@lindorm/aegis 0.8.1 → 0.10.0

package/dist/internal/cose/cose-key.d.ts

@@ -0,0 +1,8 @@
+import type { Dict } from "@lindorm/types";
+export declare const KTY_TO_COSE: Readonly<Record<string, number>>;
+export declare const CRV_TO_COSE: Readonly<Record<string, number>>;
+export declare const jwkToCoseKey: (jwk: Dict) => Map<number, unknown>;
+export declare const coseKeyToJwk: (key: Map<number, unknown>) => Dict;
+export declare const encodeCnf: (confirmation: Dict) => Map<number, unknown>;
+export declare const decodeCnf: (cnf: Map<number, unknown>) => Dict;
+//# sourceMappingURL=cose-key.d.ts.map

package/dist/internal/cose/cose-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-key.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cose-key.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAQ3C,eAAO,MAAM,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAKxD,CAAC;AASF,eAAO,MAAM,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQxD,CAAC;AAkBF,eAAO,MAAM,YAAY,GAAI,KAAK,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAkB3D,CAAC;AAGF,eAAO,MAAM,YAAY,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAgBxD,CAAC;AAQF,eAAO,MAAM,SAAS,GAAI,cAAc,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAoBjE,CAAC;AAGF,eAAO,MAAM,SAAS,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAUrD,CAAC"}

package/dist/internal/cose/cose-key.js

@@ -0,0 +1,98 @@
+import { B64 } from "@lindorm/b64";
+import { B64U } from "../constants/format.js";
+import { AegisError } from "../../errors/index.js";
+const KEY = { kty: 1, kid: 2, alg: 3, crv: -1, x: -2, y: -3 };
+export const KTY_TO_COSE = {
+    OKP: 1,
+    EC: 2,
+    RSA: 3,
+    oct: 4,
+};
+const COSE_TO_KTY = {
+    1: "OKP",
+    2: "EC",
+    3: "RSA",
+    4: "oct",
+};
+export const CRV_TO_COSE = {
+    "P-256": 1,
+    "P-384": 2,
+    "P-521": 3,
+    X25519: 4,
+    X448: 5,
+    Ed25519: 6,
+    Ed448: 7,
+};
+const COSE_TO_CRV = Object.fromEntries(Object.entries(CRV_TO_COSE).map(([crv, label]) => [label, crv]));
+const unsupported = (detail) => {
+    throw new AegisError("Unsupported COSE_Key", {
+        code: "cose_key_unsupported",
+        title: "Unsupported COSE Key",
+        details: detail,
+    });
+};
+export const jwkToCoseKey = (jwk) => {
+    const ktyLabel = KTY_TO_COSE[jwk.kty];
+    if (ktyLabel === undefined)
+        unsupported(`Unknown JWK kty "${jwk.kty}".`);
+    const key = new Map();
+    key.set(KEY.kty, ktyLabel);
+    if (typeof jwk.kid === "string")
+        key.set(KEY.kid, Buffer.from(jwk.kid, "utf8"));
+    if (jwk.kty === "EC" || jwk.kty === "OKP") {
+        const crvLabel = CRV_TO_COSE[jwk.crv];
+        if (crvLabel === undefined)
+            unsupported(`Unknown curve "${jwk.crv}".`);
+        key.set(KEY.crv, crvLabel);
+        key.set(KEY.x, B64.toBuffer(jwk.x, B64U));
+        if (jwk.kty === "EC")
+            key.set(KEY.y, B64.toBuffer(jwk.y, B64U));
+        return key;
+    }
+    return unsupported("Only EC2 and OKP COSE_Key conversion is supported.");
+};
+export const coseKeyToJwk = (key) => {
+    const kty = COSE_TO_KTY[key.get(KEY.kty)];
+    if (kty === undefined)
+        unsupported("Unknown COSE_Key kty.");
+    const jwk = { kty };
+    const kid = key.get(KEY.kid);
+    if (kid instanceof Uint8Array)
+        jwk.kid = Buffer.from(kid).toString("utf8");
+    if (kty === "EC" || kty === "OKP") {
+        jwk.crv = COSE_TO_CRV[key.get(KEY.crv)];
+        jwk.x = B64.encode(Buffer.from(key.get(KEY.x)), B64U);
+        if (kty === "EC")
+            jwk.y = B64.encode(Buffer.from(key.get(KEY.y)), B64U);
+        return jwk;
+    }
+    return unsupported("Only EC2 and OKP COSE_Key conversion is supported.");
+};
+export const encodeCnf = (confirmation) => {
+    const cnf = new Map();
+    if (confirmation.key && typeof confirmation.key === "object") {
+        cnf.set(1, jwkToCoseKey(confirmation.key));
+    }
+    if (typeof confirmation.keyId === "string") {
+        cnf.set(3, Buffer.from(confirmation.keyId, "utf8"));
+    }
+    if (cnf.size === 0) {
+        throw new AegisError("Confirmation has no COSE-representable member", {
+            code: "cose_cnf_unsupported",
+            title: "COSE Confirmation Unsupported",
+            details: "Only an embedded key (-> COSE_Key) or keyId (-> kid) can go in a COSE cnf; jkt/x5t#S256/jku have no COSE form (jkt ≠ ckt).",
+        });
+    }
+    return cnf;
+};
+export const decodeCnf = (cnf) => {
+    const confirmation = {};
+    const coseKey = cnf.get(1);
+    if (coseKey instanceof Map)
+        confirmation.key = coseKeyToJwk(coseKey);
+    const kid = cnf.get(3);
+    if (kid instanceof Uint8Array)
+        confirmation.keyId = Buffer.from(kid).toString("utf8");
+    return confirmation;
+};
+//# sourceMappingURL=cose-key.js.map

