@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/app-registry/index.cjs +53 -0
- package/dist/app-registry/index.cjs.map +1 -1
- package/dist/app-registry/index.js +53 -0
- package/dist/app-registry/index.js.map +1 -1
- package/dist/identity/index.cjs +643 -164
- package/dist/identity/index.cjs.map +1 -1
- package/dist/identity/index.d.cts +2 -2
- package/dist/identity/index.d.ts +2 -2
- package/dist/identity/index.js +616 -165
- package/dist/identity/index.js.map +1 -1
- package/dist/index-Bu-xxcv9.d.ts +407 -0
- package/dist/index-C7odEbp6.d.cts +407 -0
- package/dist/index-CnWY9arI.d.cts +612 -0
- package/dist/index-DREQRFIE.d.ts +612 -0
- package/dist/index.cjs +1316 -202
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js +1297 -202
- package/dist/index.js.map +1 -1
- package/dist/reputation/index.browser.cjs +153 -148
- package/dist/reputation/index.browser.cjs.map +1 -1
- package/dist/reputation/index.browser.js +153 -148
- package/dist/reputation/index.browser.js.map +1 -1
- package/dist/reputation/index.cjs +884 -163
- package/dist/reputation/index.cjs.map +1 -1
- package/dist/reputation/index.d.cts +2 -2
- package/dist/reputation/index.d.ts +2 -2
- package/dist/reputation/index.js +860 -164
- package/dist/reputation/index.js.map +1 -1
- package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
- package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
- package/dist/widgets/index.cjs.map +1 -1
- package/dist/widgets/index.d.cts +3 -0
- package/dist/widgets/index.d.ts +3 -0
- package/dist/widgets/index.js.map +1 -1
- package/package.json +4 -2
- package/dist/index-BOvk-7Ku.d.cts +0 -235
- package/dist/index-C2w5EvFH.d.ts +0 -329
- package/dist/index-QueRiudB.d.cts +0 -329
- package/dist/index-R78TpAhN.d.ts +0 -235
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var ethers = require('ethers');
|
|
4
3
|
var jose = require('jose');
|
|
4
|
+
var ethers = require('ethers');
|
|
5
5
|
var easSdk = require('@ethereum-attestation-service/eas-sdk');
|
|
6
6
|
var canonicalize = require('canonicalize');
|
|
7
7
|
|
|
@@ -77,6 +77,152 @@ var init_caip = __esm({
|
|
|
77
77
|
CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;
|
|
78
78
|
}
|
|
79
79
|
});
|
|
80
|
+
function validatePublicJwk(jwk) {
|
|
81
|
+
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
82
|
+
return { valid: false, error: "JWK must be a non-null object" };
|
|
83
|
+
}
|
|
84
|
+
const obj = jwk;
|
|
85
|
+
const kty = obj.kty;
|
|
86
|
+
if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
|
|
87
|
+
return {
|
|
88
|
+
valid: false,
|
|
89
|
+
error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
|
|
90
|
+
};
|
|
91
|
+
}
|
|
92
|
+
for (const field of PRIVATE_KEY_FIELDS) {
|
|
93
|
+
if (field in obj) {
|
|
94
|
+
return {
|
|
95
|
+
valid: false,
|
|
96
|
+
error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
const required = REQUIRED_PUBLIC_FIELDS[kty];
|
|
101
|
+
if (required) {
|
|
102
|
+
for (const field of required) {
|
|
103
|
+
if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
|
|
104
|
+
return {
|
|
105
|
+
valid: false,
|
|
106
|
+
error: `Missing required public key field "${field}" for kty="${kty}"`
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
return { valid: true };
|
|
112
|
+
}
|
|
113
|
+
function canonicalizeJwkJson(jwk) {
|
|
114
|
+
const sorted = Object.keys(jwk).sort();
|
|
115
|
+
const obj = {};
|
|
116
|
+
for (const key of sorted) {
|
|
117
|
+
obj[key] = jwk[key];
|
|
118
|
+
}
|
|
119
|
+
return JSON.stringify(obj);
|
|
120
|
+
}
