encryption ?? "A256GCM";
         this.sigAlgorithm = options.sigAlgorithm;
@@ -33,24 +38,6 @@ class Aegis {
             decrypt: this.aesDecrypt.bind(this),
         };
     }
-    get cwe() {
-        return {
-            encrypt: this.coseEncrypt.bind(this),
-            decrypt: this.coseDecrypt.bind(this),
-        };
-    }
-    get cws() {
-        return {
-            sign: this.coseSign.bind(this),
-            verify: this.coseVerify.bind(this),
-        };
-    }
-    get cwt() {
-        return {
-            sign: this.cwtSign.bind(this),
-            verify: this.cwtVerify.bind(this),
-        };
-    }
     get jwe() {
         return {
             encrypt: this.jweEncrypt.bind(this),
@@ -80,16 +67,6 @@ class Aegis {
         if (Aegis.isJws(token)) {
             return (await this.jwsVerify(token));
         }
-        if (Aegis.isCwt(token)) {
-            return (await this.cwtVerify(token, options));
-        }
-        if (Aegis.isCwe(token)) {
-            const decrypt = await this.coseDecrypt(token);
-            return await this.verify(decrypt.payload);
-        }
-        if (Aegis.isCws(token)) {
-            return (await this.coseVerify(token));
-        }
         throw new errors_1.AegisError("Invalid token type", { debug: { token } });
     }
     static header(token) {
@@ -105,15 +82,6 @@ class Aegis {
     static isJwt(jwt) {
         return JwtKit_1.JwtKit.isJwt(jwt);
     }
-    static isCwe(cose) {
-        return CweKit_1.CweKit.isCwe(cose);
-    }
-    static isCws(cose) {
-        return CwsKit_1.CwsKit.isCws(cose);
-    }
-    static isCwt(cwt) {
-        return CwtKit_1.CwtKit.isCwt(cwt);
-    }
     static decode(token) {
         if (Aegis.isJwe(token)) {
             return JweKit_1.JweKit.decode(token);
@@ -124,15 +92,6 @@ class Aegis {
         if (Aegis.isJwt(token)) {
             return JwtKit_1.JwtKit.decode(token);
         }
-        if (Aegis.isCwt(token)) {
-            return CwtKit_1.CwtKit.decode(token);
-        }
-        if (Aegis.isCwe(token)) {
-            return CweKit_1.CweKit.decode(token);
-        }
-        if (Aegis.isCws(token)) {
-            return CwsKit_1.CwsKit.decode(token);
-        }
         throw new errors_1.AegisError("Invalid token type", { debug: { token } });
     }
     static parse(token) {
@@ -142,14 +101,18 @@ class Aegis {
         if (Aegis.isJws(token)) {
             return JwsKit_1.JwsKit.parse(token);
         }
-        if (Aegis.isCwt(token)) {
-            return CwtKit_1.CwtKit.parse(token);
-        }
-        if (Aegis.isCws(token)) {
-            return CwsKit_1.CwsKit.parse(token);
-        }
         throw new errors_1.AegisError("Invalid token type", { debug: { token } });
     }
+    static parseUserinfo(data) {
+        return (0, parse_userinfo_1.parseUserinfo)(data);
+    }
+    static parseIntrospection(data) {
+        return (0, parse_introspection_1.parseIntrospection)(data);
+    }
+    static validateClaims(claims, matchers) {
+        const predicate = (0, jwt_validate_1.createJwtValidate)(matchers);
+        (0, validate_1.validate)(claims, predicate);
+    }
     async aesKit(options = {}) {
         const kryptos = await this.kryptosEnc(options);
         return new aes_1.AesKit({ encryption: this.encryption, kryptos });
@@ -166,69 +129,10 @@ class Aegis {
         });
         return kit.decrypt(data);
     }
-    async coseEncryptKit(options = {}) {
-        const kryptos = await this.kryptosEnc(options);
-        return new CweKit_1.CweKit({
-            encryption: this.encryption,
-            kryptos,
-            logger: this.logger,
-        });
-    }
-    async coseEncrypt(data, options = {}) {
-        const kit = await this.coseEncryptKit({ encrypt: true });
-        return kit.encrypt(data, options);
-    }
-    async coseDecrypt(token) {
-        const decode = CweKit_1.CweKit.decode(token);
-        const kit = await this.coseEncryptKit({
-            id: decode.recipient.unprotected.kid,
-            algorithm: decode.recipient.unprotected.alg,
-        });
-        return kit.decrypt(token);
-    }
-    async coseSignKit(options = {}) {
-        const kryptos = await this.kryptosSig(options);
-        return new CwsKit_1.CwsKit({
-            kryptos,
-            logger: this.logger,
-        });
-    }
-    async coseSign(content, options = {}) {
-        const kit = await this.coseSignKit({ sign: true });
-        return kit.sign(content, options);
-    }
-    async coseVerify(token) {
-        const decode = CwsKit_1.CwsKit.decode(token);
-        const kit = await this.coseSignKit({
-            id: decode.unprotected.kid,
-            algorithm: decode.protected.alg,
-        });
-        return kit.verify(token);
-    }
-    async cwtKit(options = {}) {
-        const kryptos = await this.kryptosSig(options);
-        return new CwtKit_1.CwtKit({
-            clockTolerance: this.clockTolerance,
-            issuer: this.issuer ?? undefined,
