@oma3/omatrust 0.1.0-alpha.10 → 0.1.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/identity/index.cjs +543 -0
  2. package/dist/identity/index.cjs.map +1 -1
  3. package/dist/identity/index.d.cts +2 -1
  4. package/dist/identity/index.d.ts +2 -1
  5. package/dist/identity/index.js +527 -1
  6. package/dist/identity/index.js.map +1 -1
  7. package/dist/index-BOvk-7Ku.d.cts +235 -0
  8. package/dist/index-C2w5EvFH.d.ts +329 -0
  9. package/dist/index-QueRiudB.d.cts +329 -0
  10. package/dist/index-R78TpAhN.d.ts +235 -0
  11. package/dist/index.cjs +1475 -165
  12. package/dist/index.cjs.map +1 -1
  13. package/dist/index.d.cts +4 -3
  14. package/dist/index.d.ts +4 -3
  15. package/dist/index.js +1476 -166
  16. package/dist/index.js.map +1 -1
  17. package/dist/reputation/index.browser.cjs +943 -66
  18. package/dist/reputation/index.browser.cjs.map +1 -1
  19. package/dist/reputation/index.browser.d.cts +2 -2
  20. package/dist/reputation/index.browser.d.ts +2 -2
  21. package/dist/reputation/index.browser.js +941 -66
  22. package/dist/reputation/index.browser.js.map +1 -1
  23. package/dist/reputation/index.cjs +1393 -217
  24. package/dist/reputation/index.cjs.map +1 -1
  25. package/dist/reputation/index.d.cts +3 -2
  26. package/dist/reputation/index.d.ts +3 -2
  27. package/dist/reputation/index.js +1378 -217
  28. package/dist/reputation/index.js.map +1 -1
  29. package/dist/{subject-ownership-CXvzEjpH.d.cts → subject-ownership-B7cFlm8c.d.cts} +256 -26
  30. package/dist/{subject-ownership-CXvzEjpH.d.ts → subject-ownership-B7cFlm8c.d.ts} +256 -26
  31. package/dist/types-dpYxRq8N.d.cts +281 -0
  32. package/dist/types-dpYxRq8N.d.ts +281 -0
  33. package/dist/widgets/index.cjs +70 -27
  34. package/dist/widgets/index.cjs.map +1 -1
  35. package/dist/widgets/index.d.cts +42 -18
  36. package/dist/widgets/index.d.ts +42 -18
  37. package/dist/widgets/index.js +67 -26
  38. package/dist/widgets/index.js.map +1 -1
  39. package/package.json +3 -2
  40. package/dist/index-B9KW02US.d.cts +0 -119
  41. package/dist/index-DXrwBex9.d.ts +0 -119
  42. package/dist/index-QZDExA4I.d.cts +0 -90
  43. package/dist/index-QZDExA4I.d.ts +0 -90
@@ -1,6 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  var ethers = require('ethers');
4
+ var jose = require('jose');
4
5
  var canonicalize = require('canonicalize');
5
6
 
6
7
  function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
@@ -27,6 +28,11 @@ function assertString(value, name, code = "INVALID_INPUT") {
27
28
  throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });
28
29
  }
29
30
  }
31
+ function assertObject(value, name, code = "INVALID_INPUT") {
32
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
33
+ throw new OmaTrustError(code, `${name} must be an object`, { value });
34
+ }
35
+ }
30
36
 
31
37
  // src/identity/caip.ts
32
38
  var CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;
@@ -173,6 +179,8 @@ function normalizeDid(input) {
173
179
  return normalizeDidHandle(trimmed);
174
180
  case "key":
175
181
  return normalizeDidKey(trimmed);
182
+ case "jwk":
183
+ return normalizeDidJwk(trimmed);
176
184
  default:
177
185
  return trimmed;
178
186
  }
@@ -276,6 +284,524 @@ function extractAddressFromDid(identifier) {
276
284
