@oesp/core 5.0.0 → 6.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oesp/core",
-  "version": "5.0.0",
+  "version": "6.0.0",
   "private": false,
   "description": "OESP core SDK (agnostique)",
   "license": "MIT",

package/dist/index.cjs

@@ -1,271 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  OESPClient: () => OESPClient,
-  b64urlDecode: () => b64urlDecode,
-  b64urlEncode: () => b64urlEncode,
-  base64Decode: () => base64Decode,
-  base64Encode: () => base64Encode,
-  canonicalJsonBytes: () => canonicalJsonBytes
-});
-module.exports = __toCommonJS(index_exports);
-
-// src/utils.ts
-function b64urlEncode(bytes) {
-  const base64 = base64Encode(bytes);
-  return base64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function b64urlDecode(s) {
-  const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - s.length % 4);
-  const base64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
-  return base64Decode(base64);
-}
-function canonicalJsonBytes(obj) {
-  const json = canonicalStringify(obj);
-  return new TextEncoder().encode(json);
-}
-function canonicalStringify(obj) {
-  if (obj === null || typeof obj !== "object") {
-    return JSON.stringify(obj);
-  }
-  if (Array.isArray(obj)) {
-    const arr = obj.map((v) => JSON.parse(canonicalStringify(v)));
-    return JSON.stringify(arr);
-  }
-  const entries = Object.entries(obj).sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
-  const out = {};
-  for (const [k, v] of entries) {
-    out[k] = JSON.parse(canonicalStringify(v));
-  }
-  return JSON.stringify(out);
-}
-function deriveDidWithSha(ed25519Pub, sha256) {
-  const sha = sha256(ed25519Pub);
-  const b32 = base32encode(sha).toLowerCase().replace(/=+$/g, "");
-  return `oesp:did:${b32}`;
-}
-function base32encode(bytes) {
-  const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
-  let bits = 0;
-  let value = 0;
-  let output = "";
-  for (const byte of bytes) {
-    value = value << 8 | byte;
-    bits += 8;
-    while (bits >= 5) {
-      output += alphabet[value >>> bits - 5 & 31];
-      bits -= 5;
-    }
-  }
-  if (bits > 0) {
-    output += alphabet[value << 5 - bits & 31];
-  }
-  while (output.length % 8 !== 0) output += "=";
-  return output;
-}
-var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-function base64Encode(bytes) {
-  let output = "";
-  let i = 0;
-  while (i < bytes.length) {
-    const a = bytes[i++] ?? 0;
-    const b = bytes[i++] ?? 0;
-    const c = bytes[i++] ?? 0;
-    const triplet = a << 16 | b << 8 | c;
-    output += base64Alphabet[triplet >> 18 & 63];
-    output += base64Alphabet[triplet >> 12 & 63];
-    output += i - 2 < bytes.length ? base64Alphabet[triplet >> 6 & 63] : "=";
-    output += i - 1 < bytes.length ? base64Alphabet[triplet & 63] : "=";
-  }
-  return output;
-}
-function base64Decode(s) {
-  s = s.replace(/\s/g, "");
-  const len = s.length;
-  if (len % 4 !== 0) throw new Error("Invalid base64");
-  const output = [];
-  let i = 0;
-  while (i < len) {
-    const a = base64Alphabet.indexOf(s[i++]);
-    const b = base64Alphabet.indexOf(s[i++]);
-    const c = base64Alphabet.indexOf(s[i++]);
-    const d = base64Alphabet.indexOf(s[i++]);
-    const triplet = a << 18 | b << 12 | (c & 63) << 6 | d & 63;
-    output.push(triplet >> 16 & 255);
-    if (s[i - 2] !== "=") output.push(triplet >> 8 & 255);
-    if (s[i - 1] !== "=") output.push(triplet & 255);
-  }
-  return new Uint8Array(output);
-}
-
-// src/index.ts
-var OESPClient = class {
-  constructor(deps) {
-    this.deps = deps;
-  }
-  async getDid() {
-    const id = await this.ensureIdentity();
-    return deriveDidWithSha(id.ed25519Pub, this.deps.crypto.sha256);
-  }