package/dist/internal/cose/cose-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-key.js","sourceRoot":"","sources":["../../../src/internal/cose/cose-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,MAAM,GAAG,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAW,CAAC;AAGvE,MAAM,CAAC,MAAM,WAAW,GAAqC;IAC3D,GAAG,EAAE,CAAC;IACN,EAAE,EAAE,CAAC;IACL,GAAG,EAAE,CAAC;IACN,GAAG,EAAE,CAAC;CACP,CAAC;AACF,MAAM,WAAW,GAAqC;IACpD,CAAC,EAAE,KAAK;IACR,CAAC,EAAE,IAAI;IACP,CAAC,EAAE,KAAK;IACR,CAAC,EAAE,KAAK;CACT,CAAC;AAGF,MAAM,CAAC,MAAM,WAAW,GAAqC;IAC3D,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,OAAO,EAAE,CAAC;IACV,KAAK,EAAE,CAAC;CACT,CAAC;AACF,MAAM,WAAW,GAAqC,MAAM,CAAC,WAAW,CACtE,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAChE,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,MAAc,EAAS,EAAE;IAC5C,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE;QAC3C,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;AACL,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAS,EAAwB,EAAE;IAC9D,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;IAChD,IAAI,QAAQ,KAAK,SAAS;QAAE,WAAW,CAAC,oBAAoB,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAEzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IACvC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC3B,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;QAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAEhF,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;QAChD,IAAI,QAAQ,KAAK,SAAS;YAAE,WAAW,CAAC,kBAAkB,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QACvE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAW,EAAE,IAAI,CAAC,CAAC,CAAC;QACpD,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAW,EAAE,IAAI,CAAC,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,WAAW,CAAC,oDAAoD,CAAC,CAAC;AAC3E,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAyB,EAAQ,EAAE;IAC9D,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAW,CAAC,CAAC;IACpD,IAAI,GAAG,KAAK,SAAS;QAAE,WAAW,CAAC,uBAAuB,CAAC,CAAC;IAE5D,MAAM,GAAG,GAAS,EAAE,GAAG,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,GAAG,YAAY,UAAU;QAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3E,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClC,GAAG,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAW,CAAC,CAAC;QAClD,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,IAAI,GAAG,KAAK,IAAI;YAAE,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACtF,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,WAAW,CAAC,oDAAoD,CAAC,CAAC;AAC3E,CAAC,CAAC;AAQF,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,YAAkB,EAAwB,EAAE;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEvC,IAAI,YAAY,CAAC,GAAG,IAAI,OAAO,YAAY,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC7D,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,YAAY,CAAC,YAAY,CAAC,GAAW,CAAC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,OAAO,YAAY,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,UAAU,CAAC,+CAA+C,EAAE;YACpE,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,4HAA4H;SAC/H,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAyB,EAAQ,EAAE;IAC3D,MAAM,YAAY,GAAS,EAAE,CAAC;IAE9B,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,OAAO,YAAY,GAAG;QAAE,YAAY,CAAC,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAErE,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,GAAG,YAAY,UAAU;QAAE,YAAY,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEtF,OAAO,YAAY,CAAC;AACtB,CAAC,CAAC"}

