@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/app-registry/index.cjs +53 -0
- package/dist/app-registry/index.cjs.map +1 -1
- package/dist/app-registry/index.js +53 -0
- package/dist/app-registry/index.js.map +1 -1
- package/dist/identity/index.cjs +643 -164
- package/dist/identity/index.cjs.map +1 -1
- package/dist/identity/index.d.cts +2 -2
- package/dist/identity/index.d.ts +2 -2
- package/dist/identity/index.js +616 -165
- package/dist/identity/index.js.map +1 -1
- package/dist/index-Bu-xxcv9.d.ts +407 -0
- package/dist/index-C7odEbp6.d.cts +407 -0
- package/dist/index-CnWY9arI.d.cts +612 -0
- package/dist/index-DREQRFIE.d.ts +612 -0
- package/dist/index.cjs +1316 -202
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js +1297 -202
- package/dist/index.js.map +1 -1
- package/dist/reputation/index.browser.cjs +153 -148
- package/dist/reputation/index.browser.cjs.map +1 -1
- package/dist/reputation/index.browser.js +153 -148
- package/dist/reputation/index.browser.js.map +1 -1
- package/dist/reputation/index.cjs +884 -163
- package/dist/reputation/index.cjs.map +1 -1
- package/dist/reputation/index.d.cts +2 -2
- package/dist/reputation/index.d.ts +2 -2
- package/dist/reputation/index.js +860 -164
- package/dist/reputation/index.js.map +1 -1
- package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
- package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
- package/dist/widgets/index.cjs.map +1 -1
- package/dist/widgets/index.d.cts +3 -0
- package/dist/widgets/index.d.ts +3 -0
- package/dist/widgets/index.js.map +1 -1
- package/package.json +4 -2
- package/dist/index-BOvk-7Ku.d.cts +0 -235
- package/dist/index-C2w5EvFH.d.ts +0 -329
- package/dist/index-QueRiudB.d.cts +0 -329
- package/dist/index-R78TpAhN.d.ts +0 -235
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { ZeroAddress, Signature, toUtf8Bytes, sha256, keccak256, formatUnits, getAddress, isAddress, verifyTypedData, hexlify, randomBytes, Contract, Interface } from 'ethers';
|
|
2
1
|
import { base64url, decodeProtectedHeader, importJWK, compactVerify } from 'jose';
|
|
2
|
+
import { ZeroAddress, Signature, toUtf8Bytes, sha256, keccak256, formatUnits, getAddress, isAddress, verifyTypedData, hexlify, randomBytes, Contract, Interface } from 'ethers';
|
|
3
3
|
import { SchemaEncoder, EAS } from '@ethereum-attestation-service/eas-sdk';
|
|
4
4
|
import canonicalize from 'canonicalize';
|
|
5
5
|
|
|
@@ -71,6 +71,152 @@ var init_caip = __esm({
|
|
|
71
71
|
CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;
|
|
72
72
|
}
|
|
73
73
|
});
|
|
74
|
+
function validatePublicJwk(jwk) {
|
|
75
|
+
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
76
|
+
return { valid: false, error: "JWK must be a non-null object" };
|
|
77
|
+
}
|
|
78
|
+
const obj = jwk;
|
|
79
|
+
const kty = obj.kty;
|
|
80
|
+
if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
|
|
81
|
+
return {
|
|
82
|
+
valid: false,
|
|
83
|
+
error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
for (const field of PRIVATE_KEY_FIELDS) {
|
|
87
|
+
if (field in obj) {
|
|
88
|
+
return {
|
|
89
|
+
valid: false,
|
|
90
|
+
error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
const required = REQUIRED_PUBLIC_FIELDS[kty];
|
|
95
|
+
if (required) {
|
|
96
|
+
for (const field of required) {
|
|
97
|
+
if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
|
|
98
|
+
return {
|
|
99
|
+
valid: false,
|
|
100
|
+
error: `Missing required public key field "${field}" for kty="${kty}"`
|
|
101
|
+
};
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
return { valid: true };
|
|
106
|
+
}
|
|
107
|
+
function canonicalizeJwkJson(jwk) {