  }
277
285
  throw new OmaTrustError("INVALID_DID", "Unsupported identifier format", { identifier });
278
286
  }
287
+ var CAIP2_NAMESPACE_REGEX = /^[a-z0-9-]{3,8}$/;
288
+ var BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
289
+ var VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
290
+ function isPrivateKeyDid(did) {
291
+ return validatePrivateKeyDid(did).valid;
292
+ }
293
+ function validatePrivateKeyDid(did) {
294
+ if (typeof did !== "string" || did.trim().length === 0) {
295
+ return { valid: false, method: null, error: "DID must be a non-empty string" };
296
+ }
297
+ const trimmed = did.trim();
298
+ const method = extractDidMethod(trimmed);
299
+ switch (method) {
300
+ case "pkh":
301
+ return validateDidPkh(trimmed);
302
+ case "jwk":
303
+ return validateDidJwk(trimmed);
304
+ default:
305
+ return {
306
+ valid: false,
307
+ method: null,
308
+ error: method ? `DID method "${method}" is not a recognized private-key method` : "Invalid DID format"
309
+ };
310
+ }
311
+ }
312
+ function validateDidPkh(did) {
313
+ const parts = did.split(":");
314
+ if (parts.length !== 5) {
315
+ return {
316
+ valid: false,
317
+ method: "pkh",
318
+ error: `did:pkh must have exactly 5 colon-separated parts, got ${parts.length}`
319
+ };
320
+ }
321
+ const [, , namespace, chainId, address] = parts;
322
+ if (!namespace) {
323
+ return { valid: false, method: "pkh", error: "Missing namespace" };
324
+ }
325
+ if (!CAIP2_NAMESPACE_REGEX.test(namespace)) {
326
+ return {
327
+ valid: false,
328
+ method: "pkh",
329
+ error: `Invalid CAIP-2 namespace "${namespace}" (must be 3-8 lowercase alphanumeric/hyphen chars)`
330
+ };
331
+ }
332
+ if (!chainId) {
333
+ return { valid: false, method: "pkh", error: "Missing chain ID (reference)" };
334
+ }
335
+ if (!address) {
336
+ return { valid: false, method: "pkh", error: "Missing address" };
337
+ }
338
+ if (namespace === "eip155") {
339
+ if (!/^\d+$/.test(chainId)) {
340
+ return {
341
+ valid: false,
342
+ method: "pkh",
343
+ error: `Invalid eip155 chain ID "${chainId}" (must be numeric)`
344
+ };
345
+ }
346
+ if (!ethers.isAddress(address)) {
347
+ return {
348
+ valid: false,
349
+ method: "pkh",
350
+ error: `Invalid EVM address "${address}" (must be 0x + 40 hex chars)`
351
+ };
352
+ }
353
+ }
354
+ return { valid: true, method: "pkh" };
355
+ }
356
+ function validateDidJwk(did) {
357
+ const parts = did.split(":");
358
+ if (parts.length !== 3) {
359
+ return {
360
+ valid: false,
361
+ method: "jwk",
362
+ error: `did:jwk must have exactly 3 colon-separated parts, got ${parts.length}`
363
+ };
364
+ }
365
+ const [, , encoded] = parts;
366
+ if (!encoded || encoded.length === 0) {
367
+ return { valid: false, method: "jwk", error: "Missing base64url-encoded JWK identifier" };
368
+ }
369
+ if (!BASE64URL_REGEX.test(encoded)) {
370
+ return {
371
+ valid: false,
372
+ method: "jwk",
373
+ error: "Identifier contains invalid base64url characters"
374
+ };
375
+ }
376
+ let decoded;
377
+ try {
378
+ const bytes = jose.base64url.decode(encoded);
379
+ decoded = new TextDecoder().decode(bytes);
380
+ } catch {
381
+ return { valid: false, method: "jwk", error: "Failed to base64url-decode identifier" };
382
+ }
383
+ let jwk;
384
+ try {
385
