@nmshd/transport 1.0.0

package/dist/modules/accounts/data/Identity.js

@@ -0,0 +1,69 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var Identity_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Identity = exports.Realm = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const crypto_1 = require("@nmshd/crypto");
+const CoreSerializableAsync_1 = require("../../../core/CoreSerializableAsync");
+const CoreAddress_1 = require("../../../core/types/CoreAddress");
+const CoreDate_1 = require("../../../core/types/CoreDate");
+var Realm;
+(function (Realm) {
+    Realm["Dev"] = "dev";
+    Realm["Stage"] = "id0";
+    Realm["Prod"] = "id1";
+})(Realm = exports.Realm || (exports.Realm = {}));
+let Identity = Identity_1 = class Identity extends CoreSerializableAsync_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, Identity_1);
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", CoreAddress_1.CoreAddress)
+], Identity.prototype, "address", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSignaturePublicKey)
+], Identity.prototype, "publicKey", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Identity.prototype, "realm", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Identity.prototype, "name", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Identity.prototype, "description", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", CoreDate_1.CoreDate)
+], Identity.prototype, "createdAt", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Identity.prototype, "type", void 0);
+Identity = Identity_1 = __decorate([
+    (0, ts_serval_1.type)("Identity")
+], Identity);
+exports.Identity = Identity;
+//# sourceMappingURL=Identity.js.map

package/dist/modules/accounts/data/Identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Identity.js","sourceRoot":"","sources":["../../../../src/modules/accounts/data/Identity.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,0CAAmF;AACnF,+EAAmG;AACnG,iEAA6D;AAC7D,2DAAuD;AAmBvD,IAAY,KAIX;AAJD,WAAY,KAAK;IACb,oBAAW,CAAA;IACX,sBAAa,CAAA;IACb,qBAAY,CAAA;AAChB,CAAC,EAJW,KAAK,GAAL,aAAK,KAAL,aAAK,QAIhB;AAGD,IAAa,QAAQ,gBAArB,MAAa,QAAS,SAAQ,6CAAqB;IA6BxC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAgB;QACrC,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,UAAQ,CAAC,CAAA;IAC7C,CAAC;CACJ,CAAA;AA7BG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACI,yBAAW;yCAAA;AAI3B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACM,iCAAwB;2CAAA;AAI1C;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;uCACO;AAInB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;sCACO;AAInB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;6CACc;AAI1B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACM,mBAAQ;2CAAA;AAI1B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;sCACa;AA3BhB,QAAQ;IADpB,IAAA,gBAAI,EAAC,UAAU,CAAC;GACJ,QAAQ,CAgCpB;AAhCY,4BAAQ"}

package/dist/modules/accounts/data/IdentitySecretCredentials.d.ts

@@ -0,0 +1,16 @@
+import { CryptoSecretKey, CryptoSignaturePrivateKey, CryptoSignaturePublicKey, ICryptoSecretKey, ICryptoSignaturePrivateKey, ICryptoSignaturePublicKey } from "@nmshd/crypto";
+import { CoreSerializableAsync, ICoreSerializableAsync } from "../../../core";
+import { Realm } from "./Identity";
+export interface IIdentitySecretCredentials extends ICoreSerializableAsync {
+    publicKey?: ICryptoSignaturePublicKey;
+    realm: Realm;
+    synchronizationKey: ICryptoSecretKey;
+    privateKey?: ICryptoSignaturePrivateKey;
+}
+export declare class IdentitySecretCredentials extends CoreSerializableAsync implements IIdentitySecretCredentials {
+    realm: Realm;
+    publicKey?: CryptoSignaturePublicKey;
+    synchronizationKey: CryptoSecretKey;
+    privateKey?: CryptoSignaturePrivateKey;
+    static from(value: IIdentitySecretCredentials): Promise<IdentitySecretCredentials>;
+}

