@naylence/runtime 0.3.5-test.921 → 0.3.5-test.923
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +255 -249
- package/dist/browser/index.mjs +250 -250
- package/dist/cjs/naylence/fame/security/index.js +10 -1
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/security/index.js +3 -0
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +255 -249
- package/dist/node/index.mjs +250 -250
- package/dist/node/node.cjs +254 -248
- package/dist/node/node.mjs +249 -249
- package/dist/types/naylence/fame/security/index.d.ts +3 -0
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
package/dist/node/node.mjs
CHANGED
|
@@ -11,11 +11,11 @@ import { x25519 } from '@noble/curves/ed25519.js';
|
|
|
11
11
|
import { hkdf } from '@noble/hashes/hkdf.js';
|
|
12
12
|
import { sha256, sha512 } from '@noble/hashes/sha2.js';
|
|
13
13
|
import { utf8ToBytes, bytesToHex, randomBytes, concatBytes } from '@noble/hashes/utils.js';
|
|
14
|
+
import { hashes, sign, verify } from '@noble/ed25519';
|
|
14
15
|
import fastify from 'fastify';
|
|
15
16
|
import websocketPlugin from '@fastify/websocket';
|
|
16
17
|
import formbody from '@fastify/formbody';
|
|
17
18
|
import { createHash, timingSafeEqual, randomBytes as randomBytes$1 } from 'node:crypto';
|
|
18
|
-
import { hashes, sign, verify } from '@noble/ed25519';
|
|
19
19
|
|
|
20
20
|
/**
|
|
21
21
|
* Cross-platform logging utilities for Naylence Fame
|
|
@@ -5371,12 +5371,12 @@ for (const [name, config] of Object.entries(SQLITE_PROFILES)) {
|
|
|
5371
5371
|
}
|
|
5372
5372
|
|
|
5373
5373
|
// This file is auto-generated during build - do not edit manually
|
|
5374
|
-
// Generated from package.json version: 0.3.5-test.
|
|
5374
|
+
// Generated from package.json version: 0.3.5-test.923
|
|
5375
5375
|
/**
|
|
5376
5376
|
* The package version, injected at build time.
|
|
5377
5377
|
* @internal
|
|
5378
5378
|
*/
|
|
5379
|
-
const VERSION = '0.3.5-test.
|
|
5379
|
+
const VERSION = '0.3.5-test.923';
|
|
5380
5380
|
|
|
5381
5381
|
/**
|
|
5382
5382
|
* Fame errors module - Fame protocol specific error classes
|
|
@@ -26321,6 +26321,251 @@ class SigningConfig {
|
|
|
26321
26321
|
}
|
|
26322
26322
|
}
|
|
26323
26323
|
|
|
26324
|
+
function hasBuffer() {
|
|
26325
|
+
return typeof Buffer !== 'undefined';
|
|
26326
|
+
}
|
|
26327
|
+
function readStringProperty(source, ...names) {
|
|
26328
|
+
if (!source || typeof source !== 'object') {
|
|
26329
|
+
return undefined;
|
|
26330
|
+
}
|
|
26331
|
+
for (const name of names) {
|
|
26332
|
+
const value = source[name];
|
|
26333
|
+
if (typeof value === 'string' && value.length > 0) {
|
|
26334
|
+
return value;
|
|
26335
|
+
}
|
|
26336
|
+
}
|
|
26337
|
+
return undefined;
|
|
26338
|
+
}
|
|
26339
|
+
function decodePem(pem) {
|
|
26340
|
+
const base64 = pem
|
|
26341
|
+
.replace(/-----BEGIN[^-]+-----/g, '')
|
|
26342
|
+
.replace(/-----END[^-]+-----/g, '')
|
|
26343
|
+
.replace(/\s+/g, '');
|
|
26344
|
+
if (typeof atob === 'function') {
|
|
26345
|
+
const binary = atob(base64);
|
|
26346
|
+
const bytes = new Uint8Array(binary.length);
|
|
26347
|
+
for (let i = 0; i < binary.length; i += 1) {
|
|
26348
|
+
