@oma3/omatrust 0.1.0-alpha.10 → 0.1.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/README.md +3 -0
  2. package/dist/app-registry/index.cjs +53 -0
  3. package/dist/app-registry/index.cjs.map +1 -1
  4. package/dist/app-registry/index.js +53 -0
  5. package/dist/app-registry/index.js.map +1 -1
  6. package/dist/identity/index.cjs +1028 -6
  7. package/dist/identity/index.cjs.map +1 -1
  8. package/dist/identity/index.d.cts +2 -1
  9. package/dist/identity/index.d.ts +2 -1
  10. package/dist/identity/index.js +984 -7
  11. package/dist/identity/index.js.map +1 -1
  12. package/dist/index-B5OC9_8B.d.cts +480 -0
  13. package/dist/index-Bu-xxcv9.d.ts +407 -0
  14. package/dist/index-C6WNgPRx.d.ts +480 -0
  15. package/dist/index-C7odEbp6.d.cts +407 -0
  16. package/dist/index.cjs +2498 -373
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +4 -3
  19. package/dist/index.d.ts +4 -3
  20. package/dist/index.js +2342 -236
  21. package/dist/index.js.map +1 -1
  22. package/dist/reputation/index.browser.cjs +949 -67
  23. package/dist/reputation/index.browser.cjs.map +1 -1
  24. package/dist/reputation/index.browser.d.cts +2 -2
  25. package/dist/reputation/index.browser.d.ts +2 -2
  26. package/dist/reputation/index.browser.js +947 -67
  27. package/dist/reputation/index.browser.js.map +1 -1
  28. package/dist/reputation/index.cjs +1745 -232
  29. package/dist/reputation/index.cjs.map +1 -1
  30. package/dist/reputation/index.d.cts +3 -2
  31. package/dist/reputation/index.d.ts +3 -2
  32. package/dist/reputation/index.js +1727 -232
  33. package/dist/reputation/index.js.map +1 -1
  34. package/dist/{subject-ownership-CXvzEjpH.d.cts → subject-ownership-B7cFlm8c.d.cts} +256 -26
  35. package/dist/{subject-ownership-CXvzEjpH.d.ts → subject-ownership-B7cFlm8c.d.ts} +256 -26
  36. package/dist/types-Dn0OwaNj.d.cts +307 -0
  37. package/dist/types-Dn0OwaNj.d.ts +307 -0
  38. package/dist/widgets/index.cjs +70 -27
  39. package/dist/widgets/index.cjs.map +1 -1
  40. package/dist/widgets/index.d.cts +45 -18
  41. package/dist/widgets/index.d.ts +45 -18
  42. package/dist/widgets/index.js +67 -26
  43. package/dist/widgets/index.js.map +1 -1
  44. package/package.json +5 -2
  45. package/dist/index-B9KW02US.d.cts +0 -119
  46. package/dist/index-DXrwBex9.d.ts +0 -119
  47. package/dist/index-QZDExA4I.d.cts +0 -90
  48. package/dist/index-QZDExA4I.d.ts +0 -90
@@ -1,11 +1,36 @@
1
1
  'use strict';
2
2
 
3
3
  var ethers = require('ethers');
4
+ var jose = require('jose');
4
5
  var canonicalize = require('canonicalize');
6
+ var cid = require('multiformats/cid');
7
+ var sha2 = require('multiformats/hashes/sha2');
8
+ var raw = require('multiformats/codecs/raw');
9
+ var base32 = require('multiformats/bases/base32');
10
+ var base58 = require('multiformats/bases/base58');
5
11
 
6
12
  function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
7
13
 
14
+ function _interopNamespace(e) {
15
+ if (e && e.__esModule) return e;
16
+ var n = Object.create(null);
17
+ if (e) {
18
+ Object.keys(e).forEach(function (k) {
19
+ if (k !== 'default') {
20
+ var d = Object.getOwnPropertyDescriptor(e, k);
21
+ Object.defineProperty(n, k, d.get ? d : {
22
+ enumerable: true,
23
+ get: function () { return e[k]; }
24
+ });
25
+ }
26
+ });
27
+ }
28
+ n.default = e;
29
+ return Object.freeze(n);
30
+ }
31
+
8
32
  var canonicalize__default = /*#__PURE__*/_interopDefault(canonicalize);
33
+ var raw__namespace = /*#__PURE__*/_interopNamespace(raw);
9
34
 
10
35
  // src/identity/did.ts
11
36
 
@@ -13,18 +38,23 @@ var canonicalize__default = /*#__PURE__*/_interopDefault(canonicalize);
13
38
  var OmaTrustError = class extends Error {
14
39
  code;
15
40
  details;
16
- constructor(code, message, details) {
41
+ constructor(code2, message, details) {
17
42
  super(message);
18
43
  this.name = "OmaTrustError";
19
- this.code = code;
44
+ this.code = code2;
20
45
  this.details = details;
21
46
  }
22
47
  };
23
48
 
24
49
  // src/shared/assert.ts
25
- function assertString(value, name, code = "INVALID_INPUT") {
50
+ function assertString(value, name, code2 = "INVALID_INPUT") {
26
51
  if (typeof value !== "string" || value.trim().length === 0) {
27
- throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });
52
+ throw new OmaTrustError(code2, `${name} must be a non-empty string`, { value });
53
+ }
54
+ }
55
+ function assertObject(value, name, code2 = "INVALID_INPUT") {
56
+ if (!value || typeof value !== "object" || Array.isArray(value)) {
57
+ throw new OmaTrustError(code2, `${name} must be an object`, { value });
28
58
  }
29
59
  }
30
60
 
@@ -81,6 +111,158 @@ function parseCaip2(caip2) {
81
111
  }
82
112
  return { namespace, reference };
83
113
  }
114
+ var VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
115
+ var PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
116
+ var REQUIRED_PUBLIC_FIELDS = {
117
+ EC: ["crv", "x", "y"],
118
+ OKP: ["crv", "x"],
119
+ RSA: ["n", "e"]
120
+ };
121
+ function validatePublicJwk(jwk) {
122
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
123
+ return { valid: false, error: "JWK must be a non-null object" };
124
+ }
125
+ const obj = jwk;
126
+ const kty = obj.kty;
127
+ if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