+ jwk = JSON.parse(decoded);
386
+ } catch {
387
+ return { valid: false, method: "jwk", error: "Decoded identifier is not valid JSON" };
388
+ }
389
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
390
+ return { valid: false, method: "jwk", error: "Decoded JWK must be a JSON object" };
391
+ }
392
+ const kty = jwk.kty;
393
+ if (typeof kty !== "string" || !VALID_JWK_KTY.has(kty)) {
394
+ return {
395
+ valid: false,
396
+ method: "jwk",
397
+ error: `Invalid or missing kty field (must be one of: EC, OKP, RSA)`
398
+ };
399
+ }
400
+ if ("d" in jwk) {
401
+ return {
402
+ valid: false,
403
+ method: "jwk",
404
+ error: "DID must reference a public key \u2014 private key component (d) is not allowed"
405
+ };
406
+ }
407
+ return { valid: true, method: "jwk" };
408
+ }
409
+ function normalizeDidJwk(input) {
410
+ assertString(input, "input", "INVALID_DID");
411
+ const trimmed = input.trim();
412
+ if (!trimmed.startsWith("did:jwk:")) {
413
+ throw new OmaTrustError("INVALID_DID", "Expected did:jwk DID", { input });
414
+ }
415
+ const result = validateDidJwk(trimmed);
416
+ if (!result.valid) {
417
+ throw new OmaTrustError("INVALID_DID", result.error ?? "Invalid did:jwk", { input });
418
+ }
419
+ return trimmed;
420
+ }
421
+
422
+ // src/identity/did-url.ts
423
+ var DID_URL_REGEX = /^did:[a-z0-9]+:.+$/i;
424
+ function parseDidUrl(input) {
425
+ assertString(input, "input", "INVALID_DID_URL");
426
+ const trimmed = input.trim();
427
+ const hashIndex = trimmed.indexOf("#");
428
+ let did;
429
+ let fragment;
430
+ if (hashIndex === -1) {
431
+ did = trimmed;
432
+ fragment = null;
433
+ } else {
434
+ did = trimmed.slice(0, hashIndex);
435
+ const rawFragment = trimmed.slice(hashIndex + 1);
436
+ if (rawFragment.length === 0) {
437
+ throw new OmaTrustError(
438
+ "INVALID_DID_URL",
439
+ "DID URL has empty fragment (trailing '#' with no identifier)",
440
+ { input }
441
+ );
442
+ }
443
+ fragment = rawFragment;
444
+ }
445
+ if (!DID_URL_REGEX.test(did)) {
446
+ throw new OmaTrustError(
447
+ "INVALID_DID_URL",
448
+ "Invalid DID URL: base DID portion is malformed",
449
+ { input, did }
450
+ );
451
+ }
452
+ return {
453
+ didUrl: trimmed,
454
+ did,
455
+ fragment
456
+ };
457
+ }
458
+ function isDidUrl(input) {
459
+ if (typeof input !== "string") return false;
460
+ const trimmed = input.trim();
461
+ return trimmed.includes("#") && DID_URL_REGEX.test(trimmed.split("#")[0]);
462
+ }
463
+ function assertBareDid(input, paramName = "did") {
464
+ assertString(input, paramName, "INVALID_DID");
465
+ if (isDidUrl(input)) {
466
+ throw new OmaTrustError(
467
+ "INVALID_DID",
468
+ `Expected a bare DID but received a DID URL with a fragment. Use parseDidUrl() to handle DID URLs.`,
469
+ { input }
470
+ );
471
+ }
472
+ }
473
+ var VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
474
+ var PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
475
+ var REQUIRED_PUBLIC_FIELDS = {
476
+ EC: ["crv", "x", "y"],
477
+ OKP: ["crv", "x"],
478
+ RSA: ["n", "e"]
479
+ };
480
+ function validatePublicJwk(jwk) {
481
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
482
+ return { valid: false, error: "JWK must be a non-null object" };
483
+ }
484
+ const obj = jwk;
485
+ const kty = obj.kty;
486