bytes[i] = binary.charCodeAt(i);
|
|
26349
|
+
}
|
|
26350
|
+
return bytes;
|
|
26351
|
+
}
|
|
26352
|
+
if (hasBuffer()) {
|
|
26353
|
+
return Uint8Array.from(Buffer.from(base64, 'base64'));
|
|
26354
|
+
}
|
|
26355
|
+
throw new Error('Base64 decoding is not available in this environment');
|
|
26356
|
+
}
|
|
26357
|
+
function readLength(data, offset) {
|
|
26358
|
+
const initial = data[offset];
|
|
26359
|
+
if (initial === undefined) {
|
|
26360
|
+
throw new Error('Unexpected end of ASN.1 data');
|
|
26361
|
+
}
|
|
26362
|
+
if ((initial & 0x80) === 0) {
|
|
26363
|
+
return { length: initial, nextOffset: offset + 1 };
|
|
26364
|
+
}
|
|
26365
|
+
const lengthOfLength = initial & 0x7f;
|
|
26366
|
+
if (lengthOfLength === 0 || lengthOfLength > 4) {
|
|
26367
|
+
throw new Error('Unsupported ASN.1 length encoding');
|
|
26368
|
+
}
|
|
26369
|
+
let length = 0;
|
|
26370
|
+
let position = offset + 1;
|
|
26371
|
+
for (let i = 0; i < lengthOfLength; i += 1) {
|
|
26372
|
+
const byte = data[position];
|
|
26373
|
+
if (byte === undefined) {
|
|
26374
|
+
throw new Error('Unexpected end of ASN.1 data');
|
|
26375
|
+
}
|
|
26376
|
+
length = (length << 8) | byte;
|
|
26377
|
+
position += 1;
|
|
26378
|
+
}
|
|
26379
|
+
return { length, nextOffset: position };
|
|
26380
|
+
}
|
|
26381
|
+
function readElement(data, offset, tag) {
|
|
26382
|
+
if (data[offset] !== tag) {
|
|
26383
|
+
throw new Error(`Unexpected ASN.1 tag: expected 0x${tag.toString(16)}, got 0x${(data[offset] ?? 0).toString(16)}`);
|
|
26384
|
+
}
|
|
26385
|
+
const { length, nextOffset } = readLength(data, offset + 1);
|
|
26386
|
+
const contentOffset = nextOffset;
|
|
26387
|
+
return {
|
|
26388
|
+
length,
|
|
26389
|
+
contentOffset,
|
|
26390
|
+
nextOffset: contentOffset + length,
|
|
26391
|
+
};
|
|
26392
|
+
}
|
|
26393
|
+
function parseEd25519PrivateKey(pem) {
|
|
26394
|
+
const raw = decodePem(pem);
|
|
26395
|
+
if (raw.length === 32) {
|
|
26396
|
+
return raw.slice();
|
|
26397
|
+
}
|
|
26398
|
+
// Handle PKCS#8 structure defined in RFC 8410
|
|
26399
|
+
const sequence = readElement(raw, 0, 0x30);
|
|
26400
|
+
const version = readElement(raw, sequence.contentOffset, 0x02);
|
|
26401
|
+
let offset = version.nextOffset;
|
|
26402
|
+
const algorithm = readElement(raw, offset, 0x30);
|
|
26403
|
+
offset = algorithm.nextOffset;
|
|
26404
|
+
const privateKey = readElement(raw, offset, 0x04);
|
|
26405
|
+
const privateContent = raw.subarray(privateKey.contentOffset, privateKey.contentOffset + privateKey.length);
|
|
26406
|
+
if (privateContent.length === 32) {
|
|
26407
|
+
return privateContent.slice();
|
|
26408
|
+
}
|
|
26409
|
+
if (privateContent.length >= 34 && privateContent[0] === 0x04) {
|
|
26410
|
+
const innerLength = privateContent[1];
|
|
26411
|
+
if (innerLength !== 32 || privateContent.length < innerLength + 2) {
|
|
26412
|
+
throw new Error('Unexpected Ed25519 private key length');
|
|
26413
|
+
}
|
|
26414
|
+
return privateContent.subarray(2, 34);
|
|
26415
|
+
}
|
|
26416
|
+
throw new Error('Unsupported Ed25519 private key structure');
|
|
26417
|
+
}
|
|
26418
|
+
const textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : undefined;
|
|
26419
|
+
function encodeUtf8(value) {
|
|
26420
|
+
if (textEncoder) {
|
|
26421
|
+
return textEncoder.encode(value);
|
|
26422
|
+
}
|
|
26423
|
+
if (hasBuffer()) {
|
|
26424
|
+
return Uint8Array.from(Buffer.from(value, 'utf8'));
|
|
26425
|
+
}
|
|
26426
|
+
throw new Error('No UTF-8 encoder available in this environment');
|
|
26427
|
+
}
|
|
26428
|
+
|
|
26429
|
+
if (!hashes.sha512) {
|
|
26430
|
+
hashes.sha512 = (message) => sha512(message);
|
|
26431
|
+
}
|
|
26432
|
+
function normalizeSignerOptions(options) {
|
|
26433
|
+
if (!options || typeof options !== 'object') {
|
|
26434
|
+
return {};
|
|
26435
|
+
}
|
|
26436
|
+
const candidate = options;
|
|
26437
|
+
const result = {
|
|
26438
|
+
...options,
|
|
26439
|
+
};
|
|
26440
|
+
const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
|
|
26441
|
+
if (cryptoProvider !== undefined) {
|
|
26442
|
+
result.cryptoProvider = cryptoProvider ?? null;
|
|
26443
|
+
}
|
|
26444
|
+
const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
|
|
26445
|
+
if (signingConfig !== undefined) {
|
|
26446
|
+
result.signingConfig = signingConfig;
|
|
26447
|
+
}
|
|
26448
|
+
const privateKeyPem = resolveAlias(candidate, [
|
|
26449
|
+
'privateKeyPem',
|
|
26450
|
+
'private_key_pem',
|
|
26451
|
+
]);
|
|
26452
|
+
if (privateKeyPem !== undefined) {
|
|
26453
|
+
result.privateKeyPem = privateKeyPem;
|
|
26454
|
+
}
|
|
26455
|
+
const keyId = resolveAlias(candidate, [
|
|
26456
|
+
'keyId',
|
|
26457
|
+
'key_id',
|
|
26458
|
+
]);
|
|
26459
|
+
if (keyId !== undefined) {
|
|
26460
|
+
result.keyId = keyId;
|
|
26461
|
+
}
|
|
26462
|
+
return result;
|
|
26463
|
+
}
|
|
26464
|
+
class EdDSAEnvelopeSigner {
|
|
26465
|
+
constructor(options = {}) {
|
|
26466
|
+
const normalized = normalizeSignerOptions(options);
|
|
26467
|
+
const provider = normalized.cryptoProvider ?? null;
|
|
26468
|
+
if (!provider) {
|
|
26469
|
+
throw new Error('No crypto provider is configured for signing');
|
|
26470
|
+
}
|
|
26471
|
+
this.crypto = provider;
|
|
26472
|
+
const signingConfigOption = normalized.signingConfig;
|
|
26473
|
+
if (signingConfigOption instanceof SigningConfig) {
|
|
26474
|
+
this.signingConfig = signingConfigOption;
|
|
26475
|
+
}
|
|
26476
|
+
else if (signingConfigOption) {
|
|
26477
|
+
this.signingConfig = new SigningConfig(signingConfigOption);
|
|
26478
|
+
}
|
|
26479
|
+
else {
|
|
26480
|
+
this.signingConfig = new SigningConfig();
|
|
26481
|
+
}
|
|
26482
|
+
this.explicitPrivateKey = normalized.privateKeyPem;
|
|
26483
|
+
this.explicitKeyId = normalized.keyId;
|
|
26484
|
+
}
|
|
26485
|
+
signEnvelope(envelope, { physicalPath }) {
|
|
26486
|
+
if (!envelope.sid) {
|
|
26487
|
+
throw new Error('Envelope missing sid');
|
|
26488
|
+
}
|
|
26489
|
+
const frame = envelope.frame;
|
|
26490
|
+
if (frame.type === 'Data') {
|
|
26491
|
+
const dataFrame = frame;
|
|
26492
|
+
if (!dataFrame.pd) {
|
|
26493
|
+
const payload = dataFrame.payload ?? '';
|
|
26494
|
+
const payloadString = payload === '' ? '' : canonicalJson(payload);
|
|
26495
|
+
dataFrame.pd = secureDigest(payloadString);
|
|
