@opentdf/sdk 0.1.0-beta.1701

package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js

@@ -0,0 +1,71 @@
+import { ConfigurationError } from '../../../errors.js';
+class AbstractPolicy {
+    // Static methods can't be defined in an interface
+    static parse(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    buff, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    useECDSABinding, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    type) {
+        throw new ConfigurationError('parsePolicy was not implemented');
+    }
+    constructor(type, binding) {
+        this.type = type;
+        this.binding = binding;
+    }
+    /**
+     * Length of policy
+     */
+    getLength() {
+        throw new ConfigurationError('length was not implemented');
+    }
+    /**
+     * Return the content of the policy
+     */
+    toBuffer() {
+        throw new ConfigurationError('toBuffer() was not implemented');
+    }
+    /**
+     * Parses an ECDSA binding from a given buffer.
+     *
+     * @param {Uint8Array} buff - The buffer containing the ECDSA binding.
+     * @returns {{ bindingLength: number; binding: Uint8Array }} - An object containing the binding length and the binding subarray.
+     */
+    static parseECDSABinding(buff) {
+        const lengthOfR = buff[0];
+        const lengthOfS = buff[this.SIZE_OF_LENGTH_FIELD + lengthOfR];
+        const bindingLength = this.SIZE_OF_LENGTH_FIELD + lengthOfR + this.SIZE_OF_LENGTH_FIELD + lengthOfS;
+        const binding = buff.subarray(0, bindingLength);
+        return { bindingLength, binding };
+    }
+    /**
+     * Parses a binding from a given buffer based on the specified binding type.
+     *
+     * @param {Uint8Array} buff - The buffer containing the binding.
+     * @param {boolean} useEcdsaBinding - Flag indicating whether to use ECDSA binding.
+     * @param {number} offset - The starting offset in the buffer.
+     * @returns {{ binding: Uint8Array; newOffset: number }} - An object containing the binding and the new offset.
+     */
+    static parseBinding(buff, useEcdsaBinding, offset) {
+        if (useEcdsaBinding) {
+            const ecdsaBinding = this.parseECDSABinding(buff.subarray(offset));
+            return { binding: ecdsaBinding.binding, newOffset: offset + ecdsaBinding.bindingLength };
+        }
+        else {
+            const binding = buff.subarray(offset, offset + this.GMAC_BINDING_LEN);
+            return { binding, newOffset: offset + this.GMAC_BINDING_LEN };
+        }
+    }
+}
+AbstractPolicy.TYPE_BYTE_OFF = 0;
+AbstractPolicy.TYPE_BYTE_LEN = 1;
+AbstractPolicy.BODY_BYTE_OFF = 1;
+AbstractPolicy.BODY_BYTE_MIN_LEN = 3;
+AbstractPolicy.BODY_BYTE_MAX_LEN = 257;
+AbstractPolicy.BINDING_BYTE_MIN_LEN = 8;
+AbstractPolicy.BINDING_BYTE_MAX_LEN = 132;
+AbstractPolicy.SIZE_OF_LENGTH_FIELD = 1; // 1 byte for each length field (R and S)
+AbstractPolicy.GMAC_BINDING_LEN = 8;
+export default AbstractPolicy;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQWJzdHJhY3RQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9tb2RlbHMvUG9saWN5L0Fic3RyYWN0UG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRXhELE1BQWUsY0FBYztJQWMzQixrREFBa0Q7SUFDbEQsTUFBTSxDQUFDLEtBQUs7SUFDViw2REFBNkQ7SUFDN0QsSUFBZ0I7SUFDaEIsNkRBQTZEO0lBQzdELGVBQXdCO0lBQ3hCLDZEQUE2RDtJQUM3RCxJQUFpQjtRQUVqQixNQUFNLElBQUksa0JBQWtCLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNsRSxDQUFDO0lBRUQsWUFBWSxJQUFnQixFQUFFLE9BQW1CO1FBQy9DLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDO1FBQ2pCLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO0lBQ3pCLENBQUM7SUFFRDs7T0FFRztJQUNILFNBQVM7UUFDUCxNQUFNLElBQUksa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxRQUFRO1FBQ04sTUFBTSxJQUFJLGtCQUFrQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLGlCQUFpQixDQUFDLElBQWdCO1FBQ3ZDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMxQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLFNBQVMsQ0FBQyxDQUFDO1FBRTlELE1