package/dist/modules/accounts/data/IdentitySecretCredentials.js

@@ -0,0 +1,47 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var IdentitySecretCredentials_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentitySecretCredentials = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../../core");
+const Identity_1 = require("./Identity");
+let IdentitySecretCredentials = IdentitySecretCredentials_1 = class IdentitySecretCredentials extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, IdentitySecretCredentials_1);
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], IdentitySecretCredentials.prototype, "realm", void 0);
+__decorate([
+    (0, ts_serval_1.validate)({ nullable: true }),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSignaturePublicKey)
+], IdentitySecretCredentials.prototype, "publicKey", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSecretKey)
+], IdentitySecretCredentials.prototype, "synchronizationKey", void 0);
+__decorate([
+    (0, ts_serval_1.validate)({ nullable: true }),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSignaturePrivateKey)
+], IdentitySecretCredentials.prototype, "privateKey", void 0);
+IdentitySecretCredentials = IdentitySecretCredentials_1 = __decorate([
+    (0, ts_serval_1.type)("IdentitySecretCredentials")
+], IdentitySecretCredentials);
+exports.IdentitySecretCredentials = IdentitySecretCredentials;
+//# sourceMappingURL=IdentitySecretCredentials.js.map

package/dist/modules/accounts/data/IdentitySecretCredentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IdentitySecretCredentials.js","sourceRoot":"","sources":["../../../../src/modules/accounts/data/IdentitySecretCredentials.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,0CAOsB;AACtB,wCAA6E;AAC7E,yCAAkC;AAUlC,IAAa,yBAAyB,iCAAtC,MAAa,yBAA0B,SAAQ,4BAAqB;IAiBzD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAiC;QACtD,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,2BAAyB,CAAC,CAAA;IAC9D,CAAC;CACJ,CAAA;AAjBG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;wDACO;AAInB;IAFC,IAAA,oBAAQ,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAA,qBAAS,GAAE;8BACO,iCAAwB;4DAAA;AAI3C;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACe,wBAAe;qEAAA;AAI1C;IAFC,IAAA,oBAAQ,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAA,qBAAS,GAAE;8BACQ,kCAAyB;6DAAA;AAfpC,yBAAyB;IADrC,IAAA,gBAAI,EAAC,2BAA2B,CAAC;GACrB,yBAAyB,CAoBrC;AApBY,8DAAyB"}

package/dist/modules/certificates/CertificateController.d.ts

@@ -0,0 +1,14 @@
+import { TransportController } from "../../core";
+import { AccountController } from "../accounts/AccountController";
+/**
+ * The CertificateController keeps track of all created and received certificates.
+ *
+ * For example:
+ *  - Store certificates for technical identities (per relationship)
+ *  - Store certificates for own attributes
+ *  - Store certificates for own relationships/roles/authorization
+ *  - Store certificates for other identities
+ */
+export declare class CertificateController extends TransportController {
+    constructor(parent: AccountController);
+}

package/dist/modules/certificates/CertificateController.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateController = void 0;
+const core_1 = require("../../core");
+/**
+ * The CertificateController keeps track of all created and received certificates.
+ *
+ * For example:
+ *  - Store certificates for technical identities (per relationship)
+ *  - Store certificates for own attributes
+ *  - Store certificates for own relationships/roles/authorization
+ *  - Store certificates for other identities
+ */
+class CertificateController extends core_1.TransportController {
+    constructor(parent) {
+        super(core_1.ControllerName.Certificate, parent);
+    }
+}
+exports.CertificateController = CertificateController;
+//# sourceMappingURL=CertificateController.js.map

package/dist/modules/certificates/CertificateController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateController.js","sourceRoot":"","sources":["../../../src/modules/certificates/CertificateController.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAGhE;;;;;;;;GAQG;AACH,MAAa,qBAAsB,SAAQ,0BAAmB;IAC1D,YAAmB,MAAyB;QACxC,KAAK,CAAC,qBAAc,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;IAC7C,CAAC;CACJ;AAJD,sDAIC"}