package/dist/internal/cose/cose-typ.d.ts

@@ -0,0 +1,2 @@
+export declare const coseTyp: (joseTyp: string | null) => string | undefined;
+//# sourceMappingURL=cose-typ.d.ts.map

package/dist/internal/cose/cose-typ.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-typ.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cose-typ.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,OAAO,GAAI,SAAS,MAAM,GAAG,IAAI,KAAG,MAAM,GAAG,SAIzD,CAAC"}

package/dist/internal/cose/cose-typ.js

@@ -0,0 +1,8 @@
+export const coseTyp = (joseTyp) => {
+    if (joseTyp === null)
+        return undefined;
+    if (joseTyp.endsWith("+jwt"))
+        return `${joseTyp.slice(0, -4)}+cwt`;
+    return "application/cwt";
+};
+//# sourceMappingURL=cose-typ.js.map

package/dist/internal/cose/cose-typ.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cose-typ.js","sourceRoot":"","sources":["../../../src/internal/cose/cose-typ.ts"],"names":[],"mappings":"AAgBA,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAsB,EAAsB,EAAE;IACpE,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IACnE,OAAO,iBAAiB,CAAC;AAC3B,CAAC,CAAC"}

package/dist/internal/cose/cwt-claims.d.ts

@@ -0,0 +1,7 @@
+import type { Dict } from "@lindorm/types";
+export type EncodeCwtOptions = {
+    proprietary?: boolean;
+};
+export declare const encodeCwtClaims: (common: Dict, options?: EncodeCwtOptions) => Map<number | string, unknown>;
+export declare const decodeCwtClaims: (map: Map<unknown, unknown>) => Dict;
+//# sourceMappingURL=cwt-claims.d.ts.map

package/dist/internal/cose/cwt-claims.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cwt-claims.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cwt-claims.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAwF3C,MAAM,MAAM,gBAAgB,GAAG;IAU7B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,QAAQ,IAAI,EACZ,UAAS,gBAAqB,KAC7B,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,OAAO,CAwB9B,CAAC;AAOF,eAAO,MAAM,eAAe,GAAI,KAAK,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAG,IAoB5D,CAAC"}

package/dist/internal/cose/cwt-claims.js

@@ -0,0 +1,94 @@
+import { B64 } from "@lindorm/b64";
+import { getUnixTime } from "@lindorm/date";
+import { isDate, isFinite } from "@lindorm/is";
+import { B64U } from "../constants/format.js";
+import { specByCose, specByDomain, specByJose, } from "../claims/registry.js";
+import { decodeActCompact, encodeActCompact } from "./act-claim.js";
+import { decodeCnf, encodeCnf } from "./cose-key.js";
+import { decodeSubIdCompact, encodeSubIdCompact } from "./sub-id-claim.js";
+const ACT_DOMAINS = new Set(["act", "mayAct"]);
+const HASH_DOMAINS = new Set(["accessTokenHash", "codeHash", "stateHash"]);
+const encodeValue = (spec, value, proprietary) => {
+    switch (spec.value) {
+        case "text":
+        case "array":
+        case "int":
+            return value;
+        case "date":
+            return isDate(value) ? getUnixTime(value) : value;
+        case "bstr":
+            return Buffer.from(String(value), "utf8");
+        case "bespoke":
+            if (HASH_DOMAINS.has(spec.domain)) {
+                return B64.toBuffer(String(value), B64U);
+            }
+            if (spec.domain === "confirmation")
+                return encodeCnf(value);
+            if (ACT_DOMAINS.has(spec.domain)) {
+                return proprietary ? encodeActCompact(value) : value;
+            }
+            if (spec.domain === "subjectId") {
+                return proprietary ? encodeSubIdCompact(value) : value;
+            }
+            return value;
+    }
+};
+const decodeValue = (spec, value) => {
+    switch (spec.value) {
+        case "text":
+        case "array":
+        case "int":
+            return value;
+        case "date":
+            return isFinite(value) ? new Date(value * 1000) : value;
+        case "bstr":
+            return Buffer.from(value).toString("utf8");
+        case "bespoke":
+            if (HASH_DOMAINS.has(spec.domain)) {
+                return B64.encode(Buffer.from(value), B64U);
+            }
+            if (spec.domain === "confirmation")
+                return decodeCnf(value);
+            if (ACT_DOMAINS.has(spec.domain)) {
+                return value instanceof Map ? decodeActCompact(value) : value;
+            }
+            if (spec.domain === "subjectId") {
+                return value instanceof Map ? decodeSubIdCompact(value) : value;
+            }
+            return value;
+    }
+};
+export const encodeCwtClaims = (common, options = {}) => {
+    const proprietary = options.proprietary ?? true;
+    const map = new Map();
+    for (const [domain, value] of Object.entries(common)) {
+        if (value === undefined)
+            continue;
+        const spec = specByDomain(domain);
+        if (!spec) {
+            map.set(domain, value);
+            continue;
+        }
+        const isPrivate = typeof spec.cose === "number" && spec.cose < -65536;
+        const key = isPrivate && !proprietary ? spec.jose : (spec.cose ?? spec.jose);
+        map.set(key, encodeValue(spec, value, proprietary));
+    }
+    return map;
+};
+export const decodeCwtClaims = (map) => {
+    const common = {};
+    for (const [key, value] of map) {
+        const spec = typeof key === "number"
+            ? specByCose(key)
+            : typeof key === "string"
+                ? specByJose(key)
+                : undefined;
+        if (!spec) {
+            common[String(key)] = value;
+            continue;
+        }
+        common[spec.domain] = decodeValue(spec, value);
+    }
+    return common;
+};
+//# sourceMappingURL=cwt-claims.js.map

