npm - @opentdf/sdk - Versions diffs - 0.1.0-beta.1701 - Mend

@opentdf/sdk 0.1.0-beta.1701

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (566) hide show

package/README.md +52 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/src/access.js +155 -0
package/dist/cjs/src/auth/Eas.js +60 -0
package/dist/cjs/src/auth/auth.js +79 -0
package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +26 -0
package/dist/cjs/src/auth/oidc-externaljwt-provider.js +33 -0
package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +34 -0
package/dist/cjs/src/auth/oidc.js +222 -0
package/dist/cjs/src/auth/providers.js +143 -0
package/dist/cjs/src/encodings/base64.js +154 -0
package/dist/cjs/src/encodings/hex.js +70 -0
package/dist/cjs/src/encodings/index.js +29 -0
package/dist/cjs/src/errors.js +138 -0
package/dist/cjs/src/index.js +344 -0
package/dist/cjs/src/nanotdf/Client.js +296 -0
package/dist/cjs/src/nanotdf/NanoTDF.js +94 -0
package/dist/cjs/src/nanotdf/browser-entry.js +19 -0
package/dist/cjs/src/nanotdf/constants.js +5 -0
package/dist/cjs/src/nanotdf/decrypt.js +17 -0
package/dist/cjs/src/nanotdf/encrypt-dataset.js +38 -0
package/dist/cjs/src/nanotdf/encrypt.js +132 -0
package/dist/cjs/src/nanotdf/enum/CipherEnum.js +13 -0
package/dist/cjs/src/nanotdf/enum/CurveNameEnum.js +15 -0
package/dist/cjs/src/nanotdf/enum/EncodingEnum.js +8 -0
package/dist/cjs/src/nanotdf/enum/PolicyTypeEnum.js +11 -0
package/dist/cjs/src/nanotdf/enum/ProtocolEnum.js +10 -0
package/dist/cjs/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +11 -0
package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +29 -0
package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +11 -0
package/dist/cjs/src/nanotdf/index.js +25 -0
package/dist/cjs/src/nanotdf/interfaces/PolicyInterface.js +3 -0
package/dist/cjs/src/nanotdf/models/Ciphers.js +61 -0
package/dist/cjs/src/nanotdf/models/DefaultParams.js +27 -0
package/dist/cjs/src/nanotdf/models/EcCurves.js +39 -0
package/dist/cjs/src/nanotdf/models/Header.js +255 -0
package/dist/cjs/src/nanotdf/models/Payload.js +158 -0
package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +73 -0
package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +82 -0
package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +38 -0
package/dist/cjs/src/nanotdf/models/Policy/RemotePolicy.js +62 -0
package/dist/cjs/src/nanotdf/models/ResourceLocator.js +211 -0
package/dist/cjs/src/nanotdf/models/Signature.js +77 -0
package/dist/cjs/src/nanotdf-crypto/ciphers.js +17 -0
package/dist/cjs/src/nanotdf-crypto/decrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/digest.js +7 -0
package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +83 -0
package/dist/cjs/src/nanotdf-crypto/encrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/enums.js +52 -0
package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +20 -0
package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +13 -0
package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +12 -0
package/dist/cjs/src/nanotdf-crypto/importRawKey.js +18 -0
package/dist/cjs/src/nanotdf-crypto/index.js +52 -0
package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +91 -0
package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +225 -0
package/dist/cjs/src/policy/api.js +58 -0
package/dist/cjs/src/policy/attributes.js +3 -0
package/dist/cjs/src/policy/granter.js +146 -0
package/dist/cjs/src/tdf/AttributeObject.js +15 -0
package/dist/cjs/src/tdf/AttributeObjectJwt.js +3 -0
package/dist/cjs/src/tdf/Crypto.js +47 -0
package/dist/cjs/src/tdf/EntityObject.js +3 -0
package/dist/cjs/src/tdf/NanoTDF/NanoTDF.js +38 -0
package/dist/cjs/src/tdf/Policy.js +50 -0
package/dist/cjs/src/tdf/PolicyObject.js +3 -0
package/dist/cjs/src/tdf/TypedArray.js +3 -0
package/dist/cjs/src/tdf/index.js +35 -0
package/dist/cjs/src/types/index.js +3 -0
package/dist/cjs/src/utils.js +147 -0
package/dist/cjs/src/version.js +12 -0
package/dist/cjs/tdf3/index.js +57 -0
package/dist/cjs/tdf3/src/assertions.js +118 -0
package/dist/cjs/tdf3/src/binary.js +153 -0
package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +56 -0
package/dist/cjs/tdf3/src/ciphers/algorithms.js +8 -0
package/dist/cjs/tdf3/src/ciphers/index.js +8 -0
package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +22 -0
package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +116 -0
package/dist/cjs/tdf3/src/client/builders.js +561 -0
package/dist/cjs/tdf3/src/client/index.js +460 -0
package/dist/cjs/tdf3/src/client/validation.js +63 -0
package/dist/cjs/tdf3/src/crypto/crypto-utils.js +116 -0
package/dist/cjs/tdf3/src/crypto/declarations.js +8 -0
package/dist/cjs/tdf3/src/crypto/index.js +315 -0
package/dist/cjs/tdf3/src/index.js +34 -0
package/dist/cjs/tdf3/src/models/attribute-set.js +122 -0
package/dist/cjs/tdf3/src/models/encryption-information.js +90 -0
package/dist/cjs/tdf3/src/models/index.js +25 -0
package/dist/cjs/tdf3/src/models/key-access.js +103 -0
package/dist/cjs/tdf3/src/models/manifest.js +3 -0
package/dist/cjs/tdf3/src/models/payload.js +3 -0
package/dist/cjs/tdf3/src/models/policy.js +24 -0
package/dist/cjs/tdf3/src/models/upsert-response.js +3 -0
package/dist/cjs/tdf3/src/tdf.js +907 -0
package/dist/cjs/tdf3/src/templates/default.html.js +98 -0
package/dist/cjs/tdf3/src/templates/escaper.js +15 -0
package/dist/cjs/tdf3/src/templates/index.js +12 -0
package/dist/cjs/tdf3/src/utils/buffer-crc32.js +48 -0
package/dist/cjs/tdf3/src/utils/chunkers.js +106 -0
package/dist/cjs/tdf3/src/utils/index.js +296 -0
package/dist/cjs/tdf3/src/utils/keysplit.js +61 -0
package/dist/cjs/tdf3/src/utils/zip-reader.js +253 -0
package/dist/cjs/tdf3/src/utils/zip-writer.js +308 -0
package/dist/cjs/tdf3/src/version.js +6 -0
package/dist/types/src/access.d.ts +47 -0
package/dist/types/src/access.d.ts.map +1 -0
package/dist/types/src/auth/Eas.d.ts +34 -0
package/dist/types/src/auth/Eas.d.ts.map +1 -0
package/dist/types/src/auth/auth.d.ts +86 -0
package/dist/types/src/auth/auth.d.ts.map +1 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +9 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc.d.ts +104 -0
package/dist/types/src/auth/oidc.d.ts.map +1 -0
package/dist/types/src/auth/providers.d.ts +67 -0
package/dist/types/src/auth/providers.d.ts.map +1 -0
package/dist/types/src/encodings/base64.d.ts +18 -0
package/dist/types/src/encodings/base64.d.ts.map +1 -0
package/dist/types/src/encodings/hex.d.ts +5 -0
package/dist/types/src/encodings/hex.d.ts.map +1 -0
package/dist/types/src/encodings/index.d.ts +3 -0
package/dist/types/src/encodings/index.d.ts.map +1 -0
package/dist/types/src/errors.d.ts +72 -0
package/dist/types/src/errors.d.ts.map +1 -0
package/dist/types/src/index.d.ts +138 -0
package/dist/types/src/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/Client.d.ts +95 -0
package/dist/types/src/nanotdf/Client.d.ts.map +1 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts +25 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -0
package/dist/types/src/nanotdf/browser-entry.d.ts +17 -0
package/dist/types/src/nanotdf/browser-entry.d.ts.map +1 -0
package/dist/types/src/nanotdf/constants.d.ts +2 -0
package/dist/types/src/nanotdf/constants.d.ts.map +1 -0
package/dist/types/src/nanotdf/decrypt.d.ts +9 -0
package/dist/types/src/nanotdf/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts +12 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +10 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts +12 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts +5 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts +7 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts +20 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +9 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -0
package/dist/types/src/nanotdf/index.d.ts +9 -0
package/dist/types/src/nanotdf/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts +17 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts +14 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts +21 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts +15 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Header.d.ts +73 -0
package/dist/types/src/nanotdf/models/Header.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Payload.d.ts +47 -0
package/dist/types/src/nanotdf/models/Payload.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts +52 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts +35 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts +11 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts +31 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts +65 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Signature.d.ts +33 -0
package/dist/types/src/nanotdf/models/Signature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts +8 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts +3 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts +35 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts +42 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts +7 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +10 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +5 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +13 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/index.d.ts +12 -0
package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts.map +1 -0
package/dist/types/src/policy/api.d.ts +4 -0
package/dist/types/src/policy/api.d.ts.map +1 -0
package/dist/types/src/policy/attributes.d.ts +95 -0
package/dist/types/src/policy/attributes.d.ts.map +1 -0
package/dist/types/src/policy/granter.d.ts +23 -0
package/dist/types/src/policy/granter.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObject.d.ts +13 -0
package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts +4 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts.map +1 -0
package/dist/types/src/tdf/Crypto.d.ts +37 -0
package/dist/types/src/tdf/Crypto.d.ts.map +1 -0
package/dist/types/src/tdf/EntityObject.d.ts +18 -0
package/dist/types/src/tdf/EntityObject.d.ts.map +1 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +99 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -0
package/dist/types/src/tdf/Policy.d.ts +28 -0
package/dist/types/src/tdf/Policy.d.ts.map +1 -0
package/dist/types/src/tdf/PolicyObject.d.ts +11 -0
package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -0
package/dist/types/src/tdf/TypedArray.d.ts +3 -0
package/dist/types/src/tdf/TypedArray.d.ts.map +1 -0
package/dist/types/src/tdf/index.d.ts +7 -0
package/dist/types/src/tdf/index.d.ts.map +1 -0
package/dist/types/src/types/index.d.ts +45 -0
package/dist/types/src/types/index.d.ts.map +1 -0
package/dist/types/src/utils.d.ts +45 -0
package/dist/types/src/utils.d.ts.map +1 -0
package/dist/types/src/version.d.ts +9 -0
package/dist/types/src/version.d.ts.map +1 -0
package/dist/types/tdf3/index.d.ts +16 -0
package/dist/types/tdf3/index.d.ts.map +1 -0
package/dist/types/tdf3/src/assertions.d.ts +63 -0
package/dist/types/tdf3/src/assertions.d.ts.map +1 -0
package/dist/types/tdf3/src/binary.d.ts +38 -0
package/dist/types/tdf3/src/binary.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +18 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts +4 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/index.d.ts +3 -0
package/dist/types/tdf3/src/ciphers/index.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +14 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +53 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -0
package/dist/types/tdf3/src/client/builders.d.ts +436 -0
package/dist/types/tdf3/src/client/builders.d.ts.map +1 -0
package/dist/types/tdf3/src/client/index.d.ts +139 -0
package/dist/types/tdf3/src/client/index.d.ts.map +1 -0
package/dist/types/tdf3/src/client/validation.d.ts +8 -0
package/dist/types/tdf3/src/client/validation.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +34 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts +60 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/index.d.ts +103 -0
package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -0
package/dist/types/tdf3/src/index.d.ts +5 -0
package/dist/types/tdf3/src/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts +65 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts.map +1 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts +49 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -0
package/dist/types/tdf3/src/models/index.d.ts +9 -0
package/dist/types/tdf3/src/models/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/key-access.d.ts +42 -0
package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -0
package/dist/types/tdf3/src/models/manifest.d.ts +9 -0
package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -0
package/dist/types/tdf3/src/models/payload.d.ts +7 -0
package/dist/types/tdf3/src/models/payload.d.ts.map +1 -0
package/dist/types/tdf3/src/models/policy.d.ts +13 -0
package/dist/types/tdf3/src/models/policy.d.ts.map +1 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts +16 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts.map +1 -0
package/dist/types/tdf3/src/tdf.d.ts +152 -0
package/dist/types/tdf3/src/tdf.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/default.html.d.ts +8 -0
package/dist/types/tdf3/src/templates/default.html.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/escaper.d.ts +6 -0