26496
|
+
}
|
|
26497
|
+
}
|
|
26498
|
+
const digest = frameDigest(frame);
|
|
26499
|
+
const immutable = canonicalJson(immutableHeaders(envelope));
|
|
26500
|
+
const sidDigest = secureDigest(physicalPath);
|
|
26501
|
+
const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
|
|
26502
|
+
1 +
|
|
26503
|
+
encodeUtf8(immutable).length +
|
|
26504
|
+
1 +
|
|
26505
|
+
encodeUtf8(digest).length);
|
|
26506
|
+
const sidBytes = encodeUtf8(sidDigest);
|
|
26507
|
+
const immBytes = encodeUtf8(immutable);
|
|
26508
|
+
const digBytes = encodeUtf8(digest);
|
|
26509
|
+
let offset = 0;
|
|
26510
|
+
tbs.set(sidBytes, offset);
|
|
26511
|
+
offset += sidBytes.length;
|
|
26512
|
+
tbs[offset] = 0x1f;
|
|
26513
|
+
offset += 1;
|
|
26514
|
+
tbs.set(immBytes, offset);
|
|
26515
|
+
offset += immBytes.length;
|
|
26516
|
+
tbs[offset] = 0x1f;
|
|
26517
|
+
offset += 1;
|
|
26518
|
+
tbs.set(digBytes, offset);
|
|
26519
|
+
const privateKey = this.loadPrivateKey();
|
|
26520
|
+
const signatureBytes = sign(tbs, privateKey);
|
|
26521
|
+
const signature = urlsafeBase64Encode(signatureBytes);
|
|
26522
|
+
const kid = this.determineKeyId();
|
|
26523
|
+
const signatureHeader = {
|
|
26524
|
+
kid,
|
|
26525
|
+
val: signature,
|
|
26526
|
+
alg: 'EdDSA',
|
|
26527
|
+
};
|
|
26528
|
+
const secHeader = envelope.sec ?? {};
|
|
26529
|
+
secHeader.sig = signatureHeader;
|
|
26530
|
+
envelope.sec = secHeader;
|
|
26531
|
+
return envelope;
|
|
26532
|
+
}
|
|
26533
|
+
loadPrivateKey() {
|
|
26534
|
+
const pem = this.explicitPrivateKey ??
|
|
26535
|
+
readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
|
|
26536
|
+
if (!pem) {
|
|
26537
|
+
throw new Error('Crypto provider does not expose a signing private key');
|
|
26538
|
+
}
|
|
26539
|
+
return parseEd25519PrivateKey(pem);
|
|
26540
|
+
}
|
|
26541
|
+
determineKeyId() {
|
|
26542
|
+
if (this.explicitKeyId) {
|
|
26543
|
+
return this.explicitKeyId;
|
|
26544
|
+
}
|
|
26545
|
+
if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
|
|
26546
|
+
const certificateProvider = this
|
|
26547
|
+
.crypto;
|
|
26548
|
+
const jwk = certificateProvider.nodeJwk?.();
|
|
26549
|
+
if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
|
|
26550
|
+
const kid = jwk.kid;
|
|
26551
|
+
if (typeof kid === 'string' && kid.length > 0) {
|
|
26552
|
+
return kid;
|
|
26553
|
+
}
|
|
26554
|
+
}
|
|
26555
|
+
}
|
|
26556
|
+
const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
|
|
26557
|
+
if (!fallback) {
|
|
26558
|
+
throw new Error('Crypto provider does not expose a signature key id');
|
|
26559
|
+
}
|
|
26560
|
+
return fallback;
|
|
26561
|
+
}
|
|
26562
|
+
}
|
|
26563
|
+
|
|
26564
|
+
var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
|
|
26565
|
+
__proto__: null,
|
|
26566
|
+
EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
|
|
26567
|
+
});
|
|
26568
|
+
|
|
26324
26569
|
// Legacy global crypto provider accessors are intentionally disabled to force
|
|
26325
26570
|
// explicit dependency wiring. If a component still needs a global provider,
|
|
26326
26571
|
// refactor it to accept one via configuration instead of re-enabling this code.