package/dist/internal/cose/cwt-claims.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cwt-claims.js","sourceRoot":"","sources":["../../../src/internal/cose/cwt-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAEL,UAAU,EACV,YAAY,EACZ,UAAU,GACX,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAE3E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;AAG/C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;AAQ3E,MAAM,WAAW,GAAG,CAAC,IAAe,EAAE,KAAc,EAAE,WAAoB,EAAW,EAAE;IACrF,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YAET,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpD,KAAK,MAAM;YAET,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC;QAC5C,KAAK,SAAS;YACZ,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAElC,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,cAAc;gBAChC,OAAO,SAAS,CAAC,KAAgC,CAAC,CAAC;YACrD,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAGjC,OAAO,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/D,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAChC,OAAO,WAAW,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,IAAe,EAAE,KAAc,EAAW,EAAE;IAC/D,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YAET,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC1D,KAAK,MAAM;YACT,OAAO,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,KAAK,SAAS;YACZ,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,EAAE,IAAI,CAAC,CAAC;YAC5D,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,cAAc;gBAAE,OAAO,SAAS,CAAC,KAA6B,CAAC,CAAC;YACpF,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAEjC,OAAO,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAChC,OAAO,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAClE,CAAC;YACD,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAsBF,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,MAAY,EACZ,UAA4B,EAAE,EACC,EAAE;IACjC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEhD,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACrD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QAMD,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC;QACtE,MAAM,GAAG,GAAG,SAAS,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7E,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,GAA0B,EAAQ,EAAE;IAClE,MAAM,MAAM,GAAS,EAAE,CAAC;IAExB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,GACR,OAAO,GAAG,KAAK,QAAQ;YACrB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;YACjB,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ;gBACvB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;gBACjB,CAAC,CAAC,SAAS,CAAC;QAElB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC"}

package/dist/internal/cose/enc-labels.d.ts

@@ -0,0 +1,5 @@
+import type { KryptosEncryption } from "@lindorm/kryptos";
+export declare const tagBytesForEncryption: (encryption: KryptosEncryption) => number;
+export declare const encToCoseLabel: (encryption: KryptosEncryption | null | undefined) => number;
+export declare const coseLabelToEnc: (label: number) => KryptosEncryption;
+//# sourceMappingURL=enc-labels.d.ts.map

package/dist/internal/cose/enc-labels.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enc-labels.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/enc-labels.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAiC1D,eAAO,MAAM,qBAAqB,GAAI,YAAY,iBAAiB,KAAG,MAMrE,CAAC;AAKF,eAAO,MAAM,cAAc,GACzB,YAAY,iBAAiB,GAAG,IAAI,GAAG,SAAS,KAC/C,MAWF,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,OAAO,MAAM,KAAG,iBAY9C,CAAC"}