package/dist/types/tdf3/src/templates/escaper.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/index.d.ts +3 -0
package/dist/types/tdf3/src/templates/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts +2 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts +29 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/index.d.ts +36 -0
package/dist/types/tdf3/src/utils/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts +19 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts +63 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts +35 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts.map +1 -0
package/dist/types/tdf3/src/version.d.ts +3 -0
package/dist/types/tdf3/src/version.d.ts.map +1 -0
package/dist/web/package.json +3 -0
package/dist/web/src/access.js +147 -0
package/dist/web/src/auth/Eas.js +55 -0
package/dist/web/src/auth/auth.js +71 -0
package/dist/web/src/auth/oidc-clientcredentials-provider.js +22 -0
package/dist/web/src/auth/oidc-externaljwt-provider.js +29 -0
package/dist/web/src/auth/oidc-refreshtoken-provider.js +30 -0
package/dist/web/src/auth/oidc.js +215 -0
package/dist/web/src/auth/providers.js +119 -0
package/dist/web/src/encodings/base64.js +147 -0
package/dist/web/src/encodings/hex.js +63 -0
package/dist/web/src/encodings/index.js +3 -0
package/dist/web/src/errors.js +123 -0
package/dist/web/src/index.js +313 -0
package/dist/web/src/nanotdf/Client.js +268 -0
package/dist/web/src/nanotdf/NanoTDF.js +89 -0
package/dist/web/src/nanotdf/browser-entry.js +14 -0
package/dist/web/src/nanotdf/constants.js +2 -0
package/dist/web/src/nanotdf/decrypt.js +14 -0
package/dist/web/src/nanotdf/encrypt-dataset.js +32 -0
package/dist/web/src/nanotdf/encrypt.js +126 -0
package/dist/web/src/nanotdf/enum/CipherEnum.js +11 -0
package/dist/web/src/nanotdf/enum/CurveNameEnum.js +13 -0
package/dist/web/src/nanotdf/enum/EncodingEnum.js +6 -0
package/dist/web/src/nanotdf/enum/PolicyTypeEnum.js +9 -0
package/dist/web/src/nanotdf/enum/ProtocolEnum.js +8 -0
package/dist/web/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +9 -0
package/dist/web/src/nanotdf/helpers/calculateByCurve.js +24 -0
package/dist/web/src/nanotdf/helpers/getHkdfSalt.js +8 -0
package/dist/web/src/nanotdf/index.js +11 -0
package/dist/web/src/nanotdf/interfaces/PolicyInterface.js +2 -0
package/dist/web/src/nanotdf/models/Ciphers.js +54 -0
package/dist/web/src/nanotdf/models/DefaultParams.js +22 -0
package/dist/web/src/nanotdf/models/EcCurves.js +32 -0
package/dist/web/src/nanotdf/models/Header.js +250 -0
package/dist/web/src/nanotdf/models/Payload.js +156 -0
package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +71 -0
package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +77 -0
package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +33 -0
package/dist/web/src/nanotdf/models/Policy/RemotePolicy.js +57 -0
package/dist/web/src/nanotdf/models/ResourceLocator.js +206 -0
package/dist/web/src/nanotdf/models/Signature.js +74 -0
package/dist/web/src/nanotdf-crypto/ciphers.js +14 -0
package/dist/web/src/nanotdf-crypto/decrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/digest.js +4 -0
package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +77 -0
package/dist/web/src/nanotdf-crypto/encrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/enums.js +49 -0
package/dist/web/src/nanotdf-crypto/exportCryptoKey.js +17 -0
package/dist/web/src/nanotdf-crypto/generateKeyPair.js +10 -0
package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +9 -0
package/dist/web/src/nanotdf-crypto/importRawKey.js +15 -0
package/dist/web/src/nanotdf-crypto/index.js +12 -0
package/dist/web/src/nanotdf-crypto/keyAgreement.js +87 -0
package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +197 -0
package/dist/web/src/policy/api.js +54 -0
package/dist/web/src/policy/attributes.js +2 -0
package/dist/web/src/policy/granter.js +141 -0
package/dist/web/src/tdf/AttributeObject.js +11 -0
package/dist/web/src/tdf/AttributeObjectJwt.js +2 -0
package/dist/web/src/tdf/Crypto.js +44 -0
package/dist/web/src/tdf/EntityObject.js +2 -0
package/dist/web/src/tdf/NanoTDF/NanoTDF.js +35 -0
package/dist/web/src/tdf/Policy.js +48 -0
package/dist/web/src/tdf/PolicyObject.js +2 -0
package/dist/web/src/tdf/TypedArray.js +2 -0
package/dist/web/src/tdf/index.js +4 -0
package/dist/web/src/types/index.js +2 -0
package/dist/web/src/utils.js +133 -0
package/dist/web/src/version.js +9 -0
package/dist/web/tdf3/index.js +13 -0
package/dist/web/tdf3/src/assertions.js +111 -0
package/dist/web/tdf3/src/binary.js +149 -0
package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +52 -0
package/dist/web/tdf3/src/ciphers/algorithms.js +5 -0
package/dist/web/tdf3/src/ciphers/index.js +3 -0
package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +18 -0
package/dist/web/tdf3/src/client/DecoratedReadableStream.js +107 -0
package/dist/web/tdf3/src/client/builders.js +557 -0
package/dist/web/tdf3/src/client/index.js +423 -0
package/dist/web/tdf3/src/client/validation.js +58 -0
package/dist/web/tdf3/src/crypto/crypto-utils.js +107 -0
package/dist/web/tdf3/src/crypto/declarations.js +5 -0
package/dist/web/tdf3/src/crypto/index.js +296 -0
package/dist/web/tdf3/src/index.js +5 -0
package/dist/web/tdf3/src/models/attribute-set.js +118 -0
package/dist/web/tdf3/src/models/encryption-information.js +86 -0
package/dist/web/tdf3/src/models/index.js +9 -0
package/dist/web/tdf3/src/models/key-access.js +74 -0
package/dist/web/tdf3/src/models/manifest.js +2 -0
package/dist/web/tdf3/src/models/payload.js +2 -0
package/dist/web/tdf3/src/models/policy.js +20 -0
package/dist/web/tdf3/src/models/upsert-response.js +2 -0
package/dist/web/tdf3/src/tdf.js +866 -0
package/dist/web/tdf3/src/templates/default.html.js +96 -0
package/dist/web/tdf3/src/templates/escaper.js +10 -0
package/dist/web/tdf3/src/templates/index.js +3 -0
package/dist/web/tdf3/src/utils/buffer-crc32.js +44 -0
package/dist/web/tdf3/src/utils/chunkers.js +96 -0
package/dist/web/tdf3/src/utils/index.js +248 -0
package/dist/web/tdf3/src/utils/keysplit.js +55 -0
package/dist/web/tdf3/src/utils/zip-reader.js +247 -0
package/dist/web/tdf3/src/utils/zip-writer.js +302 -0
package/dist/web/tdf3/src/version.js +3 -0
package/package.json +126 -0
package/src/access.ts +198 -0
package/src/auth/Eas.ts +79 -0
package/src/auth/auth.ts +141 -0
package/src/auth/oidc-clientcredentials-provider.ts +32 -0
package/src/auth/oidc-externaljwt-provider.ts +41 -0
package/src/auth/oidc-refreshtoken-provider.ts +41 -0
package/src/auth/oidc.ts +307 -0
package/src/auth/providers.ts +139 -0
package/src/encodings/base64.ts +160 -0
package/src/encodings/hex.ts +69 -0
package/src/encodings/index.ts +2 -0
package/src/errors.ts +113 -0
package/src/index.ts +441 -0
package/src/nanotdf/Client.ts +349 -0
package/src/nanotdf/NanoTDF.ts +121 -0
package/src/nanotdf/browser-entry.ts +20 -0
package/src/nanotdf/constants.ts +1 -0
package/src/nanotdf/decrypt.ts +19 -0
package/src/nanotdf/encrypt-dataset.ts +52 -0
package/src/nanotdf/encrypt.ts +197 -0
package/src/nanotdf/enum/CipherEnum.ts +10 -0
package/src/nanotdf/enum/CurveNameEnum.ts +12 -0
package/src/nanotdf/enum/EncodingEnum.ts +5 -0
package/src/nanotdf/enum/PolicyTypeEnum.ts +8 -0
package/src/nanotdf/enum/ProtocolEnum.ts +7 -0
package/src/nanotdf/enum/ResourceLocatorIdentifierEnum.ts +8 -0
package/src/nanotdf/helpers/calculateByCurve.ts +26 -0
package/src/nanotdf/helpers/getHkdfSalt.ts +15 -0
package/src/nanotdf/index.ts +10 -0
package/src/nanotdf/interfaces/PolicyInterface.ts +27 -0
package/src/nanotdf/models/Ciphers.ts +67 -0
package/src/nanotdf/models/DefaultParams.ts +24 -0
package/src/nanotdf/models/EcCurves.ts +40 -0
package/src/nanotdf/models/Header.ts +322 -0
package/src/nanotdf/models/Payload.ts +196 -0
package/src/nanotdf/models/Policy/AbstractPolicy.ts +90 -0
package/src/nanotdf/models/Policy/EmbeddedPolicy.ts +101 -0
package/src/nanotdf/models/Policy/PolicyFactory.ts +48 -0
package/src/nanotdf/models/Policy/RemotePolicy.ts +74 -0
package/src/nanotdf/models/ResourceLocator.ts +212 -0
package/src/nanotdf/models/Signature.ts +85 -0
package/src/nanotdf-crypto/ciphers.ts +13 -0
package/src/nanotdf-crypto/decrypt.ts +30 -0
package/src/nanotdf-crypto/digest.ts +8 -0
package/src/nanotdf-crypto/ecdsaSignature.ts +109 -0
package/src/nanotdf-crypto/encrypt.ts +30 -0
package/src/nanotdf-crypto/enums.ts +47 -0
package/src/nanotdf-crypto/exportCryptoKey.ts +17 -0
package/src/nanotdf-crypto/generateKeyPair.ts +19 -0
package/src/nanotdf-crypto/generateRandomNumber.ts +8 -0
package/src/nanotdf-crypto/importRawKey.ts +19 -0
package/src/nanotdf-crypto/index.ts +11 -0
package/src/nanotdf-crypto/keyAgreement.ts +139 -0
package/src/nanotdf-crypto/pemPublicToCrypto.ts +232 -0
package/src/package-lock.json +6 -0
package/src/package.json +3 -0
package/src/platform/authorization/authorization_connect.d.ts +44 -0
package/src/platform/authorization/authorization_connect.js +44 -0
package/src/platform/authorization/authorization_pb.d.ts +707 -0
package/src/platform/authorization/authorization_pb.js +372 -0
package/src/platform/common/common_pb.d.ts +129 -0
package/src/platform/common/common_pb.js +58 -0
package/src/platform/entityresolution/entity_resolution_connect.d.ts +35 -0
package/src/platform/entityresolution/entity_resolution_connect.js +35 -0
package/src/platform/entityresolution/entity_resolution_pb.d.ts +242 -0
package/src/platform/entityresolution/entity_resolution_pb.js +139 -0
package/src/platform/kas/kas_connect.d.ts +59 -0
package/src/platform/kas/kas_connect.js +59 -0
package/src/platform/kas/kas_pb.d.ts +200 -0
package/src/platform/kas/kas_pb.js +84 -0
package/src/platform/policy/attributes/attributes_connect.d.ts +168 -0
package/src/platform/policy/attributes/attributes_connect.js +168 -0
package/src/platform/policy/attributes/attributes_pb.d.ts +929 -0
package/src/platform/policy/attributes/attributes_pb.js +363 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.d.ts +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.js +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +283 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.js +113 -0
package/src/platform/policy/namespaces/namespaces_connect.d.ts +62 -0
package/src/platform/policy/namespaces/namespaces_connect.js +62 -0
package/src/platform/policy/namespaces/namespaces_pb.d.ts +270 -0
package/src/platform/policy/namespaces/namespaces_pb.js +110 -0
package/src/platform/policy/objects_pb.d.ts +725 -0
package/src/platform/policy/objects_pb.js +288 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.d.ts +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.js +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +314 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.js +142 -0
package/src/platform/policy/selectors_pb.d.ts +269 -0
package/src/platform/policy/selectors_pb.js +110 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.d.ts +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.js +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +672 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.js +260 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.d.ts +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.js +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +75 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +35 -0
package/src/policy/api.ts +61 -0
package/src/policy/attributes.ts +117 -0
package/src/policy/granter.ts +181 -0
package/src/tdf/AttributeObject.ts +27 -0
package/src/tdf/AttributeObjectJwt.ts +3 -0
package/src/tdf/Crypto.ts +42 -0
package/src/tdf/EntityObject.ts +18 -0
package/src/tdf/NanoTDF/NanoTDF.ts +120 -0
package/src/tdf/Policy.ts +51 -0
package/src/tdf/PolicyObject.ts +12 -0
package/src/tdf/TypedArray.ts +12 -0
package/src/tdf/index.ts +6 -0
package/src/types/index.ts +55 -0
package/src/utils.ts +149 -0
package/src/version.ts +9 -0
package/tdf3/index.ts +91 -0
package/tdf3/package-lock.json +6 -0
package/tdf3/package.json +3 -0
package/tdf3/src/assertions.ts +191 -0
package/tdf3/src/binary.ts +195 -0
package/tdf3/src/ciphers/aes-gcm-cipher.ts +76 -0
package/tdf3/src/ciphers/algorithms.ts +9 -0
package/tdf3/src/ciphers/index.ts +2 -0
package/tdf3/src/ciphers/symmetric-cipher-base.ts +38 -0
package/tdf3/src/client/DecoratedReadableStream.ts +148 -0
package/tdf3/src/client/builders.ts +701 -0
package/tdf3/src/client/index.ts +637 -0
package/tdf3/src/client/validation.ts +79 -0
package/tdf3/src/crypto/crypto-utils.ts +119 -0
package/tdf3/src/crypto/declarations.ts +89 -0
package/tdf3/src/crypto/index.ts +394 -0
package/tdf3/src/index.ts +4 -0
package/tdf3/src/models/attribute-set.ts +142 -0
package/tdf3/src/models/encryption-information.ts +172 -0
package/tdf3/src/models/index.ts +8 -0
package/tdf3/src/models/key-access.ts +128 -0
package/tdf3/src/models/manifest.ts +9 -0
package/tdf3/src/models/payload.ts +6 -0
package/tdf3/src/models/policy.ts +35 -0
package/tdf3/src/models/upsert-response.ts +17 -0
package/tdf3/src/tdf.ts +1351 -0
package/tdf3/src/templates/default.html.ts +105 -0
package/tdf3/src/templates/escaper.ts +10 -0
package/tdf3/src/templates/index.ts +2 -0
package/tdf3/src/utils/buffer-crc32.ts +46 -0
package/tdf3/src/utils/chunkers.ts +118 -0
package/tdf3/src/utils/index.ts +309 -0
package/tdf3/src/utils/keysplit.ts +63 -0
package/tdf3/src/utils/zip-reader.ts +341 -0
package/tdf3/src/utils/zip-writer.ts +375 -0
package/tdf3/src/version.ts +2 -0
package/tdf3/types.d.ts +14 -0

