@mcp-i/core 1.1.3 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/handshake.d.ts +19 -4
- package/dist/auth/handshake.d.ts.map +1 -1
- package/dist/auth/handshake.js +52 -15
- package/dist/auth/handshake.js.map +1 -1
- package/dist/auth/index.d.ts +1 -1
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/delegation/cascading-revocation.d.ts.map +1 -1
- package/dist/delegation/cascading-revocation.js +3 -1
- package/dist/delegation/cascading-revocation.js.map +1 -1
- package/dist/delegation/did-key-resolver.d.ts.map +1 -1
- package/dist/delegation/did-key-resolver.js +9 -6
- package/dist/delegation/did-key-resolver.js.map +1 -1
- package/dist/delegation/outbound-headers.d.ts +14 -16
- package/dist/delegation/outbound-headers.d.ts.map +1 -1
- package/dist/delegation/outbound-headers.js +14 -15
- package/dist/delegation/outbound-headers.js.map +1 -1
- package/dist/delegation/outbound-proof.d.ts +1 -1
- package/dist/delegation/outbound-proof.js +1 -1
- package/dist/delegation/statuslist-manager.d.ts +3 -0
- package/dist/delegation/statuslist-manager.d.ts.map +1 -1
- package/dist/delegation/statuslist-manager.js +14 -1
- package/dist/delegation/statuslist-manager.js.map +1 -1
- package/dist/delegation/vc-verifier.d.ts.map +1 -1
- package/dist/delegation/vc-verifier.js +2 -2
- package/dist/delegation/vc-verifier.js.map +1 -1
- package/dist/errors.d.ts +42 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +45 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/index.d.ts +1 -0
- package/dist/middleware/index.d.ts.map +1 -1
- package/dist/middleware/index.js +1 -0
- package/dist/middleware/index.js.map +1 -1
- package/dist/middleware/mcpi-transport.d.ts +39 -0
- package/dist/middleware/mcpi-transport.d.ts.map +1 -0
- package/dist/middleware/mcpi-transport.js +121 -0
- package/dist/middleware/mcpi-transport.js.map +1 -0
- package/dist/middleware/with-mcpi-server.d.ts +25 -9
- package/dist/middleware/with-mcpi-server.d.ts.map +1 -1
- package/dist/middleware/with-mcpi-server.js +62 -47
- package/dist/middleware/with-mcpi-server.js.map +1 -1
- package/dist/middleware/with-mcpi.d.ts +40 -5
- package/dist/middleware/with-mcpi.d.ts.map +1 -1
- package/dist/middleware/with-mcpi.js +120 -10
- package/dist/middleware/with-mcpi.js.map +1 -1
- package/dist/providers/memory.js +2 -2
- package/dist/providers/memory.js.map +1 -1
- package/dist/session/manager.d.ts +7 -1
- package/dist/session/manager.d.ts.map +1 -1
- package/dist/session/manager.js +20 -4
- package/dist/session/manager.js.map +1 -1
- package/dist/utils/crypto-service.d.ts.map +1 -1
- package/dist/utils/crypto-service.js +11 -10
- package/dist/utils/crypto-service.js.map +1 -1
- package/dist/utils/did-helpers.d.ts +12 -0
- package/dist/utils/did-helpers.d.ts.map +1 -1
- package/dist/utils/did-helpers.js +18 -0
- package/dist/utils/did-helpers.js.map +1 -1
- package/package.json +2 -2
- package/src/__tests__/audit/canonicalization-integrity.test.ts +243 -0
- package/src/__tests__/audit/graph-revocation-roundtrip.test.ts +280 -0
- package/src/__tests__/audit/helpers/crypto-helpers.ts +245 -0
- package/src/__tests__/audit/proof-boundary.test.ts +269 -0
- package/src/__tests__/audit/statuslist-bitstring-roundtrip.test.ts +135 -0
- package/src/__tests__/audit/vc-roundtrip.test.ts +290 -0
- package/src/delegation/__tests__/outbound-headers.test.ts +16 -16
- package/src/delegation/__tests__/transitive-access.test.ts +1233 -0
- package/src/delegation/__tests__/vc-issuer.integration.test.ts +136 -0
- package/src/delegation/__tests__/vc-jwt.test.ts +318 -0
- package/src/delegation/__tests__/vc-verifier.integration.test.ts +199 -0
- package/src/delegation/cascading-revocation.ts +3 -1
- package/src/delegation/outbound-headers.ts +16 -16
- package/src/delegation/outbound-proof.ts +1 -1
- package/src/delegation/statuslist-manager.ts +17 -0
- package/src/middleware/with-mcpi.ts +29 -0
- package/src/proof/__tests__/verifier.integration.test.ts +181 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACX,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAI3D,MAAM,WAAW,aAAa;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAoB,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACX,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAI3D,MAAM,WAAW,aAAa;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uGAAuG;IACvG,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,KAAK,CAAC,EAAE;QACN,IAAI,EAAE,aAAa,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAGZ;IACF,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAqC;IACrD,OAAO,CAAC,qBAAqB,CAAgB;IAC7C,OAAO,CAAC,WAAW,CAAS;gBAEhB,cAAc,EAAE,cAAc,EAAE,MAAM,GAAE,aAAkB;IAsBtE,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIrC;;;;;;;;;;OAUG;IACG,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAkF5E;;;;;;;;;OASG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;YA2BrD,iBAAiB;YAWjB,gBAAgB;IAQ9B,OAAO,CAAC,yBAAyB;YAMnB,eAAe;IA2B7B,MAAM,CAAC,aAAa,IAAI,MAAM;IAa9B,OAAO,CAAC,aAAa;IASf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA0B9B,QAAQ,IAAI;QACV,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE;YACN,oBAAoB,EAAE,MAAM,CAAC;YAC7B,iBAAiB,EAAE,MAAM,CAAC;YAC1B,uBAAuB,CAAC,EAAE,MAAM,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;KACH;IAYD,aAAa,IAAI,IAAI;CAItB;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAMzE;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,IAAI,gBAAgB,CAYrF"}
|
package/dist/session/manager.js
CHANGED
|
@@ -8,14 +8,18 @@
|
|
|
8
8
|
* The static generateNonce() uses globalThis.crypto (available Node 20+ and
|
|
9
9
|
* Cloudflare Workers) to remain synchronous without platform-specific imports.
