@lindorm/aegis 0.8.0 → 0.9.0

package/dist/constants/token-type.d.ts

@@ -1,4 +1,4 @@
-export declare const KNOWN_TOKEN_TYPES: readonly ["access_token", "refresh_token", "id_token", "logout_token", "security_event", "dpop"];
+export declare const KNOWN_TOKEN_TYPES: readonly ["access_token", "refresh_token", "id_token", "logout_token", "erasure_token", "security_event", "dpop"];
 type KnownTokenType = (typeof KNOWN_TOKEN_TYPES)[number];
 export type TokenType = KnownTokenType | (string & {});
 export declare const TOKEN_TYPE_TO_SHORT_NAME: Record<KnownTokenType, string>;

package/dist/constants/token-type.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-type.d.ts","sourceRoot":"","sources":["../../src/constants/token-type.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB,kGAOpB,CAAC;AAEX,KAAK,cAAc,GAAG,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,MAAM,SAAS,GAAG,cAAc,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAEvD,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAOnE,CAAC"}
+{"version":3,"file":"token-type.d.ts","sourceRoot":"","sources":["../../src/constants/token-type.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB,mHAQpB,CAAC;AAEX,KAAK,cAAc,GAAG,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,MAAM,SAAS,GAAG,cAAc,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAEvD,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAQnE,CAAC"}

package/dist/constants/token-type.js

@@ -3,6 +3,7 @@ export const KNOWN_TOKEN_TYPES = [
     "refresh_token",
     "id_token",
     "logout_token",
+    "erasure_token",
     "security_event",
     "dpop",
 ];
@@ -11,6 +12,7 @@ export const TOKEN_TYPE_TO_SHORT_NAME = {
     refresh_token: "rt",
     id_token: "JWT",
     logout_token: "logout",
+    erasure_token: "erasure",
     security_event: "secevent",
     dpop: "dpop",
 };

package/dist/constants/token-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-type.js","sourceRoot":"","sources":["../../src/constants/token-type.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,cAAc;IACd,eAAe;IACf,UAAU;IACV,cAAc;IACd,gBAAgB;IAChB,MAAM;CACE,CAAC;AAMX,MAAM,CAAC,MAAM,wBAAwB,GAAmC;IACtE,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,QAAQ,EAAE,KAAK;IACf,YAAY,EAAE,QAAQ;IACtB,cAAc,EAAE,UAAU;IAC1B,IAAI,EAAE,MAAM;CACb,CAAC"}
+{"version":3,"file":"token-type.js","sourceRoot":"","sources":["../../src/constants/token-type.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,cAAc;IACd,eAAe;IACf,UAAU;IACV,cAAc;IACd,eAAe;IACf,gBAAgB;IAChB,MAAM;CACE,CAAC;AAMX,MAAM,CAAC,MAAM,wBAAwB,GAAmC;IACtE,YAAY,EAAE,IAAI;IAClB,aAAa,EAAE,IAAI;IACnB,QAAQ,EAAE,KAAK;IACf,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,SAAS;IACxB,cAAc,EAAE,UAAU;IAC1B,IAAI,EAAE,MAAM;CACb,CAAC"}

package/dist/errors/AegisError.d.ts

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export declare class AegisError extends LindormError {
+    static readonly namespace = "aegis";
 }
 //# sourceMappingURL=AegisError.d.ts.map

package/dist/errors/AegisError.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AegisError.d.ts","sourceRoot":"","sources":["../../src/errors/AegisError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,UAAW,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"AegisError.d.ts","sourceRoot":"","sources":["../../src/errors/AegisError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,UAAW,SAAQ,YAAY;IAC1C,gBAAuB,SAAS,WAAW;CAC5C"}

package/dist/errors/AegisError.js

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export class AegisError extends LindormError {
+    static namespace = "aegis";
 }
 //# sourceMappingURL=AegisError.js.map

package/dist/errors/AegisError.js.map

@@ -1 +1 @@
-{"version":3,"file":"AegisError.js","sourceRoot":"","sources":["../../src/errors/AegisError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,UAAW,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"AegisError.js","sourceRoot":"","sources":["../../src/errors/AegisError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,UAAW,SAAQ,YAAY;IACnC,MAAM,CAAU,SAAS,GAAG,OAAO,CAAC"}

package/dist/errors/JweError.d.ts

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export declare class JweError extends LindormError {
+    static readonly namespace = "aegis";
 }
 //# sourceMappingURL=JweError.d.ts.map

package/dist/errors/JweError.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JweError.d.ts","sourceRoot":"","sources":["../../src/errors/JweError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JweError.d.ts","sourceRoot":"","sources":["../../src/errors/JweError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;IACxC,gBAAuB,SAAS,WAAW;CAC5C"}

package/dist/errors/JweError.js

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export class JweError extends LindormError {
+    static namespace = "aegis";
 }
 //# sourceMappingURL=JweError.js.map

package/dist/errors/JweError.js.map

@@ -1 +1 @@
-{"version":3,"file":"JweError.js","sourceRoot":"","sources":["../../src/errors/JweError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JweError.js","sourceRoot":"","sources":["../../src/errors/JweError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;IACjC,MAAM,CAAU,SAAS,GAAG,OAAO,CAAC"}

package/dist/errors/JwsError.d.ts

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export declare class JwsError extends LindormError {
+    static readonly namespace = "aegis";
 }
 //# sourceMappingURL=JwsError.d.ts.map