package/dist/types/src/auth/oidc.d.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import { HttpRequest } from './auth.js';
+/**
+ * Common fields used by all OIDC credentialing flows.
+ */
+export type CommonCredentials = {
+    /** The OIDC client ID used for token issuance and exchange flows */
+    clientId: string;
+    /** The endpoint of the OIDC IdP to authenticate against, ex. 'https://virtru.com/auth' */
+    oidcOrigin: string;
+    /** Whether or not DPoP is enabled. */
+    dpopEnabled?: boolean;
+    /** the client's public key, base64 encoded. Will be bound to the OIDC token. Deprecated. If not set in the constructor, */
+    signingKey?: CryptoKeyPair;
+};
+/**
+ * Information needed for Client Secret OIDC credentialing flow
+ */
+export type ClientSecretCredentials = CommonCredentials & {
+    exchange: 'client';
+    /** The OIDC client secret, used for token issuance and exchange flows */
+    clientSecret: string;
+};
+/**
+ * Information needed for getting new access tokens with a refresh token
+ */
+export type RefreshTokenCredentials = CommonCredentials & {
+    exchange: 'refresh';
+    /** The OIDC refresh token content */
+    refreshToken: string;
+};
+/**
+ * Information needed to exchange a standard or external JWT for a TDF claims
+ * annotated JWT
+ */
+export type ExternalJwtCredentials = CommonCredentials & {
+    exchange: 'external';
+    /** The external JWT used for exchange */
+    externalJwt: string;
+};
+export type OIDCCredentials = ClientSecretCredentials | ExternalJwtCredentials | RefreshTokenCredentials;
+export type AccessTokenResponse = {
+    access_token: string;
+    refresh_token?: string;
+};
+/**
+ * Class that provides OIDC functionality to auth providers, assuming 'enhanced'
+ * tokens and sessions with tdf_claims and either one or both of signing keys
+ * or DPoP.
+ *
+ * Note that this class itself is not a provider - providers implement
+ * `AuthProvider` and make use of this class.
+ *
+ * Both browser and non-browser flows use OIDC, but the supported OIDC auth
+ * mechanisms differ between  public (e.g. browser) clients, and confidential
+ * (e.g. Node) clients.
+ *
+ * The non-browser flow just expects a `clientId` and `clientSecret` to be
+ * provided in the `clientConfig`, and will use that
+ * to grant tokens via the OIDC `clientCredentials` flow.
+ *
+ * For either kind of client, the client's public key must be set in all OIDC
+ * token requests in order to recieve a token with valid TDF claims. The public
+ * key may be passed to this provider's constructor, or supplied
+ * post-construction by calling @see updateClientPublicKey, which forces an
+ * explicit token refresh
+ */
+export declare class AccessToken {
+    config: OIDCCredentials;
+    request?: (input: RequestInfo, init?: RequestInit) => Promise<Response>;
+    data?: AccessTokenResponse;
+    baseUrl: string;
+    signingKey?: CryptoKeyPair;
+    extraHeaders: Record<string, string>;
+    currentAccessToken?: string;
+    constructor(cfg: OIDCCredentials, request?: typeof fetch);
+    /**
+     * https://connect2id.com/products/server/docs/api/userinfo
+     * @param accessToken the current access_token or code
+     * @returns
+     */
+    info(accessToken: string): Promise<unknown>;
+    doPost(url: string, o: Record<string, string>): Promise<Response>;
+    accessTokenLookup(cfg: OIDCCredentials): Promise<any>;
+    /**
+     * Gets an access token; operates lazily/cached, with an optional check for freshness.
+     * @param validate if we should run a inline check against the OIDC 'userinfo' endpoint to make sure any cached access token is still valid
+     * @returns
+     */
+    get(validate?: boolean): Promise<string>;
+    /**
+     * A TDF client MUST call this method whenever the client wants to use a new
+     * ephemeral key set. This updates the keys used to:
+     * or wishes to set the keypair after creating the object.
+     *
+     * Calling this function will trigger a forcible token refresh using the cached refresh token, and contact the auth server.
+     */
+    refreshTokenClaimsWithClientPubkeyIfNeeded(signingKey: CryptoKeyPair): Promise<void>;
+    /**
+     * Converts included refresh token or external JWT for a new one.
+     */
+    exchangeForRefreshToken(): Promise<string>;
+    withCreds(httpReq: HttpRequest): Promise<HttpRequest>;
+}
+//# sourceMappingURL=oidc.d.ts.map