+ if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
487
+ return {
488
+ valid: false,
489
+ error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
490
+ };
491
+ }
492
+ for (const field of PRIVATE_KEY_FIELDS) {
493
+ if (field in obj) {
494
+ return {
495
+ valid: false,
496
+ error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
497
+ };
498
+ }
499
+ }
500
+ const required = REQUIRED_PUBLIC_FIELDS[kty];
501
+ if (required) {
502
+ for (const field of required) {
503
+ if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
504
+ return {
505
+ valid: false,
506
+ error: `Missing required public key field "${field}" for kty="${kty}"`
507
+ };
508
+ }
509
+ }
510
+ }
511
+ return { valid: true };
512
+ }
513
+ function canonicalizeJwkJson(jwk) {
514
+ const sorted = Object.keys(jwk).sort();
515
+ const obj = {};
516
+ for (const key of sorted) {
517
+ obj[key] = jwk[key];
518
+ }
519
+ return JSON.stringify(obj);
520
+ }
521
+ function jwkToDidJwk(jwk) {
522
+ assertObject(jwk, "jwk", "INVALID_JWK");
523
+ const validation = validatePublicJwk(jwk);
524
+ if (!validation.valid) {
525
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
526
+ }
527
+ const canonical = canonicalizeJwkJson(jwk);
528
+ const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
529
+ return `did:jwk:${encoded}`;
530
+ }
531
+ function didJwkToJwk(didJwk) {
532
+ if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
533
+ throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
534
+ }
535
+ const parts = didJwk.split(":");
536
+ if (parts.length !== 3) {
537
+ throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
538
+ input: didJwk
539
+ });
540
+ }
541
+ const encoded = parts[2];
542
+ if (!encoded || encoded.length === 0) {
543
+ throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
544
+ input: didJwk
545
+ });
546
+ }
547
+ let decoded;
548
+ try {
549
+ const bytes = jose.base64url.decode(encoded);
550
+ decoded = new TextDecoder().decode(bytes);
551
+ } catch {
552
+ throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
553
+ input: didJwk
554
+ });
555
+ }
556
+ let jwk;
557
+ try {
558
+ jwk = JSON.parse(decoded);
559
+ } catch {
560
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
561
+ input: didJwk
562
+ });
563
+ }
564
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
565
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
566
+ input: didJwk
567
+ });
568
+ }
569
+ const validation = validatePublicJwk(jwk);
570
+ if (!validation.valid) {
571
+ throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
572
+ input: didJwk
573
+ });
574
+ }
575
+ return jwk;
576
+ }
577
+ function extractPublicKeyFields(jwk) {
578
+ const result = {};
579
+ const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
580
+ for (const [key, value] of Object.entries(jwk)) {
581
+ if (PRIVATE_KEY_FIELDS.has(key)) continue;
582
+ if (metadataFields.has(key)) continue;
583
+ result[key] = value;
584
+ }
585
+ return result;
586
+ }
587
+ function publicJwkEquals(a, b) {
588
+ assertObject(a, "a", "INVALID_JWK");
589
+ assertObject(b, "b", "INVALID_JWK");
590
+ const aObj = a;
591
+ const bObj = b;
592
+ for (const field of PRIVATE_KEY_FIELDS) {
593
+ if (field in aObj) {
594
+ throw new OmaTrustError(
595