|
|
@@ -41483,251 +41728,6 @@ var sharedSecretTokenVerifier = /*#__PURE__*/Object.freeze({
|
|
|
41483
41728
|
SharedSecretTokenVerifier: SharedSecretTokenVerifier
|
|
41484
41729
|
});
|
|
41485
41730
|
|
|
41486
|
-
function hasBuffer() {
|
|
41487
|
-
return typeof Buffer !== 'undefined';
|
|
41488
|
-
}
|
|
41489
|
-
function readStringProperty(source, ...names) {
|
|
41490
|
-
if (!source || typeof source !== 'object') {
|
|
41491
|
-
return undefined;
|
|
41492
|
-
}
|
|
41493
|
-
for (const name of names) {
|
|
41494
|
-
const value = source[name];
|
|
41495
|
-
if (typeof value === 'string' && value.length > 0) {
|
|
41496
|
-
return value;
|
|
41497
|
-
}
|
|
41498
|
-
}
|
|
41499
|
-
return undefined;
|
|
41500
|
-
}
|
|
41501
|
-
function decodePem(pem) {
|
|
41502
|
-
const base64 = pem
|
|
41503
|
-
.replace(/-----BEGIN[^-]+-----/g, '')
|
|
41504
|
-
.replace(/-----END[^-]+-----/g, '')
|
|
41505
|
-
.replace(/\s+/g, '');
|
|
41506
|
-
if (typeof atob === 'function') {
|
|
41507
|
-
const binary = atob(base64);
|
|
41508
|
-
const bytes = new Uint8Array(binary.length);
|
|
41509
|
-
for (let i = 0; i < binary.length; i += 1) {
|
|
41510
|
-
bytes[i] = binary.charCodeAt(i);
|
|
41511
|
-
}
|
|
41512
|
-
return bytes;
|
|
41513
|
-
}
|
|
41514
|
-
if (hasBuffer()) {
|
|
41515
|
-
return Uint8Array.from(Buffer.from(base64, 'base64'));
|
|
41516
|
-
}
|
|
41517
|
-
throw new Error('Base64 decoding is not available in this environment');
|
|
41518
|
-
}
|
|
41519
|
-
function readLength(data, offset) {
|
|
41520
|
-
const initial = data[offset];
|
|
41521
|
-
if (initial === undefined) {
|
|
41522
|
-
throw new Error('Unexpected end of ASN.1 data');
|
|
41523
|
-
}
|
|
41524
|
-
if ((initial & 0x80) === 0) {
|
|
41525
|
-
return { length: initial, nextOffset: offset + 1 };
|
|
41526
|
-
}
|
|
41527
|
-
const lengthOfLength = initial & 0x7f;
|
|
41528
|
-
if (lengthOfLength === 0 || lengthOfLength > 4) {
|
|
41529
|
-
throw new Error('Unsupported ASN.1 length encoding');
|
|
41530
|
-
}
|
|
41531
|
-
let length = 0;
|
|
41532
|
-
let position = offset + 1;
|
|
41533
|
-
for (let i = 0; i < lengthOfLength; i += 1) {
|
|
41534
|
-
const byte = data[position];
|
|
41535
|
-
if (byte === undefined) {
|
|
41536
|
-
throw new Error('Unexpected end of ASN.1 data');
|
|
41537
|
-
}
|
|
41538
|
-
length = (length << 8) | byte;
|
|
41539
|
-
position += 1;
|
|
41540
|
-
}
|
|
41541
|
-
return { length, nextOffset: position };
|
|
41542
|
-
}
|
|
41543
|
-
function readElement(data, offset, tag) {
|
|
41544
|
-
if (data[offset] !== tag) {
|
|
41545
|
-
throw new Error(`Unexpected ASN.1 tag: expected 0x${tag.toString(16)}, got 0x${(data[offset] ?? 0).toString(16)}`);
|
|
41546
|
-
}
|
|
41547
|
-
const { length, nextOffset } = readLength(data, offset + 1);
|
|
41548
|
-
const contentOffset = nextOffset;
|
|
41549
|
-
return {
|
|
41550
|
-
length,
|
|
41551
|
-
contentOffset,
|
|
41552
|
-
nextOffset: contentOffset + length,
|
|
41553
|
-
};
|
|
41554
|
-
}
|
|
41555
|
-
function parseEd25519PrivateKey(pem) {