package/dist/modules/certificates/CertificateIssuer.d.ts

@@ -0,0 +1,27 @@
+import { IDatabaseCollection } from "@js-soft/docdb-access-abstractions";
+import { ICryptoSignaturePublicKey } from "@nmshd/crypto";
+import { ICoreAddress, ICoreDate, TransportController } from "../../core";
+import { AccountController } from "../accounts/AccountController";
+import { Certificate } from "./data/Certificate";
+import { ICertificateConstraint } from "./data/CertificateConstraint";
+import { ICertificateContent } from "./data/CertificateContent";
+import { ICertificateItem } from "./data/CertificateItem";
+/**
+ * The CertificateIssuer combines the functionality to create new certificates
+ * for own identity (e.g. for technical communication) or others (e.g. verification
+ * of other identities or certification of attributes).
+ */
+export declare class CertificateIssuer extends TransportController {
+    certificatesIssued: IDatabaseCollection;
+    constructor(parent: AccountController);
+    init(): Promise<this>;
+    issueCertificate(value: CertificateContentParam | ICertificateContent): Promise<Certificate>;
+}
+export declare class CertificateContentParam implements ICertificateContent {
+    issuedAt: ICoreDate;
+    issuer: ICoreAddress;
+    subject: ICoreAddress;
+    subjectPublicKey: ICryptoSignaturePublicKey;
+    constraints: ICertificateConstraint[];
+    items: ICertificateItem[];
+}

package/dist/modules/certificates/CertificateIssuer.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateContentParam = exports.CertificateIssuer = void 0;
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../core");
+const DbCollectionNames_1 = require("../../core/DbCollectionNames");
+const Certificate_1 = require("./data/Certificate");
+const CertificateContent_1 = require("./data/CertificateContent");
+/**
+ * The CertificateIssuer combines the functionality to create new certificates
+ * for own identity (e.g. for technical communication) or others (e.g. verification
+ * of other identities or certification of attributes).
+ */
+class CertificateIssuer extends core_1.TransportController {
+    constructor(parent) {
+        super(core_1.ControllerName.CertificateIssuer, parent);
+    }
+    async init() {
+        await super.init();
+        this.certificatesIssued = await this.db.getCollection(DbCollectionNames_1.DbCollectionNames.CertificatesIssued);
+        return this;
+    }
+    async issueCertificate(value) {
+        const content = await CertificateContent_1.CertificateContent.from(value);
+        const serializedContent = content.serialize();
+        const contentBuffer = crypto_1.CoreBuffer.fromUtf8(serializedContent);
+        const signature = await this.parent.identity.sign(contentBuffer);
+        const cert = await Certificate_1.Certificate.from({
+            content: serializedContent,
+            signature: signature
+        });
+        return cert;
+    }
+}
+exports.CertificateIssuer = CertificateIssuer;
+class CertificateContentParam {
+    constructor() {
+        this.issuedAt = core_1.CoreDate.utc();
+    }
+}
+exports.CertificateContentParam = CertificateContentParam;
+//# sourceMappingURL=CertificateIssuer.js.map

package/dist/modules/certificates/CertificateIssuer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateIssuer.js","sourceRoot":"","sources":["../../../src/modules/certificates/CertificateIssuer.ts"],"names":[],"mappings":";;;AACA,0CAAqE;AACrE,qCAAmG;AACnG,oEAAgE;AAEhE,oDAAgD;AAEhD,kEAAmF;AAGnF;;;;GAIG;AACH,MAAa,iBAAkB,SAAQ,0BAAmB;IAGtD,YAAmB,MAAyB;QACxC,KAAK,CAAC,qBAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;QAElB,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,qCAAiB,CAAC,kBAAkB,CAAC,CAAA;QAC3F,OAAO,IAAI,CAAA;IACf,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,KAAoD;QAC9E,MAAM,OAAO,GAAG,MAAM,uCAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpD,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,EAAE,CAAA;QAC7C,MAAM,aAAa,GAAe,mBAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;QAExE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAEhE,MAAM,IAAI,GAAgB,MAAM,yBAAW,CAAC,IAAI,CAAC;YAC7C,OAAO,EAAE,iBAAiB;YAC1B,SAAS,EAAE,SAAS;SACvB,CAAC,CAAA;QACF,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AA3BD,8CA2BC;AAED,MAAa,uBAAuB;IAApC;QACW,aAAQ,GAAc,eAAQ,CAAC,GAAG,EAAE,CAAA;IAM/C,CAAC;CAAA;AAPD,0DAOC"}