package/dist/internal/cose/enc-labels.js

@@ -0,0 +1,47 @@
+import { AegisError } from "../../errors/index.js";
+const ENC_TO_COSE = {
+    A128GCM: 1,
+    A192GCM: 2,
+    A256GCM: 3,
+    "AES-CCM-16-64-128": 10,
+    "AES-CCM-16-64-256": 11,
+    "AES-CCM-64-64-128": 12,
+    "AES-CCM-64-64-256": 13,
+    "AES-CCM-16-128-128": 30,
+    "AES-CCM-16-128-256": 31,
+    "AES-CCM-64-128-128": 32,
+    "AES-CCM-64-128-256": 33,
+};
+const COSE_TO_ENC = Object.fromEntries(Object.entries(ENC_TO_COSE).map(([enc, label]) => [label, enc]));
+export const tagBytesForEncryption = (encryption) => {
+    if (encryption.startsWith("AES-CCM-")) {
+        return Number(encryption.split("-")[3]) / 8;
+    }
+    return 16;
+};
+const NOT_SUPPORTED = "COSE_Encrypt0 supports the AES-GCM family (A128/A192/A256GCM) and the AES-CCM family (AES-CCM-16/64-64/128-128/256).";
+export const encToCoseLabel = (encryption) => {
+    const label = encryption ? ENC_TO_COSE[encryption] : undefined;
+    if (label === undefined) {
+        throw new AegisError(`No COSE label for content encryption "${encryption}"`, {
+            code: "cose_encryption_not_supported",
+            data: { encryption },
+            title: "COSE Encryption Not Supported",
+            details: NOT_SUPPORTED,
+        });
+    }
+    return label;
+};
+export const coseLabelToEnc = (label) => {
+    const encryption = COSE_TO_ENC[label];
+    if (encryption === undefined) {
+        throw new AegisError(`No content encryption for COSE label "${label}"`, {
+            code: "cose_encryption_not_supported",
+            data: { label },
+            title: "COSE Encryption Not Supported",
+            details: "The COSE content-encryption label is not one this implementation supports.",
+        });
+    }
+    return encryption;
+};
+//# sourceMappingURL=enc-labels.js.map

package/dist/internal/cose/enc-labels.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enc-labels.js","sourceRoot":"","sources":["../../../src/internal/cose/enc-labels.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AASnD,MAAM,WAAW,GAAyD;IACxE,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;CACzB,CAAC;AAEF,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CACpC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAC3B,CAAC;AAOvC,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,UAA6B,EAAU,EAAE;IAC7E,IAAI,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAEtC,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC;AAEF,MAAM,aAAa,GACjB,sHAAsH,CAAC;AAEzH,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,UAAgD,EACxC,EAAE;IACV,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,yCAAyC,UAAU,GAAG,EAAE;YAC3E,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,EAAE,UAAU,EAAE;YACpB,KAAK,EAAE,+BAA+B;YACtC,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAa,EAAqB,EAAE;IACjE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,UAAU,CAAC,yCAAyC,KAAK,GAAG,EAAE;YACtE,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,EAAE,KAAK,EAAE;YACf,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,4EAA4E;SAC/E,CAAC,CAAC;IACL,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC"}

package/dist/internal/cose/structures.d.ts

@@ -0,0 +1,20 @@
+export declare const COSE_TAG: {
+    readonly encrypt0: 16;
+    readonly mac0: 17;
+    readonly sign1: 18;
+    readonly cwt: 61;
+};
+export declare const COSE_HEADER: {
+    readonly alg: 1;
+    readonly crit: 2;
+    readonly contentType: 3;
+    readonly kid: 4;
+    readonly iv: 5;
+    readonly typ: 16;
+};
+export declare const encodeProtectedHeader: (header: Map<number, unknown>) => Buffer;
+export declare const decodeProtectedHeader: (bstr: Uint8Array) => Map<number, unknown>;
+export declare const buildSigStructure: (protectedHeader: Buffer, payload: Buffer, externalAad?: Buffer) => Buffer;
+export declare const buildMacStructure: (protectedHeader: Buffer, payload: Buffer, externalAad?: Buffer) => Buffer;
+export declare const buildEncStructure: (protectedHeader: Buffer, externalAad?: Buffer) => Buffer;
+//# sourceMappingURL=structures.d.ts.map