package/dist/errors/JwsError.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JwsError.d.ts","sourceRoot":"","sources":["../../src/errors/JwsError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JwsError.d.ts","sourceRoot":"","sources":["../../src/errors/JwsError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;IACxC,gBAAuB,SAAS,WAAW;CAC5C"}

package/dist/errors/JwsError.js

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export class JwsError extends LindormError {
+    static namespace = "aegis";
 }
 //# sourceMappingURL=JwsError.js.map

package/dist/errors/JwsError.js.map

@@ -1 +1 @@
-{"version":3,"file":"JwsError.js","sourceRoot":"","sources":["../../src/errors/JwsError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JwsError.js","sourceRoot":"","sources":["../../src/errors/JwsError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;IACjC,MAAM,CAAU,SAAS,GAAG,OAAO,CAAC"}

package/dist/errors/JwtError.d.ts

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export declare class JwtError extends LindormError {
+    static readonly namespace = "aegis";
 }
 //# sourceMappingURL=JwtError.d.ts.map

package/dist/errors/JwtError.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"JwtError.d.ts","sourceRoot":"","sources":["../../src/errors/JwtError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JwtError.d.ts","sourceRoot":"","sources":["../../src/errors/JwtError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,qBAAa,QAAS,SAAQ,YAAY;IACxC,gBAAuB,SAAS,WAAW;CAC5C"}

package/dist/errors/JwtError.js

@@ -1,4 +1,5 @@
 import { LindormError } from "@lindorm/errors";
 export class JwtError extends LindormError {
+    static namespace = "aegis";
 }
 //# sourceMappingURL=JwtError.js.map

package/dist/errors/JwtError.js.map

@@ -1 +1 @@
-{"version":3,"file":"JwtError.js","sourceRoot":"","sources":["../../src/errors/JwtError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;CAAG"}
+{"version":3,"file":"JwtError.js","sourceRoot":"","sources":["../../src/errors/JwtError.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,YAAY;IACjC,MAAM,CAAU,SAAS,GAAG,OAAO,CAAC"}

package/dist/interfaces/Aegis.d.ts

@@ -1,6 +1,6 @@
 import type { AesContent, AesDecryptionRecord, AesEncryptionRecord, SerialisedAesDecryption, SerialisedAesEncryption } from "@lindorm/aes";
 import type { Dict } from "@lindorm/types";
-import type { DecryptedJwe, EncryptedJwe, JweEncryptOptions, JwsContent, ParsedJws, ParsedJwt, SignJwsOptions, SignJwtContent, SignJwtOptions, SignedJws, SignedJwt, VerifyJwtOptions } from "../types/index.js";
+import type { DecryptedJwe, EncryptedJwe, JweEncryptOptions, JwsContent, ParsedJws, ParsedJwt, ProfileContent, ProfileSignOptions, ProfileVerifyOptions, RawSignInput, SignContent, SignJwsOptions, SignJwtContent, SignJwtOptions, SignedJws, SignedJwt, TokenProfile, VerifyJwtOptions } from "../types/index.js";
 export interface IAegisAes {
     encrypt(data: AesContent, mode?: "encoded"): Promise<string>;
     encrypt(data: AesContent, mode: "record"): Promise<AesEncryptionRecord>;
@@ -26,8 +26,13 @@ export interface IAegis {
     jwe: IAegisJwe;
     jws: IAegisJws;
     jwt: IAegisJwt;
+    registerProfile(profile: TokenProfile): void;
+    sign(input: RawSignInput): Promise<SignedJws>;
+    mint<P extends keyof ProfileContent>(profile: P, content: ProfileContent[P], options?: ProfileSignOptions): Promise<SignedJwt>;
+    mint(profile: string & {}, content: SignContent, options?: ProfileSignOptions): Promise<SignedJwt>;
     verify(token: string): Promise<ParsedJwt | ParsedJws<any>>;
     verify<T extends ParsedJws<any>>(token: string): Promise<T>;
     verify<T extends ParsedJwt>(token: string, options?: VerifyJwtOptions): Promise<T>;
+    verify<T extends ParsedJwt>(profile: string, token: string, options: ProfileVerifyOptions): Promise<T>;
 }
 //# sourceMappingURL=Aegis.d.ts.map