package/dist/modules/certificates/CertificateValidator.d.ts

@@ -0,0 +1,14 @@
+import { TransportController } from "../../core";
+import { AccountController } from "../accounts/AccountController";
+/**
+ * The CertificateValidator includes all functionality for validating certificates.
+ * - Check Issuer (+Signature)
+ * - Check Subject
+ * - Check Revocation (online vs. cached)
+ *   -> possibly register for push notifications on status changes of this certificate
+ * - Check Constraints (Time, Region, ...)
+ * - Check Content
+ */
+export declare class CertificateValidator extends TransportController {
+    constructor(parent: AccountController);
+}

package/dist/modules/certificates/CertificateValidator.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateValidator = void 0;
+const core_1 = require("../../core");
+/**
+ * The CertificateValidator includes all functionality for validating certificates.
+ * - Check Issuer (+Signature)
+ * - Check Subject
+ * - Check Revocation (online vs. cached)
+ *   -> possibly register for push notifications on status changes of this certificate
+ * - Check Constraints (Time, Region, ...)
+ * - Check Content
+ */
+class CertificateValidator extends core_1.TransportController {
+    constructor(parent) {
+        super(core_1.ControllerName.CertificateValidator, parent);
+    }
+}
+exports.CertificateValidator = CertificateValidator;
+//# sourceMappingURL=CertificateValidator.js.map

package/dist/modules/certificates/CertificateValidator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateValidator.js","sourceRoot":"","sources":["../../../src/modules/certificates/CertificateValidator.ts"],"names":[],"mappings":";;;AAAA,qCAAgE;AAGhE;;;;;;;;GAQG;AACH,MAAa,oBAAqB,SAAQ,0BAAmB;IACzD,YAAmB,MAAyB;QACxC,KAAK,CAAC,qBAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAA;IACtD,CAAC;CACJ;AAJD,oDAIC"}

package/dist/modules/certificates/data/Certificate.d.ts

@@ -0,0 +1,34 @@
+import { CryptoSignature, CryptoSignaturePublicKey, ICryptoSignature } from "@nmshd/crypto";
+import { CoreSerializableAsync, ICoreSerializableAsync } from "../../../core";
+export interface ICertificate extends ICoreSerializableAsync {
+    content: string;
+    signature: ICryptoSignature;
+}
+/**
+ * A Certificate is digitally signed data which is issued by one user A (issuer) for another user B (subject).
+ * The subject is eligible to share the certificate to any other user C, who in turn can verify, if the information
+ * provided really comes from user A. Certificates always contain structured data, thus it is machine readable and
+ * can be used for automatic checks.
+ *
+ * The content of a certificate is comparable with standardized SSL/TLS certificates, but they are not compatible
+ * with each other. However, the content can be transformed.
+ *
+ *
+ */
+export declare class Certificate extends CoreSerializableAsync {
+    content: string;
+    signature: CryptoSignature;
+    static from(value: ICertificate): Promise<Certificate>;
+    static deserialize(value: string): Promise<Certificate>;
+    /**
+     * Checks the validity of the digital signature. You have to provide the
+     * public key of the issuer.
+     *
+     * Careful: This method does only check the digital signature (if the certificate
+     * really comes from the issuer). Anything else, like validity, revocation or other
+     * constraints is not checked!
+     *
+     * @param publicKey The issuer's public key.
+     */
+    verify(publicKey: CryptoSignaturePublicKey): Promise<boolean>;
+}