package/dist/types/src/auth/oidc.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../../src/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAe,MAAM,WAAW,CAAC;AAKrD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,oEAAoE;IACpE,QAAQ,EAAE,MAAM,CAAC;IACjB,0FAA0F;IAC1F,UAAU,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,2HAA2H;IAC3H,UAAU,CAAC,EAAE,aAAa,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG;IACxD,QAAQ,EAAE,QAAQ,CAAC;IACnB,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,uBAAuB,GAAG,iBAAiB,GAAG;IACxD,QAAQ,EAAE,SAAS,CAAC;IACpB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG,iBAAiB,GAAG;IACvD,QAAQ,EAAE,UAAU,CAAC;IACrB,yCAAyC;IACzC,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,eAAe,GACvB,uBAAuB,GACvB,sBAAsB,GACtB,uBAAuB,CAAC;AAI5B,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,WAAW;IACtB,MAAM,EAAE,eAAe,CAAC;IAExB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAExE,IAAI,CAAC,EAAE,mBAAmB,CAAC;IAE3B,OAAO,EAAE,MAAM,CAAC;IAEhB,UAAU,CAAC,EAAE,aAAa,CAAC;IAE3B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAM;IAE1C,kBAAkB,CAAC,EAAE,MAAM,CAAC;gBAEhB,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK;IA0BxD;;;;OAIG;IACG,IAAI,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAsB3C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAqB7C,iBAAiB,CAAC,GAAG,EAAE,eAAe;IAsC5C;;;;OAIG;IACG,GAAG,CAAC,QAAQ,UAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B3C;;;;;;OAMG;IACG,0CAA0C,CAAC,UAAU,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAW1F;;OAEG;IACG,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC;IAwB1C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;CAoB5D"}