package/dist/interfaces/Aegis.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/interfaces/Aegis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EACV,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,cAAc,CAAC;AACtB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,UAAU,EACV,SAAS,EACT,SAAS,EACT,cAAc,EACd,cAAc,EACd,cAAc,EACd,SAAS,EACT,SAAS,EACT,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAChF,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC,SAAS,UAAU,GAAG,MAAM,EACnC,IAAI,EAAE,mBAAmB,GAAG,uBAAuB,GAAG,MAAM,GAC3D,OAAO,CAAC,CAAC,CAAC,CAAC;CACf;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1E,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,CAAC,SAAS,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClF,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;CACpE;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EACxB,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAAC;IACtB,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC1B,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtB,GAAG,EAAE,SAAS,CAAC;IAEf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IAEf,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,MAAM,CAAC,CAAC,SAAS,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5D,MAAM,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;CACpF"}
+{"version":3,"file":"Aegis.d.ts","sourceRoot":"","sources":["../../src/interfaces/Aegis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EACV,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,cAAc,CAAC;AACtB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,UAAU,EACV,SAAS,EACT,SAAS,EACT,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,EACZ,WAAW,EACX,cAAc,EACd,cAAc,EACd,cAAc,EACd,SAAS,EACT,SAAS,EACT,YAAY,EACZ,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAChF,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC,SAAS,UAAU,GAAG,MAAM,EACnC,IAAI,EAAE,mBAAmB,GAAG,uBAAuB,GAAG,MAAM,GAC3D,OAAO,CAAC,CAAC,CAAC,CAAC;CACf;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1E,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,CAAC,SAAS,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClF,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;CACpE;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EACxB,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,SAAS,CAAC,CAAC;IACtB,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC1B,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,gBAAgB,GACxB,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;CAC1B;AAED,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAEtB,GAAG,EAAE,SAAS,CAAC;IAEf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IACf,GAAG,EAAE,SAAS,CAAC;IAEf,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,IAAI,CAAC;IAE7C,IAAI,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAE9C,IAAI,CAAC,CAAC,SAAS,MAAM,cAAc,EACjC,OAAO,EAAE,CAAC,EACV,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,SAAS,CAAC,CAAC;IACtB,IAAI,CACF,OAAO,EAAE,MAAM,GAAG,EAAE,EACpB,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,SAAS,CAAC,CAAC;IAEtB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,MAAM,CAAC,CAAC,SAAS,SAAS,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5D,MAAM,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,CAAC,CAAC,SAAS,SAAS,EACxB,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,CAAC,CAAC,CAAC;CACf"}

package/dist/internal/claims/events.d.ts

@@ -0,0 +1,5 @@
+import type { Dict } from "@lindorm/types";
+export type SecurityEvents = Record<string, Dict>;
+export declare const BACKCHANNEL_LOGOUT_EVENT_URI = "http://schemas.openid.net/event/backchannel-logout";
+export declare const RTBF_EVENT_URI = "urn:lindorm:event:rtbf";
+//# sourceMappingURL=events.d.ts.map

package/dist/internal/claims/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../../src/internal/claims/events.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAS3C,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAElD,eAAO,MAAM,4BAA4B,uDACa,CAAC;AAEvD,eAAO,MAAM,cAAc,2BAA2B,CAAC"}

package/dist/internal/claims/events.js

@@ -0,0 +1,3 @@
+export const BACKCHANNEL_LOGOUT_EVENT_URI = "http://schemas.openid.net/event/backchannel-logout";
+export const RTBF_EVENT_URI = "urn:lindorm:event:rtbf";
+//# sourceMappingURL=events.js.map

package/dist/internal/claims/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/internal/claims/events.ts"],"names":[],"mappings":"AAWA,MAAM,CAAC,MAAM,4BAA4B,GACvC,oDAAoD,CAAC;AAEvD,MAAM,CAAC,MAAM,cAAc,GAAG,wBAAwB,CAAC"}

package/dist/internal/claims/registry.d.ts

@@ -0,0 +1,14 @@
+export type ClaimValueKind = "text" | "int" | "date" | "array" | "bstr" | "bespoke";
+export type ClaimSpec = {
+    domain: string;
+    jose: string;
+    cose: number | null;
+    value: ClaimValueKind;
+    values?: Readonly<Record<string, number>>;
+    proprietary?: boolean;
+};
+export declare const CLAIM_REGISTRY: ReadonlyArray<ClaimSpec>;
+export declare const specByDomain: (domain: string) => ClaimSpec | undefined;
+export declare const specByJose: (jose: string) => ClaimSpec | undefined;
+export declare const specByCose: (cose: number) => ClaimSpec | undefined;
+//# sourceMappingURL=registry.d.ts.map

package/dist/internal/claims/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../src/internal/claims/registry.ts"],"names":[],"mappings":"AAoBA,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,KAAK,GACL,MAAM,GACN,OAAO,GACP,MAAM,GACN,SAAS,CAAC;AAEd,MAAM,MAAM,SAAS,GAAG;IAEtB,MAAM,EAAE,MAAM,CAAC;IAEf,IAAI,EAAE,MAAM,CAAC;IAMb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,cAAc,CAAC;IAKtB,MAAM,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAE1C,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC;AAWF,eAAO,MAAM,cAAc,EAAE,aAAa,CAAC,SAAS,CA+DnD,CAAC;AAgBF,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,KAAG,SAAS,GAAG,SACpC,CAAC;AAGvB,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,KAAG,SAAS,GAAG,SAA6B,CAAC;AAGpF,eAAO,MAAM,UAAU,GAAI,MAAM,MAAM,KAAG,SAAS,GAAG,SAA6B,CAAC"}