package/dist/modules/certificates/data/Certificate.js

@@ -0,0 +1,65 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var Certificate_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Certificate = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../../core");
+/**
+ * A Certificate is digitally signed data which is issued by one user A (issuer) for another user B (subject).
+ * The subject is eligible to share the certificate to any other user C, who in turn can verify, if the information
+ * provided really comes from user A. Certificates always contain structured data, thus it is machine readable and
+ * can be used for automatic checks.
+ *
+ * The content of a certificate is comparable with standardized SSL/TLS certificates, but they are not compatible
+ * with each other. However, the content can be transformed.
+ *
+ *
+ */
+let Certificate = Certificate_1 = class Certificate extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, Certificate_1);
+    }
+    static async deserialize(value) {
+        return await super.deserializeT(value, Certificate_1);
+    }
+    /**
+     * Checks the validity of the digital signature. You have to provide the
+     * public key of the issuer.
+     *
+     * Careful: This method does only check the digital signature (if the certificate
+     * really comes from the issuer). Anything else, like validity, revocation or other
+     * constraints is not checked!
+     *
+     * @param publicKey The issuer's public key.
+     */
+    async verify(publicKey) {
+        const buffer = crypto_1.CoreBuffer.fromUtf8(this.content);
+        const correct = await core_1.CoreCrypto.verify(buffer, this.signature, publicKey);
+        return correct;
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Certificate.prototype, "content", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSignature)
+], Certificate.prototype, "signature", void 0);
+Certificate = Certificate_1 = __decorate([
+    (0, ts_serval_1.type)("Certificate")
+], Certificate);
+exports.Certificate = Certificate;
+//# sourceMappingURL=Certificate.js.map

package/dist/modules/certificates/data/Certificate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Certificate.js","sourceRoot":"","sources":["../../../../src/modules/certificates/data/Certificate.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,0CAAuG;AACvG,wCAAyF;AAOzF;;;;;;;;;;GAUG;AAEH,IAAa,WAAW,mBAAxB,MAAa,WAAY,SAAQ,4BAAqB;IAS3C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAmB;QACxC,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,aAAW,CAAC,CAAA;IAChD,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAa;QACzC,OAAO,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,aAAW,CAAC,CAAA;IACvD,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,MAAM,CAAC,SAAmC;QACnD,MAAM,MAAM,GAAG,mBAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,OAAO,GAAG,MAAM,iBAAU,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC1E,OAAO,OAAO,CAAA;IAClB,CAAC;CACJ,CAAA;AA7BG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;4CACU;AAItB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACM,wBAAe;8CAAA;AAPxB,WAAW;IADvB,IAAA,gBAAI,EAAC,aAAa,CAAC;GACP,WAAW,CAgCvB;AAhCY,kCAAW"}

package/dist/modules/certificates/data/CertificateConstraint.d.ts

@@ -0,0 +1,10 @@
+import { CoreSerializableAsync, ICoreSerializableAsync } from "../../../core";
+export interface ICertificateConstraint extends ICoreSerializableAsync {
+}
+/**
+ * A CertificateConstraint limits a Certificate to a specific time, region or identity.
+ */
+export declare class CertificateConstraint extends CoreSerializableAsync {
+    static from(value: ICertificateConstraint): Promise<CertificateConstraint>;
+    static deserialize(value: string): Promise<CertificateConstraint>;
+}

package/dist/modules/certificates/data/CertificateConstraint.js

@@ -0,0 +1,28 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var CertificateConstraint_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateConstraint = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const core_1 = require("../../../core");
+/**
+ * A CertificateConstraint limits a Certificate to a specific time, region or identity.
+ */
+let CertificateConstraint = CertificateConstraint_1 = class CertificateConstraint extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, CertificateConstraint_1);
+    }
+    static async deserialize(value) {
+        return await super.deserializeT(value, CertificateConstraint_1);
+    }
+};
+CertificateConstraint = CertificateConstraint_1 = __decorate([
+    (0, ts_serval_1.type)("CertificateConstraint")
+], CertificateConstraint);
+exports.CertificateConstraint = CertificateConstraint;
+//# sourceMappingURL=CertificateConstraint.js.map

package/dist/modules/certificates/data/CertificateConstraint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateConstraint.js","sourceRoot":"","sources":["../../../../src/modules/certificates/data/CertificateConstraint.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,kDAAyC;AACzC,wCAA6E;AAI7E;;GAEG;AAEH,IAAa,qBAAqB,6BAAlC,MAAa,qBAAsB,SAAQ,4BAAqB;IACrD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAA6B;QAClD,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,uBAAqB,CAAC,CAAA;IAC1D,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAa;QACzC,OAAO,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,uBAAqB,CAAC,CAAA;IACjE,CAAC;CACJ,CAAA;AARY,qBAAqB;IADjC,IAAA,gBAAI,EAAC,uBAAuB,CAAC;GACjB,qBAAqB,CAQjC;AARY,sDAAqB"}