package/dist/types/src/auth/providers.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { ClientSecretCredentials, ExternalJwtCredentials, OIDCCredentials, RefreshTokenCredentials } from './oidc.js';
+import { OIDCClientCredentialsProvider } from './oidc-clientcredentials-provider.js';
+import { OIDCExternalJwtProvider } from './oidc-externaljwt-provider.js';
+import { type AuthProvider } from './auth.js';
+import { OIDCRefreshTokenProvider } from './oidc-refreshtoken-provider.js';
+/**
+ * Creates an OIDC Client Credentials Provider for non-browser contexts.
+ *
+ * Both browser and non-browser flows use OIDC, but the supported OIDC auth mechanisms differ between
+ * public (e.g. browser) clients, and confidential (e.g. Node) clients.
+ *
+ * This provider supports Client Credentials auth, where the client has previously been issued a ClientID and ClientSecret.
+ * Browser contexts should *never* use Client Credentials auth, as ClientSecrets are not secure for public client flows,
+ * and should use one of the other Authorization Code-based OIDC auth mechanisms instead.
+ *
+ * This just expects a clientId and clientSecret to be provided in the clientConfig, and will use that
+ * to grant tokens via the OIDC clientCredentials flow.
+ *
+ * The client's public key must be set in all OIDC token requests in order to recieve a token with valid
+ * Virtru claims. The public key may be passed to this provider's constructor, or supplied post-construction by calling
+ * {@link updateClientPublicKey} which will force an explicit token refresh
+ *
+ */
+export declare const clientSecretAuthProvider: (clientConfig: ClientSecretCredentials) => Promise<OIDCClientCredentialsProvider>;
+/**
+ * Create an OIDC External JWT Provider for browser contexts.
+ *
+ * Both browser and non-browser flows use OIDC, but the supported OIDC auth mechanisms differ between
+ * public (e.g. browser) clients, and confidential (e.g. Node) clients.
+ *
+ * This provider supports External JWT token exchange auth. This flow assumes that the client has previously authenticated
+ * with an external 3rd-party IdP that oidcOrigin has been configured to trust.
+ *
+ * The client can supply this provider with a JWT issued by that trusted 3rd-party IdP, and that JWT will be exchanged
+ * for a tokenset with TDF claims.
+ *
+ * The client's public key must be set in all OIDC token requests in order to recieve a token with valid
+ * Virtru claims. The public key may be passed to this provider's constructor, or supplied post-construction by calling
+ * {@link updateClientPublicKey}, which will force an explicit token refresh.
+ */
+export declare const externalAuthProvider: (clientConfig: ExternalJwtCredentials) => Promise<OIDCExternalJwtProvider>;
+/**
+ * Creates an OIDC Refresh Token Provider for browser and non-browser contexts.
+ *
+ * Both browser and non-browser flows use OIDC, but the supported OIDC auth mechanisms differ between
+ * public (e.g. browser) clients, and confidential (e.g. Node) clients.
+ *
+ * This provider supports Refresh Token auth. This flow assumes the client has already authenticated with the OIDC
+ * IdP using the OIDC flow fo their choice, and can provide a Refresh Token which will be exchanged (along with the client pubkey)
+ * for a new tokenset containing valid TDF claims.
+ *
+ * The client's public key must be set in all OIDC token requests in order to recieve a token with valid
+ * Virtru claims. The public key may be passed to this provider's constructor, or supplied post-construction by calling
+ * {@link updateClientPublicKey} which will force an explicit token refresh
+ */
+export declare const refreshAuthProvider: (clientConfig: RefreshTokenCredentials) => Promise<OIDCRefreshTokenProvider>;
+/**
+ * Generate an auth provder.
+ * @param clientConfig OIDC client credentials
+ * @returns a promise for a new auth provider with the requested excahnge type
+ */
+export declare const clientAuthProvider: (clientConfig: OIDCCredentials) => Promise<AuthProvider>;
+export * from './auth.js';
+export { OIDCClientCredentialsProvider } from './oidc-clientcredentials-provider.js';
+export { OIDCExternalJwtProvider } from './oidc-externaljwt-provider.js';
+export { OIDCRefreshTokenProvider } from './oidc-refreshtoken-provider.js';
+//# sourceMappingURL=providers.d.ts.map

package/dist/types/src/auth/providers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,EACf,uBAAuB,EACxB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,6BAA6B,EAAE,MAAM,sCAAsC,CAAC;AACrF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAI3E;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,wBAAwB,iBACrB,uBAAuB,KACpC,QAAQ,6BAA6B,CAMvC,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,oBAAoB,iBACjB,sBAAsB,KACnC,QAAQ,uBAAuB,CAMjC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,mBAAmB,iBAChB,uBAAuB,KACpC,QAAQ,wBAAwB,CAMlC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,iBAAwB,eAAe,KAAG,QAAQ,YAAY,CAqC5F,CAAC;AAEF,cAAc,WAAW,CAAC;AAC1B,OAAO,EAAE,6BAA6B,EAAE,MAAM,sCAAsC,CAAC;AACrF,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC"}

package/dist/types/src/encodings/base64.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+declare class InvalidCharacterError extends Error {
+    constructor(message?: string);
+}
+declare function encodeFallback(input: string, urlSafe?: boolean): string;
+/**
+ * Encode array buffer to base64 string
+ *
+ * GitHub @niklasvh
+ * Copyright (c) 2012 Niklas von Hertzen
+ * MIT License
+ */
+declare function encodeArrayBuffer(arrayBuffer: ArrayBuffer, urlSafe?: boolean): string;
+declare function decodeFallback(input: string): string;
+declare function decodeArrayBuffer(base64: string): ArrayBuffer;
+declare const decode: typeof decodeFallback;
+declare const encode: typeof encodeFallback;
+export { decode, decodeArrayBuffer, encode, encodeArrayBuffer, InvalidCharacterError };
+//# sourceMappingURL=base64.d.ts.map