package/dist/internal/cose/structures.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"structures.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/structures.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,QAAQ;;;;;CAKX,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;CAOd,CAAC;AASX,eAAO,MAAM,qBAAqB,GAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,MACrB,CAAC;AAEjD,eAAO,MAAM,qBAAqB,GAAI,MAAM,UAAU,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CACJ,CAAC;AAMzE,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,SAAS,MAAM,EACf,cAAa,MAAc,KAC1B,MAA2E,CAAC;AAM/E,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,SAAS,MAAM,EACf,cAAa,MAAc,KAC1B,MAAqE,CAAC;AAMzE,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,cAAa,MAAc,KAC1B,MAAgE,CAAC"}

package/dist/internal/cose/structures.js

@@ -0,0 +1,22 @@
+import { encodeCbor, decodeCbor } from "./cbor.js";
+export const COSE_TAG = {
+    encrypt0: 16,
+    mac0: 17,
+    sign1: 18,
+    cwt: 61,
+};
+export const COSE_HEADER = {
+    alg: 1,
+    crit: 2,
+    contentType: 3,
+    kid: 4,
+    iv: 5,
+    typ: 16,
+};
+const EMPTY = Buffer.alloc(0);
+export const encodeProtectedHeader = (header) => header.size === 0 ? EMPTY : encodeCbor(header);
+export const decodeProtectedHeader = (bstr) => bstr.length === 0 ? new Map() : decodeCbor(bstr);
+export const buildSigStructure = (protectedHeader, payload, externalAad = EMPTY) => encodeCbor(["Signature1", protectedHeader, externalAad, payload]);
+export const buildMacStructure = (protectedHeader, payload, externalAad = EMPTY) => encodeCbor(["MAC0", protectedHeader, externalAad, payload]);
+export const buildEncStructure = (protectedHeader, externalAad = EMPTY) => encodeCbor(["Encrypt0", protectedHeader, externalAad]);
+//# sourceMappingURL=structures.js.map

package/dist/internal/cose/structures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"structures.js","sourceRoot":"","sources":["../../../src/internal/cose/structures.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGnD,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;IACT,GAAG,EAAE,EAAE;CACC,CAAC;AAGX,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;IACP,WAAW,EAAE,CAAC;IACd,GAAG,EAAE,CAAC;IACN,EAAE,EAAE,CAAC;IACL,GAAG,EAAE,EAAE;CACC,CAAC;AAEX,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAO9B,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,MAA4B,EAAU,EAAE,CAC5E,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAEjD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAgB,EAAwB,EAAE,CAC9E,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,CAAuB,IAAI,CAAC,CAAC;AAMzE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,OAAe,EACf,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAM/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,OAAe,EACf,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAMzE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC,CAAC"}

package/dist/internal/cose/sub-id-claim.d.ts

@@ -0,0 +1,4 @@
+import type { Dict } from "@lindorm/types";
+export declare const encodeSubIdCompact: (subId: Dict) => Map<number, unknown>;
+export declare const decodeSubIdCompact: (map: Map<number, unknown>) => Dict;
+//# sourceMappingURL=sub-id-claim.d.ts.map

package/dist/internal/cose/sub-id-claim.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sub-id-claim.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/sub-id-claim.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AA4B3C,eAAO,MAAM,kBAAkB,GAAI,OAAO,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAClC,CAAC;AAEnC,eAAO,MAAM,kBAAkB,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAC/B,CAAC"}

package/dist/internal/cose/sub-id-claim.js

@@ -0,0 +1,18 @@
+import { compactDecode, compactEncode } from "./compact-map.js";
+const SUBID_SPEC = {
+    labels: {
+        format: 0,
+        iss: 1,
+        sub: 2,
+        email: 4,
+        phone_number: 5,
+        uri: 6,
+        url: 7,
+        id: 8,
+        identifiers: 9,
+    },
+    nested: { identifiers: { array: true, spec: () => SUBID_SPEC } },
+};
+export const encodeSubIdCompact = (subId) => compactEncode(subId, SUBID_SPEC);
+export const decodeSubIdCompact = (map) => compactDecode(map, SUBID_SPEC);
+//# sourceMappingURL=sub-id-claim.js.map

package/dist/internal/cose/sub-id-claim.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sub-id-claim.js","sourceRoot":"","sources":["../../../src/internal/cose/sub-id-claim.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAYlF,MAAM,UAAU,GAAgB;IAC9B,MAAM,EAAE;QACN,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,GAAG,EAAE,CAAC;QACN,KAAK,EAAE,CAAC;QACR,YAAY,EAAE,CAAC;QACf,GAAG,EAAE,CAAC;QACN,GAAG,EAAE,CAAC;QACN,EAAE,EAAE,CAAC;QACL,WAAW,EAAE,CAAC;KACf;IACD,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE;CACjE,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAW,EAAwB,EAAE,CACtE,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AAEnC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAyB,EAAQ,EAAE,CACpE,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC"}