package/dist/modules/certificates/data/CertificateContent.d.ts

@@ -0,0 +1,28 @@
+import { CryptoSignaturePublicKey, ICryptoSignaturePublicKey } from "@nmshd/crypto";
+import { CoreAddress, CoreDate, CoreSerializable, CoreSerializableAsync, ICoreAddress, ICoreDate, ICoreSerializable, ICoreSerializableAsync } from "../../../core";
+import { CertificateConstraint, ICertificateConstraint } from "./CertificateConstraint";
+import { CertificateItem, ICertificateItem } from "./CertificateItem";
+export interface ICertificateContent extends ICoreSerializableAsync {
+    issuedAt: ICoreDate;
+    issuer: ICoreAddress;
+    issuerData?: ICoreSerializable;
+    subject: ICoreAddress;
+    subjectPublicKey: ICryptoSignaturePublicKey;
+    constraints: ICertificateConstraint[];
+    items: ICertificateItem[];
+}
+/**
+ * A CertificateContent is the content which should be digitally signed. The digital signature
+ * is done on top of the serialized content of this data structure.
+ */
+export declare class CertificateContent extends CoreSerializableAsync {
+    issuedAt: CoreDate;
+    issuer: CoreAddress;
+    issuerData: CoreSerializable;
+    subject: CoreAddress;
+    subjectPublicKey: CryptoSignaturePublicKey;
+    constraints: CertificateConstraint[];
+    items: CertificateItem[];
+    static from(value: ICertificateContent): Promise<CertificateContent>;
+    static deserialize(value: string): Promise<CertificateContent>;
+}

package/dist/modules/certificates/data/CertificateContent.js

@@ -0,0 +1,70 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var CertificateContent_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateContent = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../../core");
+const CertificateConstraint_1 = require("./CertificateConstraint");
+const CertificateItem_1 = require("./CertificateItem");
+/**
+ * A CertificateContent is the content which should be digitally signed. The digital signature
+ * is done on top of the serialized content of this data structure.
+ */
+let CertificateContent = CertificateContent_1 = class CertificateContent extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, CertificateContent_1);
+    }
+    static async deserialize(value) {
+        return await super.deserializeT(value, CertificateContent_1);
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreDate)
+], CertificateContent.prototype, "issuedAt", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreAddress)
+], CertificateContent.prototype, "issuer", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreSerializable)
+], CertificateContent.prototype, "issuerData", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreAddress)
+], CertificateContent.prototype, "subject", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", crypto_1.CryptoSignaturePublicKey)
+], CertificateContent.prototype, "subjectPublicKey", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)({ type: CertificateConstraint_1.CertificateConstraint }),
+    __metadata("design:type", Array)
+], CertificateContent.prototype, "constraints", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)({ type: CertificateItem_1.CertificateItem }),
+    __metadata("design:type", Array)
+], CertificateContent.prototype, "items", void 0);
+CertificateContent = CertificateContent_1 = __decorate([
+    (0, ts_serval_1.type)("CertificateContent")
+], CertificateContent);
+exports.CertificateContent = CertificateContent;
+//# sourceMappingURL=CertificateContent.js.map

package/dist/modules/certificates/data/CertificateContent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateContent.js","sourceRoot":"","sources":["../../../../src/modules/certificates/data/CertificateContent.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,0CAAmF;AACnF,wCASsB;AACtB,mEAAuF;AACvF,uDAAqE;AAYrE;;;GAGG;AAEH,IAAa,kBAAkB,0BAA/B,MAAa,kBAAmB,SAAQ,4BAAqB;IA6BlD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAA0B;QAC/C,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,oBAAkB,CAAC,CAAA;IACvD,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAa;QACzC,OAAO,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,oBAAkB,CAAC,CAAA;IAC9D,CAAC;CACJ,CAAA;AAjCG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACK,eAAQ;oDAAA;AAIzB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACG,kBAAW;kDAAA;AAI1B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACO,uBAAgB;sDAAA;AAInC;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACI,kBAAW;mDAAA;AAI3B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACa,iCAAwB;4DAAA;AAIjD;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,EAAC,EAAE,IAAI,EAAE,6CAAqB,EAAE,CAAC;;uDACA;AAI3C;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,EAAC,EAAE,IAAI,EAAE,iCAAe,EAAE,CAAC;;iDACN;AA3BtB,kBAAkB;IAD9B,IAAA,gBAAI,EAAC,oBAAoB,CAAC;GACd,kBAAkB,CAoC9B;AApCY,gDAAkB"}

