@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +3 -0
  2. package/dist/app-registry/index.cjs +53 -0
  3. package/dist/app-registry/index.cjs.map +1 -1
  4. package/dist/app-registry/index.js +53 -0
  5. package/dist/app-registry/index.js.map +1 -1
  6. package/dist/identity/index.cjs +643 -164
  7. package/dist/identity/index.cjs.map +1 -1
  8. package/dist/identity/index.d.cts +2 -2
  9. package/dist/identity/index.d.ts +2 -2
  10. package/dist/identity/index.js +616 -165
  11. package/dist/identity/index.js.map +1 -1
  12. package/dist/{index-QueRiudB.d.cts → index-B5OC9_8B.d.cts} +155 -4
  13. package/dist/index-Bu-xxcv9.d.ts +407 -0
  14. package/dist/{index-C2w5EvFH.d.ts → index-C6WNgPRx.d.ts} +155 -4
  15. package/dist/index-C7odEbp6.d.cts +407 -0
  16. package/dist/index.cjs +1000 -185
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +3 -3
  19. package/dist/index.d.ts +3 -3
  20. package/dist/index.js +981 -185
  21. package/dist/index.js.map +1 -1
  22. package/dist/reputation/index.browser.cjs +153 -148
  23. package/dist/reputation/index.browser.cjs.map +1 -1
  24. package/dist/reputation/index.browser.js +153 -148
  25. package/dist/reputation/index.browser.js.map +1 -1
  26. package/dist/reputation/index.cjs +477 -140
  27. package/dist/reputation/index.cjs.map +1 -1
  28. package/dist/reputation/index.d.cts +2 -2
  29. package/dist/reputation/index.d.ts +2 -2
  30. package/dist/reputation/index.js +475 -141
  31. package/dist/reputation/index.js.map +1 -1
  32. package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
  33. package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
  34. package/dist/widgets/index.cjs.map +1 -1
  35. package/dist/widgets/index.d.cts +3 -0
  36. package/dist/widgets/index.d.ts +3 -0
  37. package/dist/widgets/index.js.map +1 -1
  38. package/package.json +4 -2
  39. package/dist/index-BOvk-7Ku.d.cts +0 -235
  40. package/dist/index-R78TpAhN.d.ts +0 -235
@@ -1,5 +1,5 @@
1
- import { ZeroAddress, Signature, toUtf8Bytes, sha256, keccak256, formatUnits, getAddress, isAddress, verifyTypedData, hexlify, randomBytes, Contract, Interface } from 'ethers';
2
1
  import { base64url, decodeProtectedHeader, importJWK, compactVerify } from 'jose';
2
+ import { ZeroAddress, Signature, toUtf8Bytes, sha256, keccak256, formatUnits, getAddress, isAddress, verifyTypedData, hexlify, randomBytes, Contract, Interface } from 'ethers';
3
3
  import { SchemaEncoder, EAS } from '@ethereum-attestation-service/eas-sdk';
4
4
  import canonicalize from 'canonicalize';
5
5
 
@@ -71,6 +71,152 @@ var init_caip = __esm({
71
71
  CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;
72
72
  }
73
73
  });
74
+ function validatePublicJwk(jwk) {
75
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
76
+ return { valid: false, error: "JWK must be a non-null object" };
77
+ }
78
+ const obj = jwk;
79
+ const kty = obj.kty;
80
+ if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
81
+ return {
82
+ valid: false,
83
+ error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
84
+ };
85
+ }
86
+ for (const field of PRIVATE_KEY_FIELDS) {
87
+ if (field in obj) {
88
+ return {
89
+ valid: false,
90
+ error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
91
+ };
92
+ }
93
+ }
94
+ const required = REQUIRED_PUBLIC_FIELDS[kty];
95
+ if (required) {
96
+ for (const field of required) {
97
+ if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
98
+ return {
99
+ valid: false,
100
+ error: `Missing required public key field "${field}" for kty="${kty}"`
101
+ };
102
+ }
103
+ }
104
+ }
105
+ return { valid: true };
106
+ }
107
+ function canonicalizeJwkJson(jwk) {
108
+ const sorted = Object.keys(jwk).sort();
109
+ const obj = {};
110
+ for (const key of sorted) {
111
+ obj[key] = jwk[key];
112
+ }
113
+ return JSON.stringify(obj);
114
+ }
115
+ function jwkToDidJwk(jwk) {
116
+ assertObject(jwk, "jwk", "INVALID_JWK");
117
+ const validation = validatePublicJwk(jwk);
118
+ if (!validation.valid) {
119
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
120
+ }
121
+ const canonical = canonicalizeJwkJson(jwk);
122
+ const encoded = base64url.encode(new TextEncoder().encode(canonical));
123
+ return `did:jwk:${encoded}`;
124
+ }
125
+ function didJwkToJwk(didJwk) {