package/dist/internal/profiles/definitions/access-token.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const accessTokenProfile: TokenProfile;
+//# sourceMappingURL=access-token.d.ts.map

package/dist/internal/profiles/definitions/access-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/access-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,kBAAkB,EAAE,YA6BhC,CAAC"}

package/dist/internal/profiles/definitions/access-token.js

@@ -0,0 +1,31 @@
+export const accessTokenProfile = {
+    name: "access_token",
+    typ: "application/at+jwt",
+    required: [
+        "issuer",
+        "expiresAt",
+        "audience",
+        "subject",
+        "clientId",
+        "issuedAt",
+        "tokenId",
+    ],
+    forbidden: ["federationAssuranceLevel"],
+    requiredWhen: [],
+    atLeastOneOf: [],
+    autoInject: { iat: true, jti: true, nbf: false, iss: true },
+    issuer: "platform",
+    lifetime: "1h",
+    encryptable: false,
+    algClass: "asymmetric-recommended",
+    rules: {
+        issUri: true,
+        crossField: true,
+        audSingleResource: true,
+        authorizationDetailsType: true,
+        cnfShape: true,
+        actChainShape: true,
+    },
+    validate: () => [],
+};
+//# sourceMappingURL=access-token.js.map

package/dist/internal/profiles/definitions/access-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access-token.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/access-token.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,kBAAkB,GAAiB;IAC9C,IAAI,EAAE,cAAc;IACpB,GAAG,EAAE,oBAAoB;IACzB,QAAQ,EAAE;QACR,QAAQ;QACR,WAAW;QACX,UAAU;QACV,SAAS;QACT,UAAU;QACV,UAAU;QACV,SAAS;KACV;IACD,SAAS,EAAE,CAAC,0BAA0B,CAAC;IACvC,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;IAC3D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,wBAAwB;IAClC,KAAK,EAAE;QACL,MAAM,EAAE,IAAI;QACZ,UAAU,EAAE,IAAI;QAChB,iBAAiB,EAAE,IAAI;QACvB,wBAAwB,EAAE,IAAI;QAC9B,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACpB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}

package/dist/internal/profiles/definitions/client-assertion.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const clientAssertionProfile: TokenProfile;
+//# sourceMappingURL=client-assertion.d.ts.map

package/dist/internal/profiles/definitions/client-assertion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-assertion.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/client-assertion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAQ5D,eAAO,MAAM,sBAAsB,EAAE,YAgBpC,CAAC"}

package/dist/internal/profiles/definitions/client-assertion.js

@@ -0,0 +1,18 @@
+export const clientAssertionProfile = {
+    name: "client_assertion",
+    typ: "JWT",
+    required: ["issuer", "subject", "audience", "expiresAt", "tokenId"],
+    forbidden: [],
+    requiredWhen: [],
+    atLeastOneOf: [],
+    autoInject: { iat: true, jti: true, nbf: false, iss: false },
+    issuer: "per-token",
+    lifetime: "2m",
+    encryptable: false,
+    algClass: "confidential",
+    rules: {
+        crossField: true,
+    },
+    validate: () => [],
+};
+//# sourceMappingURL=client-assertion.js.map

package/dist/internal/profiles/definitions/client-assertion.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-assertion.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/client-assertion.ts"],"names":[],"mappings":"AAQA,MAAM,CAAC,MAAM,sBAAsB,GAAiB;IAClD,IAAI,EAAE,kBAAkB;IACxB,GAAG,EAAE,KAAK;IACV,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,CAAC;IACnE,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5D,MAAM,EAAE,WAAW;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,cAAc;IACxB,KAAK,EAAE;QACL,UAAU,EAAE,IAAI;KACjB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}

package/dist/internal/profiles/definitions/default.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const defaultProfile: TokenProfile;
+//# sourceMappingURL=default.d.ts.map

package/dist/internal/profiles/definitions/default.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/default.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAU5D,eAAO,MAAM,cAAc,EAAE,YAY5B,CAAC"}