|
|
10
10
|
*/
|
|
11
|
+
import { MCPI_ERROR_CODES } from "../errors.js";
|
|
11
12
|
import { MemoryNonceCacheProvider } from '../providers/memory.js';
|
|
12
13
|
import { logger } from '../logging/index.js';
|
|
13
14
|
export class SessionManager {
|
|
14
15
|
config;
|
|
15
16
|
cryptoProvider;
|
|
16
17
|
sessions = new Map();
|
|
18
|
+
sessionInsertionOrder = [];
|
|
19
|
+
maxSessions;
|
|
17
20
|
constructor(cryptoProvider, config = {}) {
|
|
18
21
|
this.cryptoProvider = cryptoProvider;
|
|
22
|
+
this.maxSessions = config.maxSessions ?? 10_000;
|
|
19
23
|
this.config = {
|
|
20
24
|
timestampSkewSeconds: config.timestampSkewSeconds ?? 120,
|
|
21
25
|
sessionTtlMinutes: config.sessionTtlMinutes ?? 30,
|
|
@@ -53,7 +57,7 @@ export class SessionManager {
|
|
|
53
57
|
return {
|
|
54
58
|
success: false,
|
|
55
59
|
error: {
|
|
56
|
-
code:
|
|
60
|
+
code: MCPI_ERROR_CODES.handshake_failed,
|
|
57
61
|
message: `Timestamp outside acceptable range (±${this.config.timestampSkewSeconds}s)`,
|
|
58
62
|
remediation: `Check NTP sync on client and server. Current server time: ${now}, received: ${request.timestamp}, diff: ${timeDiff}s. Adjust timestampSkewSeconds if needed.`,
|
|
59
63
|
},
|
|
@@ -64,7 +68,7 @@ export class SessionManager {
|
|
|
64
68
|
return {
|
|
65
69
|
success: false,
|
|
66
70
|
error: {
|
|
67
|
-
code:
|
|
71
|
+
code: MCPI_ERROR_CODES.handshake_failed,
|
|
68
72
|
message: `Audience mismatch: expected ${this.config.serverDid}, got ${request.audience}`,
|
|
69
73
|
},
|
|
70
74
|
};
|
|
@@ -74,7 +78,7 @@ export class SessionManager {
|
|
|
74
78
|
return {
|
|
75
79
|
success: false,
|
|
76
80
|
error: {
|
|
77
|
-
code:
|
|
81
|
+
code: MCPI_ERROR_CODES.handshake_failed,
|
|
78
82
|
message: 'Nonce already used (replay attack prevention)',
|
|
79
83
|
remediation: 'Generate a new unique nonce for each request',
|
|
80
84
|
},
|
|
@@ -97,14 +101,16 @@ export class SessionManager {
|
|
|
97
101
|
...(this.config.serverDid && { serverDid: this.config.serverDid }),
|
|
98
102
|
...(clientInfo && { clientInfo }),
|
|
99
103
|
};
|
|
104
|
+
this.evictIfNeeded();
|
|
100
105
|
this.sessions.set(sessionId, session);
|
|
106
|
+
this.sessionInsertionOrder.push(sessionId);
|
|
101
107
|
return { success: true, session };
|
|
102
108
|
}
|
|
103
109
|
catch (error) {
|
|
104
110
|
return {
|
|
105
111
|
success: false,
|
|
106
112
|
error: {
|
|
107
|
-
code:
|
|
113
|
+
code: MCPI_ERROR_CODES.handshake_failed,
|
|
108
114
|
message: `Handshake validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
|
|
109
115
|
},
|
|
110
116
|
};
|
|
@@ -198,6 +204,14 @@ export class SessionManager {
|
|
|
198
204
|
.replace(/\//g, '_')
|
|
199
205
|
.replace(/=/g, '');
|
|
200
206
|
}
|
|
207
|
+
evictIfNeeded() {
|
|
208
|
+
while (this.sessions.size >= this.maxSessions && this.sessionInsertionOrder.length > 0) {
|
|
209
|
+
const oldest = this.sessionInsertionOrder.shift();
|
|
210
|
+
if (oldest) {
|
|
211
|
+
this.sessions.delete(oldest);
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
}
|
|
201
215
|
async cleanup() {
|
|
202
216
|
const now = Math.floor(Date.now() / 1000);
|
|
203
217
|
for (const [sessionId, session] of this.sessions.entries()) {
|
|
@@ -213,6 +227,7 @@ export class SessionManager {
|
|
|
213
227
|
this.sessions.delete(sessionId);
|
|
214
228
|
}
|
|
215
229
|
}
|
|
230
|
+
this.sessionInsertionOrder = this.sessionInsertionOrder.filter(id => this.sessions.has(id));
|
|
216
231
|
await this.config.nonceCache.cleanup();
|
|
217
232
|
}
|
|
218
233
|
getStats() {
|
|
@@ -228,6 +243,7 @@ export class SessionManager {
|
|
|
228
243
|
}
|
|
229
244
|
clearSessions() {
|
|
230
245
|
this.sessions.clear();
|
|
246
|
+
this.sessionInsertionOrder = [];
|
|
231
247
|
}
|
|
232
248
|
}
|
|
233
249
|
export function createHandshakeRequest(audience) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;
|
|
1
|
+
{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,gBAAgB,EAAsB,MAAM,cAAc,CAAC;AAOpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAsB7C,MAAM,OAAO,cAAc;IACjB,MAAM,CAGZ;IACM,cAAc,CAAiB;IAC/B,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC7C,qBAAqB,GAAa,EAAE,CAAC;IACrC,WAAW,CAAS;IAE5B,YAAY,cAA8B,EAAE,SAAwB,EAAE;QACpE,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC;QAChD,IAAI,CAAC,MAAM,GAAG;YACZ,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;YACxD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;YACjD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,wBAAwB,EAAE;YAC/D,GAAG,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,IAAI;gBAClD,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;aACxD,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;SACvE,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,YAAY,wBAAwB,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CACT,qEAAqE;gBACnE,oEAAoE;gBACpE,iBAAiB,CACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAyB;QAC/C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YAEnD,IAAI,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,gBAAgB,CAAC,gBAAgB;wBACvC,OAAO,EAAE,wCAAwC,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI;wBACrF,WAAW,EAAE,6DAA6D,GAAG,eAAe,OAAO,CAAC,SAAS,WAAW,QAAQ,2CAA2C;qBAC5K;iBACF,CAAC;YACJ,CAAC;YAED,gEAAgE;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACxE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,gBAAgB,CAAC,gBAAgB;wBACvC,OAAO,EAAE,+BAA+B,IAAI,CAAC,MAAM,CAAC,SAAS,SAAS,OAAO,CAAC,QAAQ,EAAE;qBACzF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAClD,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,QAAQ,CACjB,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,gBAAgB,CAAC,