BQU0sYUFBYSxHQUNqQixJQUFJLENBQUMsb0JBQW9CLEdBQUcsU0FBUyxHQUFHLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxTQUFTLENBQUM7UUFDaEYsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7UUFFaEQsT0FBTyxFQUFFLGFBQWEsRUFBRSxPQUFPLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxZQUFZLENBQ2pCLElBQWdCLEVBQ2hCLGVBQXdCLEVBQ3hCLE1BQWM7UUFFZCxJQUFJLGVBQWUsRUFBRTtZQUNuQixNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBQ25FLE9BQU8sRUFBRSxPQUFPLEVBQUUsWUFBWSxDQUFDLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLFlBQVksQ0FBQyxhQUFhLEVBQUUsQ0FBQztTQUMxRjthQUFNO1lBQ0wsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztTQUMvRDtJQUNILENBQUM7O0FBakZlLDRCQUFhLEdBQUcsQ0FBQyxDQUFDO0FBQ2xCLDRCQUFhLEdBQUcsQ0FBQyxDQUFDO0FBQ2xCLDRCQUFhLEdBQUcsQ0FBQyxDQUFDO0FBQ2xCLGdDQUFpQixHQUFHLENBQUMsQ0FBQztBQUN0QixnQ0FBaUIsR0FBRyxHQUFHLENBQUM7QUFDeEIsbUNBQW9CLEdBQUcsQ0FBQyxDQUFDO0FBQ3pCLG1DQUFvQixHQUFHLEdBQUcsQ0FBQztBQUMzQixtQ0FBb0IsR0FBRyxDQUFDLENBQUMsQ0FBQyx5Q0FBeUM7QUFDbkUsK0JBQWdCLEdBQUcsQ0FBQyxDQUFDO0FBNEV2QyxlQUFlLGNBQWMsQ0FBQyJ9

package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js

@@ -0,0 +1,77 @@
+import AbstractPolicy from './AbstractPolicy.js';
+import { ConfigurationError } from '../../../errors.js';
+/**
+ * Embedded Policy
+ *
+ * These policy types allow for creation and binding of arbitrary policies.
+ *
+ * | Section                      | Minimum Length (B) | Maximum Length (B) |
+ * |------------------------------|--------------------|--------------------|
+ * | Content Length               | 2                  | 2                  |
+ * | Plaintext/Ciphertext         | 1                  | 255                |
+ * | (Optional) Policy Key Access | 36                 | 136                |
+ */
+class EmbeddedPolicy extends AbstractPolicy {
+    static parse(buff, useEcdsaBinding, type) {
+        let offset = 0;
+        // TODO: May not work on Big Endian systems. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView/getUint16
+        // Also http://calculist.org/blog/2012/04/24/the-little-endian-web/
+        const length = new DataView(buff.slice(offset, 2).buffer).getUint16(0);
+        offset += 2;
+        const content = buff.subarray(offset, offset + length);
+        offset += length;
+        const { binding, newOffset: bindingOffset } = this.parseBinding(buff, useEcdsaBinding, offset);
+        offset = bindingOffset;
+        return {
+            policy: new EmbeddedPolicy(type, binding, content),
+            offset,
+        };
+    }
+    constructor(type, binding, content) {
+        super(type, binding);
+        this.content = content;
+    }
+    /**
+     * Length of policy
+     *
+     * @returns { number } length
+     */
+    getLength() {
+        return (
+        // Type length
+        1 +
+            // Policy length
+            2 +
+            // Content length
+            this.content.length +
+            // Binding length
+            this.binding.length);
+    }
+    /**
+     * Return the content of the policy
+     */
+    toBuffer() {
+        const target = new Uint8Array(this.getLength());
+        if (this.content.length > EmbeddedPolicy.MAX_POLICY_SIZE) {
+            throw new ConfigurationError("TDF Policy can't be more that 2^16");
+        }
+        target.set([this.type], 0);
+        // Write the policy length, assuming the host system is little endian
+        // TODO: There should be better way to convert to big endian
+        const lengthAsUint16 = new Uint16Array(1);
+        lengthAsUint16[0] = this.content.length;
+        const temp = new Uint8Array(lengthAsUint16.buffer);
+        const policyContentSizeAsBg = new Uint8Array(2);
+        policyContentSizeAsBg[0] = temp[1];
+        policyContentSizeAsBg[1] = temp[0];
+        target.set(policyContentSizeAsBg, 1);
+        // Write the policy content
+        target.set(this.content, policyContentSizeAsBg.length + 1);
+        // Write the binding.