package/dist/internal/profiles/definitions/default.js

@@ -0,0 +1,14 @@
+export const defaultProfile = {
+    name: "default",
+    typ: null,
+    required: ["subject", "expiresAt"],
+    forbidden: [],
+    requiredWhen: [],
+    atLeastOneOf: [],
+    autoInject: { iat: true, jti: true, nbf: true, iss: true },
+    issuer: "platform",
+    lifetime: null,
+    encryptable: false,
+    validate: () => [],
+};
+//# sourceMappingURL=default.js.map

package/dist/internal/profiles/definitions/default.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"default.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/default.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,IAAI;IACT,QAAQ,EAAE,CAAC,SAAS,EAAE,WAAW,CAAC;IAClC,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE;IAC1D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}

package/dist/internal/profiles/definitions/delegation.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const delegationProfile: TokenProfile;
+//# sourceMappingURL=delegation.d.ts.map

package/dist/internal/profiles/definitions/delegation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/delegation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,iBAAiB,EAAE,YAiB/B,CAAC"}

package/dist/internal/profiles/definitions/delegation.js

@@ -0,0 +1,19 @@
+export const delegationProfile = {
+    name: "delegation",
+    typ: "application/delegation+jwt",
+    required: ["issuer", "subject", "audience", "expiresAt", "tokenId"],
+    forbidden: [],
+    requiredWhen: [],
+    atLeastOneOf: [],
+    autoInject: { iat: true, jti: true, nbf: false, iss: false },
+    issuer: "per-token",
+    lifetime: "2m",
+    encryptable: false,
+    algClass: "asymmetric",
+    rules: {
+        issUri: false,
+        crossField: true,
+    },
+    validate: () => [],
+};
+//# sourceMappingURL=delegation.js.map

package/dist/internal/profiles/definitions/delegation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/delegation.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,iBAAiB,GAAiB;IAC7C,IAAI,EAAE,YAAY;IAClB,GAAG,EAAE,4BAA4B;IACjC,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,CAAC;IACnE,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5D,MAAM,EAAE,WAAW;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,YAAY;IACtB,KAAK,EAAE;QACL,MAAM,EAAE,KAAK;QACb,UAAU,EAAE,IAAI;KACjB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}

package/dist/internal/profiles/definitions/erasure-token.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const erasureTokenProfile: TokenProfile;
+//# sourceMappingURL=erasure-token.d.ts.map

package/dist/internal/profiles/definitions/erasure-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"erasure-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/erasure-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,mBAAmB,EAAE,YA0BjC,CAAC"}

package/dist/internal/profiles/definitions/erasure-token.js

@@ -0,0 +1,28 @@
+export const erasureTokenProfile = {
+    name: "erasure_token",
+    typ: "application/erasure+jwt",
+    required: [
+        "issuer",
+        "audience",
+        "issuedAt",
+        "expiresAt",
+        "tokenId",
+        "subject",
+        "events",
+    ],
+    forbidden: ["nonce"],
+    requiredWhen: [],
+    atLeastOneOf: [],
+    autoInject: { iat: true, jti: true, nbf: false, iss: true },
+    issuer: "platform",
+    lifetime: "2m",
+    encryptable: false,
+    algClass: "confidential",
+    rules: {
+        issUri: true,
+        crossField: true,
+        eventsShape: true,
+    },
+    validate: () => [],
+};
+//# sourceMappingURL=erasure-token.js.map

package/dist/internal/profiles/definitions/erasure-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"erasure-token.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/erasure-token.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,mBAAmB,GAAiB;IAC/C,IAAI,EAAE,eAAe;IACrB,GAAG,EAAE,yBAAyB;IAC9B,QAAQ,EAAE;QACR,QAAQ;QACR,UAAU;QACV,UAAU;QACV,WAAW;QACX,SAAS;QACT,SAAS;QACT,QAAQ;KACT;IACD,SAAS,EAAE,CAAC,OAAO,CAAC;IACpB,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;IAC3D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,cAAc;IACxB,KAAK,EAAE;QACL,MAAM,EAAE,IAAI;QACZ,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,IAAI;KAClB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}

package/dist/internal/profiles/definitions/id-token.d.ts

@@ -0,0 +1,3 @@
+import type { TokenProfile } from "../../../types/index.js";
+export declare const idTokenProfile: TokenProfile;
+//# sourceMappingURL=id-token.d.ts.map

package/dist/internal/profiles/definitions/id-token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"id-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/id-token.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAe,YAAY,EAAE,MAAM,yBAAyB,CAAC;AASzE,eAAO,MAAM,cAAc,EAAE,YAyB5B,CAAC"}