|
|
41556
|
-
const raw = decodePem(pem);
|
|
41557
|
-
if (raw.length === 32) {
|
|
41558
|
-
return raw.slice();
|
|
41559
|
-
}
|
|
41560
|
-
// Handle PKCS#8 structure defined in RFC 8410
|
|
41561
|
-
const sequence = readElement(raw, 0, 0x30);
|
|
41562
|
-
const version = readElement(raw, sequence.contentOffset, 0x02);
|
|
41563
|
-
let offset = version.nextOffset;
|
|
41564
|
-
const algorithm = readElement(raw, offset, 0x30);
|
|
41565
|
-
offset = algorithm.nextOffset;
|
|
41566
|
-
const privateKey = readElement(raw, offset, 0x04);
|
|
41567
|
-
const privateContent = raw.subarray(privateKey.contentOffset, privateKey.contentOffset + privateKey.length);
|
|
41568
|
-
if (privateContent.length === 32) {
|
|
41569
|
-
return privateContent.slice();
|
|
41570
|
-
}
|
|
41571
|
-
if (privateContent.length >= 34 && privateContent[0] === 0x04) {
|
|
41572
|
-
const innerLength = privateContent[1];
|
|
41573
|
-
if (innerLength !== 32 || privateContent.length < innerLength + 2) {
|
|
41574
|
-
throw new Error('Unexpected Ed25519 private key length');
|
|
41575
|
-
}
|
|
41576
|
-
return privateContent.subarray(2, 34);
|
|
41577
|
-
}
|
|
41578
|
-
throw new Error('Unsupported Ed25519 private key structure');
|
|
41579
|
-
}
|
|
41580
|
-
const textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : undefined;
|
|
41581
|
-
function encodeUtf8(value) {
|
|
41582
|
-
if (textEncoder) {
|
|
41583
|
-
return textEncoder.encode(value);
|
|
41584
|
-
}
|
|
41585
|
-
if (hasBuffer()) {
|
|
41586
|
-
return Uint8Array.from(Buffer.from(value, 'utf8'));
|
|
41587
|
-
}
|
|
41588
|
-
throw new Error('No UTF-8 encoder available in this environment');
|
|
41589
|
-
}
|
|
41590
|
-
|
|
41591
|
-
if (!hashes.sha512) {
|
|
41592
|
-
hashes.sha512 = (message) => sha512(message);
|
|
41593
|
-
}
|
|
41594
|
-
function normalizeSignerOptions(options) {
|
|
41595
|
-
if (!options || typeof options !== 'object') {
|
|
41596
|
-
return {};
|
|
41597
|
-
}
|
|
41598
|
-
const candidate = options;
|
|
41599
|
-
const result = {
|
|
41600
|
-
...options,
|
|
41601
|
-
};
|
|
41602
|
-
const cryptoProvider = resolveAlias(candidate, ['cryptoProvider', 'crypto_provider']);
|
|
41603
|
-
if (cryptoProvider !== undefined) {
|
|
41604
|
-
result.cryptoProvider = cryptoProvider ?? null;
|
|
41605
|
-
}
|
|
41606
|
-
const signingConfig = resolveAlias(candidate, ['signingConfig', 'signing_config']);
|
|
41607
|
-
if (signingConfig !== undefined) {
|
|
41608
|
-
result.signingConfig = signingConfig;
|
|
41609
|
-
}
|
|
41610
|
-
const privateKeyPem = resolveAlias(candidate, [
|
|
41611
|
-
'privateKeyPem',
|
|
41612
|
-
'private_key_pem',
|
|
41613
|
-
]);
|
|
41614
|
-
if (privateKeyPem !== undefined) {
|
|
41615
|
-
result.privateKeyPem = privateKeyPem;
|
|
41616
|
-
}
|
|
41617
|
-
const keyId = resolveAlias(candidate, [
|
|
41618
|
-
'keyId',
|
|
41619
|
-
'key_id',
|
|
41620
|
-
]);
|
|
41621
|
-
if (keyId !== undefined) {
|
|
41622
|
-
result.keyId = keyId;
|
|
41623
|
-
}
|
|
41624
|
-
return result;
|
|
