@lindorm/aegis 0.8.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +84 -5
- package/dist/classes/Aegis.d.ts +20 -5
- package/dist/classes/Aegis.d.ts.map +1 -1
- package/dist/classes/Aegis.js +259 -45
- package/dist/classes/Aegis.js.map +1 -1
- package/dist/classes/CoseKit.d.ts +31 -0
- package/dist/classes/CoseKit.d.ts.map +1 -0
- package/dist/classes/CoseKit.js +64 -0
- package/dist/classes/CoseKit.js.map +1 -0
- package/dist/classes/CweKit.d.ts +24 -0
- package/dist/classes/CweKit.d.ts.map +1 -0
- package/dist/classes/CweKit.js +73 -0
- package/dist/classes/CweKit.js.map +1 -0
- package/dist/classes/CwmKit.d.ts +22 -0
- package/dist/classes/CwmKit.d.ts.map +1 -0
- package/dist/classes/CwmKit.js +54 -0
- package/dist/classes/CwmKit.js.map +1 -0
- package/dist/classes/CwsKit.d.ts +24 -0
- package/dist/classes/CwsKit.d.ts.map +1 -0
- package/dist/classes/CwsKit.js +60 -0
- package/dist/classes/CwsKit.js.map +1 -0
- package/dist/classes/CwtKit.d.ts +31 -0
- package/dist/classes/CwtKit.d.ts.map +1 -0
- package/dist/classes/CwtKit.js +65 -0
- package/dist/classes/CwtKit.js.map +1 -0
- package/dist/classes/JoseKit.d.ts +32 -0
- package/dist/classes/JoseKit.d.ts.map +1 -0
- package/dist/classes/JoseKit.js +66 -0
- package/dist/classes/JoseKit.js.map +1 -0
- package/dist/classes/JweKit.d.ts.map +1 -1
- package/dist/classes/JweKit.js +31 -3
- package/dist/classes/JweKit.js.map +1 -1
- package/dist/classes/JwsKit.d.ts.map +1 -1
- package/dist/classes/JwsKit.js +19 -3
- package/dist/classes/JwsKit.js.map +1 -1
- package/dist/classes/JwtKit.d.ts +4 -1
- package/dist/classes/JwtKit.d.ts.map +1 -1
- package/dist/classes/JwtKit.js +100 -20
- package/dist/classes/JwtKit.js.map +1 -1
- package/dist/classes/SignatureKit.d.ts.map +1 -1
- package/dist/classes/SignatureKit.js +5 -1
- package/dist/classes/SignatureKit.js.map +1 -1
- package/dist/constants/token-type.d.ts +1 -1
- package/dist/constants/token-type.d.ts.map +1 -1
- package/dist/constants/token-type.js +2 -0
- package/dist/constants/token-type.js.map +1 -1
- package/dist/errors/AegisError.d.ts +1 -0
- package/dist/errors/AegisError.d.ts.map +1 -1
- package/dist/errors/AegisError.js +1 -0
- package/dist/errors/AegisError.js.map +1 -1
- package/dist/errors/JweError.d.ts +1 -0
- package/dist/errors/JweError.d.ts.map +1 -1
- package/dist/errors/JweError.js +1 -0
- package/dist/errors/JweError.js.map +1 -1
- package/dist/errors/JwsError.d.ts +1 -0
- package/dist/errors/JwsError.d.ts.map +1 -1
- package/dist/errors/JwsError.js +1 -0
- package/dist/errors/JwsError.js.map +1 -1
- package/dist/errors/JwtError.d.ts +1 -0
- package/dist/errors/JwtError.d.ts.map +1 -1
- package/dist/errors/JwtError.js +1 -0
- package/dist/errors/JwtError.js.map +1 -1
- package/dist/interfaces/Aegis.d.ts +6 -1
- package/dist/interfaces/Aegis.d.ts.map +1 -1
- package/dist/internal/claims/events.d.ts +5 -0
- package/dist/internal/claims/events.d.ts.map +1 -0
- package/dist/internal/claims/events.js +3 -0
- package/dist/internal/claims/events.js.map +1 -0
- package/dist/internal/claims/registry.d.ts +14 -0
- package/dist/internal/claims/registry.d.ts.map +1 -0
- package/dist/internal/claims/registry.js +61 -0
- package/dist/internal/claims/registry.js.map +1 -0
- package/dist/internal/claims/sub-id.d.ts +7 -0
- package/dist/internal/claims/sub-id.d.ts.map +1 -0
- package/dist/internal/claims/sub-id.js +11 -0
- package/dist/internal/claims/sub-id.js.map +1 -0
- package/dist/internal/cose/act-claim.d.ts +4 -0
- package/dist/internal/cose/act-claim.d.ts.map +1 -0
- package/dist/internal/cose/act-claim.js +8 -0
- package/dist/internal/cose/act-claim.js.map +1 -0
- package/dist/internal/cose/alg-labels.d.ts +4 -0
- package/dist/internal/cose/alg-labels.d.ts.map +1 -0
- package/dist/internal/cose/alg-labels.js +42 -0
- package/dist/internal/cose/alg-labels.js.map +1 -0
- package/dist/internal/cose/cbor.d.ts +11 -0
- package/dist/internal/cose/cbor.d.ts.map +1 -0
- package/dist/internal/cose/cbor.js +37 -0
- package/dist/internal/cose/cbor.js.map +1 -0
- package/dist/internal/cose/compact-map.d.ts +11 -0
- package/dist/internal/cose/compact-map.d.ts.map +1 -0
- package/dist/internal/cose/compact-map.js +43 -0
- package/dist/internal/cose/compact-map.js.map +1 -0
- package/dist/internal/cose/cose-key-thumbprint.d.ts +5 -0
- package/dist/internal/cose/cose-key-thumbprint.d.ts.map +1 -0
- package/dist/internal/cose/cose-key-thumbprint.js +60 -0
- package/dist/internal/cose/cose-key-thumbprint.js.map +1 -0
- package/dist/internal/cose/cose-key.d.ts +8 -0
- package/dist/internal/cose/cose-key.d.ts.map +1 -0
- package/dist/internal/cose/cose-key.js +98 -0
- package/dist/internal/cose/cose-key.js.map +1 -0
- package/dist/internal/cose/cose-typ.d.ts +2 -0
- package/dist/internal/cose/cose-typ.d.ts.map +1 -0
- package/dist/internal/cose/cose-typ.js +8 -0
- package/dist/internal/cose/cose-typ.js.map +1 -0
- package/dist/internal/cose/cwt-claims.d.ts +7 -0
- package/dist/internal/cose/cwt-claims.d.ts.map +1 -0
- package/dist/internal/cose/cwt-claims.js +94 -0
- package/dist/internal/cose/cwt-claims.js.map +1 -0
- package/dist/internal/cose/enc-labels.d.ts +5 -0
- package/dist/internal/cose/enc-labels.d.ts.map +1 -0
- package/dist/internal/cose/enc-labels.js +47 -0
- package/dist/internal/cose/enc-labels.js.map +1 -0
- package/dist/internal/cose/structures.d.ts +20 -0
- package/dist/internal/cose/structures.d.ts.map +1 -0
- package/dist/internal/cose/structures.js +22 -0
- package/dist/internal/cose/structures.js.map +1 -0
- package/dist/internal/cose/sub-id-claim.d.ts +4 -0
- package/dist/internal/cose/sub-id-claim.d.ts.map +1 -0
- package/dist/internal/cose/sub-id-claim.js +18 -0
- package/dist/internal/cose/sub-id-claim.js.map +1 -0
- package/dist/internal/profiles/definitions/access-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/access-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/access-token.js +31 -0
- package/dist/internal/profiles/definitions/access-token.js.map +1 -0
- package/dist/internal/profiles/definitions/client-assertion.d.ts +3 -0
- package/dist/internal/profiles/definitions/client-assertion.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/client-assertion.js +18 -0
- package/dist/internal/profiles/definitions/client-assertion.js.map +1 -0
- package/dist/internal/profiles/definitions/default.d.ts +3 -0
- package/dist/internal/profiles/definitions/default.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/default.js +14 -0
- package/dist/internal/profiles/definitions/default.js.map +1 -0
- package/dist/internal/profiles/definitions/delegation.d.ts +3 -0
- package/dist/internal/profiles/definitions/delegation.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/delegation.js +19 -0