package/dist/internal/claims/registry.js

@@ -0,0 +1,61 @@
+const P = (n) => -65537 - n;
+export const CLAIM_REGISTRY = [
+    { domain: "issuer", jose: "iss", cose: 1, value: "text" },
+    { domain: "subject", jose: "sub", cose: 2, value: "text" },
+    { domain: "audience", jose: "aud", cose: 3, value: "array" },
+    { domain: "expiresAt", jose: "exp", cose: 4, value: "date" },
+    { domain: "notBefore", jose: "nbf", cose: 5, value: "date" },
+    { domain: "issuedAt", jose: "iat", cose: 6, value: "date" },
+    { domain: "tokenId", jose: "jti", cose: 7, value: "bstr" },
+    { domain: "confirmation", jose: "cnf", cose: 8, value: "bespoke" },
+    { domain: "scope", jose: "scope", cose: 9, value: "array" },
+    { domain: "nonce", jose: "nonce", cose: null, value: "text" },
+    { domain: "accessTokenHash", jose: "at_hash", cose: null, value: "bespoke" },
+    { domain: "codeHash", jose: "c_hash", cose: null, value: "bespoke" },
+    { domain: "stateHash", jose: "s_hash", cose: null, value: "bespoke" },
+    { domain: "authContextClass", jose: "acr", cose: null, value: "text" },
+    { domain: "authMethods", jose: "amr", cose: null, value: "array" },
+    { domain: "authorizedParty", jose: "azp", cose: null, value: "text" },
+    { domain: "authTime", jose: "auth_time", cose: null, value: "date" },
+    { domain: "vectorOfTrust", jose: "vot", cose: null, value: "text" },
+    { domain: "vectorTrustMark", jose: "vtm", cose: null, value: "text" },
+    {
+        domain: "authorizationDetails",
+        jose: "authorization_details",
+        cose: null,
+        value: "bespoke",
+    },
+    { domain: "act", jose: "act", cose: null, value: "bespoke" },
+    { domain: "mayAct", jose: "may_act", cose: null, value: "bespoke" },
+    { domain: "entitlements", jose: "entitlements", cose: null, value: "array" },
+    { domain: "groups", jose: "groups", cose: null, value: "array" },
+    { domain: "roles", jose: "roles", cose: null, value: "array" },
+    { domain: "permissions", jose: "permissions", cose: null, value: "array" },
+    { domain: "clientId", jose: "client_id", cose: null, value: "text" },
+    { domain: "grantType", jose: "gty", cose: null, value: "text" },
+    { domain: "sessionId", jose: "sid", cose: null, value: "text" },
+    { domain: "subjectId", jose: "sub_id", cose: null, value: "bespoke" },
+    { domain: "events", jose: "events", cose: null, value: "bespoke" },
+    { domain: "transactionId", jose: "txn", cose: null, value: "text" },
+    {
+        domain: "levelOfAssurance",
+        jose: "loa",
+        cose: P(0),
+        value: "int",
+        proprietary: true,
+    },
+    { domain: "authFactor", jose: "afr", cose: P(1), value: "array", proprietary: true },
+    { domain: "sessionHint", jose: "sih", cose: P(2), value: "text", proprietary: true },
+    { domain: "subjectHint", jose: "suh", cose: P(3), value: "text", proprietary: true },
+    { domain: "tenantId", jose: "tenant_id", cose: P(4), value: "text", proprietary: true },
+];
+const byDomain = new Map(CLAIM_REGISTRY.map((spec) => [spec.domain, spec]));
+const byJose = new Map(CLAIM_REGISTRY.map((spec) => [spec.jose, spec]));
+const byCose = new Map(CLAIM_REGISTRY.filter((spec) => spec.cose !== null).map((spec) => [
+    spec.cose,
+    spec,
+]));
+export const specByDomain = (domain) => byDomain.get(domain);
+export const specByJose = (jose) => byJose.get(jose);
+export const specByCose = (cose) => byCose.get(cose);
+//# sourceMappingURL=registry.js.map

package/dist/internal/claims/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../../src/internal/claims/registry.ts"],"names":[],"mappings":"AAoDA,MAAM,CAAC,GAAG,CAAC,CAAS,EAAU,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;AAM5C,MAAM,CAAC,MAAM,cAAc,GAA6B;IAEtD,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IACzD,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC1D,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5D,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC5D,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC5D,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC3D,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC1D,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE;IAClE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE;IAM3D,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IAC7D,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IAC5E,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IACpE,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IACrE,EAAE,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACtE,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAClE,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACrE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACpE,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACnE,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACrE;QACE,MAAM,EAAE,sBAAsB;QAC9B,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,IAAI;QACV,KAAK,EAAE,SAAS;KACjB;IACD,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IAC5D,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IACnE,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC5E,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAChE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC9D,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;IAC1E,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IACpE,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IAC/D,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IAK/D,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IACrE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE;IAClE,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE;IAKnE;QACE,MAAM,EAAE,kBAAkB;QAC1B,IAAI,EAAE,KAAK;QACX,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACV,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,IAAI;KAClB;IACD,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE;IACpF,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IACpF,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;IACpF,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE;CACxF,CAAC;AAEF,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAClD,CAAC;AACF,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAChD,CAAC;AACF,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,cAAc,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IAChE,IAAI,CAAC,IAAc;IACnB,IAAI;CACL,CAAC,CACH,CAAC;AAGF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,MAAc,EAAyB,EAAE,CACpE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAGvB,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,IAAY,EAAyB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAGpF,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,IAAY,EAAyB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC"}

package/dist/internal/claims/sub-id.d.ts

@@ -0,0 +1,7 @@
+import type { Dict } from "@lindorm/types";
+export type SubjectIdentifierFormat = "account" | "email" | "iss_sub" | "opaque" | "phone_number" | "did" | "uri" | "aliases" | (string & {});
+export type SubjectIdentifier = {
+    format: SubjectIdentifierFormat;
+} & Dict;
+export declare const SUBJECT_IDENTIFIER_REQUIRED_MEMBERS: Record<string, Array<string>>;
+//# sourceMappingURL=sub-id.d.ts.map