128
+ return {
129
+ valid: false,
130
+ error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
131
+ };
132
+ }
133
+ for (const field of PRIVATE_KEY_FIELDS) {
134
+ if (field in obj) {
135
+ return {
136
+ valid: false,
137
+ error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
138
+ };
139
+ }
140
+ }
141
+ const required = REQUIRED_PUBLIC_FIELDS[kty];
142
+ if (required) {
143
+ for (const field of required) {
144
+ if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
145
+ return {
146
+ valid: false,
147
+ error: `Missing required public key field "${field}" for kty="${kty}"`
148
+ };
149
+ }
150
+ }
151
+ }
152
+ return { valid: true };
153
+ }
154
+ function canonicalizeJwkJson(jwk) {
155
+ const sorted = Object.keys(jwk).sort();
156
+ const obj = {};
157
+ for (const key of sorted) {
158
+ obj[key] = jwk[key];
159
+ }
160
+ return JSON.stringify(obj);
161
+ }
162
+ function jwkToDidJwk(jwk) {
163
+ assertObject(jwk, "jwk", "INVALID_JWK");
164
+ const validation = validatePublicJwk(jwk);
165
+ if (!validation.valid) {
166
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
167
+ }
168
+ const canonical = canonicalizeJwkJson(jwk);
169
+ const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
170
+ return `did:jwk:${encoded}`;
171
+ }
172
+ function didJwkToJwk(didJwk) {
173
+ if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
174
+ throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
175
+ }
176
+ const parts = didJwk.split(":");
177
+ if (parts.length !== 3) {
178
+ throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
179
+ input: didJwk
180
+ });
181
+ }
182
+ const encoded = parts[2];
183
+ if (!encoded || encoded.length === 0) {
184
+ throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
185
+ input: didJwk
186
+ });
187
+ }
188
+ let decoded;
189
+ try {
190
+ const bytes = jose.base64url.decode(encoded);
191
+ decoded = new TextDecoder().decode(bytes);
192
+ } catch {
193
+ throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
194
+ input: didJwk
195
+ });
196
+ }
197
+ let jwk;
198
+ try {
199
+ jwk = JSON.parse(decoded);
200
+ } catch {
201
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
202
+ input: didJwk
203
+ });
204
+ }
205
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
206
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
207
+ input: didJwk
208
+ });
209
+ }
210
+ const validation = validatePublicJwk(jwk);
211
+ if (!validation.valid) {
212
+ throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
213
+ input: didJwk
214
+ });
215
+ }
216
+ return jwk;
217
+ }
218
+ function extractPublicKeyFields(jwk) {
219
+ const result = {};
220
+ const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
221
+ for (const [key, value] of Object.entries(jwk)) {
222
+ if (PRIVATE_KEY_FIELDS.has(key)) continue;
223
+ if (metadataFields.has(key)) continue;
224
+ result[key] = value;
225
+ }
226
+ return result;
227
+ }
228
+ function publicJwkEquals(a, b) {
229
+ assertObject(a, "a", "INVALID_JWK");
230
+ assertObject(b, "b", "INVALID_JWK");
231
+ const aObj = a;
232
+ const bObj = b;
233
+ for (const field of PRIVATE_KEY_FIELDS) {
234
+ if (field in aObj) {
235
+ throw new OmaTrustError(
236
+ "INVALID_JWK",
237
+ `First JWK contains private key field "${field}"`,
238
+ { field }
239
+ );
240
+ }
241
+ if (field in bObj) {
242
+ throw new OmaTrustError(
243
+ "INVALID_JWK",
244
+ `Second JWK contains private key field "${field}"`,
245
+ { field }
246
+ );
247
+ }
248
+ }
249
+ const aPublic = extractPublicKeyFields(aObj);
250
+ const bPublic = extractPublicKeyFields(bObj);
251
+ return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
252
+ }
253
+ async function computeJwkThumbprint(jwk, digestAlgorithm = "sha256") {
254
+ assertObject(jwk, "jwk", "INVALID_JWK");
255
+ const validation = validatePublicJwk(jwk);
256
+ if (!validation.valid) {
257
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
258
+ }
259
+ const alg = digestAlgorithm === "sha256" ? "sha256" : digestAlgorithm === "sha384" ? "sha384" : "sha512";
260
+ return jose.calculateJwkThumbprint(jwk, alg);
261
+ }
262
+ async function formatJktValue(jwk) {
263
+ const thumbprint = await computeJwkThumbprint(jwk, "sha256");
264
+ return `jkt=S256:${thumbprint}`;
265
+ }
84
266
 
85
267
  // src/identity/did.ts
86
268
  var DID_REGEX = /^did:[a-z0-9]+:.+$/i;
@@ -156,7 +338,7 @@ function normalizeDidKey(input) {
156
338
  }
157
339
  function normalizeDid(input) {
158
340
  assertString(input, "input", "INVALID_DID");
159
- const trimmed = input.trim();
341
+ const trimmed = input.trim().split("#")[0];
160
342
  if (!trimmed.startsWith("did:")) {
161
343
  return normalizeDidWeb(trimmed);
162
344
  }
@@ -173,6 +355,8 @@ function normalizeDid(input) {
173
355
  return normalizeDidHandle(trimmed);
174
356
  case "key":
175
357
  return normalizeDidKey(trimmed);
358
+ case "jwk":
359
+ return normalizeDidJwk(trimmed);
176
360
  default:
177
361
  return trimmed;
178
362
  }
@@ -276,56 +460,894 @@ function extractAddressFromDid(identifier) {
276
460
  }
277
461
  throw new OmaTrustError("INVALID_DID", "Unsupported identifier format", { identifier });
278
462
  }
463
+ var CAIP2_NAMESPACE_REGEX = /^[a-z0-9-]{3,8}$/;
464