-            kryptos,
-            logger: this.logger,
-        });
-    }
-    async cwtSign(content, options = {}) {
-        const kit = await this.cwtKit({ sign: true });
-        return kit.sign(content, options);
-    }
-    async cwtVerify(cwt, verify = {}) {
-        const decode = CwtKit_1.CwtKit.decode(cwt);
-        const kit = await this.cwtKit({
-            id: decode.unprotected.kid,
-            algorithm: decode.protected.alg,
-        });
-        return kit.verify(cwt, verify);
-    }
     async jweKit(options = {}) {
         const kryptos = await this.kryptosEnc(options);
         return new JweKit_1.JweKit({
+            certBindingMode: this.certBindingMode,
             encryption: this.encryption,
             kryptos,
             logger: this.logger,
@@ -248,7 +152,11 @@ class Aegis {
     }
     async jwsKit(options = {}) {
         const kryptos = await this.kryptosSig(options);
-        return new JwsKit_1.JwsKit({ kryptos, logger: this.logger });
+        return new JwsKit_1.JwsKit({
+            certBindingMode: this.certBindingMode,
+            kryptos,
+            logger: this.logger,
+        });
     }
     async jwsSign(data, options = {}) {
         const kit = await this.jwsKit({ sign: true });
@@ -265,7 +173,9 @@ class Aegis {
     async jwtKit(options = {}) {
         const kryptos = await this.kryptosSig(options);
         return new JwtKit_1.JwtKit({
+            certBindingMode: this.certBindingMode,
             clockTolerance: this.clockTolerance,
+            dpopMaxSkew: this.dpopMaxSkew,
             issuer: this.issuer ?? undefined,
             kryptos,
             logger: this.logger,
@@ -304,7 +214,9 @@ class Aegis {
                 algorithm: options.algorithm ?? this.encAlgorithm,
                 ...(options.predicate ?? {}),
             };
-        const kryptos = await this.amphora.find(options.id ? { id: options.id } : { ...query, use: "enc" });
+        const kryptos = options.id
+            ? await this.amphora.findById(options.id)
+            : await this.amphora.find({ ...query, use: "enc" });
         this.logger.debug("Kryptos found", { kryptos: kryptos.toJSON() });
         return kryptos;
     }
@@ -321,7 +233,9 @@ class Aegis {
                 operations: ["verify"],
                 ...(options.predicate ?? {}),
             };
-        const kryptos = await this.amphora.find(options.id ? { id: options.id } : { ...query, use: "sig" });
+        const kryptos = options.id
+            ? await this.amphora.findById(options.id)
+            : await this.amphora.find({ ...query, use: "sig" });
         this.logger.debug("Kryptos found", { kryptos: kryptos.toJSON() });
         return kryptos;
     }

package/dist/classes/Aegis.js.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.js","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":";;;AAAA,sCAMsB;AAUtB,sCAAuC;AA+CvC,6DAA+D;AAC/D,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAkBlC,MAAa,KAAK;IACA,MAAM,CAAgB;IAErB,OAAO,CAAW;IAClB,cAAc,CAAS;IACvB,YAAY,CAAkC;IAC9C,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,YAAY,CAAkC;IAE/D,YAAmB,OAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAEpD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAyB;YAC3D,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YACpC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;SACrC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACnC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,KAAa,EACb,OAA0B;QAE1B,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAM,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC7C,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAM,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9C,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAM,CAAC;QAC7C,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAIM,MAAM,CAAC,MAAM,CAAC,KAAa;QAChC,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,IAAA,8BAAgB,EAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,IAAY;QAC9B,OAAO,eAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,IAAY;QAC9B,OAAO,eAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,MAAM,CAQlB,KAAa;QACb,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAEM,MAAM,CAAC,KAAK,CACjB,KAAa;QAEb,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,OAA0D,SAAS;QAEnE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAiB,CAAC,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAA4D;QAE5D,MAAM,MAAM,GAAG,YAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,KAAK;YAChB,SAAS,EAAE,MAAM,CAAC,SAA4C;SAC/D,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAIO,KAAK,CAAC,cAAc,CAAC,UAAsB,EAAE;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,IAAgB,EAChB,UAAgD,EAAE;QAElD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEzD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,KAAiB;QAEjB,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAGpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