package/dist/types/src/encodings/base64.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../../../../src/encodings/base64.ts"],"names":[],"mappings":"AA6BA,cAAM,qBAAsB,SAAQ,KAAK;gBAC3B,OAAO,CAAC,EAAE,MAAM;CAI7B;AAID,iBAAS,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,CA6BhE;AAED;;;;;;GAMG;AACH,iBAAS,iBAAiB,CAAC,WAAW,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,CA4B9E;AAED,iBAAS,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAwB7C;AAED,iBAAS,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,CAsBtD;AAED,QAAA,MAAM,MAAM,uBAAiB,CAAC;AAC9B,QAAA,MAAM,MAAM,uBAAiB,CAAC;AAE9B,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,CAAC"}

package/dist/types/src/encodings/hex.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare function encode(str: string): string;
+export declare function decode(hex: string): string;
+export declare function decodeArrayBuffer(hex: string): ArrayBuffer | never;
+export declare function encodeArrayBuffer(arrayBuffer: ArrayBuffer): string | never;
+//# sourceMappingURL=hex.d.ts.map

package/dist/types/src/encodings/hex.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"hex.d.ts","sourceRoot":"","sources":["../../../../src/encodings/hex.ts"],"names":[],"mappings":"AAEA,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAa1C;AAED,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAa1C;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,KAAK,CAclE;AAED,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,WAAW,GAAG,MAAM,GAAG,KAAK,CAoB1E"}

package/dist/types/src/encodings/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * as base64 from './base64.js';
+export * as hex from './hex.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/src/encodings/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/encodings/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC"}

package/dist/types/src/errors.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * Root class for all errors thrown by this library.
+ * This should not be thrown directly, but rather one of its subclasses.
+ */
+export declare class TdfError extends Error {
+    name: string;
+    constructor(message?: string, cause?: Error);
+}
+/**
+ * Errors that indicate the client or method does not have valid options.
+ */
+export declare class ConfigurationError extends TdfError {
+    name: string;
+}
+/**
+ * The assigned data attribute is not in the correct form.
+ */
+export declare class AttributeValidationError extends ConfigurationError {
+    name: string;
+    attribute: unknown;
+    constructor(message: string, attribute: unknown, cause?: Error);
+}
+/**
+ * Errors that indicate the TDF object is corrupt, invalid, or fails validation or decrypt.
+ */
+export declare class InvalidFileError extends TdfError {
+}
+/**
+ * Indicates a decrypt failure, either due to an incorrect key, corrupt ciphertext, or inappropriate key parameters.
+ */
+export declare class DecryptError extends InvalidFileError {
+    name: string;
+}
+export declare class IntegrityError extends InvalidFileError {
+    name: string;
+}
+/**
+ * Thrown when a KAS URL found in one or more required key access objects are not in the list of known and allowed KASes in the client.
+ * This may indicate a malicious file - e.g. an attempt to DDoS a server by listing it as the KAS for many files, or to siphon credentials using a lookalike URL.
+ */
+export declare class UnsafeUrlError extends InvalidFileError {
+    name: string;
+    readonly url: string[];
+    constructor(message: string, ...url: string[]);
+}
+/**
+ * A network error (no response) from rewrap or other endpoint, Possibly fixed by retrying or adjusting your network settings; could indicate network failure.
+ */
+export declare class NetworkError extends TdfError {
+    name: string;
+}
+/**
+ * The service reports an unexpected error on its behalf, or a subcomponent (5xx).
+ */
+export declare class ServiceError extends TdfError {
+    name: string;
+}
+/** Authentication failure (401) */
+export declare class UnauthenticatedError extends TdfError {
+    name: string;
+}
+/** Authorization failure (403) */
+export declare class PermissionDeniedError extends TdfError {
+    name: string;
+}
+/**
+ * Version of file is unsupported, or file uses a feature that is not supported by this version of the library.
+ */
+export declare class UnsupportedFeatureError extends TdfError {
+    name: string;
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/types/src/errors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/errors.ts"],"names":[],"mappings":"AAiBA;;;GAGG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACxB,IAAI,SAAc;gBAEf,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAO5C;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,QAAQ;IACrC,IAAI,SAAwB;CACtC;AAED;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,kBAAkB;IACrD,IAAI,SAA8B;IAC3C,SAAS,EAAE,OAAO,CAAC;gBACP,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,KAAK;CAI/D;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,QAAQ;CAAG;AAEjD;;GAEG;AACH,qBAAa,YAAa,SAAQ,gBAAgB;IACvC,IAAI,SAAkB;CAChC;AAED,qBAAa,cAAe,SAAQ,gBAAgB;IACzC,IAAI,SAAoB;CAClC;AAED;;;GAGG;AACH,qBAAa,cAAe,SAAQ,gBAAgB;IACzC,IAAI,SAAoB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC;gBAEX,OAAO,EAAE,MAAM,EAAE,GAAG,GAAG,EAAE,MAAM,EAAE;CAK9C;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,QAAQ;IAC/B,IAAI,SAAkB;CAChC;AAED;;GAEG;AACH,qBAAa,YAAa,SAAQ,QAAQ;IAC/B,IAAI,SAAkB;CAChC;AAED,mCAAmC;AACnC,qBAAa,oBAAqB,SAAQ,QAAQ;IACvC,IAAI,SAA0B;CACxC;AAED,kCAAkC;AAClC,qBAAa,qBAAsB,SAAQ,QAAQ;IACxC,IAAI,SAA2B;CACzC;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,QAAQ;IAC1C,IAAI,SAA6B;CAC3C"}