41625
|
-
}
|
|
41626
|
-
class EdDSAEnvelopeSigner {
|
|
41627
|
-
constructor(options = {}) {
|
|
41628
|
-
const normalized = normalizeSignerOptions(options);
|
|
41629
|
-
const provider = normalized.cryptoProvider ?? null;
|
|
41630
|
-
if (!provider) {
|
|
41631
|
-
throw new Error('No crypto provider is configured for signing');
|
|
41632
|
-
}
|
|
41633
|
-
this.crypto = provider;
|
|
41634
|
-
const signingConfigOption = normalized.signingConfig;
|
|
41635
|
-
if (signingConfigOption instanceof SigningConfig) {
|
|
41636
|
-
this.signingConfig = signingConfigOption;
|
|
41637
|
-
}
|
|
41638
|
-
else if (signingConfigOption) {
|
|
41639
|
-
this.signingConfig = new SigningConfig(signingConfigOption);
|
|
41640
|
-
}
|
|
41641
|
-
else {
|
|
41642
|
-
this.signingConfig = new SigningConfig();
|
|
41643
|
-
}
|
|
41644
|
-
this.explicitPrivateKey = normalized.privateKeyPem;
|
|
41645
|
-
this.explicitKeyId = normalized.keyId;
|
|
41646
|
-
}
|
|
41647
|
-
signEnvelope(envelope, { physicalPath }) {
|
|
41648
|
-
if (!envelope.sid) {
|
|
41649
|
-
throw new Error('Envelope missing sid');
|
|
41650
|
-
}
|
|
41651
|
-
const frame = envelope.frame;
|
|
41652
|
-
if (frame.type === 'Data') {
|
|
41653
|
-
const dataFrame = frame;
|
|
41654
|
-
if (!dataFrame.pd) {
|
|
41655
|
-
const payload = dataFrame.payload ?? '';
|
|
41656
|
-
const payloadString = payload === '' ? '' : canonicalJson(payload);
|
|
41657
|
-
dataFrame.pd = secureDigest(payloadString);
|
|
41658
|
-
}
|
|
41659
|
-
}
|
|
41660
|
-
const digest = frameDigest(frame);
|
|
41661
|
-
const immutable = canonicalJson(immutableHeaders(envelope));
|
|
41662
|
-
const sidDigest = secureDigest(physicalPath);
|
|
41663
|
-
const tbs = new Uint8Array(encodeUtf8(sidDigest).length +
|
|
41664
|
-
1 +
|
|
41665
|
-
encodeUtf8(immutable).length +
|
|
41666
|
-
1 +
|
|
41667
|
-
encodeUtf8(digest).length);
|
|
41668
|
-
const sidBytes = encodeUtf8(sidDigest);
|
|
41669
|
-
const immBytes = encodeUtf8(immutable);
|
|
41670
|
-
const digBytes = encodeUtf8(digest);
|
|
41671
|
-
let offset = 0;
|
|
41672
|
-
tbs.set(sidBytes, offset);
|
|
41673
|
-
offset += sidBytes.length;
|
|
41674
|
-
tbs[offset] = 0x1f;
|
|
41675
|
-
offset += 1;
|
|
41676
|
-
tbs.set(immBytes, offset);
|
|
41677
|
-
offset += immBytes.length;
|
|
41678
|
-
tbs[offset] = 0x1f;
|
|
41679
|
-
offset += 1;
|
|
41680
|
-
tbs.set(digBytes, offset);
|
|
41681
|
-
const privateKey = this.loadPrivateKey();
|
|
41682
|
-
const signatureBytes = sign(tbs, privateKey);
|
|
41683
|
-
const signature = urlsafeBase64Encode(signatureBytes);
|
|
41684
|
-
const kid = this.determineKeyId();
|
|
41685
|
-
const signatureHeader = {
|
|
41686
|
-
kid,
|
|
41687
|
-
val: signature,
|
|
41688
|
-
alg: 'EdDSA',
|
|
41689
|
-
};
|
|
41690
|
-
const secHeader = envelope.sec ?? {};
|
|
41691
|
-
secHeader.sig = signatureHeader;
|
|
41692
|
-
envelope.sec = secHeader;
|
|
41693
|
-
return envelope;
|
|
41694
|
-
}
|
|
41695
|
-
loadPrivateKey() {
|
|
41696
|
-
const pem = this.explicitPrivateKey ??