package/dist/modules/certificates/data/CertificateItem.d.ts

@@ -0,0 +1,11 @@
+import { CoreSerializableAsync, ICoreSerializableAsync } from "../../../core";
+export interface ICertificateItem extends ICoreSerializableAsync {
+}
+/**
+ * A CertificateItem is a digitally signed hash with information about the signature date,
+ * the signer, the signature algorithm and the version.
+ */
+export declare class CertificateItem extends CoreSerializableAsync {
+    static from(value: ICertificateItem): Promise<CertificateItem>;
+    static deserialize(value: string): Promise<CertificateItem>;
+}

package/dist/modules/certificates/data/CertificateItem.js

@@ -0,0 +1,29 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var CertificateItem_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateItem = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const core_1 = require("../../../core");
+/**
+ * A CertificateItem is a digitally signed hash with information about the signature date,
+ * the signer, the signature algorithm and the version.
+ */
+let CertificateItem = CertificateItem_1 = class CertificateItem extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, CertificateItem_1);
+    }
+    static async deserialize(value) {
+        return await super.deserializeT(value, CertificateItem_1);
+    }
+};
+CertificateItem = CertificateItem_1 = __decorate([
+    (0, ts_serval_1.type)("CertificateItem")
+], CertificateItem);
+exports.CertificateItem = CertificateItem;
+//# sourceMappingURL=CertificateItem.js.map

package/dist/modules/certificates/data/CertificateItem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateItem.js","sourceRoot":"","sources":["../../../../src/modules/certificates/data/CertificateItem.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,kDAAyC;AACzC,wCAA6E;AAI7E;;;GAGG;AAEH,IAAa,eAAe,uBAA5B,MAAa,eAAgB,SAAQ,4BAAqB;IAC/C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAuB;QAC5C,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,iBAAe,CAAC,CAAA;IACpD,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAa;QACzC,OAAO,MAAM,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,iBAAe,CAAC,CAAA;IAC3D,CAAC;CACJ,CAAA;AARY,eAAe;IAD3B,IAAA,gBAAI,EAAC,iBAAiB,CAAC;GACX,eAAe,CAQ3B;AARY,0CAAe"}

package/dist/modules/certificates/data/constraints/CertificateBorderConstraint.d.ts

@@ -0,0 +1,29 @@
+import { CertificateConstraint, ICertificateConstraint } from "../CertificateConstraint";
+export interface ICertificateBorderConstraint extends ICertificateConstraint {
+    union: string;
+    country: string;
+    state: string;
+}
+/**
+ * A CertificateBorderConstraint specifies a state, a country or a union in which
+ * this certificate should be valid.
+ *
+ * This constraint is primarily telling any verifier, that the issuer of the certificate does not
+ * hold the eligibility to issue a certificate anywhere else. Thus, the certificate should be
+ * treated as not valid outside the specified border.
+ *
+ * However, showing a certificate which is valid within a certain country (e.g. Germany) might be
+ * much better than not having a certificate at all. Therefore, the verifier could still treat this
+ * certificate as valid, although the issuer is no longer taking liability.
+ *
+ * Examples:
+ *  - Freight papers for the EU
+ *  - Access rights to buildings of the UN
+ *  - German driver license
+ */
+export declare class CertificateBorderConstraint extends CertificateConstraint {
+    union: string;
+    country: string;
+    state: string;
+    static from(value: ICertificateBorderConstraint): Promise<CertificateBorderConstraint>;
+}