package/dist/types/src/index.d.ts ADDED Viewed

@@ -0,0 +1,138 @@
+import { Client, NanoTDF } from './nanotdf/index.js';
+import { TypedArray } from './tdf/index.js';
+import { ClientConfig } from './nanotdf/Client.js';
+export { attributeFQNsAsValues } from './policy/api.js';
+export type EncryptOptions = {
+    ecdsaBinding: boolean;
+};
+/**
+ * NanoTDF SDK Client
+ *
+ * @example
+ * ```
+ * import { clientSecretAuthProvider, NanoTDFClient } from '@opentdf/sdk';
+ *
+ * const OIDC_ENDPOINT = 'http://localhost:65432/auth/realms/opentdf-demo';
+ * const KAS_URL = 'http://localhost:65432/api/kas/';
+ *
+ * const ciphertext = '...';
+ * const client = new NanoTDFClient({
+ *   authProvider: await clientSecretAuthProvider({
+ *     clientId: 'tdf-client',
+ *     clientSecret: '123-456',
+ *     oidcOrigin: OIDC_ENDPOINT,
+ *   }),
+ *   kasEndpoint: KAS_URL
+ *  }
+ * );
+ * client.decrypt(ciphertext)
+ *   .then(plaintext => {
+ *     console.log('Plaintext', plaintext);
+ *   })
+ *   .catch(err => {
+ *     console.error('Some error occurred', err);
+ *   })
+ */
+export declare class NanoTDFClient extends Client {
+    /**
+     * Decrypt ciphertext
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    decrypt(ciphertext: string | TypedArray | ArrayBuffer): Promise<ArrayBuffer>;
+    /**
+     * Decrypt ciphertext of the legacy TDF, with the older, smaller i.v. calculation.
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    decryptLegacyTDF(ciphertext: string | TypedArray | ArrayBuffer): Promise<ArrayBuffer>;
+    /**
+     * Encrypts the given data using the NanoTDF encryption scheme.
+     *
+     * @param {string | TypedArray | ArrayBuffer} data - The data to be encrypted.
+     * @param {EncryptOptions} [options=defaultOptions] - The encryption options (currently unused).
+     * @returns {Promise<ArrayBuffer>} A promise that resolves to the encrypted data as an ArrayBuffer.
+     * @throws {Error} If the initialization vector is not a number.
+     */
+    encrypt(data: string | TypedArray | ArrayBuffer, options?: EncryptOptions): Promise<ArrayBuffer>;
+}
+export type DatasetConfig = ClientConfig & {
+    maxKeyIterations?: number;
+};
+/**
+ * NanoTDF Dataset SDK Client
+ *
+ *
+ * @example
+ * ```
+ * import { clientSecretAuthProvider, NanoTDFDatasetClient } from '@opentdf/sdk';
+ *
+ * const OIDC_ENDPOINT = 'http://localhost:65432/auth/realms/tdf';
+ * const KAS_URL = 'http://localhost:65432/api/kas/';
+ *
+ * const ciphertext = '...';
+ * const client = new NanoTDFDatasetClient({
+ *   authProvider: await clientSecretAuthProvider({
+ *     clientId: 'tdf-client',
+ *     clientSecret: '123-456',
+ *     exchange: 'client',
+ *     oidcOrigin: OIDC_ENDPOINT,
+ *   }),
+ *   kasEndpoint: KAS_URL,
+ * });
+ * const plaintext = client.decrypt(ciphertext);
+ * console.log('Plaintext', plaintext);
+ * ```
+ */
+export declare class NanoTDFDatasetClient extends Client {
+    static readonly NTDF_MAX_KEY_ITERATIONS = 8388606;
+    private maxKeyIteration;
+    private keyIterationCount;
+    private cachedEphemeralKey?;
+    private unwrappedKey?;
+    private symmetricKey?;
+    private cachedHeader?;
+    private ecdsaBinding;
+    /**
+     * Create new NanoTDF Dataset Client
+     *
+     * The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it
+     * cannot be changed. If a new ephemeral key is desired it a new client should be initialized.
+     * There is no performance impact for creating a new client IFF the ephemeral key pair is provided.
+     *
+     * @param clientConfig OIDC client credentials
+     * @param kasUrl Key access service URL
+     * @param ephemeralKeyPair (optional) ephemeral key pair to use
+     * @param maxKeyIterations Max iteration to performe without a key rotation
+     */
+    constructor(opts: DatasetConfig);
+    /**
+     * Encrypt data
+     *
+     * Pass a string, TypedArray, or ArrayBuffer data and get a promise which resolves ciphertext
+     *
+     * @param data to decrypt
+     */
+    encrypt(data: string | TypedArray | ArrayBuffer, options?: EncryptOptions): Promise<ArrayBuffer>;
+    /**
+     * Decrypt ciphertext
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    decrypt(ciphertext: string | TypedArray | ArrayBuffer): Promise<ArrayBuffer>;
+    rewrapAndDecrypt(nanotdf: NanoTDF): Promise<ArrayBuffer>;
+    generateIV(): Uint8Array;
+}
+/**
+ * Authorization for connecting authZ tokens to
+ * remote requests.
+ */
+export * as AuthProviders from './auth/providers.js';
+export { version, clientType } from './version.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/src/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,OAAO,EAOR,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,UAAU,EAA2B,MAAM,gBAAgB,CAAC;AAErE,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAGxD,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,OAAO,CAAC;CACvB,CAAC;AAOF;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,aAAc,SAAQ,MAAM;IACvC;;;;;;OAMG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAyBlF;;;;;;OAMG;IACG,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAsB3F;;;;;;;OAOG;IACG,OAAO,CACX,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,EACvC,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,CAAC;CAyDxB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG;IACzC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,oBAAqB,SAAQ,MAAM;IAG9C,MAAM,CAAC,QAAQ,CAAC,uBAAuB,WAAW;IAElD,OAAO,CAAC,eAAe,CAAS;IAChC,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,kBAAkB,CAAC,CAAa;IACxC,OAAO,CAAC,YAAY,CAAC,CAAY;IACjC,OAAO,CAAC,YAAY,CAAC,CAAY;IACjC,OAAO,CAAC,YAAY,CAAC,CAAS;IAC9B,OAAO,CAAC,YAAY,CAAU;IAE9B;;;;;;;;;;;OAWG;gBACS,IAAI,EAAE,aAAa;IAe/B;;;;;;OAMG;IACG,OAAO,CACX,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,EACvC,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,WAAW,CAAC;IA+EvB;;;;;;OAMG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAuB5E,gBAAgB,CAAC,OAAO,EAAE,OAAO;IAwBvC,UAAU,IAAI,UAAU;CAkCzB;AAED;;;GAGG;AACH,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC"}

package/dist/types/src/nanotdf/Client.d.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { type TypedArray } from '../tdf/index.js';
+import { KasPublicKeyInfo, OriginAllowList } from '../access.js';
+import { AuthProvider } from '../auth/providers.js';
+export interface ClientConfig {
+    allowedKases?: string[];
+    ignoreAllowList?: boolean;
+    authProvider: AuthProvider;
+    dpopEnabled?: boolean;
+    dpopKeys?: Promise<CryptoKeyPair>;
+    ephemeralKeyPair?: Promise<CryptoKeyPair>;
+    kasEndpoint: string;
+}
+/**
+ * A Client encapsulates sessions interacting with TDF3 and nanoTDF backends, KAS and any
+ * plugin-based sessions like identity and further attribute control. Most importantly, it is responsible
+ * for local key and token management, including the ephemeral public/private keypairs
+ * used for encrypting and decrypting information.
+ *
+ * @link https://developer.mozilla.org/en-US/docs/Web/API/CryptoKeyPair
+ *
+ * @example
+ * import { Client, clientAuthProvider, decrypt, encrypt } from '@opentdf/sdk/nanotdf`
+ *
+ * const OIDC_ENDPOINT = 'http://localhost:65432/auth/';
+ * const KAS_URL = 'http://localhost:65432/kas';
+ *
+ * let client = new Client(
+ *    await clientAuthProvider({
+ *      clientId: 'tdf-client',
+ *      clientSecret: '123-456',
+ *      oidcOrigin: OIDC_ENDPOINT,
+ *    }),
+ *    KAS_URL
+ *  );
+ *
+ * // t=1
+ * let nanoTDFEncrypted = await encrypt('some string', client.unwrappedKey);
+ * let nanoTDFDecrypted = await decrypt(nanoTDFEncrypted, client.unwrappedKey);
+ * nanoTDFDecrypted.toString() // 'some string'
+ *
+ */
+export default class Client {
+    static readonly KEY_ACCESS_REMOTE = "remote";
+    static readonly KAS_PROTOCOL = "kas";
+    static readonly SDK_INITIAL_RELEASE = "0.0.0";
+    static readonly INITIAL_RELEASE_IV_SIZE = 3;
+    static readonly IV_SIZE = 12;
+    allowedKases: OriginAllowList;
+    protected kasUrl: string;
+    kasPubKey?: KasPublicKeyInfo;
+    readonly authProvider: AuthProvider;
+    readonly dpopEnabled: boolean;
+    dissems: string[];
+    dataAttributes: string[];
+    protected ephemeralKeyPair: Promise<CryptoKeyPair>;
+    protected requestSignerKeyPair: Promise<CryptoKeyPair>;
+    protected iv?: number;
+    /**
+     * Create new NanoTDF Client
+     *
+     * The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it
+     * cannot be changed. If a new ephemeral key is desired it a new client should be initialized.
+     * There is no performance impact for creating a new client IFF the ephemeral key pair is provided.
+     */
+    constructor(optsOrOldAuthProvider: AuthProvider | ClientConfig, kasUrl?: string, ephemeralKeyPair?: CryptoKeyPair, dpopEnabled?: boolean);
+    /**
+     * Add attribute to the TDF file/data
+     *
+     * @param attribute The attribute that decides the access control of the TDF.
+     */
+    addAttribute(attribute: string): void;
+    /**
+     * Explicitly get a new Entity Object using the supplied EntityAttributeService.
+     *
+     * This method is expected to be called at least once per encrypt/decrypt cycle. If the entityObject is expired then
+     * this will need to be called again.
+     *
+     * @security the ephemeralKeyPair must be set in the constructor if desired to use here. If this is wished to be changed
+     * then a new client should be initialized.
+     * @performance key pair is generated when the entity object is fetched IFF the ephemeralKeyPair is not set. This will
+     * either be set on the first call or passed in the constructor.
+     */
+    fetchOIDCToken(): Promise<void>;
+    /**
+     * Rewrap key
+     *
+     * @important the `fetchEntityObject` method must be called prior to
+     * @param nanoTdfHeader the full header for the nanotdf
+     * @param kasRewrapUrl key access server's rewrap endpoint
+     * @param magicNumberVersion nanotdf container version
+     * @param clientVersion version of the client, as SemVer
+     */
+    rewrapKey(nanoTdfHeader: TypedArray | ArrayBuffer, kasRewrapUrl: string, magicNumberVersion: TypedArray | ArrayBuffer, clientVersion: string): Promise<CryptoKey>;
+}
+//# sourceMappingURL=Client.d.ts.map