-  async pack(toDid, body, opts) {
-    const { crypto } = this.deps;
-    const ttlSec = opts?.ttlSec ?? 600;
-    const now = Math.floor(Date.now() / 1e3);
-    const exp = now + ttlSec;
-    const mid = b64urlEncode(crypto.randomBytes(12));
-    const id = await this.ensureIdentity();
-    const sid = deriveDidWithSha(id.ed25519Pub, crypto.sha256);
-    const edPubB64 = b64urlEncode(id.ed25519Pub);
-    const sessionKey = crypto.randomBytes(32);
-    const sealed = crypto.x25519Seal(id.x25519Pub, sessionKey);
-    const env = {
-      v: 1,
-      typ: "oesp.envelope",
-      mid,
-      sid,
-      ts: now,
-      exp,
-      from: { did: sid, pub: edPubB64 },
-      to: { did: toDid },
-      enc: "CHACHA20-POLY1305",
-      kex: "X25519",
-      ek: b64urlEncode(sealed),
-      iv: "",
-      ct: "",
-      sig_alg: "Ed25519",
-      sig: ""
-    };
-    const aad = canonicalJsonBytes(envFiltered(env, ["ct", "sig", "iv"]));
-    const bodyBytes = body instanceof Uint8Array ? body : canonicalJsonBytes(body);
-    const { iv, ct, tag } = crypto.aeadEncrypt(sessionKey, bodyBytes, aad);
-    env.iv = b64urlEncode(iv);
-    env.ct = b64urlEncode(ct);
-    if (tag) env["tag"] = b64urlEncode(tag);
-    const toSignBase = canonicalJsonBytes(envFiltered(env, ["sig"]));
-    const dataToSign = concatBytes(toSignBase, b64urlDecode(String(env.ct)));
-    const sig = crypto.ed25519Sign(id.ed25519Priv, dataToSign);
-    env.sig = b64urlEncode(sig);
-    const tokenPayload = canonicalJsonBytes(env);
-    return `OESP1.${b64urlEncode(tokenPayload)}`;
-  }
-  async verify(token, opts) {
-    const env = parseToken(token);
-    const now = opts?.now ?? Math.floor(Date.now() / 1e3);
-    const { crypto } = this.deps;
-    if (!opts?.allowExpired && env.exp < now) {
-      throw new Error("ExpiredError");
-    }
-    const pubBytes = b64urlDecode(env.from.pub);
-    const derived = deriveDidWithSha(pubBytes, crypto.sha256);
-    if (derived !== env.from.did) throw new Error("InvalidDIDError");
-    const envDict = envToDict(env);
-    const toSignBase = canonicalJsonBytes(excludeKeys(envDict, ["sig"]));
-    const ctBytes = b64urlDecode(env.ct);
-    const dataToSign = concatBytes(toSignBase, ctBytes);
-    const sigBytes = b64urlDecode(env.sig);
-    const ok = crypto.ed25519Verify(pubBytes, dataToSign, sigBytes);
-    if (!ok) throw new Error("InvalidSignatureError");
-    const id = await this.ensureIdentity();
-    const seen = await this.deps.replay.seen(env.sid, env.mid);
-    if (seen) throw new Error("ReplayError");
-    await this.deps.replay.markSeen(env.sid, env.mid);
-    return { envelope: envDict, verified: true, signerDid: env.from.did };
-  }
-  async unpack(token, opts) {
-    const env = parseToken(token);
-    await this.verify(token, opts);
-    const id = await this.ensureIdentity();
-    const ivBytes = b64urlDecode(env.iv);
-    const ctBytes = b64urlDecode(env.ct);
-    const ekBytes = b64urlDecode(env.ek);
-    const sessionKey = this.deps.crypto.x25519Open(id.x25519Priv, ekBytes);
-    const aad = canonicalJsonBytes(envFiltered(envToDict(env), ["ct", "sig", "iv"]));
-    const plaintext = this.deps.crypto.aeadDecrypt(sessionKey, ivBytes, ctBytes, aad, env.tag ? b64urlDecode(env.tag) : void 0);
-    return {
-      mid: env.mid,
-      sid: env.sid,
-      ts: env.ts,
-      exp: env.exp,
-      fromDid: env.from.did,
-      toDid: env.to.did,
-      plaintext
-    };
-  }
-  async ensureIdentity() {
-    if (!this.identity) this.identity = await this.deps.keystore.getOrCreateIdentity();
-    return this.identity;
-  }
-};
-function parseToken(token) {
-  if (!token.startsWith("OESP1.")) throw new Error("InvalidFormatError");