package/dist/internal/claims/sub-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sub-id.d.ts","sourceRoot":"","sources":["../../../src/internal/claims/sub-id.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAW3C,MAAM,MAAM,uBAAuB,GAC/B,SAAS,GACT,OAAO,GACP,SAAS,GACT,QAAQ,GACR,cAAc,GACd,KAAK,GACL,KAAK,GACL,SAAS,GACT,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;AAElB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,uBAAuB,CAAC;CACjC,GAAG,IAAI,CAAC;AAOT,eAAO,MAAM,mCAAmC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAS7E,CAAC"}

package/dist/internal/claims/sub-id.js

@@ -0,0 +1,11 @@
+export const SUBJECT_IDENTIFIER_REQUIRED_MEMBERS = {
+    account: ["uri"],
+    email: ["email"],
+    iss_sub: ["iss", "sub"],
+    opaque: ["id"],
+    phone_number: ["phone_number"],
+    did: ["url"],
+    uri: ["uri"],
+    aliases: ["identifiers"],
+};
+//# sourceMappingURL=sub-id.js.map

package/dist/internal/claims/sub-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sub-id.js","sourceRoot":"","sources":["../../../src/internal/claims/sub-id.ts"],"names":[],"mappings":"AA+BA,MAAM,CAAC,MAAM,mCAAmC,GAAkC;IAChF,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,KAAK,EAAE,CAAC,OAAO,CAAC;IAChB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;IACvB,MAAM,EAAE,CAAC,IAAI,CAAC;IACd,YAAY,EAAE,CAAC,cAAc,CAAC;IAC9B,GAAG,EAAE,CAAC,KAAK,CAAC;IACZ,GAAG,EAAE,CAAC,KAAK,CAAC;IACZ,OAAO,EAAE,CAAC,aAAa,CAAC;CACzB,CAAC"}

package/dist/internal/cose/act-claim.d.ts

@@ -0,0 +1,4 @@
+import type { Dict } from "@lindorm/types";
+export declare const encodeActCompact: (actor: Dict) => Map<number, unknown>;
+export declare const decodeActCompact: (map: Map<number, unknown>) => Dict;
+//# sourceMappingURL=act-claim.d.ts.map

package/dist/internal/cose/act-claim.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"act-claim.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/act-claim.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAgB3C,eAAO,MAAM,gBAAgB,GAAI,OAAO,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAClC,CAAC;AAEjC,eAAO,MAAM,gBAAgB,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAC/B,CAAC"}

package/dist/internal/cose/act-claim.js

@@ -0,0 +1,8 @@
+import { compactDecode, compactEncode } from "./compact-map.js";
+const ACT_SPEC = {
+    labels: { issuer: 1, subject: 2, audience: 3, clientId: 4, act: 5 },
+    nested: { act: { spec: () => ACT_SPEC } },
+};
+export const encodeActCompact = (actor) => compactEncode(actor, ACT_SPEC);
+export const decodeActCompact = (map) => compactDecode(map, ACT_SPEC);
+//# sourceMappingURL=act-claim.js.map

package/dist/internal/cose/act-claim.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"act-claim.js","sourceRoot":"","sources":["../../../src/internal/cose/act-claim.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAUlF,MAAM,QAAQ,GAAgB;IAC5B,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;IACnE,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;CAC1C,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,KAAW,EAAwB,EAAE,CACpE,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;AAEjC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAyB,EAAQ,EAAE,CAClE,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC"}

package/dist/internal/cose/alg-labels.d.ts

@@ -0,0 +1,4 @@
+import type { KryptosAlgorithm } from "@lindorm/kryptos";
+export declare const algToCoseLabel: (algorithm: KryptosAlgorithm) => number;
+export declare const coseLabelToAlg: (label: number) => string;
+//# sourceMappingURL=alg-labels.d.ts.map

package/dist/internal/cose/alg-labels.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"alg-labels.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/alg-labels.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAmCzD,eAAO,MAAM,cAAc,GAAI,WAAW,gBAAgB,KAAG,MAc5D,CAAC;AAGF,eAAO,MAAM,cAAc,GAAI,OAAO,MAAM,KAAG,MAa9C,CAAC"}

package/dist/internal/cose/alg-labels.js

@@ -0,0 +1,42 @@
+import { AegisError } from "../../errors/index.js";
+const JOSE_TO_COSE = {
+    ES256: -7,
+    ES384: -35,
+    ES512: -36,
+    EdDSA: -8,
+    PS256: -37,
+    PS384: -38,
+    PS512: -39,
+    RS256: -257,
+    RS384: -258,
+    RS512: -259,
+    HS256: 5,
+    HS384: 6,
+    HS512: 7,
+};
+const COSE_TO_JOSE = Object.fromEntries(Object.entries(JOSE_TO_COSE).map(([alg, label]) => [label, alg]));
+export const algToCoseLabel = (algorithm) => {
+    const label = JOSE_TO_COSE[algorithm];
+    if (label === undefined) {
+        throw new AegisError(`No COSE algorithm label for "${algorithm}"`, {
+            code: "cose_algorithm_not_supported",
+            data: { algorithm },
+            title: "COSE Algorithm Not Supported",
+            details: "This signing/MAC algorithm has no mapped COSE label; supported COSE algorithms are ES*/EdDSA/PS*/RS*/HS*.",
+        });
+    }
+    return label;
+};
+export const coseLabelToAlg = (label) => {
+    const algorithm = COSE_TO_JOSE[label];
+    if (algorithm === undefined) {
+        throw new AegisError(`No algorithm for COSE label "${label}"`, {
+            code: "cose_algorithm_not_supported",
+            data: { label },
+            title: "COSE Algorithm Not Supported",
+            details: "The COSE algorithm label is not one this implementation supports.",
+        });
+    }
+    return algorithm;
+};
+//# sourceMappingURL=alg-labels.js.map