gBAAgB;wBACvC,OAAO,EAAE,+CAA+C;wBACxD,WAAW,EAAE,8CAA8C;qBAC5D;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;YAChE,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAC9B,OAAO,CAAC,KAAK,EACb,eAAe,EACf,OAAO,CAAC,QAAQ,CACjB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACjD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAEvD,MAAM,OAAO,GAAmB;gBAC9B,SAAS;gBACT,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,SAAS,EAAE,GAAG;gBACd,YAAY,EAAE,GAAG;gBACjB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;gBACzC,aAAa,EAAE,WAAW;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAClE,GAAG,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,CAAC;aAClC,CAAC;YAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE3C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB,CAAC,gBAAgB;oBACvC,OAAO,EAAE,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;iBACpG;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;QACnD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE/C,IAAI,eAAe,GAAG,cAAc,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;YACtD,MAAM,iBAAiB,GAAG,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;YAClD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,EAAE,CAAC;YAC/D,IAAI,iBAAiB,GAAG,aAAa,EAAE,CAAC;gBACtC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,CAAC,YAAY,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACxD,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACrC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QACrH,OAAO,QAAQ,IAAI,EAAE,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,OAAO,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAEO,yBAAyB,CAAC,KAAc;QAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,OAAyB;QAEzB,MAAM,WAAW,GACf,CAAC,CAAC,OAAO,CAAC,UAAU;YACpB,OAAO,OAAO,CAAC,qBAAqB,KAAK,QAAQ;YACjD,OAAO,CAAC,kBAAkB,KAAK,SAAS,CAAC;QAE3C,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;QAElC,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,SAAS;YAC/D,KAAK,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,KAAK,CAAC;YACpD,OAAO,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,OAAO,CAAC;YACxD,QAAQ,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1D,MAAM,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC;YACtD,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,YAAY,CAAC;YAClE,QAAQ,EACN,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC;gBAChD,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,eAAe,EAAE,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,qBAAqB,CAAC;YAC9E,YAAY,EAAE,OAAO,CAAC,kBAAkB;SACzC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,SAAS,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAEO,aAAa;QACnB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvF,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,CAAC;YAClD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3D,MAAM,eAAe,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;YACnD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;YAC/C,IAAI,OAAO,GAAG,eAAe,GAAG,cAAc,CAAC;YAE/C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAClE,MAAM,iBAAiB,GAAG,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;gBAClD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,EAAE,CAAC;gBAC/D,OAAO,GAAG,iBAAiB,GAAG,aAAa,CAAC;YAC9C,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAC5D,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAC5B,CAAC;QAEF,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;IACzC,CAAC;IAED,QAAQ;QASN,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAClC,MAAM,EAAE;gBACN,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB;gBACtD,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;gBAChD,uBAAuB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB;gBAC5D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI;aACnD;SACF,CAAC;IACJ,CAAC;IAED,aAAa;QACX,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,qBAAqB,GAAG,EAAE,CAAC;IAClC,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACrD,OAAO;QACL,KAAK,EAAE,cAAc,CAAC,aAAa,EAAE;QACrC,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,OAAO,CACL,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QAChB,OAAQ,OAAmC,CAAC,OAAO,CAAC,KAAK,QAAQ;QAC/D,OAAmC,CAAC,OAAO,CAAY,CAAC,MAAM,GAAG,CAAC;QACpE,OAAQ,OAAmC,CAAC,UAAU,CAAC,KAAK,QAAQ;QAClE,OAAmC,CAAC,UAAU,CAAY,CAAC,MAAM,GAAG,CAAC;QACvE,OAAQ,OAAmC,CAAC,WAAW,CAAC,KAAK,QAAQ;QACnE,OAAmC,CAAC,WAAW,CAAY,GAAG,CAAC;QACjE,MAAM,CAAC,SAAS,CAAE,OAAmC,CAAC,WAAW,CAAC,CAAC,CACpE,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto-service.d.ts","sourceRoot":"","sources":["../../src/utils/crypto-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"crypto-service.d.ts","sourceRoot":"","sources":["../../src/utils/crypto-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAStD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,SAAS,CAAC;IACf,CAAC,EAAE,MAAM,CAAC;IACV,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,cAAc,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IAE5C,aAAa,CACjB,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC;IAUnB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS;IA0C1B,SAAS,CACb,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,UAAU,EACxB,OAAO,CAAC,EAAE;QACR,eAAe,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC;QACtC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,GAAG,CAAC,EAAE,OAAO,CAAC;KACf,GACA,OAAO,CAAC,OAAO,CAAC;IAuFnB,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,oBAAoB;CAO7B"}
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
* Centralized cryptographic operations service providing consistent
|
|
5
5
|
* signature verification across all platforms (Cloudflare, Node.js, etc.).