+ var BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
465
+ var VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
466
+ function isPrivateKeyDid(did) {
467
+ return validatePrivateKeyDid(did).valid;
468
+ }
469
+ function validatePrivateKeyDid(did) {
470
+ if (typeof did !== "string" || did.trim().length === 0) {
471
+ return { valid: false, method: null, error: "DID must be a non-empty string" };
472
+ }
473
+ const trimmed = did.trim();
474
+ const method = extractDidMethod(trimmed);
475
+ switch (method) {
476
+ case "pkh":
477
+ return validateDidPkh(trimmed);
478
+ case "jwk":
479
+ return validateDidJwk(trimmed);
480
+ default:
481
+ return {
482
+ valid: false,
483
+ method: null,
484
+ error: method ? `DID method "${method}" is not a recognized private-key method` : "Invalid DID format"
485
+ };
486
+ }
487
+ }
488
+ function validateDidPkh(did) {
489
+ const parts = did.split(":");
490
+ if (parts.length !== 5) {
491
+ return {
492
+ valid: false,
493
+ method: "pkh",
494
+ error: `did:pkh must have exactly 5 colon-separated parts, got ${parts.length}`
495
+ };
496
+ }
497
+ const [, , namespace, chainId, address] = parts;
498
+ if (!namespace) {
499
+ return { valid: false, method: "pkh", error: "Missing namespace" };
500
+ }
501
+ if (!CAIP2_NAMESPACE_REGEX.test(namespace)) {
502
+ return {
503
+ valid: false,
504
+ method: "pkh",
505
+ error: `Invalid CAIP-2 namespace "${namespace}" (must be 3-8 lowercase alphanumeric/hyphen chars)`
506
+ };
507
+ }
508
+ if (!chainId) {
509
+ return { valid: false, method: "pkh", error: "Missing chain ID (reference)" };
510
+ }
511
+ if (!address) {
512
+ return { valid: false, method: "pkh", error: "Missing address" };
513
+ }
514
+ if (namespace === "eip155") {
515
+ if (!/^\d+$/.test(chainId)) {
516
+ return {
517
+ valid: false,
518
+ method: "pkh",
519
+ error: `Invalid eip155 chain ID "${chainId}" (must be numeric)`
520
+ };
521
+ }
522
+ if (!ethers.isAddress(address)) {
523
+ return {
524
+ valid: false,
525
+ method: "pkh",
526
+ error: `Invalid EVM address "${address}" (must be 0x + 40 hex chars)`
527
+ };
528
+ }
529
+ }
530
+ if (namespace === "solana") {
531
+ if (!/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address)) {
532
+ return {
533
+ valid: false,
534
+ method: "pkh",
535
+ error: `Invalid Solana address "${address}" (must be 32-44 base58 characters)`
536
+ };
537
+ }
538
+ }
539
+ return { valid: true, method: "pkh" };
540
+ }
541
+ function validateDidJwk(did) {
542
+ const parts = did.split(":");
543
+ if (parts.length !== 3) {
544
+ return {
545
+ valid: false,
546
+ method: "jwk",
547
+ error: `did:jwk must have exactly 3 colon-separated parts, got ${parts.length}`
548
+ };
549
+ }
550
+ const [, , encoded] = parts;
551
+ if (!encoded || encoded.length === 0) {
552
+ return { valid: false, method: "jwk", error: "Missing base64url-encoded JWK identifier" };
553
+ }
554
+ if (!BASE64URL_REGEX.test(encoded)) {
555
+ return {
556
+ valid: false,
557
+ method: "jwk",
558
+ error: "Identifier contains invalid base64url characters"
559
+ };
560
+ }
561
+ let decoded;
562
+ try {
563
+ const bytes = jose.base64url.decode(encoded);
564
+ decoded = new TextDecoder().decode(bytes);
565
+ } catch {
566
+ return { valid: false, method: "jwk", error: "Failed to base64url-decode identifier" };
567
+ }
568
+ let jwk;
569
+ try {
570
+ jwk = JSON.parse(decoded);
571
+ } catch {
572
+ return { valid: false, method: "jwk", error: "Decoded identifier is not valid JSON" };
573
+ }
574
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
575
+ return { valid: false, method: "jwk", error: "Decoded JWK must be a JSON object" };
576
+ }
577
+ const kty = jwk.kty;
578
+ if (typeof kty !== "string" || !VALID_JWK_KTY.has(kty)) {
579
+ return {
580
+ valid: false,
581
+ method: "jwk",
582
+ error: `Invalid or missing kty field (must be one of: EC, OKP, RSA)`
583
+ };
584
+ }
585
+ if ("d" in jwk) {
586
+ return {
587
+ valid: false,
588
+ method: "jwk",
589
+ error: "DID must reference a public key \u2014 private key component (d) is not allowed"
590
+ };
591
+ }
592
+ const jwkValidation = validatePublicJwk(jwk);
593
+ if (!jwkValidation.valid) {
594
+ return { valid: false, method: "jwk", error: jwkValidation.error };
595
+ }
596
+ return { valid: true, method: "jwk" };
597
+ }
598
+ function normalizeDidJwk(input) {
599
+ assertString(input, "input", "INVALID_DID");
600
+ const trimmed = input.trim();
601
+ if (!trimmed.startsWith("did:jwk:")) {
602
+ throw new OmaTrustError("INVALID_DID", "Expected did:jwk DID", { input });
603
+ }
604
+ const result = validateDidJwk(trimmed);
605
+ if (!result.valid) {
606
+ throw new OmaTrustError("INVALID_DID", result.error ?? "Invalid did:jwk", { input });
607
+ }
608
+ return trimmed;
609
+ }
610
+
611
+ // src/identity/did-url.ts
612
+ var DID_URL_REGEX = /^did:[a-z0-9]+:.+$/i;
613
+ function parseDidUrl(input) {
614
+ assertString(input, "input", "INVALID_DID_URL");
615
+ const trimmed = input.trim();
616
+ const hashIndex = trimmed.indexOf("#");
617
+ let did;
618
+ let fragment;
619
+ if (hashIndex === -1) {
620
+ did = trimmed;
621
+ fragment = null;
622
+ } else {
623
+ did = trimmed.slice(0, hashIndex);
624
+ const rawFragment = trimmed.slice(hashIndex + 1);