package/dist/internal/cose/alg-labels.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"alg-labels.js","sourceRoot":"","sources":["../../../src/internal/cose/alg-labels.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAQnD,MAAM,YAAY,GAAqC;IAErD,KAAK,EAAE,CAAC,CAAC;IACT,KAAK,EAAE,CAAC,EAAE;IACV,KAAK,EAAE,CAAC,EAAE;IAEV,KAAK,EAAE,CAAC,CAAC;IAET,KAAK,EAAE,CAAC,EAAE;IACV,KAAK,EAAE,CAAC,EAAE;IACV,KAAK,EAAE,CAAC,EAAE;IAEV,KAAK,EAAE,CAAC,GAAG;IACX,KAAK,EAAE,CAAC,GAAG;IACX,KAAK,EAAE,CAAC,GAAG;IAEX,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;CACT,CAAC;AAEF,MAAM,YAAY,GAAqC,MAAM,CAAC,WAAW,CACvE,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CACjE,CAAC;AAGF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAA2B,EAAU,EAAE;IACpE,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IAEtC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,gCAAgC,SAAS,GAAG,EAAE;YACjE,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,EAAE,SAAS,EAAE;YACnB,KAAK,EAAE,8BAA8B;YACrC,OAAO,EACL,2GAA2G;SAC9G,CAAC,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAa,EAAU,EAAE;IACtD,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAEtC,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,IAAI,UAAU,CAAC,gCAAgC,KAAK,GAAG,EAAE;YAC7D,IAAI,EAAE,8BAA8B;YACpC,IAAI,EAAE,EAAE,KAAK,EAAE;YACf,KAAK,EAAE,8BAA8B;YACrC,OAAO,EAAE,mEAAmE;SAC7E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC"}

package/dist/internal/cose/cbor.d.ts

@@ -0,0 +1,11 @@
+export type CborEncodeOptions = {
+    deterministic?: boolean;
+};
+export type CborDecodeOptions = {
+    preferMap?: boolean;
+    rejectDuplicateKeys?: boolean;
+};
+export declare const encodeCbor: (value: unknown, options?: CborEncodeOptions) => Buffer;
+export declare const decodeCbor: <T = unknown>(input: Buffer | Uint8Array, options?: CborDecodeOptions) => T;
+export { Tag } from "cbor2";
+//# sourceMappingURL=cbor.d.ts.map

package/dist/internal/cose/cbor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cbor.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cbor.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,iBAAiB,GAAG;IAM9B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAK9B,SAAS,CAAC,EAAE,OAAO,CAAC;IAKpB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAKF,eAAO,MAAM,UAAU,GAAI,OAAO,OAAO,EAAE,UAAS,iBAAsB,KAAG,MAgB5E,CAAC;AAOF,eAAO,MAAM,UAAU,GAAI,CAAC,GAAG,OAAO,EACpC,OAAO,MAAM,GAAG,UAAU,EAC1B,UAAS,iBAAsB,KAC9B,CAcF,CAAC;AAIF,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC"}

package/dist/internal/cose/cbor.js

@@ -0,0 +1,37 @@
+import { cdeEncodeOptions, decode, defaultDecodeOptions, defaultEncodeOptions, encode, } from "cbor2";
+import { registerEncoder, writeUint8Array } from "cbor2/encoder";
+import { AegisError } from "../../errors/index.js";
+registerEncoder(Buffer, (buffer, writer) => {
+    writeUint8Array(buffer, writer);
+    return undefined;
+});
+export const encodeCbor = (value, options = {}) => {
+    const { deterministic = true } = options;
+    try {
+        return Buffer.from(encode(value, deterministic ? cdeEncodeOptions : defaultEncodeOptions));
+    }
+    catch (error) {
+        throw new AegisError("Failed to encode value as CBOR", {
+            code: "cbor_encode_failed",
+            title: "CBOR Encode Failed",
+            details: "The value could not be encoded as CBOR; see the underlying error for the root cause.",
+            error: error,
+        });
+    }
+};
+export const decodeCbor = (input, options = {}) => {
+    const { preferMap = true, rejectDuplicateKeys = true } = options;
+    try {
+        return decode(input, { ...defaultDecodeOptions, preferMap, rejectDuplicateKeys });
+    }
+    catch (error) {
+        throw new AegisError("Failed to decode CBOR", {
+            code: "cbor_decode_failed",
+            title: "CBOR Decode Failed",
+            details: "The input could not be decoded as CBOR; it may be malformed, truncated, or contain duplicate map keys.",
+            error: error,
+        });
+    }
+};
+export { Tag } from "cbor2";
+//# sourceMappingURL=cbor.js.map