-  const payloadB64 = token.slice("OESP1.".length);
-  const jsonBytes = b64urlDecode(payloadB64);
-  const json = new TextDecoder().decode(jsonBytes);
-  const d = JSON.parse(json);
-  return d;
-}
-function envFiltered(env, excludeKeys2) {
-  const e = envToDict(env);
-  for (const k of excludeKeys2) delete e[k];
-  return e;
-}
-function envToDict(env) {
-  const d = {
-    v: env.v,
-    typ: env.typ,
-    mid: env.mid,
-    sid: env.sid,
-    ts: env.ts,
-    exp: env.exp,
-    from: env.from,
-    to: env.to,
-    enc: env.enc,
-    kex: env.kex,
-    ek: env.ek,
-    iv: env.iv,
-    ct: env.ct,
-    sig_alg: env.sig_alg,
-    sig: env.sig
-  };
-  if (env.tag) d["tag"] = env.tag;
-  return d;
-}
-function excludeKeys(obj, keys) {
-  const out = { ...obj };
-  for (const k of keys) delete out[k];
-  return out;
-}
-function concatBytes(a, b) {
-  const out = new Uint8Array(a.length + b.length);
-  out.set(a, 0);
-  out.set(b, a.length);
-  return out;
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  OESPClient,
-  b64urlDecode,
-  b64urlEncode,
-  base64Decode,
-  base64Encode,
-  canonicalJsonBytes
-});

package/dist/index.d.cts

@@ -1,73 +0,0 @@
-interface CryptoProvider {
-    sha256(bytes: Uint8Array): Uint8Array;
-    ed25519Sign(priv: Uint8Array, data: Uint8Array): Uint8Array;
-    ed25519Verify(pub: Uint8Array, data: Uint8Array, sig: Uint8Array): boolean;
-    x25519Seal(recipientPub: Uint8Array, sessionKey: Uint8Array): Uint8Array;
-    x25519Open(recipientPriv: Uint8Array, sealed: Uint8Array): Uint8Array;
-    aeadEncrypt(key: Uint8Array, plaintext: Uint8Array, aad: Uint8Array): {
-        iv: Uint8Array;
-        ct: Uint8Array;
-        tag?: Uint8Array;
-    };
-    aeadDecrypt(key: Uint8Array, iv: Uint8Array, ct: Uint8Array, aad: Uint8Array, tag?: Uint8Array): Uint8Array;
-    randomBytes(n: number): Uint8Array;
-}
-interface Identity {
-    ed25519Priv: Uint8Array;
-    ed25519Pub: Uint8Array;
-    x25519Priv: Uint8Array;
-    x25519Pub: Uint8Array;
-}
-interface KeyStore {
-    getOrCreateIdentity(): Promise<Identity>;
-}
-interface ReplayStore {
-    seen(fromDid: string, mid: string): Promise<boolean>;
-    markSeen(fromDid: string, mid: string): Promise<void>;
-}
-interface DecodedMessage {
-    mid: string;
-    sid: string;
-    ts: number;
-    exp: number;
-    fromDid: string;
-    toDid: string;
-    plaintext: Uint8Array;
-}
-interface VerifiedEnvelope {
-    envelope: Record<string, unknown>;
-    verified: boolean;
-    signerDid: string;
-}
-
-declare function b64urlEncode(bytes: Uint8Array): string;
-declare function b64urlDecode(s: string): Uint8Array;
-declare function canonicalJsonBytes(obj: unknown): Uint8Array;
-declare function base64Encode(bytes: Uint8Array): string;
-declare function base64Decode(s: string): Uint8Array;
-
-interface OESPClientDeps {
-    crypto: CryptoProvider;
-    keystore: KeyStore;
-    replay: ReplayStore;
-}
-declare class OESPClient {
-    private deps;
-    private identity?;
-    constructor(deps: OESPClientDeps);
-    getDid(): Promise<string>;
-    pack(toDid: string, body: object | Uint8Array, opts?: {
-        ttlSec?: number;
-    }): Promise<string>;
-    verify(token: string, opts?: {
-        now?: number;
-        allowExpired?: boolean;
-    }): Promise<VerifiedEnvelope>;
-    unpack(token: string, opts?: {
-        now?: number;
-        allowExpired?: boolean;
-    }): Promise<DecodedMessage>;
-    private ensureIdentity;
-}
-
-export { type CryptoProvider, type DecodedMessage, type Identity, type KeyStore, OESPClient, type OESPClientDeps, type ReplayStore, type VerifiedEnvelope, b64urlDecode, b64urlEncode, base64Decode, base64Encode, canonicalJsonBytes };