|
|
108
|
+
const sorted = Object.keys(jwk).sort();
|
|
109
|
+
const obj = {};
|
|
110
|
+
for (const key of sorted) {
|
|
111
|
+
obj[key] = jwk[key];
|
|
112
|
+
}
|
|
113
|
+
return JSON.stringify(obj);
|
|
114
|
+
}
|
|
115
|
+
function jwkToDidJwk(jwk) {
|
|
116
|
+
assertObject(jwk, "jwk", "INVALID_JWK");
|
|
117
|
+
const validation = validatePublicJwk(jwk);
|
|
118
|
+
if (!validation.valid) {
|
|
119
|
+
throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
|
|
120
|
+
}
|
|
121
|
+
const canonical = canonicalizeJwkJson(jwk);
|
|
122
|
+
const encoded = base64url.encode(new TextEncoder().encode(canonical));
|
|
123
|
+
return `did:jwk:${encoded}`;
|
|
124
|
+
}
|
|
125
|
+
function didJwkToJwk(didJwk) {
|
|
126
|
+
if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
|
|
127
|
+
throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
|
|
128
|
+
}
|
|
129
|
+
const parts = didJwk.split(":");
|
|
130
|
+
if (parts.length !== 3) {
|
|
131
|
+
throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
|
|
132
|
+
input: didJwk
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
const encoded = parts[2];
|
|
136
|
+
if (!encoded || encoded.length === 0) {
|
|
137
|
+
throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
|
|
138
|
+
input: didJwk
|
|
139
|
+
});
|
|
140
|
+
}
|
|
141
|
+
let decoded;
|
|
142
|
+
try {
|
|
143
|
+
const bytes = base64url.decode(encoded);
|
|
144
|
+
decoded = new TextDecoder().decode(bytes);
|
|
145
|
+
} catch {
|
|
146
|
+
throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
|
|
147
|
+
input: didJwk
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
let jwk;
|
|
151
|
+
try {
|
|
152
|
+
jwk = JSON.parse(decoded);
|
|
153
|
+
} catch {
|
|
154
|
+
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
|
|
155
|
+
input: didJwk
|
|
156
|
+
});
|
|
157
|
+
}
|
|
158
|
+
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
159
|
+
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
|
|
160
|
+
input: didJwk
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
const validation = validatePublicJwk(jwk);
|
|
164
|
+
if (!validation.valid) {
|
|
165
|
+
throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
|
|
166
|
+
input: didJwk
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
return jwk;
|
|
170
|
+
}
|
|
171
|
+
function extractPublicKeyFields(jwk) {
|
|
172
|
+
const result = {};
|
|
173
|
+
const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
|
|
174
|
+
for (const [key, value] of Object.entries(jwk)) {
|
|
175
|
+
if (PRIVATE_KEY_FIELDS.has(key)) continue;
|
|
176
|
+
if (metadataFields.has(key)) continue;
|
|
177
|
+
result[key] = value;
|
|
178
|
+
}
|
|
179
|
+
return result;
|
|
180
|
+
}
|
|
181
|
+
function publicJwkEquals(a, b) {
|
|
182
|
+
assertObject(a, "a", "INVALID_JWK");
|
|
183
|
+
assertObject(b, "b", "INVALID_JWK");
|
|
184
|
+
const aObj = a;
|
|
185
|
+
const bObj = b;
|
|
186
|
+
for (const field of PRIVATE_KEY_FIELDS) {
|
|
187
|
+
if (field in aObj) {
|
|
188
|
+
throw new OmaTrustError(
|
|
189
|
+
"INVALID_JWK",
|
|
190
|
+
`First JWK contains private key field "${field}"`,
|
|
191
|
+
{ field }
|
|
192
|
+
);
|
|
193
|
+
}
|
|
194
|
+
if (field in bObj) {
|
|
195
|
+
throw new OmaTrustError(
|
|
196
|
+
"INVALID_JWK",
|
|
197
|
+
`Second JWK contains private key field "${field}"`,
|
|
198
|
+
{ field }
|
|
199
|
+
);
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
const aPublic = extractPublicKeyFields(aObj);
|
|
203
|
+
const bPublic = extractPublicKeyFields(bObj);
|
|
204
|
+
return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
|
|
205
|
+
}
|
|
