@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +3 -0
  2. package/dist/app-registry/index.cjs +53 -0
  3. package/dist/app-registry/index.cjs.map +1 -1
  4. package/dist/app-registry/index.js +53 -0
  5. package/dist/app-registry/index.js.map +1 -1
  6. package/dist/identity/index.cjs +643 -164
  7. package/dist/identity/index.cjs.map +1 -1
  8. package/dist/identity/index.d.cts +2 -2
  9. package/dist/identity/index.d.ts +2 -2
  10. package/dist/identity/index.js +616 -165
  11. package/dist/identity/index.js.map +1 -1
  12. package/dist/{index-QueRiudB.d.cts → index-B5OC9_8B.d.cts} +155 -4
  13. package/dist/index-Bu-xxcv9.d.ts +407 -0
  14. package/dist/{index-C2w5EvFH.d.ts → index-C6WNgPRx.d.ts} +155 -4
  15. package/dist/index-C7odEbp6.d.cts +407 -0
  16. package/dist/index.cjs +1000 -185
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +3 -3
  19. package/dist/index.d.ts +3 -3
  20. package/dist/index.js +981 -185
  21. package/dist/index.js.map +1 -1
  22. package/dist/reputation/index.browser.cjs +153 -148
  23. package/dist/reputation/index.browser.cjs.map +1 -1
  24. package/dist/reputation/index.browser.js +153 -148
  25. package/dist/reputation/index.browser.js.map +1 -1
  26. package/dist/reputation/index.cjs +477 -140
  27. package/dist/reputation/index.cjs.map +1 -1
  28. package/dist/reputation/index.d.cts +2 -2
  29. package/dist/reputation/index.d.ts +2 -2
  30. package/dist/reputation/index.js +475 -141
  31. package/dist/reputation/index.js.map +1 -1
  32. package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
  33. package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
  34. package/dist/widgets/index.cjs.map +1 -1
  35. package/dist/widgets/index.d.cts +3 -0
  36. package/dist/widgets/index.d.ts +3 -0
  37. package/dist/widgets/index.js.map +1 -1
  38. package/package.json +4 -2
  39. package/dist/index-BOvk-7Ku.d.cts +0 -235
  40. package/dist/index-R78TpAhN.d.ts +0 -235
@@ -1,7 +1,7 @@
1
1
  'use strict';
2
2
 
3
- var ethers = require('ethers');
4
3
  var jose = require('jose');
4
+ var ethers = require('ethers');
5
5
  var easSdk = require('@ethereum-attestation-service/eas-sdk');
6
6
  var canonicalize = require('canonicalize');
7
7
 
@@ -77,6 +77,152 @@ var init_caip = __esm({
77
77
  CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;
78
78
  }
79
79
  });
80
+ function validatePublicJwk(jwk) {
81
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
82
+ return { valid: false, error: "JWK must be a non-null object" };
83
+ }
84
+ const obj = jwk;
85
+ const kty = obj.kty;
86
+ if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
87
+ return {
88
+ valid: false,
89
+ error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
90
+ };
91
+ }
92
+ for (const field of PRIVATE_KEY_FIELDS) {
93
+ if (field in obj) {
94
+ return {
95
+ valid: false,
96
+ error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
97
+ };
98
+ }
99
+ }
100
+ const required = REQUIRED_PUBLIC_FIELDS[kty];
101
+ if (required) {
102
+ for (const field of required) {
103
+ if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
104
+ return {
105
+ valid: false,
106
+ error: `Missing required public key field "${field}" for kty="${kty}"`
107
+ };
108
+ }
109
+ }
110
+ }
111
+ return { valid: true };
112
+ }
113
+ function canonicalizeJwkJson(jwk) {
114
+ const sorted = Object.keys(jwk).sort();
115
+ const obj = {};
116
+ for (const key of sorted) {
117
+ obj[key] = jwk[key];
118
+ }
119
+ return JSON.stringify(obj);
120
+ }
121
+ function jwkToDidJwk(jwk) {
122
+ assertObject(jwk, "jwk", "INVALID_JWK");
123
+ const validation = validatePublicJwk(jwk);
124
+ if (!validation.valid) {
125
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
126
+ }
127
+ const canonical = canonicalizeJwkJson(jwk);
128
+ const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
129
+ return `did:jwk:${encoded}`;
130
+ }
131
+ function didJwkToJwk(didJwk) {
132
+ if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
133
+ throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
134
+ }
135
+ const parts = didJwk.split(":");
136
+ if (parts.length !== 3) {
137
+ throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
138
+ input: didJwk
139
+ });
140
+ }
141
+ const encoded = parts[2];
142
+ if (!encoded || encoded.length === 0) {
143
+ throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
144
+ input: didJwk
145
+ });
146
+ }
147
+ let decoded;
148
+ try {
149
+ const bytes = jose.base64url.decode(encoded);
150
+ decoded = new TextDecoder().decode(bytes);
151
+ } catch {
152
+ throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
153
+ input: didJwk
154
+ });
155
+ }
156
+ let jwk;
157
+ try {
158
+ jwk = JSON.parse(decoded);
159
+ } catch {
160
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
161
+ input: didJwk
162
+ });
163
+ }
164
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
165
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
166
+ input: didJwk
167
+ });
168
+ }
169
+ const validation = validatePublicJwk(jwk);
170
+ if (!validation.valid) {
171
+ throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
172
+ input: didJwk
173
+ });
174
+ }
175
+ return jwk;
176
+ }
177
+ function extractPublicKeyFields(jwk) {
178
+ const result = {};
179
+ const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
180
+ for (const [key, value] of Object.entries(jwk)) {
181
+ if (PRIVATE_KEY_FIELDS.has(key)) continue;
182
+ if (metadataFields.has(key)) continue;
183
+ result[key] = value;
184
+ }
185
+ return result;
186
+ }
187
+ function publicJwkEquals(a, b) {
188
+ assertObject(a, "a", "INVALID_JWK");
189
+ assertObject(b, "b", "INVALID_JWK");
190
+ const aObj = a;
191
+ const bObj = b;
192
+ for (const field of PRIVATE_KEY_FIELDS) {
193
+ if (field in aObj) {
194
+ throw new OmaTrustError(
195
+ "INVALID_JWK",
196
+ `First JWK contains private key field "${field}"`,
197
+ { field }
198
+ );
199
+ }
200
+ if (field in bObj) {
201
+ throw new OmaTrustError(
202
+ "INVALID_JWK",
203
+ `Second JWK contains private key field "${field}"`,
204
+ { field }
205
+ );
206
+ }
207
+ }
208
+ const aPublic = extractPublicKeyFields(aObj);
209
+ const bPublic = extractPublicKeyFields(bObj);
210
+ return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
211
+ }
212
+ var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
213
+ var init_jwk = __esm({
214
+ "src/identity/jwk.ts"() {
215
+ init_errors();
216
+ init_assert();
217
+ VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
218
+ PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
219
+ REQUIRED_PUBLIC_FIELDS = {
220
+ EC: ["crv", "x", "y"],
221
+ OKP: ["crv", "x"],
222
+ RSA: ["n", "e"]
223
+ };
224
+ }
225
+ });
80
226
  function isValidDid(did) {
81
227
  return DID_REGEX.test(did);
82
228
  }
@@ -145,7 +291,7 @@ function normalizeDidKey(input) {
145
291
  }
146
292
  function normalizeDid(input) {
147
293
  assertString(input, "input", "INVALID_DID");
148
- const trimmed = input.trim();
294
+ const trimmed = input.trim().split("#")[0];
149
295
  if (!trimmed.startsWith("did:")) {
150
296
  return normalizeDidWeb(trimmed);
151
297
  }
@@ -304,6 +450,10 @@ function validateDidJwk(did) {
304
450
  error: "DID must reference a public key \u2014 private key component (d) is not allowed"
305
451
  };
306
452
  }
453
+ const jwkValidation = validatePublicJwk(jwk);
454
+ if (!jwkValidation.valid) {
455
+ return { valid: false, method: "jwk", error: jwkValidation.error };
456
+ }
307
457
  return { valid: true, method: "jwk" };
308
458
  }
309
459
  function normalizeDidJwk(input) {
@@ -324,157 +474,12 @@ var init_did = __esm({
324
474
  init_errors();
325
475
  init_assert();
326
476
  init_caip();
477
+ init_jwk();
327
478
  DID_REGEX = /^did:[a-z0-9]+:.+$/i;
328
479
  BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
329
480
  VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
330
481
  }
331
482
  });
332
- function validatePublicJwk(jwk) {
333
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
334
- return { valid: false, error: "JWK must be a non-null object" };
335
- }
336
- const obj = jwk;
337
- const kty = obj.kty;
338
- if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
339
- return {
340
- valid: false,
341