625
+ if (rawFragment.length === 0) {
626
+ throw new OmaTrustError(
627
+ "INVALID_DID_URL",
628
+ "DID URL has empty fragment (trailing '#' with no identifier)",
629
+ { input }
630
+ );
631
+ }
632
+ fragment = rawFragment;
633
+ }
634
+ if (!DID_URL_REGEX.test(did)) {
635
+ throw new OmaTrustError(
636
+ "INVALID_DID_URL",
637
+ "Invalid DID URL: base DID portion is malformed",
638
+ { input, did }
639
+ );
640
+ }
641
+ return {
642
+ didUrl: trimmed,
643
+ did,
644
+ fragment
645
+ };
646
+ }
647
+ function isDidUrl(input) {
648
+ if (typeof input !== "string") return false;
649
+ const trimmed = input.trim();
650
+ return trimmed.includes("#") && DID_URL_REGEX.test(trimmed.split("#")[0]);
651
+ }
652
+ function assertBareDid(input, paramName = "did") {
653
+ assertString(input, paramName, "INVALID_DID");
654
+ if (isDidUrl(input)) {
655
+ throw new OmaTrustError(
656
+ "INVALID_DID",
657
+ `Expected a bare DID but received a DID URL with a fragment. Use parseDidUrl() to handle DID URLs.`,
658
+ { input }
659
+ );
660
+ }
661
+ }
662
+
663
+ // src/shared/did-document.ts
664
+ async function fetchDidDocument(domain) {
665
+ const normalized = domain.toLowerCase().replace(/\.$/, "");
666
+ const url = `https://${normalized}/.well-known/did.json`;
667
+ let response;
668
+ try {
669
+ response = await fetch(url, { headers: { Accept: "application/json" } });
670
+ } catch (err) {
671
+ throw new OmaTrustError("NETWORK_ERROR", "Failed to fetch DID document", { domain, err });
672
+ }
673
+ if (!response.ok) {
674
+ throw new OmaTrustError("NETWORK_ERROR", `DID document fetch failed: ${response.status}`, {
675
+ domain,
676
+ status: response.status
677
+ });
678
+ }
679
+ return await response.json();
680
+ }
681
+
682
+ // src/identity/resolve-key.ts
683
+ function findVerificationMethod(didDocument, didUrl, fragment) {
684
+ const methods = didDocument.verificationMethod;
685
+ if (!Array.isArray(methods)) {
686
+ return null;
687
+ }
688
+ for (const method of methods) {
689
+ if (!method || typeof method !== "object") continue;
690
+ const id = method.id;
691
+ if (typeof id !== "string") continue;
692
+ if (id === didUrl) return method;
693
+ if (fragment && (id === `#${fragment}` || id.endsWith(`#${fragment}`))) {
694
+ return method;
695
+ }
696
+ }
697
+ return null;
698
+ }
699
+ function extractMethodIdsFromDidDocument(didDocument) {
700
+ const methods = didDocument.verificationMethod;
701
+ if (!Array.isArray(methods)) return [];
702
+ return methods.filter((m) => m && typeof m.id === "string").map((m) => m.id);
703
+ }
704
+ async function resolveDidUrlToPublicKey(didUrl, options) {
705
+ assertString(didUrl, "didUrl", "INVALID_DID_URL");
706
+ const parsed = parseDidUrl(didUrl);
707
+ const method = extractDidMethod(parsed.did);
708
+ if (!method) {
709
+ throw new OmaTrustError("INVALID_DID_URL", "Cannot extract DID method from DID URL", {
710
+ didUrl,
711
+ did: parsed.did
712
+ });
713
+ }
714
+ switch (method) {
715
+ case "web":
716
+ return resolveDidUrlKey(parsed.didUrl, parsed.did, parsed.fragment, options);
717
+ default:
718
+ throw new OmaTrustError(
719
+ "UNSUPPORTED_DID_METHOD",
720
+ `DID URL key resolution is not supported for method "${method}"`,
721
+ { didUrl, method }
722
+ );
723
+ }
724
+ }
725
+ async function resolveDidUrlToControllerDid(didUrl, options) {
726
+ const resolved = await resolveDidUrlToPublicKey(didUrl, options);
727
+ const controllerDid = jwkToDidJwk(resolved.publicKeyJwk);
728
+ return {
729
+ ...resolved,
730
+ controllerDid
731
+ };
732
+ }
733
+ async function resolveDidUrlKey(didUrl, did, fragment, options) {
734
+ const domain = getDomainFromDidWeb(did);
735
+ if (!domain) {
736
+ throw new OmaTrustError("INVALID_DID_URL", "Cannot extract domain from did:web DID", {
737
+ didUrl,
738
+ did
739
+ });
740
+ }
741
+ const fetchFn = options?.fetchDidDocument ?? fetchDidDocument;
742
+ const didDocument = await fetchFn(domain);
743
+ const method = findVerificationMethod(didDocument, didUrl, fragment);
744
+ if (!method) {
745
+ throw new OmaTrustError(
746
+ "KEY_NOT_FOUND",
747
+ `No verification method found matching "${fragment ? `#${fragment}` : didUrl}"`,
748
+ { didUrl, fragment, availableMethods: extractMethodIdsFromDidDocument(didDocument) }
749
+ );
750
+ }
751
+ const publicKeyJwk = method.publicKeyJwk;
752
+ if (!publicKeyJwk || typeof publicKeyJwk !== "object") {
753
+ throw new OmaTrustError(
754
+ "KEY_NOT_FOUND",
755
+ `Verification method "${method.id}" does not contain publicKeyJwk`,
756
+ { didUrl, verificationMethodId: method.id }
757
+ );
758
+ }
759
+ const validation = validatePublicJwk(publicKeyJwk);
760
+ if (!validation.valid) {
761
+ throw new OmaTrustError(
762
+ "INVALID_JWK",
763
+ `publicKeyJwk in verification method "${method.id}" is invalid: ${validation.error}`,
764
+ { didUrl, verificationMethodId: method.id }
765
+ );
766
+ }
767
+ return {
768
+ didUrl,
769
+ did,
770
+ fragment,
771
+ publicKeyJwk,
772
+ verificationMethodId: method.id
773
+ };
774
+ }
775
+
776
+ // src/identity/controller-id.ts
777
+ function isSameControllerId(a, b) {
778
+ let normalizedA = null;
779
+ let normalizedB = null;
780
+ try {
781
+ normalizedA = normalizeDid(a);
782
+ } catch {