- package/dist/internal/profiles/definitions/delegation.js.map +1 -0
- package/dist/internal/profiles/definitions/erasure-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/erasure-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/erasure-token.js +28 -0
- package/dist/internal/profiles/definitions/erasure-token.js.map +1 -0
- package/dist/internal/profiles/definitions/id-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/id-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/id-token.js +26 -0
- package/dist/internal/profiles/definitions/id-token.js.map +1 -0
- package/dist/internal/profiles/definitions/introspection.d.ts +3 -0
- package/dist/internal/profiles/definitions/introspection.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/introspection.js +18 -0
- package/dist/internal/profiles/definitions/introspection.js.map +1 -0
- package/dist/internal/profiles/definitions/jarm.d.ts +3 -0
- package/dist/internal/profiles/definitions/jarm.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/jarm.js +19 -0
- package/dist/internal/profiles/definitions/jarm.js.map +1 -0
- package/dist/internal/profiles/definitions/logout-token.d.ts +3 -0
- package/dist/internal/profiles/definitions/logout-token.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/logout-token.js +20 -0
- package/dist/internal/profiles/definitions/logout-token.js.map +1 -0
- package/dist/internal/profiles/definitions/security-event.d.ts +3 -0
- package/dist/internal/profiles/definitions/security-event.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/security-event.js +20 -0
- package/dist/internal/profiles/definitions/security-event.js.map +1 -0
- package/dist/internal/profiles/definitions/userinfo.d.ts +3 -0
- package/dist/internal/profiles/definitions/userinfo.d.ts.map +1 -0
- package/dist/internal/profiles/definitions/userinfo.js +18 -0
- package/dist/internal/profiles/definitions/userinfo.js.map +1 -0
- package/dist/internal/profiles/registry.d.ts +4 -0
- package/dist/internal/profiles/registry.d.ts.map +1 -0
- package/dist/internal/profiles/registry.js +41 -0
- package/dist/internal/profiles/registry.js.map +1 -0
- package/dist/internal/utils/assemble-common-claims.d.ts +12 -0
- package/dist/internal/utils/assemble-common-claims.d.ts.map +1 -0
- package/dist/internal/utils/assemble-common-claims.js +66 -0
- package/dist/internal/utils/assemble-common-claims.js.map +1 -0
- package/dist/internal/utils/build-profile-claims.d.ts +14 -0
- package/dist/internal/utils/build-profile-claims.d.ts.map +1 -0
- package/dist/internal/utils/build-profile-claims.js +75 -0
- package/dist/internal/utils/build-profile-claims.js.map +1 -0
- package/dist/internal/utils/compute-jwk-thumbprint.js +8 -1
- package/dist/internal/utils/compute-jwk-thumbprint.js.map +1 -1
- package/dist/internal/utils/compute-typ-header.d.ts.map +1 -1
- package/dist/internal/utils/compute-typ-header.js +20 -5
- package/dist/internal/utils/compute-typ-header.js.map +1 -1
- package/dist/internal/utils/create-hash.d.ts.map +1 -1
- package/dist/internal/utils/create-hash.js +7 -7
- package/dist/internal/utils/create-hash.js.map +1 -1
- package/dist/internal/utils/enforce-verify-floor.d.ts +12 -0
- package/dist/internal/utils/enforce-verify-floor.d.ts.map +1 -0
- package/dist/internal/utils/enforce-verify-floor.js +43 -0
- package/dist/internal/utils/enforce-verify-floor.js.map +1 -0
- package/dist/internal/utils/extract-claims.d.ts +2 -1
- package/dist/internal/utils/extract-claims.d.ts.map +1 -1
- package/dist/internal/utils/extract-claims.js +10 -4
- package/dist/internal/utils/extract-claims.js.map +1 -1
- package/dist/internal/utils/jose-header.d.ts.map +1 -1
- package/dist/internal/utils/jose-header.js +38 -7
- package/dist/internal/utils/jose-header.js.map +1 -1
- package/dist/internal/utils/jwt-payload.d.ts +8 -6
- package/dist/internal/utils/jwt-payload.d.ts.map +1 -1
- package/dist/internal/utils/jwt-payload.js +32 -96
- package/dist/internal/utils/jwt-payload.js.map +1 -1
- package/dist/internal/utils/jwt-validate.d.ts.map +1 -1
- package/dist/internal/utils/jwt-validate.js +7 -1
- package/dist/internal/utils/jwt-validate.js.map +1 -1
- package/dist/internal/utils/jwt-verify.d.ts.map +1 -1
- package/dist/internal/utils/jwt-verify.js +17 -4
- package/dist/internal/utils/jwt-verify.js.map +1 -1
- package/dist/internal/utils/map-content-to-claims.d.ts +8 -0
- package/dist/internal/utils/map-content-to-claims.d.ts.map +1 -0
- package/dist/internal/utils/map-content-to-claims.js +89 -0
- package/dist/internal/utils/map-content-to-claims.js.map +1 -0
- package/dist/internal/utils/parse-introspection.d.ts.map +1 -1
- package/dist/internal/utils/parse-introspection.js +5 -1
- package/dist/internal/utils/parse-introspection.js.map +1 -1
- package/dist/internal/utils/parse-userinfo.d.ts.map +1 -1
- package/dist/internal/utils/parse-userinfo.js +5 -1
- package/dist/internal/utils/parse-userinfo.js.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.js +3 -0
- package/dist/internal/utils/resolve-cert-binding.js.map +1 -1
- package/dist/internal/utils/rules/act-chain-shape.d.ts +4 -0
- package/dist/internal/utils/rules/act-chain-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/act-chain-shape.js +52 -0
- package/dist/internal/utils/rules/act-chain-shape.js.map +1 -0
- package/dist/internal/utils/rules/alg-permitted.d.ts +6 -0
- package/dist/internal/utils/rules/alg-permitted.d.ts.map +1 -0
- package/dist/internal/utils/rules/alg-permitted.js +35 -0
- package/dist/internal/utils/rules/alg-permitted.js.map +1 -0
- package/dist/internal/utils/rules/at-least-one-of.d.ts +4 -0
- package/dist/internal/utils/rules/at-least-one-of.d.ts.map +1 -0
- package/dist/internal/utils/rules/at-least-one-of.js +13 -0
- package/dist/internal/utils/rules/at-least-one-of.js.map +1 -0
- package/dist/internal/utils/rules/aud-single-resource.d.ts +4 -0
- package/dist/internal/utils/rules/aud-single-resource.d.ts.map +1 -0
- package/dist/internal/utils/rules/aud-single-resource.js +18 -0
- package/dist/internal/utils/rules/aud-single-resource.js.map +1 -0
- package/dist/internal/utils/rules/cnf-shape.d.ts +4 -0
- package/dist/internal/utils/rules/cnf-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/cnf-shape.js +55 -0
- package/dist/internal/utils/rules/cnf-shape.js.map +1 -0
- package/dist/internal/utils/rules/cross-field.d.ts +4 -0
- package/dist/internal/utils/rules/cross-field.d.ts.map +1 -0
- package/dist/internal/utils/rules/cross-field.js +21 -0
- package/dist/internal/utils/rules/cross-field.js.map +1 -0
- package/dist/internal/utils/rules/events-shape.d.ts +4 -0
- package/dist/internal/utils/rules/events-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/events-shape.js +33 -0