126
+ if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
127
+ throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
128
+ }
129
+ const parts = didJwk.split(":");
130
+ if (parts.length !== 3) {
131
+ throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
132
+ input: didJwk
133
+ });
134
+ }
135
+ const encoded = parts[2];
136
+ if (!encoded || encoded.length === 0) {
137
+ throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
138
+ input: didJwk
139
+ });
140
+ }
141
+ let decoded;
142
+ try {
143
+ const bytes = base64url.decode(encoded);
144
+ decoded = new TextDecoder().decode(bytes);
145
+ } catch {
146
+ throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
147
+ input: didJwk
148
+ });
149
+ }
150
+ let jwk;
151
+ try {
152
+ jwk = JSON.parse(decoded);
153
+ } catch {
154
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
155
+ input: didJwk
156
+ });
157
+ }
158
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
159
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
160
+ input: didJwk
161
+ });
162
+ }
163
+ const validation = validatePublicJwk(jwk);
164
+ if (!validation.valid) {
165
+ throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
166
+ input: didJwk
167
+ });
168
+ }
169
+ return jwk;
170
+ }
171
+ function extractPublicKeyFields(jwk) {
172
+ const result = {};
173
+ const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
174
+ for (const [key, value] of Object.entries(jwk)) {
175
+ if (PRIVATE_KEY_FIELDS.has(key)) continue;
176
+ if (metadataFields.has(key)) continue;
177
+ result[key] = value;
178
+ }
179
+ return result;
180
+ }
181
+ function publicJwkEquals(a, b) {
182
+ assertObject(a, "a", "INVALID_JWK");
183
+ assertObject(b, "b", "INVALID_JWK");
184
+ const aObj = a;
185
+ const bObj = b;
186
+ for (const field of PRIVATE_KEY_FIELDS) {
187
+ if (field in aObj) {
188
+ throw new OmaTrustError(
189
+ "INVALID_JWK",
190
+ `First JWK contains private key field "${field}"`,
191
+ { field }
192
+ );
193
+ }
194
+ if (field in bObj) {
195
+ throw new OmaTrustError(
196
+ "INVALID_JWK",
197
+ `Second JWK contains private key field "${field}"`,
198
+ { field }
199
+ );
200
+ }
201
+ }
202
+ const aPublic = extractPublicKeyFields(aObj);
203
+ const bPublic = extractPublicKeyFields(bObj);
204
+ return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
205
+ }
206
+ var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
207
+ var init_jwk = __esm({
208
+ "src/identity/jwk.ts"() {
209
+ init_errors();
210
+ init_assert();
211
+ VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
212
+ PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
213
+ REQUIRED_PUBLIC_FIELDS = {
214
+ EC: ["crv", "x", "y"],
215
+ OKP: ["crv", "x"],
216
+ RSA: ["n", "e"]
217
+ };
218
+ }
219
+ });
74
220
  function isValidDid(did) {
75
221
  return DID_REGEX.test(did);
76
222
  }
@@ -139,7 +285,7 @@ function normalizeDidKey(input) {
139
285
  }
140
286
  function normalizeDid(input) {
141
287
  assertString(input, "input", "INVALID_DID");
142
- const trimmed = input.trim();
288
+ const trimmed = input.trim().split("#")[0];
143
289
  if (!trimmed.startsWith("did:")) {
144
290
  return normalizeDidWeb(trimmed);
145
291
  }
@@ -298,6 +444,10 @@ function validateDidJwk(did) {
298
444
  error: "DID must reference a public key \u2014 private key component (d) is not allowed"
299
445
  };
300
446
  }
447
+ const jwkValidation = validatePublicJwk(jwk);
448
+ if (!jwkValidation.valid) {
449
+ return { valid: false, method: "jwk", error: jwkValidation.error };
450
+ }
301
451
  return { valid: true, method: "jwk" };
302
452
  }
303
453
  function normalizeDidJwk(input) {
@@ -318,157 +468,12 @@ var init_did = __esm({
318
468
  init_errors();
319
469
  init_assert();
320
470
  init_caip();
471
+ init_jwk();
321
472
  DID_REGEX = /^did:[a-z0-9]+:.+$/i;
322
473
  BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
323
474
  VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
324
475
  }
325
476
  });
326
- function validatePublicJwk(jwk) {
327
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
328
- return { valid: false, error: "JWK must be a non-null object" };
329
- }
330
- const obj = jwk;
331
- const kty = obj.kty;
332