package/dist/types/src/nanotdf/Client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Client.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/Client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAKlD,OAAO,EAAmB,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAClF,OAAO,EAAE,YAAY,EAAgC,MAAM,sBAAsB,CAAC;AAIlF,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAClC,gBAAgB,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;CACrB;AAgDD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,OAAO,OAAO,MAAM;IACzB,MAAM,CAAC,QAAQ,CAAC,iBAAiB,YAAY;IAC7C,MAAM,CAAC,QAAQ,CAAC,YAAY,SAAS;IACrC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,WAAW;IAC9C,MAAM,CAAC,QAAQ,CAAC,uBAAuB,KAAK;IAC5C,MAAM,CAAC,QAAQ,CAAC,OAAO,MAAM;IAE7B,YAAY,EAAE,eAAe,CAAC;IAK9B,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,OAAO,EAAE,MAAM,EAAE,CAAM;IACvB,cAAc,EAAE,MAAM,EAAE,CAAM;IAC9B,SAAS,CAAC,gBAAgB,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACnD,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvD,SAAS,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC;IAEtB;;;;;;OAMG;gBAED,qBAAqB,EAAE,YAAY,GAAG,YAAY,EAClD,MAAM,CAAC,EAAE,MAAM,EACf,gBAAgB,CAAC,EAAE,aAAa,EAChC,WAAW,UAAQ;IAkDrB;;;;OAIG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIrC;;;;;;;;;;OAUG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IASrC;;;;;;;;OAQG;IACG,SAAS,CACb,aAAa,EAAE,UAAU,GAAG,WAAW,EACvC,YAAY,EAAE,MAAM,EACpB,kBAAkB,EAAE,UAAU,GAAG,WAAW,EAC5C,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,SAAS,CAAC;CA+HtB"}

package/dist/types/src/nanotdf/NanoTDF.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { TypedArray } from '../tdf/index.js';
+import Header from './models/Header.js';
+import Payload from './models/Payload.js';
+import Signature from './models/Signature.js';
+import EncodingEnum from './enum/EncodingEnum.js';
+export default class NanoTDF {
+    static Encodings: typeof EncodingEnum;
+    static Header: typeof Header;
+    static Payload: typeof Payload;
+    static Signature: typeof Signature;
+    header: Header;
+    payload: Payload;
+    signature?: Signature;
+    static from(content: TypedArray | ArrayBuffer | string, encoding?: EncodingEnum, legacyTDF?: boolean): NanoTDF;
+    constructor(header: Header, payload: Payload, signature?: Signature);
+    /**
+     * Return the content of nano tdf as binary buffer
+     */
+    toBuffer(): ArrayBuffer;
+    /**
+     * Return the content of nano tdf as base64 string
+     */
+    toBase64(): string;
+}
+//# sourceMappingURL=NanoTDF.d.ts.map

package/dist/types/src/nanotdf/NanoTDF.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"NanoTDF.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/NanoTDF.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,OAAO,MAAM,qBAAqB,CAAC;AAC1C,OAAO,SAAS,MAAM,uBAAuB,CAAC;AAC9C,OAAO,YAAY,MAAM,wBAAwB,CAAC;AAKlD,MAAM,CAAC,OAAO,OAAO,OAAO;IAE1B,MAAM,CAAC,SAAS,EAAE,OAAO,YAAY,CAAgB;IACrD,MAAM,CAAC,MAAM,gBAAU;IACvB,MAAM,CAAC,OAAO,iBAAW;IACzB,MAAM,CAAC,SAAS,mBAAa;IAEtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IAGjB,SAAS,CAAC,EAAE,SAAS,CAAC;IAE7B,MAAM,CAAC,IAAI,CACT,OAAO,EAAE,UAAU,GAAG,WAAW,GAAG,MAAM,EAC1C,QAAQ,CAAC,EAAE,YAAY,EACvB,SAAS,UAAQ,GAChB,OAAO;gBAkDE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,SAAS;IAMnE;;OAEG;IACH,QAAQ,IAAI,WAAW;IA2BvB;;OAEG;IACH,QAAQ,IAAI,MAAM;CAInB"}

package/dist/types/src/nanotdf/browser-entry.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * This file is used for:
+ *
+ * - es5 browser version of nanoTDF and add it to the window as NanoTDF
+ *
+ * This is not used for:
+ *
+ * - es6 web development (use node modules)
+ * - node applications
+ */
+import NanoTDF from './NanoTDF.js';
+declare global {
+    interface Window {
+        NanoTDF: typeof NanoTDF;
+    }
+}
+//# sourceMappingURL=browser-entry.d.ts.map

package/dist/types/src/nanotdf/browser-entry.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"browser-entry.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/browser-entry.ts"],"names":[],"mappings":"AACA;;;;;;;;;GASG;AACH,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,OAAO,EAAE,OAAO,OAAO,CAAC;KACzB;CACF"}

package/dist/types/src/nanotdf/constants.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const GMAC_BINDING_LEN = 8;
2	+ //# sourceMappingURL=constants.d.ts.map

package/dist/types/src/nanotdf/constants.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,IAAI,CAAC"}

package/dist/types/src/nanotdf/decrypt.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type NanoTDF from './NanoTDF.js';
+/**
+ * Decrypt nanotdf with a crypto key
+ *
+ * @param key Crypto key used to decrypt nanotdf
+ * @param nanotdf NanoTDF to decrypt
+ */
+export default function decrypt(key: CryptoKey, nanotdf: NanoTDF): Promise<ArrayBuffer>;
+//# sourceMappingURL=decrypt.d.ts.map

package/dist/types/src/nanotdf/decrypt.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/decrypt.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,OAAO,MAAM,cAAc,CAAC;AAExC;;;;;GAKG;AACH,wBAA8B,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,CAS5F"}

package/dist/types/src/nanotdf/encrypt-dataset.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import Header from './models/Header.js';
+import TypedArray from '../tdf/TypedArray.js';
+/**
+ * Encrypt the plain data into nanotdf buffer
+ *
+ * @param symmetricKey Key to encrypt the payload
+ * @param header NanoTDF header
+ * @param iv IV to be used for encrypting the payload
+ * @param data The data to be encrypted
+ */
+export default function encryptDataset(symmetricKey: CryptoKey, header: Header, iv: Uint8Array, data: string | TypedArray | ArrayBuffer): Promise<ArrayBuffer>;
+//# sourceMappingURL=encrypt-dataset.d.ts.map

package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"encrypt-dataset.d.ts","sourceRoot":"","sources":["../../../../src/nanotdf/encrypt-dataset.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,oBAAoB,CAAC;AAIxC,OAAO,UAAU,MAAM,sBAAsB,CAAC;AAG9C;;;;;;;GAOG;AACH,wBAA8B,cAAc,CAC1C,YAAY,EAAE,SAAS,EACvB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,UAAU,EACd,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,WAAW,GACtC,OAAO,CAAC,WAAW,CAAC,CA8BtB"}