206
|
+
var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
|
|
207
|
+
var init_jwk = __esm({
|
|
208
|
+
"src/identity/jwk.ts"() {
|
|
209
|
+
init_errors();
|
|
210
|
+
init_assert();
|
|
211
|
+
VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
212
|
+
PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
|
|
213
|
+
REQUIRED_PUBLIC_FIELDS = {
|
|
214
|
+
EC: ["crv", "x", "y"],
|
|
215
|
+
OKP: ["crv", "x"],
|
|
216
|
+
RSA: ["n", "e"]
|
|
217
|
+
};
|
|
218
|
+
}
|
|
219
|
+
});
|
|
74
220
|
function isValidDid(did) {
|
|
75
221
|
return DID_REGEX.test(did);
|
|
76
222
|
}
|
|
@@ -139,7 +285,7 @@ function normalizeDidKey(input) {
|
|
|
139
285
|
}
|
|
140
286
|
function normalizeDid(input) {
|
|
141
287
|
assertString(input, "input", "INVALID_DID");
|
|
142
|
-
const trimmed = input.trim();
|
|
288
|
+
const trimmed = input.trim().split("#")[0];
|
|
143
289
|
if (!trimmed.startsWith("did:")) {
|
|
144
290
|
return normalizeDidWeb(trimmed);
|
|
145
291
|
}
|
|
@@ -298,6 +444,10 @@ function validateDidJwk(did) {
|
|
|
298
444
|
error: "DID must reference a public key \u2014 private key component (d) is not allowed"
|
|
299
445
|
};
|
|
300
446
|
}
|
|
447
|
+
const jwkValidation = validatePublicJwk(jwk);
|
|
448
|
+
if (!jwkValidation.valid) {
|
|
449
|
+
return { valid: false, method: "jwk", error: jwkValidation.error };
|
|
450
|
+
}
|
|
301
451
|
return { valid: true, method: "jwk" };
|
|
302
452
|
}
|
|
303
453
|
function normalizeDidJwk(input) {
|
|
@@ -318,157 +468,12 @@ var init_did = __esm({
|
|
|
318
468
|
init_errors();
|
|
319
469
|
init_assert();
|
|
320
470
|
init_caip();
|
|
471
|
+
init_jwk();
|
|
321
472
|
DID_REGEX = /^did:[a-z0-9]+:.+$/i;
|
|
322
473
|
BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;
|
|
323
474
|
VALID_JWK_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
324
475
|
}
|
|
325
476
|
});
|
|
326
|
-
function validatePublicJwk(jwk) {
|
|
327
|
-
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
328
|
-
return { valid: false, error: "JWK must be a non-null object" };
|
|
329
|
-
}
|
|
330
|
-
const obj = jwk;
|
|
331
|
-
const kty = obj.kty;
|
|
332
|
-
if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
|
|
333
|
-
return {
|
|
334
|
-
valid: false,
|
|
335
|
-
error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
|
|
336
|
-
};
|
|
337
|
-
}
|
|
338
|
-
for (const field of PRIVATE_KEY_FIELDS) {
|
|
339
|
-
if (field in obj) {
|
|
340
|
-
return {
|
|
341
|
-
valid: false,
|
|
342
|
-
error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
|
|
343
|
-
};
|
|
344
|
-
}
|
|
345
|
-
}
|
|
346
|
-
const required = REQUIRED_PUBLIC_FIELDS[kty];
|
|
347
|
-
if (required) {
|
|
348
|
-
for (const field of required) {
|
|
349
|
-
if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
|
|
350
|
-
return {
|
|
351
|
-
valid: false,
|
|
352
|
-
error: `Missing required public key field "${field}" for kty="${kty}"`
|
|
353
|
-
};
|
|
354
|
-
}
|
|
355
|
-
}
|
|
356
|
-
}
|
|
357
|
-
return { valid: true };
|
|
358
|
-
}
|
|
359
|
-
function canonicalizeJwkJson(jwk) {
|
|
360
|
-
const sorted = Object.keys(jwk).sort();
|
|
361
|
-
const obj = {};
|
|
362
|
-
for (const key of sorted) {
|
|
363
|
-
obj[key] = jwk[key];
|
|
364
|
-
}
|
|
365
|
-
return JSON.stringify(obj);
|
|
366
|
-
}
|
|
367
|
-
function jwkToDidJwk(jwk) {
|
|
368
|
-
assertObject(jwk, "jwk", "INVALID_JWK");
|
|
369
|
-
const validation = validatePublicJwk(jwk);
|
|
370
|
-
if (!validation.valid) {
|
|
371
|
-
throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
|
|
372
|
-
}
|
|
373
|
-
const canonical = canonicalizeJwkJson(jwk);
|
|
374
|
-