- if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
333
- return {
334
- valid: false,
335
- error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
336
- };
337
- }
338
- for (const field of PRIVATE_KEY_FIELDS) {
339
- if (field in obj) {
340
- return {
341
- valid: false,
342
- error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
343
- };
344
- }
345
- }
346
- const required = REQUIRED_PUBLIC_FIELDS[kty];
347
- if (required) {
348
- for (const field of required) {
349
- if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
350
- return {
351
- valid: false,
352
- error: `Missing required public key field "${field}" for kty="${kty}"`
353
- };
354
- }
355
- }
356
- }
357
- return { valid: true };
358
- }
359
- function canonicalizeJwkJson(jwk) {
360
- const sorted = Object.keys(jwk).sort();
361
- const obj = {};
362
- for (const key of sorted) {
363
- obj[key] = jwk[key];
364
- }
365
- return JSON.stringify(obj);
366
- }
367
- function jwkToDidJwk(jwk) {
368
- assertObject(jwk, "jwk", "INVALID_JWK");
369
- const validation = validatePublicJwk(jwk);
370
- if (!validation.valid) {
371
- throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
372
- }
373
- const canonical = canonicalizeJwkJson(jwk);
374
- const encoded = base64url.encode(new TextEncoder().encode(canonical));
375
- return `did:jwk:${encoded}`;
376
- }
377
- function didJwkToJwk(didJwk) {
378
- if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
379
- throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
380
- }
381
- const parts = didJwk.split(":");
382
- if (parts.length !== 3) {
383
- throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
384
- input: didJwk
385
- });
386
- }
387
- const encoded = parts[2];
388
- if (!encoded || encoded.length === 0) {
389
- throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
390
- input: didJwk
391
- });
392
- }
393
- let decoded;
394
- try {
395
- const bytes = base64url.decode(encoded);
396
- decoded = new TextDecoder().decode(bytes);
397
- } catch {
398
- throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
399
- input: didJwk
400
- });
401
- }
402
- let jwk;
403
- try {
404
- jwk = JSON.parse(decoded);
405
- } catch {
406
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
407
- input: didJwk
408
- });
409
- }
410
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
411
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
412
- input: didJwk
413
- });
414
- }
415
- const validation = validatePublicJwk(jwk);
416
- if (!validation.valid) {
417
- throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
418
- input: didJwk
419
- });
420
- }
421
- return jwk;
422
- }
423
- function extractPublicKeyFields(jwk) {
424
- const result = {};
425
- const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
426
- for (const [key, value] of Object.entries(jwk)) {
427
- if (PRIVATE_KEY_FIELDS.has(key)) continue;
428
- if (metadataFields.has(key)) continue;
429
- result[key] = value;
430
- }
431
- return result;
432
- }
433
- function publicJwkEquals(a, b) {
434
- assertObject(a, "a", "INVALID_JWK");
435
- assertObject(b, "b", "INVALID_JWK");
436
- const aObj = a;
437
- const bObj = b;
438
- for (const field of PRIVATE_KEY_FIELDS) {
439
- if (field in aObj) {
440
- throw new OmaTrustError(
441
- "INVALID_JWK",
442
- `First JWK contains private key field "${field}"`,
443
- { field }
444
- );
445
- }
446
- if (field in bObj) {
447
- throw new OmaTrustError(
448
- "INVALID_JWK",
449
- `Second JWK contains private key field "${field}"`,
450
- { field }
451
- );
452
- }
453
- }
454
- const aPublic = extractPublicKeyFields(aObj);
455
- const bPublic = extractPublicKeyFields(bObj);
456
- return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
457
- }
458
- var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
459
- var init_jwk = __esm({
460
- "src/identity/jwk.ts"() {
461
- init_errors();
462
- init_assert();
463
- VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
464
- PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
465
- REQUIRED_PUBLIC_FIELDS = {
466
- EC: ["crv", "x", "y"],
467
- OKP: ["crv", "x"],
468
- RSA: ["n", "e"]
469
- };
470
- }
471
- });
472
477
 
473
478
  // src/reputation/proof/dns-txt-record.ts
474
479
  function parseDnsTxtRecord(record) {