|
|
121
|
+
function jwkToDidJwk(jwk) {
|
|
122
|
+
assertObject(jwk, "jwk", "INVALID_JWK");
|
|
123
|
+
const validation = validatePublicJwk(jwk);
|
|
124
|
+
if (!validation.valid) {
|
|
125
|
+
throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
|
|
126
|
+
}
|
|
127
|
+
const canonical = canonicalizeJwkJson(jwk);
|
|
128
|
+
const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
|
|
129
|
+
return `did:jwk:${encoded}`;
|
|
130
|
+
}
|
|
131
|
+
function didJwkToJwk(didJwk) {
|
|
132
|
+
if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
|
|
133
|
+
throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
|
|
134
|
+
}
|
|
135
|
+
const parts = didJwk.split(":");
|
|
136
|
+
if (parts.length !== 3) {
|
|
137
|
+
throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
|
|
138
|
+
input: didJwk
|
|
139
|
+
});
|
|
140
|
+
}
|
|
141
|
+
const encoded = parts[2];
|
|
142
|
+
if (!encoded || encoded.length === 0) {
|
|
143
|
+
throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
|
|
144
|
+
input: didJwk
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
let decoded;
|
|
148
|
+
try {
|
|
149
|
+
const bytes = jose.base64url.decode(encoded);
|
|
150
|
+
decoded = new TextDecoder().decode(bytes);
|
|
151
|
+
} catch {
|
|
152
|
+
throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
|
|
153
|
+
input: didJwk
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
let jwk;
|
|
157
|
+
try {
|
|
158
|
+
jwk = JSON.parse(decoded);
|
|
159
|
+
} catch {
|
|
160
|
+
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
|
|
161
|
+
input: didJwk
|
|
162
|
+
});
|
|
163
|
+
}
|
|
164
|
+
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
165
|
+
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
|
|
166
|
+
input: didJwk
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
const validation = validatePublicJwk(jwk);
|
|
170
|
+
if (!validation.valid) {
|
|
171
|
+
throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
|
|
172
|
+
input: didJwk
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
return jwk;
|
|
176
|
+
}
|
|
177
|
+
function extractPublicKeyFields(jwk) {
|
|
178
|
+
const result = {};
|
|
179
|
+
const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
|
|
180
|
+
for (const [key, value] of Object.entries(jwk)) {
|
|
181
|
+
if (PRIVATE_KEY_FIELDS.has(key)) continue;
|
|
182
|
+
if (metadataFields.has(key)) continue;
|
|
183
|
+
result[key] = value;
|
|
184
|
+
}
|
|
185
|
+
return result;
|
|
186
|
+
}
|
|
187
|
+
function publicJwkEquals(a, b) {
|
|
188
|
+
assertObject(a, "a", "INVALID_JWK");
|
|
189
|
+
assertObject(b, "b", "INVALID_JWK");
|
|
190
|
+
const aObj = a;
|
|
191
|
+
const bObj = b;
|
|
192
|
+
for (const field of PRIVATE_KEY_FIELDS) {
|
|
193
|
+
if (field in aObj) {
|
|
194
|
+
throw new OmaTrustError(
|
|
195
|
+
"INVALID_JWK",
|
|
196
|
+
`First JWK contains private key field "${field}"`,
|
|
197
|
+
{ field }
|
|
198
|
+
);
|
|
199
|
+
}
|
|
200
|
+
if (field in bObj) {
|
|
201
|
+
throw new OmaTrustError(
|
|
202
|
+
"INVALID_JWK",
|
|
203
|
+
`Second JWK contains private key field "${field}"`,
|
|
204
|
+
{ field }
|
|
205
|
+
);
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
const aPublic = extractPublicKeyFields(aObj);
|
|
209
|
+
const bPublic = extractPublicKeyFields(bObj);
|
|
210
|
+
return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
|
|
211
|
+
}
|
|
212
|
+
var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
|
|
213
|
+
var init_jwk = __esm({
|
|
214
|
+
"src/identity/jwk.ts"() {
|
|
215
|
+