const encoded = base64url.encode(new TextEncoder().encode(canonical));
|
|
375
|
-
return `did:jwk:${encoded}`;
|
|
376
|
-
}
|
|
377
|
-
function didJwkToJwk(didJwk) {
|
|
378
|
-
if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
|
|
379
|
-
throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
|
|
380
|
-
}
|
|
381
|
-
const parts = didJwk.split(":");
|
|
382
|
-
if (parts.length !== 3) {
|
|
383
|
-
throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
|
|
384
|
-
input: didJwk
|
|
385
|
-
});
|
|
386
|
-
}
|
|
387
|
-
const encoded = parts[2];
|
|
388
|
-
if (!encoded || encoded.length === 0) {
|
|
389
|
-
throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
|
|
390
|
-
input: didJwk
|
|
391
|
-
});
|
|
392
|
-
}
|
|
393
|
-
let decoded;
|
|
394
|
-
try {
|
|
395
|
-
const bytes = base64url.decode(encoded);
|
|
396
|
-
decoded = new TextDecoder().decode(bytes);
|
|
397
|
-
} catch {
|
|
398
|
-
throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
|
|
399
|
-
input: didJwk
|
|
400
|
-
});
|
|
401
|
-
}
|
|
402
|
-
let jwk;
|
|
403
|
-
try {
|
|
404
|
-
jwk = JSON.parse(decoded);
|
|
405
|
-
} catch {
|
|
406
|
-
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
|
|
407
|
-
input: didJwk
|
|
408
|
-
});
|
|
409
|
-
}
|
|
410
|
-
if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
|
|
411
|
-
throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
|
|
412
|
-
input: didJwk
|
|
413
|
-
});
|
|
414
|
-
}
|
|
415
|
-
const validation = validatePublicJwk(jwk);
|
|
416
|
-
if (!validation.valid) {
|
|
417
|
-
throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
|
|
418
|
-
input: didJwk
|
|
419
|
-
});
|
|
420
|
-
}
|
|
421
|
-
return jwk;
|
|
422
|
-
}
|
|
423
|
-
function extractPublicKeyFields(jwk) {
|
|
424
|
-
const result = {};
|
|
425
|
-
const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
|
|
426
|
-
for (const [key, value] of Object.entries(jwk)) {
|
|
427
|
-
if (PRIVATE_KEY_FIELDS.has(key)) continue;
|
|
428
|
-
if (metadataFields.has(key)) continue;
|
|
429
|
-
result[key] = value;
|
|
430
|
-
}
|
|
431
|
-
return result;
|
|
432
|
-
}
|
|
433
|
-
function publicJwkEquals(a, b) {
|
|
434
|
-
assertObject(a, "a", "INVALID_JWK");
|
|
435
|
-
assertObject(b, "b", "INVALID_JWK");
|
|
436
|
-
const aObj = a;
|
|
437
|
-
const bObj = b;
|
|
438
|
-
for (const field of PRIVATE_KEY_FIELDS) {
|
|
439
|
-
if (field in aObj) {
|
|
440
|
-
throw new OmaTrustError(
|
|
441
|
-
"INVALID_JWK",
|
|
442
|
-
`First JWK contains private key field "${field}"`,
|
|
443
|
-
{ field }
|
|
444
|
-
);
|
|
445
|
-
}
|
|
446
|
-
if (field in bObj) {
|
|
447
|
-
throw new OmaTrustError(
|
|
448
|
-
"INVALID_JWK",
|
|
449
|
-
`Second JWK contains private key field "${field}"`,
|
|
450
|
-
{ field }
|
|
451
|
-
);
|
|
452
|
-
}
|
|
453
|
-
}
|
|
454
|
-
const aPublic = extractPublicKeyFields(aObj);
|
|
455
|
-
const bPublic = extractPublicKeyFields(bObj);
|
|
456
|
-
return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
|
|
457
|
-
}
|
|
458
|
-
var VALID_KTY, PRIVATE_KEY_FIELDS, REQUIRED_PUBLIC_FIELDS;
|
|
459
|
-
var init_jwk = __esm({
|
|
460
|
-
"src/identity/jwk.ts"() {
|
|
461
|
-
init_errors();
|
|
462
|
-
init_assert();
|
|
463
|
-
VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
|
|
464
|
-
PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
|
|
465
|
-
REQUIRED_PUBLIC_FIELDS = {
|
|
466
|
-
EC: ["crv", "x", "y"],
|
|
467
|
-
OKP: ["crv", "x"],
|
|
468
|
-
RSA: ["n", "e"]
|
|
469
|
-
};
|
|
470
|
-
}
|
|
471
|
-
});
|
|
472
477
|
|
|
473
478
|
// src/reputation/proof/dns-txt-record.ts
|
|
474
479
|
function parseDnsTxtRecord(record) {
|