- package/dist/internal/utils/rules/events-shape.js.map +1 -0
- package/dist/internal/utils/rules/every-element-has-key.d.ts +4 -0
- package/dist/internal/utils/rules/every-element-has-key.d.ts.map +1 -0
- package/dist/internal/utils/rules/every-element-has-key.js +20 -0
- package/dist/internal/utils/rules/every-element-has-key.js.map +1 -0
- package/dist/internal/utils/rules/forbid-present.d.ts +4 -0
- package/dist/internal/utils/rules/forbid-present.d.ts.map +1 -0
- package/dist/internal/utils/rules/forbid-present.js +10 -0
- package/dist/internal/utils/rules/forbid-present.js.map +1 -0
- package/dist/internal/utils/rules/index.d.ts +14 -0
- package/dist/internal/utils/rules/index.d.ts.map +1 -0
- package/dist/internal/utils/rules/index.js +14 -0
- package/dist/internal/utils/rules/index.js.map +1 -0
- package/dist/internal/utils/rules/iss-uri.d.ts +4 -0
- package/dist/internal/utils/rules/iss-uri.d.ts.map +1 -0
- package/dist/internal/utils/rules/iss-uri.js +11 -0
- package/dist/internal/utils/rules/iss-uri.js.map +1 -0
- package/dist/internal/utils/rules/require-present.d.ts +4 -0
- package/dist/internal/utils/rules/require-present.d.ts.map +1 -0
- package/dist/internal/utils/rules/require-present.js +10 -0
- package/dist/internal/utils/rules/require-present.js.map +1 -0
- package/dist/internal/utils/rules/required-when.d.ts +8 -0
- package/dist/internal/utils/rules/required-when.d.ts.map +1 -0
- package/dist/internal/utils/rules/required-when.js +13 -0
- package/dist/internal/utils/rules/required-when.js.map +1 -0
- package/dist/internal/utils/rules/sub-id-shape.d.ts +4 -0
- package/dist/internal/utils/rules/sub-id-shape.d.ts.map +1 -0
- package/dist/internal/utils/rules/sub-id-shape.js +26 -0
- package/dist/internal/utils/rules/sub-id-shape.js.map +1 -0
- package/dist/internal/utils/select-encoder.d.ts +6 -0
- package/dist/internal/utils/select-encoder.d.ts.map +1 -0
- package/dist/internal/utils/select-encoder.js +4 -0
- package/dist/internal/utils/select-encoder.js.map +1 -0
- package/dist/internal/utils/validate-actor.d.ts +8 -1
- package/dist/internal/utils/validate-actor.d.ts.map +1 -1
- package/dist/internal/utils/validate-actor.js +9 -7
- package/dist/internal/utils/validate-actor.js.map +1 -1
- package/dist/internal/utils/validate-profile-claims.d.ts +8 -0
- package/dist/internal/utils/validate-profile-claims.d.ts.map +1 -0
- package/dist/internal/utils/validate-profile-claims.js +45 -0
- package/dist/internal/utils/validate-profile-claims.js.map +1 -0
- package/dist/internal/utils/validate.d.ts.map +1 -1
- package/dist/internal/utils/validate.js +8 -1
- package/dist/internal/utils/validate.js.map +1 -1
- package/dist/internal/utils/verify-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/verify-cert-binding.js +9 -1
- package/dist/internal/utils/verify-cert-binding.js.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.d.ts.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.js +41 -7
- package/dist/internal/utils/verify-dpop-proof.js.map +1 -1
- package/dist/types/claims/aegis-introspection.d.ts +2 -1
- package/dist/types/claims/aegis-introspection.d.ts.map +1 -1
- package/dist/types/claims/index.d.ts +2 -0
- package/dist/types/claims/index.d.ts.map +1 -1
- package/dist/types/claims/index.js +2 -0
- package/dist/types/claims/index.js.map +1 -1
- package/dist/types/claims/jwt/index.d.ts +2 -0
- package/dist/types/claims/jwt/index.d.ts.map +1 -1
- package/dist/types/claims/jwt/index.js +2 -0
- package/dist/types/claims/jwt/index.js.map +1 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts +3 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts.map +1 -1
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts +1 -2
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/oidc-claims-wire.d.ts +2 -0
- package/dist/types/claims/jwt/oidc-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/rar-claims-wire.d.ts +5 -0
- package/dist/types/claims/jwt/rar-claims-wire.d.ts.map +1 -0
- package/dist/types/claims/jwt/rar-claims-wire.js +2 -0
- package/dist/types/claims/jwt/rar-claims-wire.js.map +1 -0
- package/dist/types/claims/jwt/set-claims-wire.d.ts +9 -0
- package/dist/types/claims/jwt/set-claims-wire.d.ts.map +1 -0
- package/dist/types/claims/jwt/set-claims-wire.js +2 -0
- package/dist/types/claims/jwt/set-claims-wire.js.map +1 -0
- package/dist/types/claims/lindorm-claims.d.ts +1 -2
- package/dist/types/claims/lindorm-claims.d.ts.map +1 -1
- package/dist/types/claims/oidc-claims.d.ts +2 -0
- package/dist/types/claims/oidc-claims.d.ts.map +1 -1
- package/dist/types/claims/rar-claims.d.ts +5 -0
- package/dist/types/claims/rar-claims.d.ts.map +1 -0
- package/dist/types/claims/rar-claims.js +2 -0
- package/dist/types/claims/rar-claims.js.map +1 -0
- package/dist/types/claims/set-claims.d.ts +8 -0
- package/dist/types/claims/set-claims.d.ts.map +1 -0
- package/dist/types/claims/set-claims.js +2 -0
- package/dist/types/claims/set-claims.js.map +1 -0
- package/dist/types/jwt/index.d.ts +1 -0
- package/dist/types/jwt/index.d.ts.map +1 -1
- package/dist/types/jwt/index.js +1 -0
- package/dist/types/jwt/index.js.map +1 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts +2 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts.map +1 -1
- package/dist/types/jwt/jwt-parse.d.ts +2 -2
- package/dist/types/jwt/jwt-parse.d.ts.map +1 -1
- package/dist/types/jwt/jwt-sign.d.ts +8 -6
- package/dist/types/jwt/jwt-sign.d.ts.map +1 -1
- package/dist/types/jwt/profile.d.ts +99 -0
- package/dist/types/jwt/profile.d.ts.map +1 -0
- package/dist/types/jwt/profile.js +2 -0
- package/dist/types/jwt/profile.js.map +1 -0
- package/dist/types/level-of-assurance.d.ts +0 -1
- package/dist/types/level-of-assurance.d.ts.map +1 -1
- package/package.json +19 -18
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { Dict } from "@lindorm/types";
|
|
2
|
+
export declare const KTY_TO_COSE: Readonly<Record<string, number>>;
|
|
3
|
+
export declare const CRV_TO_COSE: Readonly<Record<string, number>>;
|
|
4
|
+
export declare const jwkToCoseKey: (jwk: Dict) => Map<number, unknown>;
|
|
5
|
+
export declare const coseKeyToJwk: (key: Map<number, unknown>) => Dict;
|
|
6
|
+
export declare const encodeCnf: (confirmation: Dict) => Map<number, unknown>;
|
|
7
|
+
export declare const decodeCnf: (cnf: Map<number, unknown>) => Dict;
|
|
8
|
+