- error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
342
- };
343
- }
344
- for (const field of PRIVATE_KEY_FIELDS) {
345
- if (field in obj) {
346
- return {
347
- valid: false,
348
- error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
349
- };
350
- }
351
- }
352
- const required = REQUIRED_PUBLIC_FIELDS[kty];
353
- if (required) {
354
- for (const field of required) {
355
- if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
356
- return {
357
- valid: false,
358
- error: `Missing required public key field "${field}" for kty="${kty}"`
359
- };
360
- }
361
- }
362
- }
363
- return { valid: true };
364
- }
365
- function canonicalizeJwkJson(jwk) {
366
- const sorted = Object.keys(jwk).sort();
367
- const obj = {};
368
- for (const key of sorted) {
369
- obj[key] = jwk[key];
370
- }
371
- return JSON.stringify(obj);
372
- }
373
- function jwkToDidJwk(jwk) {
374
- assertObject(jwk, "jwk", "INVALID_JWK");
375
- const validation = validatePublicJwk(jwk);
376
- if (!validation.valid) {
377
- throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
378
- }
379
- const canonical = canonicalizeJwkJson(jwk);
380
- const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
381
- return `did:jwk:${encoded}`;
382
- }
383
- function didJwkToJwk(didJwk) {
384
- if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
385
- throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
386
- }
387
- const parts = didJwk.split(":");
388
- if (parts.length !== 3) {
389
- throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
390
- input: didJwk
391
- });
392
- }
393
- const encoded = parts[2];
394
- if (!encoded || encoded.length === 0) {
395
- throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
396
- input: didJwk
397
- });
398
- }
399
- let decoded;
400
- try {
401
- const bytes = jose.base64url.decode(encoded);
402
- decoded = new TextDecoder().decode(bytes);
403
- } catch {
404
- throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
405
- input: didJwk
406
- });
407
- }
408
- let jwk;
409
- try {
410
- jwk = JSON.parse(decoded);
411
- } catch {
412
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
413
- input: didJwk
414
- });
415
- }
416
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
417
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
418
- input: didJwk
419
- });
420
- }
421
- const validation = validatePublicJwk(jwk);
422
- if (!validation.valid) {
423
- throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
424
- input: didJwk
425
- });
426
- }
427
- return jwk;
428
- }
429
- function extractPublicKeyFields(jwk) {
430
- const result = {};
431
- const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
432
- for (const [key, value] of Object.entries(jwk)) {
433
- if (PRIVATE_KEY_FIELDS.has(key)) continue;
434
- if (metadataFields.has(key)) continue;
435
- result[key] = value;
436
- }
437
- return result;
438
- }
439
- function publicJwkEquals(a, b) {
440
- assertObject(a, "a", "INVALID_JWK");
441
- assertObject(b, "b", "INVALID_JWK");
442
- const aObj = a;
443
- const bObj = b;
444
- for (const field of PRIVATE_KEY_FIELDS) {
445
- if (field in aObj) {
446
- throw new OmaTrustError(
447
- "INVALID_JWK",
448
- `First JWK contains private key field "${field}"`,
449
- { field }
450
- );
451
- }
452
- if (field in bObj) {
453
- throw new OmaTrustError(
454
- "INVALID_JWK",
455
- `Second JWK contains private key field "${field}"`,
456
- { field }
457
- );
458
- }
459
- }
460
- const aPublic = extractPublicKeyFields(aObj);
461
- const bPublic = extractPublicKeyFields(bObj);
462
- return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
463
- }
464
- var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
465
- var init_jwk = __esm({
466
- "src/identity/jwk.ts"() {
467
- init_errors();
468
- init_assert();
469
- VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
470
- PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
471
- REQUIRED_PUBLIC_FIELDS = {
472
- EC: ["crv", "x", "y"],
473
- OKP: ["crv", "x"],
474
- RSA: ["n", "e"]
475
- };
476
- }
477
- });
478
483
 
479
484
  // src/reputation/proof/dns-txt-record.ts
480
485
  function parseDnsTxtRecord(record) {