init_errors();
|
|
216
|
+
init_assert();
|
|
217
|
+
VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
218
|
+
PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
|
|
219
|
+
REQUIRED_PUBLIC_FIELDS = {
|
|
220
|
+
EC: ["crv", "x", "y"],
|
|
221
|
+
OKP: ["crv", "x"],
|
|
222
|
+
RSA: ["n", "e"]
|
|
223
|
+
};
|
|
224
|
+
}
|
|
225
|
+
});
|
|
80
226
|
function isValidDid(did) {
|
|
81
227
|
return DID_REGEX.test(did);
|
|
82
228
|
}
|
|
@@ -145,7 +291,7 @@ function normalizeDidKey(input) {
|
|
|
145
291
|
}
|
|
146
292
|
function normalizeDid(input) {
|
|
147
293
|
assertString(input, "input", "INVALID_DID");
|
|
148
|
-
const trimmed = input.trim();
|
|
294
|
+
const trimmed = input.trim().split("#")[0];
|
|
149
295
|
if (!trimmed.startsWith("did:")) {
|
|
150
296
|
return normalizeDidWeb(trimmed);
|
|
151
297
|
}
|
|
@@ -304,6 +450,10 @@ function validateDidJwk(did) {
|
|
|
304
450
|
error: "DID must reference a public key \u2014 private key component (d) is not allowed"
|
|
305
451
|
};
|
|
306
452
|
}
|
|
453
|
+
const jwkValidation = validatePublicJwk(jwk);
|
|
454
|
+
if (!jwkValidation.valid) {
|
|
455
|
+
return { valid: false, method: "jwk", error: jwkValidation.error };
|
|
456
|
+
}
|
|
307
457
|
return { valid: true, method: "jwk" };
|
|
308
458
|
}
|
|
309
459
|
function normalizeDidJwk(input) {
|
|
@@ -324,157 +474,12 @@ var init_did = __esm({
|
|
|
324
474
|
init_errors();
|
|
325
475
|
init_assert();
|
|
326
476
|
init_caip();
|
|
477
|
+
init_jwk();
|
|
327
478
|
DID_REGEX = /^did:[a-z0-9]+:.+$/i;
|
|
328
479
|
BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
|
|
329
480
|
VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
330
481
|
}
|
|
331
482
|
});
|
|
332
|
-
function validatePublicJwk(jwk) {
|
|
333
|
-
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
334
|
-
return { valid: false, error: "JWK must be a non-null object" };
|
|
335
|
-
}
|
|
336
|
-
const obj = jwk;
|
|
337
|
-
const kty = obj.kty;
|
|
338
|
-
if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
|
|
339
|
-
return {
|
|
340
|
-
valid: false,
|
|
341
|
-
error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
|
|
342
|
-
};
|
|
343
|
-
}
|
|
344
|
-
for (const field of PRIVATE_KEY_FIELDS) {
|
|
345
|
-
if (field in obj) {
|
|
346
|
-
return {
|
|
347
|
-
valid: false,
|
|
348
|
-
error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
|
|
349
|
-
};
|
|
350
|
-
}
|
|
351
|
-
}
|
|
352
|
-
const required = REQUIRED_PUBLIC_FIELDS[kty];
|
|
353
|
-
if (required) {
|
|
354
|
-
for (const field of required) {
|
|
355
|
-
if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
|
|
356
|
-
return {
|
|
357
|
-
valid: false,
|
|
358
|
-
error: `Missing required public key field "${field}" for kty="${kty}"`
|
|
359
|
-
};
|
|
360
|
-
}
|
|
361
|
-
}
|
|
362
|
-
}
|
|
363
|
-
return { valid: true };
|
|
364
|
-
}
|
|
365
|
-
function canonicalizeJwkJson(jwk) {
|
|
366
|
-
const sorted = Object.keys(jwk).sort();
|
|
367
|
-
const obj = {};
|
|
368
|
-
for (const key of sorted) {
|
|
369
|
-
obj[key] = jwk[key];
|
|
370
|
-
}
|
|
371
|
-
return JSON.stringify(obj);
|
|
372
|
-
}
|
|
373
|
-
function jwkToDidJwk(jwk) {
|
|
374
|
-
assertObject(jwk, "jwk", "INVALID_JWK");
|
|
375
|
-
const validation = validatePublicJwk(jwk);
|
|
376
|
-
if (!validation.valid) {
|
|
377
|
-
throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
|
|
378
|
-
}
|
|
379
|
-
const canonical = canonicalizeJwkJson(jwk);
|
|
380
|
-
const encoded = jose.base64url.encode(new TextEncoder().encode(canonical));
|
|
381