//# sourceMappingURL=cose-key.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cose-key.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cose-key.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAQ3C,eAAO,MAAM,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAKxD,CAAC;AASF,eAAO,MAAM,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQxD,CAAC;AAkBF,eAAO,MAAM,YAAY,GAAI,KAAK,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAkB3D,CAAC;AAGF,eAAO,MAAM,YAAY,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAgBxD,CAAC;AAQF,eAAO,MAAM,SAAS,GAAI,cAAc,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAoBjE,CAAC;AAGF,eAAO,MAAM,SAAS,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAUrD,CAAC"}
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { B64 } from "@lindorm/b64";
|
|
2
|
+
import { B64U } from "../constants/format.js";
|
|
3
|
+
import { AegisError } from "../../errors/index.js";
|
|
4
|
+
const KEY = { kty: 1, kid: 2, alg: 3, crv: -1, x: -2, y: -3 };
|
|
5
|
+
export const KTY_TO_COSE = {
|
|
6
|
+
OKP: 1,
|
|
7
|
+
EC: 2,
|
|
8
|
+
RSA: 3,
|
|
9
|
+
oct: 4,
|
|
10
|
+
};
|
|
11
|
+
const COSE_TO_KTY = {
|
|
12
|
+
1: "OKP",
|
|
13
|
+
2: "EC",
|
|
14
|
+
3: "RSA",
|
|
15
|
+
4: "oct",
|
|
16
|
+
};
|
|
17
|
+
export const CRV_TO_COSE = {
|
|
18
|
+
"P-256": 1,
|
|
19
|
+
"P-384": 2,
|
|
20
|
+
"P-521": 3,
|
|
21
|
+
X25519: 4,
|
|
22
|
+
X448: 5,
|
|
23
|
+
Ed25519: 6,
|
|
24
|
+
Ed448: 7,
|
|
25
|
+
};
|
|
26
|
+
const COSE_TO_CRV = Object.fromEntries(Object.entries(CRV_TO_COSE).map(([crv, label]) => [label, crv]));
|
|
27
|
+
const unsupported = (detail) => {
|
|
28
|
+
throw new AegisError("Unsupported COSE_Key", {
|
|
29
|
+
code: "cose_key_unsupported",
|
|
30
|
+
title: "Unsupported COSE Key",
|
|
31
|
+
details: detail,
|
|
32
|
+
});
|
|
33
|
+
};
|
|
34
|
+
export const jwkToCoseKey = (jwk) => {
|
|
35
|
+
const ktyLabel = KTY_TO_COSE[jwk.kty];
|
|
36
|
+
if (ktyLabel === undefined)
|
|
37
|
+
unsupported(`Unknown JWK kty "${jwk.kty}".`);
|
|
38
|
+
const key = new Map();
|
|
39
|
+
key.set(KEY.kty, ktyLabel);
|
|
40
|
+
if (typeof jwk.kid === "string")
|
|
41
|
+
key.set(KEY.kid, Buffer.from(jwk.kid, "utf8"));
|
|
42
|
+
if (jwk.kty === "EC" || jwk.kty === "OKP") {
|
|
43
|
+
const crvLabel = CRV_TO_COSE[jwk.crv];
|
|
44
|
+
if (crvLabel === undefined)
|
|
45
|
+
unsupported(`Unknown curve "${jwk.crv}".`);
|
|
46
|
+
key.set(KEY.crv, crvLabel);
|
|
47
|
+
key.set(KEY.x, B64.toBuffer(jwk.x, B64U));
|
|
48
|
+
if (jwk.kty === "EC")
|
|
49
|
+
key.set(KEY.y, B64.toBuffer(jwk.y, B64U));
|
|
50
|
+
return key;
|
|
51
|
+
}
|
|
52
|
+
return unsupported("Only EC2 and OKP COSE_Key conversion is supported.");
|
|
53
|
+
};
|
|
54
|
+
export const coseKeyToJwk = (key) => {
|
|
55
|
+
const kty = COSE_TO_KTY[key.get(KEY.kty)];
|
|
56
|
+
if (kty === undefined)
|
|
57
|
+
unsupported("Unknown COSE_Key kty.");
|
|
58
|
+
const jwk = { kty };
|
|
59
|
+
const kid = key.get(KEY.kid);
|
|
60
|
+
if (kid instanceof Uint8Array)
|
|
61
|
+
jwk.kid = Buffer.from(kid).toString("utf8");
|
|
62
|
+
if (kty === "EC" || kty === "OKP") {
|
|
63
|
+
jwk.crv = COSE_TO_CRV[key.get(KEY.crv)];
|
|
64
|
+
jwk.x = B64.encode(Buffer.from(key.get(KEY.x)), B64U);
|
|
65
|
+
if (kty === "EC")
|
|
66
|
+
jwk.y = B64.encode(Buffer.from(key.get(KEY.y)), B64U);
|
|
67
|
+
return jwk;
|
|
68
|
+
}
|
|
69
|
+
return unsupported("Only EC2 and OKP COSE_Key conversion is supported.");
|
|
70
|
+
};
|
|
71
|
+
export const encodeCnf = (confirmation) => {
|
|
72
|
+
const cnf = new Map();
|
|
73
|
+
if (confirmation.key && typeof confirmation.key === "object") {
|
|
74
|
+
cnf.set(1, jwkToCoseKey(confirmation.key));
|
|
75
|
+
}
|
|
76
|
+
if (typeof confirmation.keyId === "string") {
|
|
77
|
+
cnf.set(3, Buffer.from(confirmation.keyId, "utf8"));
|
|
78
|
+
}
|
|
79
|
+
if (cnf.size === 0) {
|
|
80
|
+
throw new AegisError("Confirmation has no COSE-representable member", {
|
|
81
|
+
code: "cose_cnf_unsupported",
|
|
82
|
+
title: "COSE Confirmation Unsupported",
|
|
83
|
+
details: "Only an embedded key (-> COSE_Key) or keyId (-> kid) can go in a COSE cnf; jkt/x5t#S256/jku have no COSE form (jkt ≠ ckt).",
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
return cnf;
|
|
87
|
+
};
|
|
88
|
+
export const decodeCnf = (cnf) => {
|
|
89
|
+
const confirmation = {};
|
|
90
|
+
const coseKey = cnf.get(1);
|
|
91
|
+
if (coseKey instanceof Map)
|
|
92
|
+
confirmation.key = coseKeyToJwk(coseKey);
|
|
93
|
+
const kid = cnf.get(3);
|
|
94
|
+
if (kid instanceof Uint8Array)
|
|
95
|
+
confirmation.keyId = Buffer.from(kid).toString("utf8");
|
|
96
|
+
return confirmation;
|
|
97
|
+
};
|
|
98
|
+
//# sourceMappingURL=cose-key.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cose-key.js","sourceRoot":"","sources":["../../../src/internal/cose/cose-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,MAAM,GAAG,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAW,CAAC;AAGvE,MAAM,CAAC,MAAM,WAAW,GAAqC;IAC3D,GAAG,EAAE,CAAC;IACN,EAAE,EAAE,CAAC;IACL,GAAG,EAAE,CAAC;IACN,GAAG,EAAE,CAAC;CACP,CAAC;AACF,MAAM,WAAW,GAAqC;IACpD,CAAC,EAAE,KAAK;IACR,CAAC,EAAE,IAAI;IACP,CAAC,EAAE,KAAK;IACR,CAAC,EAAE,KAAK;CACT,CAAC;AAGF,MAAM,CAAC,MAAM,WAAW,GAAqC;IAC3D,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,OAAO,EAAE,CAAC;IACV,KAAK,EAAE,CAAC;CACT,CAAC;AACF,MAAM,WAAW,GAAqC,MAAM,CAAC,WAAW,CACtE,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAChE,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,MAAc,EAAS,EAAE;IAC5C,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE;QAC3C,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,sBAAsB;QAC7B,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;AACL,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAS,EAAwB,EAAE;IAC9D,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;IAChD,IAAI,QAAQ,KAAK,SAAS;QAAE,WAAW,CAAC,oBAAoB,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAEzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IACvC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC3B,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ;QAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAEhF,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QAC1C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;QAChD,IAAI,QAAQ,KAAK,SAAS;YAAE,WAAW,CAAC,kBAAkB,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;QACvE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAW,EAAE,IAAI,CAAC,CAAC,CAAC;QACpD,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAW,EAAE,IAAI,CAAC,CAAC,CAAC;QAC1E,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,WAAW,CAAC,oDAAoD,CAAC,CAAC;AAC3E,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAyB,EAAQ,EAAE;IAC9D,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAW,CAAC,CAAC;IACpD,IAAI,GAAG,KAAK,SAAS;QAAE,WAAW,CAAC,uBAAuB,CAAC,CAAC;IAE5D,MAAM,GAAG,GAAS,EAAE,GAAG,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,GAAG,YAAY,UAAU;QAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3E,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClC,GAAG,CAAC,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAW,CAAC,CAAC;QAClD,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,IAAI,GAAG,KAAK,IAAI;YAAE,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACtF,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO,WAAW,CAAC,oDAAoD,CAAC,CAAC;AAC3E,CAAC,CAAC;AAQF,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,YAAkB,EAAwB,EAAE;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IAEvC,IAAI,YAAY,CAAC,GAAG,IAAI,OAAO,YAAY,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC7D,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,YAAY,CAAC,YAAY,CAAC,GAAW,CAAC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,OAAO,YAAY,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC3C,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,UAAU,CAAC,+CAA+C,EAAE;YACpE,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,4HAA4H;SAC/H,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAGF,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,GAAyB,EAAQ,EAAE;IAC3D,MAAM,YAAY,GAAS,EAAE,CAAC;IAE9B,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,OAAO,YAAY,GAAG;QAAE,YAAY,CAAC,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAErE,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,GAAG,YAAY,UAAU;QAAE,YAAY,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEtF,OAAO,YAAY,CAAC;AACtB,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cose-typ.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cose-typ.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,OAAO,GAAI,SAAS,MAAM,GAAG,IAAI,KAAG,MAAM,GAAG,SAIzD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cose-typ.js","sourceRoot":"","sources":["../../../src/internal/cose/cose-typ.ts"],"names":[],"mappings":"AAgBA,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,OAAsB,EAAsB,EAAE;IACpE,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IACnE,OAAO,iBAAiB,CAAC;AAC3B,CAAC,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { Dict } from "@lindorm/types";
|
|
2
|
+
export type EncodeCwtOptions = {
|
|
3
|
+
proprietary?: boolean;
|
|
4
|
+
};
|
|
5
|
+
export declare const encodeCwtClaims: (common: Dict, options?: EncodeCwtOptions) => Map<number | string, unknown>;
|
|
6
|
+
export declare const decodeCwtClaims: (map: Map<unknown, unknown>) => Dict;
|
|
7
|
+
//# sourceMappingURL=cwt-claims.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cwt-claims.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/cwt-claims.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAwF3C,MAAM,MAAM,gBAAgB,GAAG;IAO7B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF,eAAO,MAAM,eAAe,GAC1B,QAAQ,IAAI,EACZ,UAAS,gBAAqB,KAC7B,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,OAAO,CAqB9B,CAAC;AAOF,eAAO,MAAM,eAAe,GAAI,KAAK,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAG,IAoB5D,CAAC"}
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
import { B64 } from "@lindorm/b64";
|
|
2
|
+
import { getUnixTime } from "@lindorm/date";
|
|
3
|
+
import { isDate, isFinite } from "@lindorm/is";
|
|
4
|
+
import { B64U } from "../constants/format.js";
|
|
5
|
+
import { specByCose, specByDomain, specByJose, } from "../claims/registry.js";
|
|
6
|
+
import { decodeActCompact, encodeActCompact } from "./act-claim.js";
|
|
7
|
+
import { decodeCnf, encodeCnf } from "./cose-key.js";
|
|
8
|
+
import { decodeSubIdCompact, encodeSubIdCompact } from "./sub-id-claim.js";
|
|
9
|
+
const ACT_DOMAINS = new Set(["act", "mayAct"]);
|
|
10
|
+
const HASH_DOMAINS = new Set(["accessTokenHash", "codeHash", "stateHash"]);
|
|
11
|
+
const encodeValue = (spec, value, proprietary) => {
|
|
12
|
+
switch (spec.value) {
|
|
13
|
+
case "text":
|
|
14
|
+
case "array":
|
|
15
|
+
case "int":
|
|
16
|
+
return value;
|
|
17
|
+
case "date":
|
|
18
|
+
return isDate(value) ? getUnixTime(value) : value;
|
|
19
|
+
case "bstr":
|
|
20
|
+
return Buffer.from(String(value), "utf8");
|
|
21
|
+
case "bespoke":
|
|
22
|
+
if (HASH_DOMAINS.has(spec.domain)) {
|
|
23
|
+
return B64.toBuffer(String(value), B64U);
|
|
24
|
+
}
|
|
25
|
+
if (spec.domain === "confirmation")
|
|
26
|
+
return encodeCnf(value);
|
|
27
|
+
if (ACT_DOMAINS.has(spec.domain)) {
|
|
28
|
+
return proprietary ? encodeActCompact(value) : value;
|
|
29
|
+
}
|
|
30
|
+
if (spec.domain === "subjectId") {
|
|
31
|
+
return proprietary ? encodeSubIdCompact(value) : value;
|
|
32
|
+
}
|
|
33
|
+
return value;
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
const decodeValue = (spec, value) => {
|
|
37
|
+
switch (spec.value) {
|
|
38
|
+
case "text":
|
|
39
|
+
case "array":
|
|
40
|
+
case "int":
|
|
41
|
+
return value;
|
|
42
|
+
case "date":
|
|
43
|
+
return isFinite(value) ? new Date(value * 1000) : value;
|
|
44
|
+
case "bstr":
|
|
45
|
+
return Buffer.from(value).toString("utf8");
|
|
46
|
+
case "bespoke":
|
|
47
|
+
if (HASH_DOMAINS.has(spec.domain)) {
|
|
48
|
+
return B64.encode(Buffer.from(value), B64U);
|
|
49
|
+
}
|
|
50
|
+
if (spec.domain === "confirmation")
|
|
51
|
+
return decodeCnf(value);
|
|
52
|
+
if (ACT_DOMAINS.has(spec.domain)) {
|
|
53
|
+
return value instanceof Map ? decodeActCompact(value) : value;
|
|
54
|
+
}
|
|
55
|
+
if (spec.domain === "subjectId") {
|
|
56
|
+
return value instanceof Map ? decodeSubIdCompact(value) : value;
|
|
57
|
+
}
|
|
58
|
+
return value;
|
|
59
|
+
}
|
|
60
|
+
};
|
|
61
|
+
export const encodeCwtClaims = (common, options = {}) => {
|
|
62
|
+
const proprietary = options.proprietary ?? true;
|
|
63
|
+
const map = new Map();
|
|
64
|
+
for (const [domain, value] of Object.entries(common)) {
|
|
65
|
+
if (value === undefined)
|
|
66
|
+
continue;
|
|
67
|
+
const spec = specByDomain(domain);
|
|
68
|
+
if (!spec) {
|
|
69
|
+
map.set(domain, value);
|
|
70
|
+
continue;
|
|
71
|
+
}
|
|
72
|
+
if (spec.proprietary && !proprietary)
|
|
73
|
+
continue;
|
|
74
|
+
map.set(spec.cose ?? spec.jose, encodeValue(spec, value, proprietary));
|
|
75
|
+
}
|
|
76
|
+
return map;
|
|
77
|
+
};
|
|
78
|
+
export const decodeCwtClaims = (map) => {
|
|
79
|
+
const common = {};
|
|
80
|
+
for (const [key, value] of map) {
|
|
81
|
+
const spec = typeof key === "number"
|
|
82
|
+
? specByCose(key)
|
|
83
|
+
: typeof key === "string"
|
|
84
|
+
? specByJose(key)
|
|
85
|
+
: undefined;
|
|
86
|
+
if (!spec) {
|
|
87
|
+
common[String(key)] = value;
|
|
88
|
+
continue;
|
|
89
|
+
}
|
|
90
|
+
common[spec.domain] = decodeValue(spec, value);
|
|
91
|
+
}
|
|
92
|
+
return common;
|
|
93
|
+
};
|
|
94
|
+