|
|
6
6
|
*/
|
|
7
|
+
import { logger } from '../logging/index.js';
|
|
7
8
|
import { base64urlDecodeToString, base64urlDecodeToBytes, base64urlEncodeFromBytes, bytesToBase64, } from './base64.js';
|
|
8
9
|
export class CryptoService {
|
|
9
10
|
cryptoProvider;
|
|
@@ -16,7 +17,7 @@ export class CryptoService {
|
|
|
16
17
|
return result === true;
|
|
17
18
|
}
|
|
18
19
|
catch (error) {
|
|
19
|
-
|
|
20
|
+
logger.error('[CryptoService] Ed25519 verification error:', error);
|
|
20
21
|
return false;
|
|
21
22
|
}
|
|
22
23
|
}
|
|
@@ -55,11 +56,11 @@ export class CryptoService {
|
|
|
55
56
|
async verifyJWS(jws, publicKeyJwk, options) {
|
|
56
57
|
try {
|
|
57
58
|
if (!this.isValidEd25519JWK(publicKeyJwk)) {
|
|
58
|
-
|
|
59
|
+
logger.error('[CryptoService] Invalid Ed25519 JWK format');
|
|
59
60
|
return false;
|
|
60
61
|
}
|
|
61
62
|
if (options?.expectedKid && publicKeyJwk.kid !== options.expectedKid) {
|
|
62
|
-
|
|
63
|
+
logger.error('[CryptoService] Key ID mismatch');
|
|
63
64
|
return false;
|
|
64
65
|
}
|
|
65
66
|
let parsed;
|
|
@@ -78,23 +79,23 @@ export class CryptoService {
|
|
|
78
79
|
parsed = { header, payload: undefined, signatureBytes, signingInput: '' };
|
|
79
80
|
}
|
|
80
81
|
catch {
|
|
81
|
-
|
|
82
|
+
logger.error('[CryptoService] Invalid detached JWS format');
|
|
82
83
|
return false;
|
|
83
84
|
}
|
|
84
85
|
}
|
|
85
86
|
else {
|
|
86
|
-
|
|
87
|
+
logger.error('[CryptoService] Invalid JWS format:', error);
|
|
87
88
|
return false;
|
|
88
89
|
}
|
|
89
90
|
}
|
|
90
91
|
else {
|
|
91
|
-
|
|
92
|
+
logger.error('[CryptoService] Invalid JWS format:', error);
|
|
92
93
|
return false;
|
|
93
94
|
}
|
|
94
95
|
}
|
|
95
96
|
const expectedAlg = options?.alg || 'EdDSA';
|
|
96
97
|
if (parsed.header['alg'] !== expectedAlg) {
|
|
97
|
-
|
|
98
|
+
logger.error(`[CryptoService] Unsupported algorithm: ${parsed.header['alg']}, expected ${expectedAlg}`);
|
|
98
99
|
return false;
|
|
99
100
|
}
|
|
100
101
|
let signingInputBytes;
|
|
@@ -111,7 +112,7 @@ export class CryptoService {
|
|
|
111
112
|
}
|
|
112
113
|
else {
|
|
113
114
|
if (!parsed.signingInput) {
|
|
114
|
-
|
|
115
|
+
logger.error('[CryptoService] Missing signing input for compact JWS');
|
|
115
116
|
return false;
|
|
116
117
|
}
|
|
117
118
|
signingInputBytes = new TextEncoder().encode(parsed.signingInput);
|
|
@@ -121,13 +122,13 @@ export class CryptoService {
|
|
|
121
122
|
publicKeyBase64 = this.jwkToBase64PublicKey(publicKeyJwk);
|
|
122
123
|
}
|
|
123
124
|
catch (error) {
|
|
124
|
-
|
|
125
|
+
logger.error('[CryptoService] Failed to extract public key:', error);
|
|
125
126
|
return false;
|
|
126
127
|
}
|
|
127
128
|
return await this.verifyEd25519(signingInputBytes, parsed.signatureBytes, publicKeyBase64);
|
|
128
129
|
}
|
|
129
130
|
catch (error) {
|
|
130
|
-
|
|
131
|
+
logger.error('[CryptoService] JWS verification error:', error);
|
|
131
132
|
return false;
|
|
132
133
|
}
|
|
133
134
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto-service.js","sourceRoot":"","sources":["../../src/utils/crypto-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,wBAAwB,EACxB,aAAa,GACd,MAAM,aAAa,CAAC;AAoBrB,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,cAA8B;QAA9B,mBAAc,GAAd,cAAc,CAAgB;IAAG,CAAC;IAEtD,KAAK,CAAC,aAAa,CACjB,IAAgB,EAChB,SAAqB,EACrB,SAAiB;QAEjB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC5E,OAAO,MAAM,KAAK,IAAI,CAAC;QACzB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,
|
|
1
|
+