783
+ }
784
+ try {
785
+ normalizedB = normalizeDid(b);
786
+ } catch {
787
+ }
788
+ if (normalizedA && normalizedB && normalizedA === normalizedB) {
789
+ return true;
790
+ }
791
+ const evmA = extractControllerEvmAddress(a);
792
+ const evmB = extractControllerEvmAddress(b);
793
+ if (evmA && evmB && evmA.toLowerCase() === evmB.toLowerCase()) {
794
+ return true;
795
+ }
796
+ const methodA = extractDidMethod(a);
797
+ const methodB = extractDidMethod(b);
798
+ if (methodA === "jwk" && methodB === "jwk") {
799
+ try {
800
+ const jwkA = didJwkToJwk(a);
801
+ const jwkB = didJwkToJwk(b);
802
+ return publicJwkEquals(jwkA, jwkB);
803
+ } catch {
804
+ return false;
805
+ }
806
+ }
807
+ return false;
808
+ }
809
+ function extractControllerEvmAddress(controllerDid) {
810
+ try {
811
+ const method = extractDidMethod(controllerDid);
812
+ if (method === "pkh" && controllerDid.includes("eip155")) {
813
+ return extractAddressFromDid(controllerDid);
814
+ }
815
+ } catch {
816
+ }
817
+ return null;
818
+ }
819
+
820
+ // src/identity/types.ts
821
+ function extractAuthorizationMetadata(result) {
822
+ const payload = result.payload;
823
+ const resourceUrl = typeof payload.resourceUrl === "string" ? payload.resourceUrl : null;
824
+ const issuedAt = typeof payload.issuedAt === "string" ? payload.issuedAt : typeof payload.issuedAt === "number" ? payload.issuedAt : null;
825
+ let subjectDid = null;
826
+ if (resourceUrl) {
827
+ try {
828
+ const url = new URL(resourceUrl);
829
+ subjectDid = `did:web:${url.hostname}`;
830
+ } catch {
831
+ }
832
+ }
833
+ if ("publicKeyDid" in result) {
834
+ const jwsResult = result;
835
+ return {
836
+ controllerDid: jwsResult.publicKeyDid,
837
+ subjectDid,
838
+ resourceUrl,
839
+ issuedAt,
840
+ kid: jwsResult.kid,
841
+ publicKeyJwk: jwsResult.publicKeyJwk,
842
+ signer: null
843
+ };
844
+ }
845
+ const eip712Result = result;
846
+ const signerAddress = eip712Result.signer.toLowerCase();
847
+ return {
848
+ controllerDid: `did:pkh:eip155:1:${signerAddress}`,
849
+ subjectDid,
850
+ resourceUrl,
851
+ issuedAt,
852
+ kid: null,
853
+ publicKeyJwk: null,
854
+ signer: eip712Result.signer
855
+ };
856
+ }
857
+ var VALID_ALGORITHMS = /* @__PURE__ */ new Set(["keccak256", "sha256"]);
858
+ var MAX_JSON_DEPTH = 32;
859
+ function assertDepthLimit(depth, context) {
860
+ if (depth > MAX_JSON_DEPTH) {
861
+ const msg = context ? `JSON nesting depth exceeds maximum of ${MAX_JSON_DEPTH} at ${context}` : `JSON nesting depth exceeds maximum of ${MAX_JSON_DEPTH}`;
862
+ throw new OmaTrustError("INVALID_INPUT", msg);
863
+ }
864
+ }
865
+ function parseJsonStrict(input) {
866
+ if (typeof input !== "string") {
867
+ throw new OmaTrustError("INVALID_INPUT", "Input must be a string");
868
+ }
869
+ const duplicateKeys = detectDuplicateKeys(input);
870
+ if (duplicateKeys.length > 0) {
871
+ throw new OmaTrustError(
872
+ "INVALID_INPUT",
873
+ `Duplicate JSON key${duplicateKeys.length > 1 ? "s" : ""} detected: ${duplicateKeys.map((k) => `"${k}"`).join(", ")}`,
874
+ { duplicateKeys }
875
+ );
876
+ }
877
+ try {
878
+ return JSON.parse(input);
879
+ } catch {
880
+ throw new OmaTrustError("INVALID_INPUT", "Input is not valid JSON");
881
+ }
882
+ }
883
+ function detectDuplicateKeys(input) {
884
+ const duplicates = [];
885
+ const objectKeyStack = [];
886
+ let inString = false;
887
+ let escaped = false;
888
+ let currentKey = "";
889
+ let collectingKey = false;
890
+ let afterColon = false;
891
+ let i = 0;
892
+ while (i < input.length) {
893
+ const ch = input[i];
894
+ if (escaped) {
895
+ if (collectingKey) currentKey += ch;
896
+ escaped = false;
897
+ i++;
898
+ continue;
899
+ }
900
+ if (ch === "\\") {
901
+ escaped = true;
902
+ if (collectingKey) currentKey += ch;
903
+ i++;
904
+ continue;
905
+ }
906
+ if (ch === '"') {
907
+ if (!inString) {
908
+ inString = true;
909
+ if (objectKeyStack.length > 0 && !afterColon) {
910
+ collectingKey = true;
911
+ currentKey = "";
912
+ }
913
+ } else {
914
+ inString = false;
915
+ if (collectingKey) {
916
+ collectingKey = false;
917
+ const keySet = objectKeyStack[objectKeyStack.length - 1];
918
+ if (keySet.has(currentKey)) {
919
+ if (!duplicates.includes(currentKey)) {
920
+ duplicates.push(currentKey);
921
+ }
922
+ } else {
923
+ keySet.add(currentKey);
924
+ }
925
+ }
926
+ }
927
+ i++;
928
+ continue;
929
+ }
930
+ if (inString) {
931
+ if (collectingKey) currentKey += ch;
932
+ i++;
933
+ continue;
934
+ }
935
+ if (ch === "{") {
936
+ objectKeyStack.push(/* @__PURE__ */ new Set());
937
+ assertDepthLimit(objectKeyStack.length);
938
+ afterColon = false;
939
+ } else if (ch === "}") {
940
+ objectKeyStack.pop();
941
+ afterColon = objectKeyStack.length > 0;
942
+ } else if (ch === "[") {
943
+ objectKeyStack.push(/* @__PURE__ */ new Set(["__array__"]));
944
+ assertDepthLimit(objectKeyStack.length);
945
+ afterColon = false;
946
+ } else if (ch === "]") {
947
+ objectKeyStack.pop();
948
+ afterColon = objectKeyStack.length > 0;
949
+ } else if (ch === ":") {
950
+ afterColon = true;
951
+ } else if (ch === ",") {
952
+ afterColon = false;
953
+ }
954
+ i++;
955
+ }
956
+ return duplicates;
957
+ }
958
+ function assertJsonSafe(value, path = "$", depth = 0) {