|
-
return `did:jwk:${encoded}`;
|
|
382
|
-
}
|
|
383
|
-
function didJwkToJwk(didJwk) {
|
|
384
|
-
if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
|
|
385
|
-
throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
|
|
386
|
-
}
|
|
387
|
-
const parts = didJwk.split(":");
|
|
388
|
-
if (parts.length !== 3) {
|
|
389
|
-
throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
|
|
390
|
-
input: didJwk
|
|
391
|
-
});
|
|
392
|
-
}
|
|
393
|
-
const encoded = parts[2];
|
|
394
|
-
if (!encoded || encoded.length === 0) {
|
|
395
|
-
throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
|
|
396
|
-
input: didJwk
|
|
397
|
-
});
|
|
398
|
-
}
|
|
399
|
-
let decoded;
|
|
400
|
-
try {
|
|
401
|
-
const bytes = jose.base64url.decode(encoded);
|
|
402
|
-
decoded = new TextDecoder().decode(bytes);
|
|
403
|
-
} catch {
|
|
404
|
-
throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
|
|
405
|
-
input: didJwk
|
|
406
|
-
});
|
|
407
|
-
}
|
|
408
|
-
let jwk;
|
|
409
|
-
try {
|
|
410
|
-
jwk = JSON.parse(decoded);
|
|
411
|
-
} catch {
|
|
412
|
-
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
|
|
413
|
-
input: didJwk
|
|
414
|
-
});
|
|
415
|
-
}
|
|
416
|
-
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
417
|
-
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
|
|
418
|
-
input: didJwk
|
|
419
|
-
});
|
|
420
|
-
}
|
|
421
|
-
const validation = validatePublicJwk(jwk);
|
|
422
|
-
if (!validation.valid) {
|
|
423
|
-
throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
|
|
424
|
-
input: didJwk
|
|
425
|
-
});
|
|
426
|
-
}
|
|
427
|
-
return jwk;
|
|
428
|
-
}
|
|
429
|
-
function extractPublicKeyFields(jwk) {
|
|
430
|
-
const result = {};
|
|
431
|
-
const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
|
|
432
|
-
for (const [key, value] of Object.entries(jwk)) {
|
|
433
|
-
if (PRIVATE_KEY_FIELDS.has(key)) continue;
|
|
434
|
-
if (metadataFields.has(key)) continue;
|
|
435
|
-
result[key] = value;
|
|
436
|
-
}
|
|
437
|
-
return result;
|
|
438
|
-
}
|
|
439
|
-
function publicJwkEquals(a, b) {
|
|
440
|
-
assertObject(a, "a", "INVALID_JWK");
|
|
441
|
-
assertObject(b, "b", "INVALID_JWK");
|
|
442
|
-
const aObj = a;
|
|
443
|
-
const bObj = b;
|
|
444
|
-
for (const field of PRIVATE_KEY_FIELDS) {
|
|
445
|
-
if (field in aObj) {
|
|
446
|
-
throw new OmaTrustError(
|
|
447
|
-
"INVALID_JWK",
|
|
448
|
-
`First JWK contains private key field "${field}"`,
|
|
449
|
-
{ field }
|
|
450
|
-
);
|
|
451
|
-
}
|
|
452
|
-
if (field in bObj) {
|
|
453
|
-
throw new OmaTrustError(
|
|
454
|
-
"INVALID_JWK",
|
|
455
|
-
`Second JWK contains private key field "${field}"`,
|
|
456
|
-
{ field }
|
|
457
|
-
);
|
|
458
|
-
}
|
|
459
|
-
}
|
|
460
|
-
const aPublic = extractPublicKeyFields(aObj);
|
|
461
|
-
const bPublic = extractPublicKeyFields(bObj);
|
|
462
|
-
return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
|
|
463
|
-
}
|
|
464
|
-
var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
|
|
465
|
-
var init_jwk = __esm({
|
|
466
|
-
"src/identity/jwk.ts"() {
|
|
467
|
-
init_errors();
|
|
468
|
-
init_assert();
|
|
469
|
-
VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
470
|
-
PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
|
|
471
|
-
REQUIRED_PUBLIC_FIELDS = {
|
|
472
|
-
EC: ["crv", "x", "y"],
|
|
473
|
-
OKP: ["crv", "x"],
|
|
474
|
-
RSA: ["n", "e"]
|
|
475
|
-
};
|
|
476
|
-
}
|
|
477
|
-
});
|
|
478
483
|
|
|
479
484
|
// src/reputation/proof/dns-txt-record.ts
|
|
480
485
|
function parseDnsTxtRecord(record) {
|