+ "INVALID_JWK",
596
+ `First JWK contains private key field "${field}"`,
597
+ { field }
598
+ );
599
+ }
600
+ if (field in bObj) {
601
+ throw new OmaTrustError(
602
+ "INVALID_JWK",
603
+ `Second JWK contains private key field "${field}"`,
604
+ { field }
605
+ );
606
+ }
607
+ }
608
+ const aPublic = extractPublicKeyFields(aObj);
609
+ const bPublic = extractPublicKeyFields(bObj);
610
+ return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
611
+ }
612
+ async function computeJwkThumbprint(jwk, digestAlgorithm = "sha256") {
613
+ assertObject(jwk, "jwk", "INVALID_JWK");
614
+ const validation = validatePublicJwk(jwk);
615
+ if (!validation.valid) {
616
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
617
+ }
618
+ const alg = digestAlgorithm === "sha256" ? "sha256" : digestAlgorithm === "sha384" ? "sha384" : "sha512";
619
+ return jose.calculateJwkThumbprint(jwk, alg);
620
+ }
621
+ async function formatJktValue(jwk) {
622
+ const thumbprint = await computeJwkThumbprint(jwk, "sha256");
623
+ return `jkt=S256:${thumbprint}`;
624
+ }
625
+
626
+ // src/shared/did-document.ts
627
+ async function fetchDidDocument(domain) {
628
+ const normalized = domain.toLowerCase().replace(/\.$/, "");
629
+ const url = `https://${normalized}/.well-known/did.json`;
630
+ let response;
631
+ try {
632
+ response = await fetch(url, { headers: { Accept: "application/json" } });
633
+ } catch (err) {
634
+ throw new OmaTrustError("NETWORK_ERROR", "Failed to fetch DID document", { domain, err });
635
+ }
636
+ if (!response.ok) {
637
+ throw new OmaTrustError("NETWORK_ERROR", `DID document fetch failed: ${response.status}`, {
638
+ domain,
639
+ status: response.status
640
+ });
641
+ }
642
+ return await response.json();
643
+ }
644
+
645
+ // src/identity/resolve-key.ts
646
+ function findVerificationMethod(didDocument, didUrl, fragment) {
647
+ const methods = didDocument.verificationMethod;
648
+ if (!Array.isArray(methods)) {
649
+ return null;
650
+ }
651
+ for (const method of methods) {
652
+ if (!method || typeof method !== "object") continue;
653
+ const id = method.id;
654
+ if (typeof id !== "string") continue;
655
+ if (id === didUrl) return method;
656
+ if (fragment && (id === `#${fragment}` || id.endsWith(`#${fragment}`))) {
657
+ return method;
658
+ }
659
+ }
660
+ return null;
661
+ }
662
+ function extractMethodIdsFromDidDocument(didDocument) {
663
+ const methods = didDocument.verificationMethod;
664
+ if (!Array.isArray(methods)) return [];
665
+ return methods.filter((m) => m && typeof m.id === "string").map((m) => m.id);
666
+ }
667
+ async function resolveDidUrlToPublicKey(didUrl, options) {
668
+ assertString(didUrl, "didUrl", "INVALID_DID_URL");
669
+ const parsed = parseDidUrl(didUrl);
670
+ const method = extractDidMethod(parsed.did);
671
+ if (!method) {
672
+ throw new OmaTrustError("INVALID_DID_URL", "Cannot extract DID method from DID URL", {
673
+ didUrl,
674
+ did: parsed.did
675
+ });
676
+ }
677
+ switch (method) {
678
+ case "web":
679
+ return resolveDidUrlKey(parsed.didUrl, parsed.did, parsed.fragment, options);
680
+ default:
681
+ throw new OmaTrustError(
682
+ "UNSUPPORTED_DID_METHOD",
683
+ `DID URL key resolution is not supported for method "${method}"`,
684
+ { didUrl, method }