959
+ assertDepthLimit(depth, path);
960
+ if (value === void 0) {
961
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: undefined`);
962
+ }
963
+ if (value === null) return;
964
+ switch (typeof value) {
965
+ case "string":
966
+ case "boolean":
967
+ return;
968
+ case "number":
969
+ if (!Number.isFinite(value)) {
970
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: ${value} (must be finite number)`);
971
+ }
972
+ return;
973
+ case "bigint":
974
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: BigInt (use number or string)`);
975
+ case "function":
976
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: function`);
977
+ case "symbol":
978
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: Symbol`);
979
+ case "object":
980
+ if (value instanceof Date) {
981
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: Date (use ISO string or timestamp)`);
982
+ }
983
+ if (value instanceof RegExp) {
984
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: RegExp`);
985
+ }
986
+ if (Array.isArray(value)) {
987
+ for (let i = 0; i < value.length; i++) {
988
+ assertJsonSafe(value[i], `${path}[${i}]`, depth + 1);
989
+ }
990
+ return;
991
+ }
992
+ for (const [key, val] of Object.entries(value)) {
993
+ assertJsonSafe(val, `${path}.${key}`, depth + 1);
994
+ }
995
+ return;
996
+ default:
997
+ throw new OmaTrustError("INVALID_INPUT", `Non-JSON-safe value at ${path}: unknown type "${typeof value}"`);
998
+ }
999
+ }
279
1000
  function canonicalizeJson(obj) {
1001
+ assertJsonSafe(obj);
280
1002
  const jcs = canonicalize__default.default(obj);
281
1003
  if (!jcs) {
282
1004
  throw new OmaTrustError("INVALID_INPUT", "Object cannot be canonicalized", { obj });
283
1005
  }
284
1006
  return jcs;
285
1007
  }
286
- function canonicalizeForHash(obj) {
1008
+ function canonicalizeAndKeccak256(obj) {
287
1009
  const jcsJson = canonicalizeJson(obj);
288
1010
  return {
289
1011
  jcsJson,
290
1012
  hash: ethers.keccak256(ethers.toUtf8Bytes(jcsJson))
291
1013
  };
292
1014
  }
1015
+ function canonicalizeForHash(obj) {
1016
+ return canonicalizeAndKeccak256(obj);
1017
+ }
293
1018
  function hashCanonicalizedJson(obj, algorithm) {
1019
+ if (!VALID_ALGORITHMS.has(algorithm)) {
1020
+ throw new OmaTrustError("INVALID_INPUT", `Unsupported hash algorithm: "${algorithm}". Must be "keccak256" or "sha256".`, { algorithm });
1021
+ }
294
1022
  const jcs = canonicalizeJson(obj);
295
1023
  const bytes = ethers.toUtf8Bytes(jcs);
296
1024
  return algorithm === "keccak256" ? ethers.keccak256(bytes) : ethers.sha256(bytes);
297
1025
  }
1026
+ var DID_ARTIFACT_PREFIX = "did:artifact:";
1027
+ var CID_VERSION = 1;
1028
+ var RAW_CODEC = raw__namespace.code;
1029
+ var SHA2_256_CODE = 18;
1030
+ var SHA2_256_DIGEST_LENGTH = 32;
1031
+ async function artifactDidFromBytes(bytes) {
1032
+ if (!(bytes instanceof Uint8Array) || bytes.length === 0) {
1033
+ throw new OmaTrustError(
1034
+ "INVALID_INPUT",
1035
+ "bytes must be a non-empty Uint8Array"
1036
+ );
1037
+ }
1038
+ const digest = await sha2.sha256.digest(bytes);
1039
+ const cid$1 = cid.CID.createV1(RAW_CODEC, digest);
1040
+ return `${DID_ARTIFACT_PREFIX}${cid$1.toString(base32.base32)}`;
1041
+ }
1042
+ async function artifactDidFromJson(input) {
1043
+ const value = typeof input === "string" ? parseJsonStrict(input) : input;
1044
+ const jcs = canonicalizeJson(value);
1045
+ const bytes = new TextEncoder().encode(jcs);
1046
+ const digest = await sha2.sha256.digest(bytes);
1047
+ const cid$1 = cid.CID.createV1(RAW_CODEC, digest);
1048
+ return `${DID_ARTIFACT_PREFIX}${cid$1.toString(base32.base32)}`;
1049
+ }
1050
+ function parseArtifactDid(did) {
1051
+ if (typeof did !== "string" || !did.startsWith(DID_ARTIFACT_PREFIX)) {
1052
+ throw new OmaTrustError("INVALID_DID", "Expected a did:artifact DID", { did });
1053
+ }
1054
+ const identifier = did.slice(DID_ARTIFACT_PREFIX.length);
1055
+ if (!identifier || identifier.length === 0) {
1056
+ throw new OmaTrustError("INVALID_DID", "Missing method-specific identifier", { did });
1057
+ }
1058
+ if (identifier[0] !== "b") {
1059
+ throw new OmaTrustError(
1060
+ "INVALID_DID",
1061
+ `Invalid multibase prefix "${identifier[0]}", expected "b" (base32lower)`,
1062
+ { did }
1063
+ );
1064
+ }
1065
+ let cid$1;
1066
+ try {
1067
+ cid$1 = cid.CID.parse(identifier, base32.base32);
1068
+ } catch (err) {
1069
+ throw new OmaTrustError(
1070
+ "INVALID_DID",
1071
+ "Failed to decode base32 CID from did:artifact identifier",
1072
+ { did, cause: err }
1073
+ );
1074
+ }
1075
+ if (cid$1.version !== CID_VERSION) {
1076
+ throw new OmaTrustError(
1077
+ "INVALID_DID",
1078
+ `CID version must be 1, got ${cid$1.version}`,
1079
+ { did }
1080
+ );
1081
+ }
1082
+ if (cid$1.code !== RAW_CODEC) {
1083
+ throw new OmaTrustError(
1084
+ "INVALID_DID",
1085
+ `Multicodec must be raw (0x55), got 0x${cid$1.code.toString(16)}`,
1086
+ { did }
1087
+ );
1088
+ }
1089
+ if (cid$1.multihash.code !== SHA2_256_CODE) {
1090
+ throw new OmaTrustError(
1091
+ "INVALID_DID",
1092
+ `Multihash function must be sha2-256 (0x12), got 0x${cid$1.multihash.code.toString(16)}`,
1093
+ { did }
1094
+ );
1095
+ }
1096
+ if (cid$1.multihash.digest.length !== SHA2_256_DIGEST_LENGTH) {