//# sourceMappingURL=cwt-claims.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cwt-claims.js","sourceRoot":"","sources":["../../../src/internal/cose/cwt-claims.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAC;AAC9C,OAAO,EAEL,UAAU,EACV,YAAY,EACZ,UAAU,GACX,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAE3E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;AAG/C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;AAQ3E,MAAM,WAAW,GAAG,CAAC,IAAe,EAAE,KAAc,EAAE,WAAoB,EAAW,EAAE;IACrF,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YAET,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpD,KAAK,MAAM;YAET,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,CAAC;QAC5C,KAAK,SAAS;YACZ,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAElC,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,cAAc;gBAChC,OAAO,SAAS,CAAC,KAAgC,CAAC,CAAC;YACrD,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAGjC,OAAO,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC/D,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAChC,OAAO,WAAW,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,IAAe,EAAE,KAAc,EAAW,EAAE;IAC/D,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,KAAK;YACR,OAAO,KAAK,CAAC;QACf,KAAK,MAAM;YAET,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC1D,KAAK,MAAM;YACT,OAAO,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,KAAK,SAAS;YACZ,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,EAAE,IAAI,CAAC,CAAC;YAC5D,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,cAAc;gBAAE,OAAO,SAAS,CAAC,KAA6B,CAAC,CAAC;YACpF,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAEjC,OAAO,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAChC,OAAO,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAClE,CAAC;YACD,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC,CAAC;AAmBF,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,MAAY,EACZ,UAA4B,EAAE,EACC,EAAE;IACjC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEhD,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACrD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YAEV,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QAGD,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW;YAAE,SAAS;QAE/C,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAOF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,GAA0B,EAAQ,EAAE;IAClE,MAAM,MAAM,GAAS,EAAE,CAAC;IAExB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,GAAG,EAAE,CAAC;QAC/B,MAAM,IAAI,GACR,OAAO,GAAG,KAAK,QAAQ;YACrB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;YACjB,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ;gBACvB,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;gBACjB,CAAC,CAAC,SAAS,CAAC;QAElB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { KryptosEncryption } from "@lindorm/kryptos";
|
|
2
|
+
export declare const tagBytesForEncryption: (encryption: KryptosEncryption) => number;
|
|
3
|
+
export declare const encToCoseLabel: (encryption: KryptosEncryption | null | undefined) => number;
|
|
4
|
+
export declare const coseLabelToEnc: (label: number) => KryptosEncryption;
|
|
5
|
+
//# sourceMappingURL=enc-labels.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enc-labels.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/enc-labels.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAiC1D,eAAO,MAAM,qBAAqB,GAAI,YAAY,iBAAiB,KAAG,MAMrE,CAAC;AAKF,eAAO,MAAM,cAAc,GACzB,YAAY,iBAAiB,GAAG,IAAI,GAAG,SAAS,KAC/C,MAWF,CAAC;AAEF,eAAO,MAAM,cAAc,GAAI,OAAO,MAAM,KAAG,iBAY9C,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { AegisError } from "../../errors/index.js";
|
|
2
|
+
const ENC_TO_COSE = {
|
|
3
|
+
A128GCM: 1,
|
|
4
|
+
A192GCM: 2,
|
|
5
|
+
A256GCM: 3,
|
|
6
|
+
"AES-CCM-16-64-128": 10,
|
|
7
|
+
"AES-CCM-16-64-256": 11,
|
|
8
|
+
"AES-CCM-64-64-128": 12,
|
|
9
|
+
"AES-CCM-64-64-256": 13,
|
|
10
|
+
"AES-CCM-16-128-128": 30,
|
|
11
|
+
"AES-CCM-16-128-256": 31,
|
|
12
|
+
"AES-CCM-64-128-128": 32,
|
|
13
|
+
"AES-CCM-64-128-256": 33,
|
|
14
|
+
};
|
|
15
|
+
const COSE_TO_ENC = Object.fromEntries(Object.entries(ENC_TO_COSE).map(([enc, label]) => [label, enc]));
|
|
16
|
+
export const tagBytesForEncryption = (encryption) => {
|
|
17
|
+
if (encryption.startsWith("AES-CCM-")) {
|
|
18
|
+
return Number(encryption.split("-")[3]) / 8;
|
|
19
|
+
}
|
|
20
|
+
return 16;
|
|
21
|
+
};
|
|
22
|
+
const NOT_SUPPORTED = "COSE_Encrypt0 supports the AES-GCM family (A128/A192/A256GCM) and the AES-CCM family (AES-CCM-16/64-64/128-128/256).";
|
|
23
|
+
export const encToCoseLabel = (encryption) => {
|
|
24
|
+
const label = encryption ? ENC_TO_COSE[encryption] : undefined;
|
|
25
|
+
if (label === undefined) {
|
|
26
|
+
throw new AegisError(`No COSE label for content encryption "${encryption}"`, {
|
|
27
|
+
code: "cose_encryption_not_supported",
|
|
28
|
+
data: { encryption },
|
|
29
|
+
title: "COSE Encryption Not Supported",
|
|
30
|
+
details: NOT_SUPPORTED,
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
return label;
|
|
34
|
+
};
|
|
35
|
+
export const coseLabelToEnc = (label) => {
|
|
36
|
+
const encryption = COSE_TO_ENC[label];
|
|
37
|
+
if (encryption === undefined) {
|
|
38
|
+
throw new AegisError(`No content encryption for COSE label "${label}"`, {
|
|
39
|
+
code: "cose_encryption_not_supported",
|
|
40
|
+
data: { label },
|
|
41
|
+
title: "COSE Encryption Not Supported",
|
|
42
|
+
details: "The COSE content-encryption label is not one this implementation supports.",
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
return encryption;
|
|
46
|
+
};
|
|
47
|
+
//# sourceMappingURL=enc-labels.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enc-labels.js","sourceRoot":"","sources":["../../../src/internal/cose/enc-labels.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AASnD,MAAM,WAAW,GAAyD;IACxE,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,CAAC;IACV,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,mBAAmB,EAAE,EAAE;IACvB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;IACxB,oBAAoB,EAAE,EAAE;CACzB,CAAC;AAEF,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CACpC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAC3B,CAAC;AAOvC,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,UAA6B,EAAU,EAAE;IAC7E,IAAI,UAAU,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAEtC,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC;AAEF,MAAM,aAAa,GACjB,sHAAsH,CAAC;AAEzH,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,UAAgD,EACxC,EAAE;IACV,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,yCAAyC,UAAU,GAAG,EAAE;YAC3E,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,EAAE,UAAU,EAAE;YACpB,KAAK,EAAE,+BAA+B;YACtC,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,KAAa,EAAqB,EAAE;IACjE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,UAAU,CAAC,yCAAyC,KAAK,GAAG,EAAE;YACtE,IAAI,EAAE,+BAA+B;YACrC,IAAI,EAAE,EAAE,KAAK,EAAE;YACf,KAAK,EAAE,+BAA+B;YACtC,OAAO,EACL,4EAA4E;SAC/E,CAAC,CAAC;IACL,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