{"version":3,"file":"crypto-service.js","sourceRoot":"","sources":["../../src/utils/crypto-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,wBAAwB,EACxB,aAAa,GACd,MAAM,aAAa,CAAC;AAoBrB,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,cAA8B;QAA9B,mBAAc,GAAd,cAAc,CAAgB;IAAG,CAAC;IAEtD,KAAK,CAAC,aAAa,CACjB,IAAgB,EAChB,SAAqB,EACrB,SAAiB;QAEjB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC5E,OAAO,MAAM,KAAK,IAAI,CAAC;QACzB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;YACnE,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,GAAW;QAClB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;QAEpD,IAAI,MAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,SAAU,CAAC,CAA4B,CAAC;QACtF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;QAED,IAAI,OAA4C,CAAC;QACjD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAA4B,CAAC;YACvF,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACpF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,cAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,cAAc,GAAG,sBAAsB,CAAC,YAAa,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAElD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,SAAS,CACb,GAAW,EACX,YAAwB,EACxB,OAIC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,OAAO,EAAE,WAAW,IAAI,YAAY,CAAC,GAAG,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBACrE,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;gBAChD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,MAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,OAAO,EAAE,eAAe,KAAK,SAAS,EAAE,CAAC;oBAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;wBAC1C,IAAI,CAAC;4BACH,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;4BAC5B,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;4BAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,uBAAuB,CAAC,SAAS,CAAC,CACR,CAAC;4BAC7B,MAAM,cAAc,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;4BAC5D,MAAM,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;wBAC5E,CAAC;wBAAC,MAAM,CAAC;4BACP,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;4BAC5D,OAAO,KAAK,CAAC;wBACf,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;wBAC3D,OAAO,KAAK,CAAC;oBACf,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;oBAC3D,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,MAAM,WAAW,GAAG,OAAO,EAAE,GAAG,IAAI,OAAO,CAAC;YAC5C,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,WAAW,EAAE,CAAC;gBACzC,MAAM,CAAC,KAAK,CACV,0CAA0C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,WAAW,EAAE,CAC1F,CAAC;gBACF,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,iBAA6B,CAAC;YAElC,IAAI,OAAO,EAAE,eAAe,KAAK,SAAS,EAAE,CAAC;gBAC3C,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;gBACrC,IAAI,UAAkB,CAAC;gBAEvB,IAAI,OAAO,CAAC,eAAe,YAAY,UAAU,EAAE,CAAC;oBAClD,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;gBACjE,CAAC;qBAAM,CAAC;oBACN,UAAU,GAAG,wBAAwB,CACnC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAClD,CAAC;gBACJ,CAAC;gBAED,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC,CAAC;YAC7E,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;oBACzB,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;oBACtE,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,iBAAiB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACpE,CAAC;YAED,IAAI,eAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,+CAA+C,EAAE,KAAK,CAAC,CAAC;gBACrE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;QAC7F,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,GAAY;QACpC,OAAO,CACL,OAAO,GAAG,KAAK,QAAQ;YACvB,GAAG,KAAK,IAAI;YACZ,KAAK,IAAI,GAAG;YACX,GAA+B,CAAC,KAAK,CAAC,KAAK,KAAK;YACjD,KAAK,IAAI,GAAG;YACX,GAA+B,CAAC,KAAK,CAAC,KAAK,SAAS;YACrD,GAAG,IAAI,GAAG;YACV,OAAQ,GAA+B,CAAC,GAAG,CAAC,KAAK,QAAQ;YACvD,GAA+B,CAAC,GAAG,CAAY,CAAC,MAAM,GAAG,CAAC,CAC7D,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAAC,GAAe;QAC1C,MAAM,cAAc,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,sCAAsC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,aAAa,CAAC,cAAc,CAAC,CAAC;IACvC,CAAC;CACF"}
|
|
@@ -153,4 +153,16 @@ export declare function generateDidKeyFromBytes(publicKeyBytes: Uint8Array): str
|
|
|
153
153
|
* ```
|
|
154
154
|
*/
|
|
155
155
|
export declare function generateDidKeyFromBase64(publicKeyBase64: string): string;
|
|
156
|
+
/**
|
|
157
|
+
* Get the spec-compliant fragment identifier for a did:key DID.
|
|
158
|
+
*
|
|
159
|
+
* Per the did:key spec (W3C CCG), the fragment equals the multibase-encoded
|
|
160
|
+
* public key value (the DID-specific-id). For example:
|
|
161
|
+
* did:key:z6MkABC... → z6MkABC...