1097
+ throw new OmaTrustError(
1098
+ "INVALID_DID",
1099
+ `SHA-256 digest must be 32 bytes, got ${cid$1.multihash.digest.length}`,
1100
+ { did }
1101
+ );
1102
+ }
1103
+ const digest = cid$1.multihash.digest;
1104
+ const digestHex = Array.from(digest).map((b) => b.toString(16).padStart(2, "0")).join("");
1105
+ return { did, identifier, digest, digestHex };
1106
+ }
1107
+ async function verifyDidArtifact(did, content) {
1108
+ let parsed;
1109
+ try {
1110
+ parsed = parseArtifactDid(did);
1111
+ } catch (err) {
1112
+ return {
1113
+ valid: false,
1114
+ reason: err instanceof OmaTrustError ? err.message : "Invalid did:artifact DID"
1115
+ };
1116
+ }
1117
+ const expectedHex = parsed.digestHex;
1118
+ if (typeof content === "string" || typeof content === "object" && content !== null && !(content instanceof Uint8Array)) {
1119
+ try {
1120
+ const value = typeof content === "string" ? parseJsonStrict(content) : content;
1121
+ const jcs = canonicalizeJson(value);
1122
+ const jcsBytes = new TextEncoder().encode(jcs);
1123
+ const digest2 = await sha2.sha256.digest(jcsBytes);
1124
+ const digestHex2 = Array.from(digest2.digest).map((b) => b.toString(16).padStart(2, "0")).join("");
1125
+ if (digestHex2 === expectedHex) {
1126
+ return { valid: true, matchedAs: "json" };
1127
+ }
1128
+ } catch {
1129
+ }
1130
+ }
1131
+ let rawBytes;
1132
+ if (content instanceof Uint8Array) {
1133
+ rawBytes = content;
1134
+ } else if (typeof content === "string") {
1135
+ rawBytes = new TextEncoder().encode(content);
1136
+ } else {
1137
+ return {
1138
+ valid: false,
1139
+ reason: "Content did not match as canonical JSON and is not raw bytes"
1140
+ };
1141
+ }
1142
+ const digest = await sha2.sha256.digest(rawBytes);
1143
+ const digestHex = Array.from(digest.digest).map((b) => b.toString(16).padStart(2, "0")).join("");
1144
+ if (digestHex === expectedHex) {
1145
+ return { valid: true, matchedAs: "binary" };
1146
+ }
1147
+ return {
1148
+ valid: false,
1149
+ reason: "Content does not match the did:artifact identifier (neither as canonical JSON nor as raw bytes)"
1150
+ };
1151
+ }
1152
+ function didEthrToDidPkh(did) {
1153
+ if (typeof did !== "string" || !did.startsWith("did:ethr:")) {
1154
+ throw new OmaTrustError("INVALID_DID", "Expected a did:ethr DID", { did });
1155
+ }
1156
+ const remainder = did.slice("did:ethr:".length);
1157
+ if (!remainder) {
1158
+ throw new OmaTrustError("INVALID_DID", "Missing identifier in did:ethr DID", { did });
1159
+ }
1160
+ let chainId;
1161
+ let address;
1162
+ const parts = remainder.split(":");
1163
+ if (parts.length === 1) {
1164
+ chainId = "1";
1165
+ address = parts[0];
1166
+ } else if (parts.length === 2) {
1167
+ const rawChainId = parts[0];
1168
+ address = parts[1];
1169
+ if (rawChainId.startsWith("0x")) {
1170
+ chainId = String(parseInt(rawChainId, 16));
1171
+ } else if (/^\d+$/.test(rawChainId)) {
1172
+ chainId = rawChainId;
1173
+ } else {
1174
+ const networkMap = {
1175
+ mainnet: "1",
1176
+ goerli: "5",
1177
+ sepolia: "11155111",
1178
+ polygon: "137",
1179
+ arbitrum: "42161",
1180
+ optimism: "10",
1181
+ base: "8453"
1182
+ };
1183
+ const mapped = networkMap[rawChainId.toLowerCase()];
1184
+ if (!mapped) {
1185
+ throw new OmaTrustError(
1186
+ "INVALID_DID",
1187
+ `Unknown did:ethr network "${rawChainId}"`,
1188
+ { did, network: rawChainId }
1189
+ );
1190
+ }
1191
+ chainId = mapped;
1192
+ }
1193
+ } else {
1194
+ throw new OmaTrustError("INVALID_DID", "Invalid did:ethr format", { did });
1195
+ }
1196
+ if (!ethers.isAddress(address)) {
1197
+ throw new OmaTrustError("INVALID_DID", "Invalid Ethereum address in did:ethr DID", {
1198
+ did,
1199
+ address
1200
+ });
1201
+ }
1202
+ const checksummed = ethers.getAddress(address);
1203
+ return `did:pkh:eip155:${chainId}:${checksummed.toLowerCase()}`;
1204
+ }
1205
+ var MULTICODEC_KEY_TYPES = {
1206
+ // Ed25519 public key: 0xed (varint encoded as [0xed, 0x01])
1207
+ 237: { kty: "OKP", crv: "Ed25519" },
1208
+ // X25519 public key: 0xec (varint encoded as [0xec, 0x01])
1209
+ 236: { kty: "OKP", crv: "X25519" },
1210
+ // secp256k1 public key (compressed): 0xe7 (varint encoded as [0xe7, 0x01])
1211
+ 231: { kty: "EC", crv: "secp256k1", coordSize: 33 },
1212
+ // P-256 public key (compressed): 0x80 0x24 (varint 0x1200)
1213
+ 4608: { kty: "EC", crv: "P-256", coordSize: 33 },
1214
+ // P-384 public key (compressed): 0x81 0x24 (varint 0x1201)
1215
+ 4609: { kty: "EC", crv: "P-384", coordSize: 49 }
1216
+ };
1217
+ function readVarint(bytes, offset) {
1218
+ let value = 0;
1219
+ let shift = 0;
1220
+ let bytesRead = 0;
1221
+ while (offset + bytesRead < bytes.length) {
1222
+ const byte = bytes[offset + bytesRead];
1223
+ value |= (byte & 127) << shift;
1224
+ bytesRead++;
1225
+ if ((byte & 128) === 0) {
1226
+ return { value, bytesRead };
1227
+ }
1228
+ shift += 7;
1229
+ if (shift > 28) {
1230
+ throw new OmaTrustError("INVALID_DID", "Varint too long in did:key multicodec prefix");
1231
+ }
1232
+ }
1233
+ throw new OmaTrustError("INVALID_DID", "Truncated varint in did:key multicodec prefix");
1234
+ }
1235
+ function decompressEcKey(compressedKey, crv) {
1236
+ throw new OmaTrustError(
1237
+ "UNSUPPORTED_KEY_TYPE",
1238