package/dist/internal/cose/cbor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cbor.js","sourceRoot":"","sources":["../../../src/internal/cose/cbor.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,MAAM,EACN,oBAAoB,EACpB,oBAAoB,EACpB,MAAM,GACP,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAQnD,eAAe,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;IACzC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC;AA2BH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,KAAc,EAAE,UAA6B,EAAE,EAAU,EAAE;IACpF,MAAM,EAAE,aAAa,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAChB,MAAM,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CACvE,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,UAAU,CAAC,gCAAgC,EAAE;YACrD,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EACL,sFAAsF;YACxF,KAAK,EAAE,KAAc;SACtB,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,KAA0B,EAC1B,UAA6B,EAAE,EAC5B,EAAE;IACL,MAAM,EAAE,SAAS,GAAG,IAAI,EAAE,mBAAmB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAEjE,IAAI,CAAC;QACH,OAAO,MAAM,CAAI,KAAK,EAAE,EAAE,GAAG,oBAAoB,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,UAAU,CAAC,uBAAuB,EAAE;YAC5C,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,oBAAoB;YAC3B,OAAO,EACL,wGAAwG;YAC1G,KAAK,EAAE,KAAc;SACtB,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AAIF,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC"}

package/dist/internal/cose/compact-map.d.ts

@@ -0,0 +1,11 @@
+import type { Dict } from "@lindorm/types";
+export type CompactSpec = {
+    labels: Readonly<Record<string, number>>;
+    nested?: Readonly<Record<string, {
+        array?: boolean;
+        spec: () => CompactSpec;
+    }>>;
+};
+export declare const compactEncode: (obj: Dict, spec: CompactSpec) => Map<number, unknown>;
+export declare const compactDecode: (map: Map<number, unknown>, spec: CompactSpec) => Dict;
+//# sourceMappingURL=compact-map.d.ts.map

package/dist/internal/cose/compact-map.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compact-map.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/compact-map.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAY3C,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACzC,MAAM,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,CAAC,EAAE,OAAO,CAAC;QAAC,IAAI,EAAE,MAAM,WAAW,CAAA;KAAE,CAAC,CAAC,CAAC;CACjF,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,KAAK,IAAI,EAAE,MAAM,WAAW,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAsB/E,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,WAAW,KAAG,IA2B5E,CAAC"}

package/dist/internal/cose/compact-map.js

@@ -0,0 +1,43 @@
+export const compactEncode = (obj, spec) => {
+    const map = new Map();
+    for (const [field, label] of Object.entries(spec.labels)) {
+        const value = obj[field];
+        if (value === undefined)
+            continue;
+        const nested = spec.nested?.[field];
+        if (nested) {
+            const childSpec = nested.spec();
+            map.set(label, nested.array && Array.isArray(value)
+                ? value.map((item) => compactEncode(item, childSpec))
+                : compactEncode(value, childSpec));
+        }
+        else {
+            map.set(label, value);
+        }
+    }
+    return map;
+};
+export const compactDecode = (map, spec) => {
+    const reverse = new Map(Object.entries(spec.labels).map(([field, label]) => [label, field]));
+    const obj = {};
+    for (const [label, value] of map) {
+        const field = reverse.get(label);
+        if (field === undefined)
+            continue;
+        const nested = spec.nested?.[field];
+        if (nested) {
+            const childSpec = nested.spec();
+            obj[field] =
+                nested.array && Array.isArray(value)
+                    ? value.map((item) => item instanceof Map ? compactDecode(item, childSpec) : item)
+                    : value instanceof Map
+                        ? compactDecode(value, childSpec)
+                        : value;
+        }
+        else {
+            obj[field] = value;
+        }
+    }
+    return obj;
+};
+//# sourceMappingURL=compact-map.js.map

package/dist/internal/cose/compact-map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compact-map.js","sourceRoot":"","sources":["../../../src/internal/cose/compact-map.ts"],"names":[],"mappings":"AAiBA,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAS,EAAE,IAAiB,EAAwB,EAAE;IAClF,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEvC,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,GAAG,CACL,KAAK,EACL,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;gBAClC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAY,EAAE,SAAS,CAAC,CAAC;gBAC7D,CAAC,CAAC,aAAa,CAAC,KAAa,EAAE,SAAS,CAAC,CAC5C,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,GAAyB,EAAE,IAAiB,EAAQ,EAAE;IAClF,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CACpE,CAAC;IAEF,MAAM,GAAG,GAAS,EAAE,CAAC;IACrB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,KAAK,CAAC;gBACR,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBAClC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACjB,IAAI,YAAY,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAC5D;oBACH,CAAC,CAAC,KAAK,YAAY,GAAG;wBACpB,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,SAAS,CAAC;wBACjC,CAAC,CAAC,KAAK,CAAC;QAChB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC"}

package/dist/internal/cose/cose-key-thumbprint.d.ts

@@ -0,0 +1,5 @@
+import type { Dict } from "@lindorm/types";
+export type CoseThumbprintHash = "sha-256" | "sha-384" | "sha-512";
+export declare const computeCoseKeyThumbprint: (jwk: Dict, hash?: CoseThumbprintHash) => Buffer;
+export declare const computeCoseKeyThumbprintUri: (jwk: Dict, hash?: CoseThumbprintHash) => string;
+//# sourceMappingURL=cose-key-thumbprint.d.ts.map