|
|
162
|
+
*
|
|
163
|
+
* @see https://w3c-ccg.github.io/did-key-spec/#document-creation-algorithm
|
|
164
|
+
* @param did - A did:key DID string
|
|
165
|
+
* @returns The fragment identifier (multibase value), or 'keys-1' as fallback for non-did:key
|
|
166
|
+
*/
|
|
167
|
+
export declare function didKeyFragment(did: string): string;
|
|
156
168
|
//# sourceMappingURL=did-helpers.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"did-helpers.d.ts","sourceRoot":"","sources":["../../src/utils/did-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMvD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE;IACnC,QAAQ,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD,GAAG,MAAM,CAMT;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAIlD;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAQD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,CAAC,cAAc,EAAE,UAAU,GAAG,MAAM,CAW1E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAMxE"}
|
|
1
|
+
{"version":3,"file":"did-helpers.d.ts","sourceRoot":"","sources":["../../src/utils/did-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMvD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE;IACnC,QAAQ,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACrD,GAAG,MAAM,CAMT;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAIlD;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEpD;AAQD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,CAAC,cAAc,EAAE,UAAU,GAAG,MAAM,CAW1E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAMxE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAMlD"}
|
|
@@ -190,4 +190,22 @@ export function generateDidKeyFromBase64(publicKeyBase64) {
|
|
|
190
190
|
const publicKeyBytes = Uint8Array.from(atob(publicKeyBase64), (c) => c.charCodeAt(0));
|
|
191
191
|
return generateDidKeyFromBytes(publicKeyBytes);
|
|
192
192
|
}
|
|
193
|
+
/**
|
|
194
|
+
* Get the spec-compliant fragment identifier for a did:key DID.
|
|
195
|
+
*
|
|
196
|
+
* Per the did:key spec (W3C CCG), the fragment equals the multibase-encoded
|
|
197
|
+
* public key value (the DID-specific-id). For example:
|
|
198
|
+
* did:key:z6MkABC... → z6MkABC...
|
|
199
|
+
*
|
|
200
|
+
* @see https://w3c-ccg.github.io/did-key-spec/#document-creation-algorithm
|
|
201
|
+
* @param did - A did:key DID string
|
|
202
|
+
* @returns The fragment identifier (multibase value), or 'keys-1' as fallback for non-did:key
|
|
203
|
+
*/
|
|
204
|
+
export function didKeyFragment(did) {
|
|
205
|
+
if (did.startsWith('did:key:')) {
|
|
206
|
+
return did.slice('did:key:'.length);
|
|
207
|
+
}
|
|
208
|
+
// Fallback for non-did:key methods
|
|
209
|
+
return 'keys-1';
|
|
210
|
+
}
|
|
193
211
|
//# sourceMappingURL=did-helpers.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"did-helpers.js","sourceRoot":"","sources":["../../src/utils/did-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACzC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,IAAY;IACpD,OAAO,YAAY,CAAC,IAAI,CAAC,KAAK,YAAY,CAAC,IAAI,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,YAAY,CAAC,MAE5B;IACC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACxE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,8CAA8C;IAC9C,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE/D;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB,CAAC,cAA0B;IAChE,yCAAyC;IACzC,MAAM,aAAa,GAAG,IAAI,UAAU,CAClC,yBAAyB,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CACzD,CAAC;IACF,aAAa,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEpE,iDAAiD;IACjD,MAAM,aAAa,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IAClD,OAAO,YAAY,aAAa,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,wBAAwB,CAAC,eAAuB;IAC9D,yBAAyB;IACzB,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAClE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAChB,CAAC;IACF,OAAO,uBAAuB,CAAC,cAAc,CAAC,CAAC;AACjD,CAAC"}
|
|
1
|
+
{"version":3,"file":"did-helpers.js","sourceRoot":"","sources":["../../src/utils/did-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACzC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,IAAY;IACpD,OAAO,YAAY,CAAC,IAAI,CAAC,KAAK,YAAY,CAAC,IAAI,CAAC,CAAC;AACnD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,YAAY,CAAC,MAE5B;IACC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACxE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,8CAA8C;IAC9C,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,OAAO,cAAc,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE/D;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB,CAAC,cAA0B;IAChE,yCAAyC;IACzC,MAAM,aAAa,GAAG,IAAI,UAAU,CAClC,yBAAyB,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CACzD,CAAC;IACF,aAAa,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,CAAC,cAAc,EAAE,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEpE,iDAAiD;IACjD,MAAM,aAAa,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IAClD,OAAO,YAAY,aAAa,EAAE,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,wBAAwB,CAAC,eAAuB;IAC9D,yBAAyB;IACzB,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAClE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAChB,CAAC;IACF,OAAO,uBAAuB,CAAC,cAAc,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IACD,mCAAmC;IACnC,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mcp-i/core",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "Core library for MCP-I
|
|
3
|
+
"version": "1.2.0",
|
|
4
|
+
"description": "Core library for MCP-I \u2014 delegation, proof, and session primitives for Model Context Protocol Identity",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "dist/index.js",
|
|
@@ -0,0 +1,243 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonicalization Integrity Audit Tests
|
|
3
|
+
*
|
|
4
|
+
* Verifies that JSON canonicalization (RFC 8785 JCS) produces deterministic
|
|
5
|
+
* output, that assertJsonSafe rejects dangerous inputs, and that
|
|
6
|
+
* canonicalization is consistent across modules.