685
+ );
686
+ }
687
+ }
688
+ async function resolveDidUrlToControllerDid(didUrl, options) {
689
+ const resolved = await resolveDidUrlToPublicKey(didUrl, options);
690
+ const controllerDid = jwkToDidJwk(resolved.publicKeyJwk);
691
+ return {
692
+ ...resolved,
693
+ controllerDid
694
+ };
695
+ }
696
+ async function resolveDidUrlKey(didUrl, did, fragment, options) {
697
+ const domain = getDomainFromDidWeb(did);
698
+ if (!domain) {
699
+ throw new OmaTrustError("INVALID_DID_URL", "Cannot extract domain from did:web DID", {
700
+ didUrl,
701
+ did
702
+ });
703
+ }
704
+ const fetchFn = options?.fetchDidDocument ?? fetchDidDocument;
705
+ const didDocument = await fetchFn(domain);
706
+ const method = findVerificationMethod(didDocument, didUrl, fragment);
707
+ if (!method) {
708
+ throw new OmaTrustError(
709
+ "KEY_NOT_FOUND",
710
+ `No verification method found matching "${fragment ? `#${fragment}` : didUrl}"`,
711
+ { didUrl, fragment, availableMethods: extractMethodIdsFromDidDocument(didDocument) }
712
+ );
713
+ }
714
+ const publicKeyJwk = method.publicKeyJwk;
715
+ if (!publicKeyJwk || typeof publicKeyJwk !== "object") {
716
+ throw new OmaTrustError(
717
+ "KEY_NOT_FOUND",
718
+ `Verification method "${method.id}" does not contain publicKeyJwk`,
719
+ { didUrl, verificationMethodId: method.id }
720
+ );
721
+ }
722
+ const validation = validatePublicJwk(publicKeyJwk);
723
+ if (!validation.valid) {
724
+ throw new OmaTrustError(
725
+ "INVALID_JWK",
726
+ `publicKeyJwk in verification method "${method.id}" is invalid: ${validation.error}`,
727
+ { didUrl, verificationMethodId: method.id }
728
+ );
729
+ }
730
+ return {
731
+ didUrl,
732
+ did,
733
+ fragment,
734
+ publicKeyJwk,
735
+ verificationMethodId: method.id
736
+ };
737
+ }
738
+
739
+ // src/identity/controller-id.ts
740
+ function isSameControllerId(a, b) {
741
+ let normalizedA = null;
742
+ let normalizedB = null;
743
+ try {
744
+ normalizedA = normalizeDid(a);
745
+ } catch {
746
+ }
747
+ try {
748
+ normalizedB = normalizeDid(b);
749
+ } catch {
750
+ }
751
+ if (normalizedA && normalizedB && normalizedA === normalizedB) {
752
+ return true;
753
+ }
754
+ const evmA = extractControllerEvmAddress(a);
755
+ const evmB = extractControllerEvmAddress(b);
756
+ if (evmA && evmB && evmA.toLowerCase() === evmB.toLowerCase()) {
757
+ return true;
758
+ }
759
+ const methodA = extractDidMethod(a);
760
+ const methodB = extractDidMethod(b);
761
+ if (methodA === "jwk" && methodB === "jwk") {
762
+ try {
763
+ const jwkA = didJwkToJwk(a);
764
+ const jwkB = didJwkToJwk(b);
765
+ return publicJwkEquals(jwkA, jwkB);
766
+ } catch {
767
+ return false;
768
+ }
769
+ }
770
+ return false;
771
+ }
772
+ function extractControllerEvmAddress(controllerDid) {
773
+ try {
774
+ const method = extractDidMethod(controllerDid);
775
+ if (method === "pkh" && controllerDid.includes("eip155")) {
776
+ return extractAddressFromDid(controllerDid);
777
+ }
778
+ } catch {
779
+ }
780
+ return null;
781
+ }
782
+
783
+ // src/identity/types.ts
784
+ function extractAuthorizationMetadata(result) {
785
+ const payload = result.payload;
786
+ const resourceUrl = typeof payload.resourceUrl === "string" ? payload.resourceUrl : null;
787