export declare const COSE_TAG: {
|
|
2
|
+
readonly encrypt0: 16;
|
|
3
|
+
readonly mac0: 17;
|
|
4
|
+
readonly sign1: 18;
|
|
5
|
+
readonly cwt: 61;
|
|
6
|
+
};
|
|
7
|
+
export declare const COSE_HEADER: {
|
|
8
|
+
readonly alg: 1;
|
|
9
|
+
readonly crit: 2;
|
|
10
|
+
readonly contentType: 3;
|
|
11
|
+
readonly kid: 4;
|
|
12
|
+
readonly iv: 5;
|
|
13
|
+
readonly typ: 16;
|
|
14
|
+
};
|
|
15
|
+
export declare const encodeProtectedHeader: (header: Map<number, unknown>) => Buffer;
|
|
16
|
+
export declare const decodeProtectedHeader: (bstr: Uint8Array) => Map<number, unknown>;
|
|
17
|
+
export declare const buildSigStructure: (protectedHeader: Buffer, payload: Buffer, externalAad?: Buffer) => Buffer;
|
|
18
|
+
export declare const buildMacStructure: (protectedHeader: Buffer, payload: Buffer, externalAad?: Buffer) => Buffer;
|
|
19
|
+
export declare const buildEncStructure: (protectedHeader: Buffer, externalAad?: Buffer) => Buffer;
|
|
20
|
+
//# sourceMappingURL=structures.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"structures.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/structures.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,QAAQ;;;;;CAKX,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;CAOd,CAAC;AASX,eAAO,MAAM,qBAAqB,GAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,MACrB,CAAC;AAEjD,eAAO,MAAM,qBAAqB,GAAI,MAAM,UAAU,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CACJ,CAAC;AAMzE,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,SAAS,MAAM,EACf,cAAa,MAAc,KAC1B,MAA2E,CAAC;AAM/E,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,SAAS,MAAM,EACf,cAAa,MAAc,KAC1B,MAAqE,CAAC;AAMzE,eAAO,MAAM,iBAAiB,GAC5B,iBAAiB,MAAM,EACvB,cAAa,MAAc,KAC1B,MAAgE,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { encodeCbor, decodeCbor } from "./cbor.js";
|
|
2
|
+
export const COSE_TAG = {
|
|
3
|
+
encrypt0: 16,
|
|
4
|
+
mac0: 17,
|
|
5
|
+
sign1: 18,
|
|
6
|
+
cwt: 61,
|
|
7
|
+
};
|
|
8
|
+
export const COSE_HEADER = {
|
|
9
|
+
alg: 1,
|
|
10
|
+
crit: 2,
|
|
11
|
+
contentType: 3,
|
|
12
|
+
kid: 4,
|
|
13
|
+
iv: 5,
|
|
14
|
+
typ: 16,
|
|
15
|
+
};
|
|
16
|
+
const EMPTY = Buffer.alloc(0);
|
|
17
|
+
export const encodeProtectedHeader = (header) => header.size === 0 ? EMPTY : encodeCbor(header);
|
|
18
|
+
export const decodeProtectedHeader = (bstr) => bstr.length === 0 ? new Map() : decodeCbor(bstr);
|
|
19
|
+
export const buildSigStructure = (protectedHeader, payload, externalAad = EMPTY) => encodeCbor(["Signature1", protectedHeader, externalAad, payload]);
|
|
20
|
+
export const buildMacStructure = (protectedHeader, payload, externalAad = EMPTY) => encodeCbor(["MAC0", protectedHeader, externalAad, payload]);
|
|
21
|
+
export const buildEncStructure = (protectedHeader, externalAad = EMPTY) => encodeCbor(["Encrypt0", protectedHeader, externalAad]);
|
|
22
|
+
//# sourceMappingURL=structures.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"structures.js","sourceRoot":"","sources":["../../../src/internal/cose/structures.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGnD,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,QAAQ,EAAE,EAAE;IACZ,IAAI,EAAE,EAAE;IACR,KAAK,EAAE,EAAE;IACT,GAAG,EAAE,EAAE;CACC,CAAC;AAGX,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;IACP,WAAW,EAAE,CAAC;IACd,GAAG,EAAE,CAAC;IACN,EAAE,EAAE,CAAC;IACL,GAAG,EAAE,EAAE;CACC,CAAC;AAEX,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAO9B,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,MAA4B,EAAU,EAAE,CAC5E,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAEjD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAgB,EAAwB,EAAE,CAC9E,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU,CAAuB,IAAI,CAAC,CAAC;AAMzE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,OAAe,EACf,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAM/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,OAAe,EACf,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAMzE,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,eAAuB,EACvB,cAAsB,KAAK,EACnB,EAAE,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sub-id-claim.d.ts","sourceRoot":"","sources":["../../../src/internal/cose/sub-id-claim.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AA4B3C,eAAO,MAAM,kBAAkB,GAAI,OAAO,IAAI,KAAG,GAAG,CAAC,MAAM,EAAE,OAAO,CAClC,CAAC;AAEnC,eAAO,MAAM,kBAAkB,GAAI,KAAK,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,IAC/B,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { compactDecode, compactEncode } from "./compact-map.js";
|
|
2
|
+
const SUBID_SPEC = {
|
|
3
|
+
labels: {
|
|
4
|
+
format: 0,
|
|
5
|
+
iss: 1,
|
|
6
|
+
sub: 2,
|
|
7
|
+
email: 4,
|
|
8
|
+
phone_number: 5,
|
|
9
|
+
uri: 6,
|
|
10
|
+
url: 7,
|
|
11
|
+
id: 8,
|
|
12
|
+
identifiers: 9,
|
|
13
|
+
},
|
|
14
|
+
nested: { identifiers: { array: true, spec: () => SUBID_SPEC } },
|
|
15
|
+
};
|
|
16
|
+
export const encodeSubIdCompact = (subId) => compactEncode(subId, SUBID_SPEC);
|
|
17
|
+
export const decodeSubIdCompact = (map) => compactDecode(map, SUBID_SPEC);
|
|
18
|
+
//# sourceMappingURL=sub-id-claim.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sub-id-claim.js","sourceRoot":"","sources":["../../../src/internal/cose/sub-id-claim.ts"],"names":[],"mappings":"AACA,OAAO,EAAoB,aAAa,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAYlF,MAAM,UAAU,GAAgB;IAC9B,MAAM,EAAE;QACN,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,GAAG,EAAE,CAAC;QACN,KAAK,EAAE,CAAC;QACR,YAAY,EAAE,CAAC;QACf,GAAG,EAAE,CAAC;QACN,GAAG,EAAE,CAAC;QACN,EAAE,EAAE,CAAC;QACL,WAAW,EAAE,CAAC;KACf;IACD,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE;CACjE,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAW,EAAwB,EAAE,CACtE,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AAEnC,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAyB,EAAQ,EAAE,CACpE,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/access-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,kBAAkB,EAAE,YA6BhC,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
export const accessTokenProfile = {
|
|
2
|
+
name: "access_token",
|
|
3
|
+
typ: "application/at+jwt",
|
|
4
|
+
required: [
|
|
5
|
+
"issuer",
|
|
6
|
+
"expiresAt",
|
|
7
|
+
"audience",
|
|
8
|
+
"subject",
|
|
9
|
+
"clientId",
|
|
10
|
+
"issuedAt",
|
|
11
|
+
"tokenId",
|
|
12
|
+
],
|
|
13
|
+
forbidden: [],
|
|
14
|
+
requiredWhen: [],
|
|
15
|
+
atLeastOneOf: [],
|
|
16
|
+
autoInject: { iat: true, jti: true, nbf: false, iss: true },
|
|
17
|
+
issuer: "platform",
|
|
18
|
+
lifetime: "1h",
|
|
19
|
+
encryptable: false,
|
|
20
|
+
algClass: "asymmetric-recommended",
|
|
21
|
+
rules: {
|
|
22
|
+
issUri: true,