|
|
7
|
+
*/
|
|
8
|
+
|
|
9
|
+
import { describe, it, expect } from 'vitest';
|
|
10
|
+
import { canonicalizeJSON } from '../../delegation/utils.js';
|
|
11
|
+
import { canonicalize } from 'json-canonicalize';
|
|
12
|
+
import { ProofGenerator } from '../../proof/generator.js';
|
|
13
|
+
import { NodeCryptoProvider } from '../utils/node-crypto-provider.js';
|
|
14
|
+
import { MemoryIdentityProvider } from '../../providers/memory.js';
|
|
15
|
+
|
|
16
|
+
describe('Canonicalization Integrity Audit', () => {
|
|
17
|
+
// ── Determinism ───────────────────────────────────────────────
|
|
18
|
+
|
|
19
|
+
describe('deterministic output', () => {
|
|
20
|
+
it('should produce identical output regardless of key insertion order', () => {
|
|
21
|
+
const a = canonicalizeJSON({ b: 1, a: 2 });
|
|
22
|
+
const b = canonicalizeJSON({ a: 2, b: 1 });
|
|
23
|
+
expect(a).toBe(b);
|
|
24
|
+
});
|
|
25
|
+
|
|
26
|
+
it('should produce identical output for nested objects with different key orders', () => {
|
|
27
|
+
const a = canonicalizeJSON({
|
|
28
|
+
z: { y: 1, x: 2 },
|
|
29
|
+
a: { c: 3, b: 4 },
|
|
30
|
+
});
|
|
31
|
+
const b = canonicalizeJSON({
|
|
32
|
+
a: { b: 4, c: 3 },
|
|
33
|
+
z: { x: 2, y: 1 },
|
|
34
|
+
});
|
|
35
|
+
expect(a).toBe(b);
|
|
36
|
+
});
|
|
37
|
+
|
|
38
|
+
it('should handle arrays with objects in deterministic order', () => {
|
|
39
|
+
const a = canonicalizeJSON([
|
|
40
|
+
{ z: 1, a: 2 },
|
|
41
|
+
{ b: 3, a: 4 },
|
|
42
|
+
]);
|
|
43
|
+
const b = canonicalizeJSON([
|
|
44
|
+
{ a: 2, z: 1 },
|
|
45
|
+
{ a: 4, b: 3 },
|
|
46
|
+
]);
|
|
47
|
+
expect(a).toBe(b);
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
it('should handle deeply nested structures deterministically', () => {
|
|
51
|
+
const a = canonicalizeJSON({
|
|
52
|
+
level1: {
|
|
53
|
+
level2: {
|
|
54
|
+
level3: { c: 3, b: 2, a: 1 },
|
|
55
|
+
},
|
|
56
|
+
},
|
|
57
|
+
});
|
|
58
|
+
const b = canonicalizeJSON({
|
|
59
|
+
level1: {
|
|
60
|
+
level2: {
|
|
61
|
+
level3: { a: 1, b: 2, c: 3 },
|
|
62
|
+
},
|
|
63
|
+
},
|
|
64
|
+
});
|
|
65
|
+
expect(a).toBe(b);
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
// ── assertJsonSafe Guards ─────────────────────────────────────
|
|
70
|
+
|
|
71
|
+
describe('assertJsonSafe rejection of non-JSON values', () => {
|
|
72
|
+
it('should reject Infinity', () => {
|
|
73
|
+
expect(() => canonicalizeJSON({ val: Infinity })).toThrow(TypeError);
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
it('should reject -Infinity', () => {
|
|
77
|
+
expect(() => canonicalizeJSON({ val: -Infinity })).toThrow(TypeError);
|
|
78
|
+
});
|
|
79
|
+
|
|
80
|
+
it('should reject NaN', () => {
|
|
81
|
+
expect(() => canonicalizeJSON({ val: NaN })).toThrow(TypeError);
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
it('should reject undefined', () => {
|
|
85
|
+
expect(() => canonicalizeJSON(undefined)).toThrow(TypeError);
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
it('should reject functions', () => {
|
|
89
|
+
expect(() => canonicalizeJSON({ fn: () => {} })).toThrow(TypeError);
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
it('should reject symbols', () => {
|
|
93
|
+
expect(() => canonicalizeJSON({ sym: Symbol('test') })).toThrow(TypeError);
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
it('should reject bigint', () => {
|
|
97
|
+
expect(() => canonicalizeJSON({ big: BigInt(42) })).toThrow(TypeError);
|
|
98
|
+
});
|
|
99
|
+
|
|
100
|
+
it('should reject nested non-finite values', () => {
|
|
101
|
+
expect(() =>
|
|
102
|
+
canonicalizeJSON({ nested: { deep: { val: NaN } } })
|
|
103
|
+
).toThrow(TypeError);
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
it('should reject non-finite values in arrays', () => {
|
|
107
|
+
expect(() => canonicalizeJSON([1, 2, Infinity])).toThrow(TypeError);
|
|
108
|
+
});
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
// ── Valid JSON Values ─────────────────────────────────────────
|
|
112
|
+
|
|
113
|
+
describe('valid JSON values are accepted', () => {
|
|
114
|
+
it('should accept null', () => {
|
|
115
|
+
expect(() => canonicalizeJSON(null)).not.toThrow();
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
it('should accept booleans', () => {
|
|
119
|
+
expect(() => canonicalizeJSON(true)).not.toThrow();
|
|
120
|
+
expect(() => canonicalizeJSON(false)).not.toThrow();
|
|
121
|
+
});
|
|
122
|
+
|
|
123
|
+
it('should accept finite numbers', () => {
|
|
124
|
+
expect(() => canonicalizeJSON(42)).not.toThrow();
|
|
125
|
+
expect(() => canonicalizeJSON(-0.5)).not.toThrow();
|
|
126
|
+
expect(() => canonicalizeJSON(0)).not.toThrow();
|
|
127
|
+
});
|
|
128
|
+
|
|