|
|
41697
|
-
readStringProperty(this.crypto, 'signingPrivatePem', 'signing_private_pem');
|
|
41698
|
-
if (!pem) {
|
|
41699
|
-
throw new Error('Crypto provider does not expose a signing private key');
|
|
41700
|
-
}
|
|
41701
|
-
return parseEd25519PrivateKey(pem);
|
|
41702
|
-
}
|
|
41703
|
-
determineKeyId() {
|
|
41704
|
-
if (this.explicitKeyId) {
|
|
41705
|
-
return this.explicitKeyId;
|
|
41706
|
-
}
|
|
41707
|
-
if (this.signingConfig.signingMaterial === SigningMaterial.X509_CHAIN) {
|
|
41708
|
-
const certificateProvider = this
|
|
41709
|
-
.crypto;
|
|
41710
|
-
const jwk = certificateProvider.nodeJwk?.();
|
|
41711
|
-
if (jwk && typeof jwk === 'object' && 'kid' in jwk && 'x5c' in jwk) {
|
|
41712
|
-
const kid = jwk.kid;
|
|
41713
|
-
if (typeof kid === 'string' && kid.length > 0) {
|
|
41714
|
-
return kid;
|
|
41715
|
-
}
|
|
41716
|
-
}
|
|
41717
|
-
}
|
|
41718
|
-
const fallback = readStringProperty(this.crypto, 'signatureKeyId', 'signature_key_id');
|
|
41719
|
-
if (!fallback) {
|
|
41720
|
-
throw new Error('Crypto provider does not expose a signature key id');
|
|
41721
|
-
}
|
|
41722
|
-
return fallback;
|
|
41723
|
-
}
|
|
41724
|
-
}
|
|
41725
|
-
|
|
41726
|
-
var eddsaEnvelopeSigner = /*#__PURE__*/Object.freeze({
|
|
41727
|
-
__proto__: null,
|
|
41728
|
-
EdDSAEnvelopeSigner: EdDSAEnvelopeSigner
|
|
41729
|
-
});
|
|
41730
|
-
|
|
41731
41731
|
async function loadPublicKey(jwk, signingConfig) {
|
|
41732
41732
|
if (jwk.x5c) {
|
|
41733
41733
|
if (signingConfig.signingMaterial !== SigningMaterial.X509_CHAIN) {
|
|
@@ -41965,4 +41965,4 @@ var websocketTransportProvisioner = /*#__PURE__*/Object.freeze({
|
|
|
41965
41965
|
WebSocketTransportProvisionerFactory: WebSocketTransportProvisionerFactory
|
|
41966
41966
|
});
|
|
41967
41967
|
|
|
41968
|
-
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$Z as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$_ as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportListener, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, getCurrentEnvelope, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
41968
|
+
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$Z as DEFAULT_WELCOME_FACTORY_META, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$_ as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MemoryMetricsEmitter, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenVerifierFactory, TransportListener, TransportProvisionerFactory, TtlValidationError, UpstreamSessionManager, VALID_CURVES_BY_KTY, VALID_KEY_USES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, color, compareCryptoLevels, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCurrentEnvelope, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isInPageConnectionGrant, isNodeLike, isPlainObject$3 as isPlainObject, isPoolAddress, isPoolLogical, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
@@ -53,6 +53,9 @@ export type * from './security-manager-factory.js';
|
|
|
53
53
|
export * from './signing/envelope-signer.js';
|
|
54
54
|
export * from './signing/envelope-verifier.js';
|
|
55
55
|
export { SigningConfig as SigningConfigClass, type SigningConfigOptions, } from './signing/signing-config.js';
|
|
56
|
+
export { canonicalJson, decodeBase64Url, frameDigest, immutableHeaders, } from './signing/eddsa-signer-verifier.js';
|
|
57
|
+
export { encodeUtf8, } from './signing/eddsa-utils.js';
|
|
58
|
+
export { EdDSAEnvelopeSigner, type EdDSAEnvelopeSignerOptions, } from './signing/eddsa-envelope-signer.js';
|
|
56
59
|
export * from './crypto/providers/crypto-provider.js';
|
|
57
60
|
export * from './crypto/providers/default-crypto-provider.js';
|
|
58
61
|
export * from './credential/credential-provider.js';
|
package/dist/types/version.d.ts
CHANGED