|
|
23
|
+
crossField: true,
|
|
24
|
+
audSingleResource: true,
|
|
25
|
+
authorizationDetailsType: true,
|
|
26
|
+
cnfShape: true,
|
|
27
|
+
actChainShape: true,
|
|
28
|
+
},
|
|
29
|
+
validate: () => [],
|
|
30
|
+
};
|
|
31
|
+
//# sourceMappingURL=access-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access-token.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/access-token.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,kBAAkB,GAAiB;IAC9C,IAAI,EAAE,cAAc;IACpB,GAAG,EAAE,oBAAoB;IACzB,QAAQ,EAAE;QACR,QAAQ;QACR,WAAW;QACX,UAAU;QACV,SAAS;QACT,UAAU;QACV,UAAU;QACV,SAAS;KACV;IACD,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;IAC3D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,wBAAwB;IAClC,KAAK,EAAE;QACL,MAAM,EAAE,IAAI;QACZ,UAAU,EAAE,IAAI;QAChB,iBAAiB,EAAE,IAAI;QACvB,wBAAwB,EAAE,IAAI;QAC9B,QAAQ,EAAE,IAAI;QACd,aAAa,EAAE,IAAI;KACpB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client-assertion.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/client-assertion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAQ5D,eAAO,MAAM,sBAAsB,EAAE,YAgBpC,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
export const clientAssertionProfile = {
|
|
2
|
+
name: "client_assertion",
|
|
3
|
+
typ: "JWT",
|
|
4
|
+
required: ["issuer", "subject", "audience", "expiresAt", "tokenId"],
|
|
5
|
+
forbidden: [],
|
|
6
|
+
requiredWhen: [],
|
|
7
|
+
atLeastOneOf: [],
|
|
8
|
+
autoInject: { iat: true, jti: true, nbf: false, iss: false },
|
|
9
|
+
issuer: "per-token",
|
|
10
|
+
lifetime: "2m",
|
|
11
|
+
encryptable: false,
|
|
12
|
+
algClass: "confidential",
|
|
13
|
+
rules: {
|
|
14
|
+
crossField: true,
|
|
15
|
+
},
|
|
16
|
+
validate: () => [],
|
|
17
|
+
};
|
|
18
|
+
//# sourceMappingURL=client-assertion.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client-assertion.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/client-assertion.ts"],"names":[],"mappings":"AAQA,MAAM,CAAC,MAAM,sBAAsB,GAAiB;IAClD,IAAI,EAAE,kBAAkB;IACxB,GAAG,EAAE,KAAK;IACV,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,CAAC;IACnE,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5D,MAAM,EAAE,WAAW;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,cAAc;IACxB,KAAK,EAAE;QACL,UAAU,EAAE,IAAI;KACjB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/default.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAU5D,eAAO,MAAM,cAAc,EAAE,YAY5B,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export const defaultProfile = {
|
|
2
|
+
name: "default",
|
|
3
|
+
typ: null,
|
|
4
|
+
required: ["subject", "expiresAt"],
|
|
5
|
+
forbidden: [],
|
|
6
|
+
requiredWhen: [],
|
|
7
|
+
atLeastOneOf: [],
|
|
8
|
+
autoInject: { iat: true, jti: true, nbf: true, iss: true },
|
|
9
|
+
issuer: "platform",
|
|
10
|
+
lifetime: null,
|
|
11
|
+
encryptable: false,
|
|
12
|
+
validate: () => [],
|
|
13
|
+
};
|
|
14
|
+
//# sourceMappingURL=default.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"default.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/default.ts"],"names":[],"mappings":"AAUA,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,IAAI;IACT,QAAQ,EAAE,CAAC,SAAS,EAAE,WAAW,CAAC;IAClC,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE;IAC1D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"delegation.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/delegation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,iBAAiB,EAAE,YAiB/B,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export const delegationProfile = {
|
|
2
|
+
name: "delegation",
|
|
3
|
+
typ: "application/delegation+jwt",
|
|
4
|
+
required: ["issuer", "subject", "audience", "expiresAt", "tokenId"],
|
|
5
|
+
forbidden: [],
|
|
6
|
+
requiredWhen: [],
|
|
7
|
+
atLeastOneOf: [],
|
|
8
|
+
autoInject: { iat: true, jti: true, nbf: false, iss: false },
|
|
9
|
+
issuer: "per-token",
|
|
10
|
+
lifetime: "2m",
|
|
11
|
+
encryptable: false,
|
|
12
|
+
algClass: "asymmetric",
|
|
13
|
+
rules: {
|
|
14
|
+
issUri: false,
|
|
15
|
+
crossField: true,
|
|
16
|
+
},
|
|
17
|
+
validate: () => [],
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=delegation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"delegation.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/delegation.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,iBAAiB,GAAiB;IAC7C,IAAI,EAAE,YAAY;IAClB,GAAG,EAAE,4BAA4B;IACjC,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,CAAC;IACnE,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE;IAC5D,MAAM,EAAE,WAAW;IACnB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,YAAY;IACtB,KAAK,EAAE;QACL,MAAM,EAAE,KAAK;QACb,UAAU,EAAE,IAAI;KACjB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"erasure-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/erasure-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAS5D,eAAO,MAAM,mBAAmB,EAAE,YA0BjC,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
export const erasureTokenProfile = {
|
|
2
|
+
name: "erasure_token",
|
|
3
|
+
typ: "application/erasure+jwt",
|
|
4
|
+
required: [
|
|
5
|
+
"issuer",
|
|
6
|
+
"audience",
|
|
7
|
+
"issuedAt",
|
|
8
|
+
"expiresAt",
|
|
9
|
+
"tokenId",
|
|
10
|
+
"subject",
|
|
11
|
+
"events",
|
|
12
|
+
],
|
|
13
|
+
forbidden: ["nonce"],
|
|
14
|
+
requiredWhen: [],
|
|
15
|
+
atLeastOneOf: [],
|
|
16
|
+
autoInject: { iat: true, jti: true, nbf: false, iss: true },
|
|
17
|
+
issuer: "platform",
|
|
18
|
+
lifetime: "2m",
|
|
19
|
+
encryptable: false,
|
|
20
|
+
algClass: "confidential",
|
|
21
|
+
rules: {
|
|
22
|
+
issUri: true,
|
|
23
|
+
crossField: true,
|
|
24
|
+
eventsShape: true,
|
|
25
|
+
},
|
|
26
|
+
validate: () => [],
|
|
27
|
+
};
|
|
28
|
+
//# sourceMappingURL=erasure-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"erasure-token.js","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/erasure-token.ts"],"names":[],"mappings":"AASA,MAAM,CAAC,MAAM,mBAAmB,GAAiB;IAC/C,IAAI,EAAE,eAAe;IACrB,GAAG,EAAE,yBAAyB;IAC9B,QAAQ,EAAE;QACR,QAAQ;QACR,UAAU;QACV,UAAU;QACV,WAAW;QACX,SAAS;QACT,SAAS;QACT,QAAQ;KACT;IACD,SAAS,EAAE,CAAC,OAAO,CAAC;IACpB,YAAY,EAAE,EAAE;IAChB,YAAY,EAAE,EAAE;IAChB,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;IAC3D,MAAM,EAAE,UAAU;IAClB,QAAQ,EAAE,IAAI;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,cAAc;IACxB,KAAK,EAAE;QACL,MAAM,EAAE,IAAI;QACZ,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,IAAI;KAClB;IACD,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE;CACnB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"id-token.d.ts","sourceRoot":"","sources":["../../../../src/internal/profiles/definitions/id-token.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAe,YAAY,EAAE,MAAM,yBAAyB,CAAC;AASzE,eAAO,MAAM,cAAc,EAAE,YAyB5B,CAAC"}
|