;YACpC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACpC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,GAA0B;SACnE,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,UAAsB,EAAE;QAChD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,QAAQ,CACpB,OAAU,EACV,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnD,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,KAAsB;QAEtB,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEpC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC;YACjC,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG;YAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAA0B;SACvD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;YAChC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,SAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG;YAC1B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAA0B;SACvD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,UAAgD,EAAE;QAElD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAO,EACP,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAuB,GAAW;QACvD,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;YAChC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,SAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAIO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAC/C,MAAM,KAAK,GAAqB,OAAO,CAAC,OAAO;YAC7C,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;iBAC5B;gBACD,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B;YACH,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;iBAC9B;gBACD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;gBACjD,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B,CAAC;QAEN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CACrC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAC3D,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAC/C,MAAM,KAAK,GAAqB,OAAO,CAAC,IAAI;YAC1C,CAAC,CAAC;gBACE,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,UAAU,EAAE,CAAC,MAAM,CAAC;gBACpB,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B;YACH,CAAC,CAAC;gBACE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;gBACjD,UAAU,EAAE,CAAC,QAAQ,CAAC;gBACtB,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B,CAAC;QAEN,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CACrC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAC3D,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AA3cD,sBA2cC"}
+{"version":3,"file":"Aegis.js","sourceRoot":"","sources":["../../src/classes/Aegis.ts"],"names":[],"mappings":";;;AAAA,sCAOsB;AAUtB,sCAAuC;AA0BvC,+DAAiE;AACjE,uDAAsE;AACtE,6DAA+D;AAC/D,6EAG6C;AAC7C,mEAAoF;AACpF,qCAAkC;AAClC,qCAAkC;AAClC,qCAAkC;AAkBlC,MAAa,KAAK;IACA,MAAM,CAAgB;IAErB,OAAO,CAAW;IAClB,eAAe,CAAkB;IACjC,cAAc,CAAS;IACvB,WAAW,CAAqB;IAChC,YAAY,CAAkC;IAC9C,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,YAAY,CAAkC;IAE/D,YAAmB,OAAqB;QACtC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAEpD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,QAAQ,CAAC;QAC3D,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;QAClD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAyB;YAC3D,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;SAClC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,KAAa,EACb,OAA0B;QAE1B,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAM,CAAC;QACrD,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC7C,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;QAC5C,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAIM,MAAM,CAAC,MAAM,CAAC,KAAa;QAChC,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,IAAA,8BAAgB,EAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,eAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAEM,MAAM,CAAC,MAAM,CAAiD,KAAa;QAChF,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,MAAM,CAAC,KAAK,CAAM,CAAC;QACnC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAEM,MAAM,CAAC,KAAK,CAAuC,KAAa;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,eAAM,CAAC,KAAK,CAAC,KAAK,CAAM,CAAC;QAClC,CAAC;QACD,MAAM,IAAI,mBAAU,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;IAEM,MAAM,CAAC,aAAa,CAAC,IAAyB;QACnD,OAAO,IAAA,8BAAa,EAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAEM,MAAM,CAAC,kBAAkB,CAAC,IAA2B;QAC1D,OAAO,IAAA,wCAAkB,EAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAUM,MAAM,CAAC,cAAc,CAAC,MAAY,EAAE,QAA4B;QACrE,MAAM,SAAS,GAAG,IAAA,gCAAiB,EAAC,QAAQ,CAAC,CAAC;QAC9C,IAAA,mBAAc,EAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpC,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAC9D,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAgB,EAChB,OAA0D,SAAS;QAEnE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAiB,CAAC,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAA4D;QAE5D,MAAM,MAAM,GAAG,YAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,KAAK;YAChB,SAAS,EAAE,MAAM,CAAC,SAA4C;SAC/D,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAI,IAAI,CAAC,CAAC;IAC9B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAY,EACZ,UAAgD,EAAE;QAElD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAEjD,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAO,EACP,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,SAAS,CAAuB,GAAW;QACvD,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAIO,KAAK,CAAC,MAAM,CAAC,UAAsB,EAAE;QAC3C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,IAAI,eAAM,CAAC;YAChB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;YAChC,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,OAA0B,EAC1B,UAA6C,EAAE;QAE/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,SAAS,CACrB,GAAW,EACX,SAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,eAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAElC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;YAC5B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG;YACrB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,GAA0B;SACpD,CAAC,CAAC;QAEH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC;IAIO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAC/C,MAAM,KAAK,GAAqB,OAAO,CAAC,OAAO;YAC7C,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;iBAC5B;gBACD,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B;YACH,CAAC,CAAC;gBACE,GAAG,EAAE;oBACH,EAAE,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE;oBAC3B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;oBAC7B,EAAE,UAAU,EAAE,CAAC,WAAW,CAAC,EAAE;iBAC9B;gBACD,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;gBACjD,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B,CAAC;QAEN,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE;YACxB,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACzC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,UAAsB,EAAE;QAW/C,MAAM,KAAK,GAAqB,OAAO,CAAC,IAAI;YAC1C,CAAC,CAAC;gBACE,SAAS,EAAE,IAAI,CAAC,YAAY;gBAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,UAAU,EAAE,CAAC,MAAM,CAAC;gBACpB,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B;YACH,CAAC,CAAC;gBACE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY;gBACjD,UAAU,EAAE,CAAC,QAAQ,CAAC;gBACtB,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B,CAAC;QAEN,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE;YACxB,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACzC,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAEtD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AA3UD,sBA2UC"}

package/dist/classes/JweKit.d.ts

@@ -1,6 +1,7 @@
 import { IJweKit } from "../interfaces";
 import { DecodedJwe, DecryptedJwe, EncryptedJwe, JweEncryptOptions, JweKitOptions } from "../types";
 export declare class JweKit implements IJweKit {
+    private readonly certBindingMode;
     private readonly encryption;
     private readonly kryptos;
     private readonly logger;

package/dist/classes/JweKit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAIlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;gBAEd,OAAO,EAAE,aAAa;IAMlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IA6DpE,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY;WA8E7B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAmB7C,OAAO,CAAC,WAAW;CAuBpB"}
+{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAEL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAalB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;gBAEd,OAAO,EAAE,aAAa;IAOlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IA+DpE,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY;WAiH7B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAc3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAmB7C,OAAO,CAAC,WAAW;CAuBpB"}

package/dist/classes/JweKit.js

@@ -4,12 +4,18 @@ exports.JweKit = void 0;
 const aes_1 = require("@lindorm/aes");
 const b64_1 = require("@lindorm/b64");
 const is_1 = require("@lindorm/is");
-const crypto_1 = require("crypto");
 const format_1 = require("#internal/constants/format");
 const errors_1 = require("../errors");
+const compute_typ_header_1 = require("#internal/utils/compute-typ-header");
 const jose_header_1 = require("#internal/utils/jose-header");
 const token_header_1 = require("#internal/utils/token-header");
+const resolve_cert_binding_1 = require("#internal/utils/resolve-cert-binding");
+const verify_cert_binding_1 = require("#internal/utils/verify-cert-binding");
+const validate_crit_1 = require("#internal/utils/validate-crit");
+const JwsKit_1 = require("./JwsKit");
+const JwtKit_1 = require("./JwtKit");
 class JweKit {
+    certBindingMode;
     encryption;
     kryptos;
     logger;
@@ -17,11 +23,12 @@ class JweKit {
         this.logger = options.logger.child(["JweKit"]);
         this.kryptos = options.kryptos;
         this.encryption = options.encryption ?? options.kryptos.encryption ?? "A256GCM";
+        this.certBindingMode = options.certBindingMode ?? "strict";
     }
     encrypt(data, options = {}) {
         const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
         this.logger.debug("Encrypting token", { options });