+ `Cannot convert compressed EC key (${crv}) from did:key to did:jwk. Decompressing EC points requires elliptic curve arithmetic. For EVM keys, use didEthrToDidPkh() instead.`,
1239
+ { crv, keyLength: compressedKey.length }
1240
+ );
1241
+ }
1242
+ function didKeyToDidJwk(did) {
1243
+ if (typeof did !== "string" || !did.startsWith("did:key:")) {
1244
+ throw new OmaTrustError("INVALID_DID", "Expected a did:key DID", { did });
1245
+ }
1246
+ const identifier = did.slice("did:key:".length);
1247
+ if (!identifier || !identifier.startsWith("z")) {
1248
+ throw new OmaTrustError(
1249
+ "INVALID_DID",
1250
+ "did:key identifier must start with 'z' (base58btc multibase prefix)",
1251
+ { did }
1252
+ );
1253
+ }
1254
+ let decoded;
1255
+ try {
1256
+ decoded = base58.base58btc.decode(identifier);
1257
+ } catch (err) {
1258
+ throw new OmaTrustError(
1259
+ "INVALID_DID",
1260
+ "Failed to decode base58btc from did:key identifier",
1261
+ { did, cause: err }
1262
+ );
1263
+ }
1264
+ if (decoded.length < 3) {
1265
+ throw new OmaTrustError("INVALID_DID", "did:key decoded bytes too short", { did });
1266
+ }
1267
+ const { value: codecValue, bytesRead } = readVarint(decoded, 0);
1268
+ const keyType = MULTICODEC_KEY_TYPES[codecValue];
1269
+ if (!keyType) {
1270
+ throw new OmaTrustError(
1271
+ "UNSUPPORTED_KEY_TYPE",
1272
+ `Unsupported multicodec key type 0x${codecValue.toString(16)} in did:key`,
1273
+ { did, codec: `0x${codecValue.toString(16)}` }
1274
+ );
1275
+ }
1276
+ const keyBytes = decoded.slice(bytesRead);
1277
+ if (keyType.kty === "OKP") {
1278
+ if (keyBytes.length !== 32) {
1279
+ throw new OmaTrustError(
1280
+ "INVALID_DID",
1281
+ `Expected 32-byte ${keyType.crv} key, got ${keyBytes.length} bytes`,
1282
+ { did, crv: keyType.crv }
1283
+ );
1284
+ }
1285
+ const jwk = {
1286
+ kty: keyType.kty,
1287
+ crv: keyType.crv,
1288
+ x: jose.base64url.encode(keyBytes)
1289
+ };
1290
+ return jwkToDidJwk(jwk);
1291
+ }
1292
+ return decompressEcKey(keyBytes, keyType.crv).x.toString();
1293
+ }
298
1294
 
1295
+ exports.artifactDidFromBytes = artifactDidFromBytes;
1296
+ exports.artifactDidFromJson = artifactDidFromJson;
1297
+ exports.assertBareDid = assertBareDid;
1298
+ exports.assertJsonSafe = assertJsonSafe;
299
1299
  exports.buildCaip10 = buildCaip10;
300
1300
  exports.buildCaip2 = buildCaip2;
301
1301
  exports.buildDidPkh = buildDidPkh;
302
1302
  exports.buildDidPkhFromCaip10 = buildDidPkhFromCaip10;
303
1303
  exports.buildDidWeb = buildDidWeb;
304
1304
  exports.buildEvmDidPkh = buildEvmDidPkh;
1305
+ exports.canonicalizeAndKeccak256 = canonicalizeAndKeccak256;
305
1306
  exports.canonicalizeForHash = canonicalizeForHash;
306
1307
  exports.canonicalizeJson = canonicalizeJson;
307
1308
  exports.computeDidAddress = computeDidAddress;
308
1309
  exports.computeDidHash = computeDidHash;
1310
+ exports.computeJwkThumbprint = computeJwkThumbprint;
1311
+ exports.didEthrToDidPkh = didEthrToDidPkh;
1312
+ exports.didJwkToJwk = didJwkToJwk;
1313
+ exports.didKeyToDidJwk = didKeyToDidJwk;
309
1314
  exports.didToAddress = didToAddress;
310
1315
  exports.extractAddressFromDid = extractAddressFromDid;
1316
+ exports.extractAuthorizationMetadata = extractAuthorizationMetadata;
1317
+ exports.extractControllerEvmAddress = extractControllerEvmAddress;
311
1318
  exports.extractDidIdentifier = extractDidIdentifier;
312
1319
  exports.extractDidMethod = extractDidMethod;
1320
+ exports.formatJktValue = formatJktValue;
313
1321
  exports.getAddressFromDidPkh = getAddressFromDidPkh;
314
1322
  exports.getChainIdFromDidPkh = getChainIdFromDidPkh;
315
1323
  exports.getDomainFromDidWeb = getDomainFromDidWeb;
316
1324
  exports.getNamespaceFromDidPkh = getNamespaceFromDidPkh;
317
1325
  exports.hashCanonicalizedJson = hashCanonicalizedJson;
1326
+ exports.isDidUrl = isDidUrl;
318
1327
  exports.isEvmDidPkh = isEvmDidPkh;
1328
+ exports.isPrivateKeyDid = isPrivateKeyDid;
1329
+ exports.isSameControllerId = isSameControllerId;
319
1330
  exports.isValidDid = isValidDid;
1331
+ exports.jwkToDidJwk = jwkToDidJwk;
320
1332
  exports.normalizeCaip10 = normalizeCaip10;
321
1333
  exports.normalizeDid = normalizeDid;
322
1334
  exports.normalizeDidHandle = normalizeDidHandle;
1335
+ exports.normalizeDidJwk = normalizeDidJwk;
323
1336
  exports.normalizeDidKey = normalizeDidKey;
324
1337
  exports.normalizeDidPkh = normalizeDidPkh;
325
1338
  exports.normalizeDidWeb = normalizeDidWeb;
326
1339
  exports.normalizeDomain = normalizeDomain;
1340
+ exports.parseArtifactDid = parseArtifactDid;
327
1341
  exports.parseCaip10 = parseCaip10;
328
1342
  exports.parseCaip2 = parseCaip2;
1343
+ exports.parseDidUrl = parseDidUrl;
1344
+ exports.parseJsonStrict = parseJsonStrict;
1345
+ exports.publicJwkEquals = publicJwkEquals;
1346
+ exports.resolveDidUrlToControllerDid = resolveDidUrlToControllerDid;
1347
+ exports.resolveDidUrlToPublicKey = resolveDidUrlToPublicKey;
329
1348
  exports.validateDidAddress = validateDidAddress;
1349
+ exports.validatePrivateKeyDid = validatePrivateKeyDid;
1350
+ exports.validatePublicJwk = validatePublicJwk;
1351
+ exports.verifyDidArtifact = verifyDidArtifact;
330
1352
  //# sourceMappingURL=index.cjs.map
331
1353
  //# sourceMappingURL=index.cjs.map