package/dist/internal/cose/cose-key-thumbprint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-key-thumbprint.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cose-key-thumbprint.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAc3C,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAwEnE,eAAO,MAAM,wBAAwB,GACnC,KAAK,IAAI,EACT,OAAM,kBAA8B,KACnC,MAA4D,CAAC;AAOhE,eAAO,MAAM,2BAA2B,GACtC,KAAK,IAAI,EACT,OAAM,kBAA8B,KACnC,MAA+E,CAAC"}

package/dist/internal/cose/cose-key-thumbprint.js

@@ -0,0 +1,60 @@
+import { B64 } from "@lindorm/b64";
+import { ShaKit } from "@lindorm/sha";
+import { AegisError } from "../../errors/index.js";
+import { B64U } from "../constants/format.js";
+import { encodeCbor } from "./cbor.js";
+import { CRV_TO_COSE, KTY_TO_COSE } from "./cose-key.js";
+const SHA = {
+    "sha-256": (data) => ShaKit.S256(data),
+    "sha-384": (data) => ShaKit.S384(data),
+    "sha-512": (data) => ShaKit.S512(data),
+};
+const bstr = (value) => B64.toBuffer(String(value), B64U);
+const curveLabel = (jwk) => {
+    const label = CRV_TO_COSE[jwk.crv];
+    if (label === undefined) {
+        throw new AegisError(`Unsupported curve "${jwk.crv}" for COSE Key Thumbprint`, {
+            code: "cose_key_unsupported",
+            data: { crv: jwk.crv },
+            title: "Unsupported COSE Key",
+            details: "The JWK curve has no COSE label, so a COSE Key Thumbprint cannot be computed.",
+        });
+    }
+    return label;
+};
+const requiredCoseKey = (jwk) => {
+    const map = new Map();
+    switch (jwk.kty) {
+        case "EC":
+            map.set(1, KTY_TO_COSE.EC);
+            map.set(-1, curveLabel(jwk));
+            map.set(-2, bstr(jwk.x));
+            map.set(-3, bstr(jwk.y));
+            return map;
+        case "OKP":
+            map.set(1, KTY_TO_COSE.OKP);
+            map.set(-1, curveLabel(jwk));
+            map.set(-2, bstr(jwk.x));
+            return map;
+        case "RSA":
+            map.set(1, KTY_TO_COSE.RSA);
+            map.set(-1, bstr(jwk.n));
+            map.set(-2, bstr(jwk.e));
+            return map;
+        case "oct":
+            map.set(1, KTY_TO_COSE.oct);
+            map.set(-1, bstr(jwk.k));
+            return map;
+        default:
+            throw new AegisError(`Cannot compute COSE Key Thumbprint: unsupported kty "${String(jwk.kty)}"`, {
+                code: "cose_key_unsupported",
+                data: { kty: jwk.kty },
+                title: "Unsupported COSE Key",
+                details: "A COSE Key Thumbprint (RFC 9679) is defined for kty EC, OKP, RSA, and oct keys; this kty is not one of them.",
+            });
+    }
+};
+const thumbprintCbor = (jwk) => Buffer.from(encodeCbor(requiredCoseKey(jwk)));
+export const computeCoseKeyThumbprint = (jwk, hash = "sha-256") => B64.toBuffer(SHA[hash](thumbprintCbor(jwk)), B64U);
+export const computeCoseKeyThumbprintUri = (jwk, hash = "sha-256") => `urn:ietf:params:oauth:ckt:${hash}:${SHA[hash](thumbprintCbor(jwk))}`;
+//# sourceMappingURL=cose-key-thumbprint.js.map

package/dist/internal/cose/cose-key-thumbprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-key-thumbprint.js","sourceRoot":"","sources":["../../../src/internal/cose/cose-key-thumbprint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAazD,MAAM,GAAG,GAAmE;IAC1E,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;IACtC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;IACtC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;CACvC,CAAC;AAEF,MAAM,IAAI,GAAG,CAAC,KAAc,EAAU,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;AAE3E,MAAM,UAAU,GAAG,CAAC,GAAS,EAAU,EAAE;IACvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;IAC7C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,sBAAsB,GAAG,CAAC,GAAG,2BAA2B,EAAE;YAC7E,IAAI,EAAE,sBAAsB;YAC5B,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE;YACtB,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EACL,+EAA+E;SAClF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAOF,MAAM,eAAe,GAAG,CAAC,GAAS,EAAwB,EAAE;IAC1D,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEvC,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;YAC3B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC;QACb,KAAK,KAAK;YACR,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC;QACb,KAAK,KAAK;YACR,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC;QACb,KAAK,KAAK;YACR,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC;QACb;YACE,MAAM,IAAI,UAAU,CAClB,wDAAwD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAC1E;gBACE,IAAI,EAAE,sBAAsB;gBAC5B,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE;gBACtB,KAAK,EAAE,sBAAsB;gBAC7B,OAAO,EACL,8GAA8G;aACjH,CACF,CAAC;IACN,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,cAAc,GAAG,CAAC,GAAS,EAAU,EAAE,CAC3C,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAGhD,MAAM,CAAC,MAAM,wBAAwB,GAAG,CACtC,GAAS,EACT,OAA2B,SAAS,EAC5B,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;AAOhE,MAAM,CAAC,MAAM,2BAA2B,GAAG,CACzC,GAAS,EACT,OAA2B,SAAS,EAC5B,EAAE,CAAC,6BAA6B,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC"}