+ const issuedAt = typeof payload.issuedAt === "string" ? payload.issuedAt : null;
788
+ let subjectDid = null;
789
+ if (resourceUrl) {
790
+ try {
791
+ const url = new URL(resourceUrl);
792
+ subjectDid = `did:web:${url.hostname}`;
793
+ } catch {
794
+ }
795
+ }
796
+ return {
797
+ controllerDid: result.publicKeyDid,
798
+ subjectDid,
799
+ resourceUrl,
800
+ issuedAt,
801
+ kid: result.kid,
802
+ publicKeyJwk: result.publicKeyJwk
803
+ };
804
+ }
279
805
  function canonicalizeJson(obj) {
280
806
  const jcs = canonicalize__default.default(obj);
281
807
  if (!jcs) {
@@ -296,6 +822,7 @@ function hashCanonicalizedJson(obj, algorithm) {
296
822
  return algorithm === "keccak256" ? ethers.keccak256(bytes) : ethers.sha256(bytes);
297
823
  }
298
824
 
825
+ exports.assertBareDid = assertBareDid;
299
826
  exports.buildCaip10 = buildCaip10;
300
827
  exports.buildCaip2 = buildCaip2;
301
828
  exports.buildDidPkh = buildDidPkh;
@@ -306,26 +833,42 @@ exports.canonicalizeForHash = canonicalizeForHash;
306
833
  exports.canonicalizeJson = canonicalizeJson;
307
834
  exports.computeDidAddress = computeDidAddress;
308
835
  exports.computeDidHash = computeDidHash;
836
+ exports.computeJwkThumbprint = computeJwkThumbprint;
837
+ exports.didJwkToJwk = didJwkToJwk;
309
838
  exports.didToAddress = didToAddress;
310
839
  exports.extractAddressFromDid = extractAddressFromDid;
840
+ exports.extractAuthorizationMetadata = extractAuthorizationMetadata;
841
+ exports.extractControllerEvmAddress = extractControllerEvmAddress;
311
842
  exports.extractDidIdentifier = extractDidIdentifier;
312
843
  exports.extractDidMethod = extractDidMethod;
844
+ exports.formatJktValue = formatJktValue;
313
845
  exports.getAddressFromDidPkh = getAddressFromDidPkh;
314
846
  exports.getChainIdFromDidPkh = getChainIdFromDidPkh;
315
847
  exports.getDomainFromDidWeb = getDomainFromDidWeb;
316
848
  exports.getNamespaceFromDidPkh = getNamespaceFromDidPkh;
317
849
  exports.hashCanonicalizedJson = hashCanonicalizedJson;
850
+ exports.isDidUrl = isDidUrl;
318
851
  exports.isEvmDidPkh = isEvmDidPkh;
852
+ exports.isPrivateKeyDid = isPrivateKeyDid;
853
+ exports.isSameControllerId = isSameControllerId;
319
854
  exports.isValidDid = isValidDid;
855
+ exports.jwkToDidJwk = jwkToDidJwk;
320
856
  exports.normalizeCaip10 = normalizeCaip10;
321
857
  exports.normalizeDid = normalizeDid;
322
858
  exports.normalizeDidHandle = normalizeDidHandle;
859
+ exports.normalizeDidJwk = normalizeDidJwk;
323
860
  exports.normalizeDidKey = normalizeDidKey;
324
861
  exports.normalizeDidPkh = normalizeDidPkh;
325
862
  exports.normalizeDidWeb = normalizeDidWeb;
326
863
  exports.normalizeDomain = normalizeDomain;
327
864
  exports.parseCaip10 = parseCaip10;
328
865
  exports.parseCaip2 = parseCaip2;
866
+ exports.parseDidUrl = parseDidUrl;
867
+ exports.publicJwkEquals = publicJwkEquals;
868
+ exports.resolveDidUrlToControllerDid = resolveDidUrlToControllerDid;
869
+ exports.resolveDidUrlToPublicKey = resolveDidUrlToPublicKey;
329
870
  exports.validateDidAddress = validateDidAddress;
871
+ exports.validatePrivateKeyDid = validatePrivateKeyDid;
872
+ exports.validatePublicJwk = validatePublicJwk;
330
873
  //# sourceMappingURL=index.cjs.map
331
874
  //# sourceMappingURL=index.cjs.map