129
|
+
it('should accept strings', () => {
|
|
130
|
+
expect(() => canonicalizeJSON('hello')).not.toThrow();
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
it('should accept empty objects and arrays', () => {
|
|
134
|
+
expect(() => canonicalizeJSON({})).not.toThrow();
|
|
135
|
+
expect(() => canonicalizeJSON([])).not.toThrow();
|
|
136
|
+
});
|
|
137
|
+
});
|
|
138
|
+
|
|
139
|
+
// ── Cross-Module Consistency ──────────────────────────────────
|
|
140
|
+
|
|
141
|
+
describe('cross-module consistency', () => {
|
|
142
|
+
it('should match json-canonicalize output for safe inputs', () => {
|
|
143
|
+
const input = {
|
|
144
|
+
method: 'tools/call',
|
|
145
|
+
params: { name: 'test-tool', arguments: { x: 1, y: 'hello' } },
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
const fromUtils = canonicalizeJSON(input);
|
|
149
|
+
const fromLib = canonicalize(input);
|
|
150
|
+
|
|
151
|
+
expect(fromUtils).toBe(fromLib);
|
|
152
|
+
});
|
|
153
|
+
|
|
154
|
+
it('should match for VC-like structures', () => {
|
|
155
|
+
const vcLike = {
|
|
156
|
+
'@context': ['https://www.w3.org/2018/credentials/v1'],
|
|
157
|
+
type: ['VerifiableCredential', 'DelegationCredential'],
|
|
158
|
+
issuer: 'did:key:z6MkTest',
|
|
159
|
+
credentialSubject: {
|
|
160
|
+
id: 'did:key:z6MkSubject',
|
|
161
|
+
delegation: {
|
|
162
|
+
scopes: ['tools:read'],
|
|
163
|
+
constraints: { notAfter: 1234567890 },
|
|
164
|
+
},
|
|
165
|
+
},
|
|
166
|
+
};
|
|
167
|
+
|
|
168
|
+
expect(canonicalizeJSON(vcLike)).toBe(canonicalize(vcLike));
|
|
169
|
+
});
|
|
170
|
+
});
|
|
171
|
+
|
|
172
|
+
// ── ProofGenerator Hash Determinism ───────────────────────────
|
|
173
|
+
|
|
174
|
+
describe('ProofGenerator hash determinism across key orderings', () => {
|
|
175
|
+
it('should produce same requestHash for objects with different key orders', async () => {
|
|
176
|
+
const crypto = new NodeCryptoProvider();
|
|
177
|
+
const identityProvider = new MemoryIdentityProvider(crypto);
|
|
178
|
+
const agent = await identityProvider.getIdentity();
|
|
179
|
+
|
|
180
|
+
const gen = new ProofGenerator(
|
|
181
|
+
{ did: agent.did, kid: agent.kid, privateKey: agent.privateKey, publicKey: agent.publicKey },
|
|
182
|
+
crypto
|
|
183
|
+
);
|
|
184
|
+
|
|
185
|
+
const session = {
|
|
186
|
+
sessionId: 'sess_canon_test',
|
|
187
|
+
audience: 'did:web:server.example.com',
|
|
188
|
+
nonce: 'test-nonce-canon',
|
|
189
|
+
timestamp: Math.floor(Date.now() / 1000),
|
|
190
|
+
createdAt: Math.floor(Date.now() / 1000),
|
|
191
|
+
lastActivity: Math.floor(Date.now() / 1000),
|
|
192
|
+
ttlMinutes: 30,
|
|
193
|
+
identityState: 'anonymous' as const,
|
|
194
|
+
};
|
|
195
|
+
|
|
196
|
+
const request1 = { method: 'tools/call', params: { x: 1, y: 2, z: 3 } };
|
|
197
|
+
const request2 = { method: 'tools/call', params: { z: 3, x: 1, y: 2 } };
|
|
198
|
+
const response = { data: { result: 'ok' } };
|
|
199
|
+
|
|
200
|
+
const proof1 = await gen.generateProof(request1, response, session);
|
|
201
|
+
const proof2 = await gen.generateProof(request2, response, session);
|
|
202
|
+
|
|
203
|
+
expect(proof1.meta.requestHash).toBe(proof2.meta.requestHash);
|
|
204
|
+
});
|
|
205
|
+
|
|
206
|
+
it('should produce different hashes for genuinely different inputs', async () => {
|
|
207
|
+
const crypto = new NodeCryptoProvider();
|
|
208
|
+
const identityProvider = new MemoryIdentityProvider(crypto);
|
|
209
|
+
const agent = await identityProvider.getIdentity();
|
|
210
|
+
|
|
211
|
+
const gen = new ProofGenerator(
|
|
212
|
+
{ did: agent.did, kid: agent.kid, privateKey: agent.privateKey, publicKey: agent.publicKey },
|
|
213
|
+
crypto
|
|
214
|
+
);
|
|
215
|
+
|
|
216
|
+
const session = {
|
|
217
|
+
sessionId: 'sess_diff_test',
|
|
218
|
+
audience: 'did:web:server.example.com',
|
|
219
|
+
nonce: 'test-nonce-diff',
|
|
220
|
+
timestamp: Math.floor(Date.now() / 1000),
|
|
221
|
+
createdAt: Math.floor(Date.now() / 1000),
|
|
222
|
+
lastActivity: Math.floor(Date.now() / 1000),
|
|
223
|
+
ttlMinutes: 30,
|
|
224
|
+
identityState: 'anonymous' as const,
|
|
225
|
+
};
|
|
226
|
+
|
|
227
|
+
const response = { data: { result: 'ok' } };
|
|
228
|
+
|
|
229
|
+
const proof1 = await gen.generateProof(
|
|
230
|
+
{ method: 'tools/call', params: { input: 'alice' } },
|
|
231
|
+
response,
|
|
232
|
+
session
|
|
233
|
+
);
|
|
234
|
+
const proof2 = await gen.generateProof(
|
|
235
|
+
{ method: 'tools/call', params: { input: 'bob' } },
|
|
236
|
+
response,
|
|
237
|
+
session
|
|
238
|
+
);
|
|
239
|
+
|
|
240
|
+
expect(proof1.meta.requestHash).not.toBe(proof2.meta.requestHash);
|
|
241
|
+
});
|
|
242
|
+
});
|
|
243
|
+
});
|