-        const objectId = options.objectId ?? (0, crypto_1.randomUUID)();
+        const objectId = options.objectId;
         const prepared = kit.prepareEncryption();
         const critical = [];
         const headerOptions = {
@@ -30,7 +37,7 @@ class JweKit {
             contentType: this.contentType(data),
             ...(critical.length ? { critical } : {}),
             encryption: this.encryption,
-            headerType: "JWE",
+            headerType: (0, compute_typ_header_1.computeTypHeader)(options.tokenType, "jwe"),
             initialisationVector: prepared.headerParams.publicEncryptionIv,
             jwksUri: this.kryptos.jwksUri ?? undefined,
             keyId: this.kryptos.id,
@@ -40,7 +47,8 @@ class JweKit {
             publicEncryptionJwk: prepared.headerParams.publicEncryptionJwk,
             publicEncryptionTag: prepared.headerParams.publicEncryptionTag,
         };
-        const header = (0, jose_header_1.encodeJoseHeader)(headerOptions);
+        const cert = (0, resolve_cert_binding_1.resolveCertBinding)(this.kryptos, options.bindCertificate);
+        const header = (0, jose_header_1.encodeJoseHeader)(headerOptions, cert);
         const aad = Buffer.from(header, "ascii");
         const { authTag, content, initialisationVector } = prepared.encrypt(data, { aad });
         if (!authTag) {
@@ -60,9 +68,21 @@ class JweKit {
         const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
         this.logger.debug("Decrypting token", { token });
         const decoded = JweKit.decode(token);
-        if (decoded.header.typ !== "JWE") {
+        const typ = decoded.header.typ;
+        if (typ !== "JWE" && !(typeof typ === "string" && typ.endsWith("+jwe"))) {
             throw new errors_1.JweError("Invalid token", {
-                data: { typ: decoded.header.typ },
+                data: { typ },
+            });
+        }
+        if (decoded.header.zip !== undefined) {
+            throw new errors_1.JweError("Compressed JWE payloads are not supported", {
+                data: { zip: decoded.header.zip },
+            });
+        }
+        const critError = (0, validate_crit_1.validateCrit)(decoded.header);
+        if (critError) {
+            throw new errors_1.JweError(`Invalid crit header: ${critError}`, {
+                data: { crit: decoded.header.crit },
             });
         }
         if (this.kryptos.algorithm !== decoded.header.alg) {
@@ -72,6 +92,7 @@ class JweKit {
             });
         }
         const header = (0, token_header_1.parseTokenHeader)(decoded.header);
+        header.tokenType = (0, compute_typ_header_1.decodeTokenTypeFromTyp)(typ, "jwe");
         if (header.encryption !== this.encryption) {
             throw new errors_1.JweError("Unexpected encryption", {
                 debug: { actual: header.encryption, encryption: this.encryption },
@@ -100,22 +121,48 @@ class JweKit {
             ? b64_1.B64.toBuffer(header.publicEncryptionTag)
             : undefined;
         const payload = kit.decrypt({
+            algorithm: header.algorithm,
             authTag,
             content,
+            contentType: "text/plain",
             encryption: this.encryption,
             initialisationVector,
+            keyId: header.keyId ?? this.kryptos.id,
             pbkdfIterations,
             pbkdfSalt,
             publicEncryptionIv,
             publicEncryptionJwk,
             publicEncryptionKey,
             publicEncryptionTag,
+            version: "1.0",
         }, { aad });
+        (0, verify_cert_binding_1.verifyCertBinding)({
+            header: {
+                x5tS256: header.x5tS256,
+            },
+            kryptos: this.kryptos,
+            logger: this.logger,
+            mode: this.certBindingMode,
+        });
         this.logger.debug("Token decrypted");
         return { header, payload, decoded, token };
     }
     static isJwe(jwe) {
-        return (0, is_1.isJwe)(jwe);
+        if (typeof jwe !== "string")
+            return false;
+        const parts = jwe.split(".");
+        if (parts.length !== 5)
+            return false;
+        try {
+            const header = (0, jose_header_1.decodeJoseHeader)(parts[0]);
+            if (typeof header.alg !== "string")
+                return false;
+            const typ = header.typ;
+            return typ === "JWE" || (typeof typ === "string" && typ.endsWith("+jwe"));
+        }
+        catch {
+            return false;
+        }
     }
     static decode(jwe) {
         const parts = jwe.split(".");
@@ -132,10 +179,10 @@ class JweKit {
         };
     }
     contentType(input) {
-        if ((0, is_1.isJws)(input)) {
+        if (JwsKit_1.JwsKit.isJws(input)) {
             return "application/jws";
         }
-        if ((0, is_1.isJwt)(input)) {
+        if (JwtKit_1.JwtKit.isJwt(input)) {
             return "application/jwt";
         }
         if (input.startsWith("{") && input.endsWith("}")) {