+        target.set(this.binding, this.content.length + policyContentSizeAsBg.length + 1);
+        return target;
+    }
+}
+EmbeddedPolicy.MAX_POLICY_SIZE = 65535; // 2 bytes unsigned int.
+export default EmbeddedPolicy;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW1iZWRkZWRQb2xpY3kuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvbmFub3RkZi9tb2RlbHMvUG9saWN5L0VtYmVkZGVkUG9saWN5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sY0FBYyxNQUFNLHFCQUFxQixDQUFDO0FBR2pELE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRXhEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLGNBQWUsU0FBUSxjQUFjO0lBSXpDLE1BQU0sQ0FBVSxLQUFLLENBQ25CLElBQWdCLEVBQ2hCLGVBQXdCLEVBQ3hCLElBQWlCO1FBRWpCLElBQUksTUFBTSxHQUFHLENBQUMsQ0FBQztRQUVmLG9KQUFvSjtRQUNwSixtRUFBbUU7UUFDbkUsTUFBTSxNQUFNLEdBQUcsSUFBSSxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3ZFLE1BQU0sSUFBSSxDQUFDLENBQUM7UUFFWixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxNQUFNLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFDdkQsTUFBTSxJQUFJLE1BQU0sQ0FBQztRQUVqQixNQUFNLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDL0YsTUFBTSxHQUFHLGFBQWEsQ0FBQztRQUV2QixPQUFPO1lBQ0wsTUFBTSxFQUFFLElBQUksY0FBYyxDQUFDLElBQUksRUFBRSxPQUFPLEVBQUUsT0FBTyxDQUFDO1lBQ2xELE1BQU07U0FDUCxDQUFDO0lBQ0osQ0FBQztJQUVELFlBQVksSUFBaUIsRUFBRSxPQUFtQixFQUFFLE9BQW1CO1FBQ3JFLEtBQUssQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDckIsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDTSxTQUFTO1FBQ2hCLE9BQU87UUFDTCxjQUFjO1FBQ2QsQ0FBQztZQUNELGdCQUFnQjtZQUNoQixDQUFDO1lBQ0QsaUJBQWlCO1lBQ2pCLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTTtZQUNuQixpQkFBaUI7WUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQ3BCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDTSxRQUFRO1FBQ2YsTUFBTSxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7UUFFaEQsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sR0FBRyxjQUFjLENBQUMsZUFBZSxFQUFFO1lBQ3hELE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO1NBQ3BFO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUUzQixxRUFBcUU7UUFDckUsNERBQTREO1FBQzVELE1BQU0sY0FBYyxHQUFHLElBQUksV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQztRQUV4QyxNQUFNLElBQUksR0FBRyxJQUFJLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNoRCxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbkMscUJBQXFCLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ25DLE1BQU0sQ0FBQyxHQUFHLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFFckMsMkJBQTJCO1FBQzNCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxxQkFBcUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFFM0QscUJBQXFCO1FBQ3JCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sR0FBRyxxQkFBcUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFFakYsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQzs7QUFoRk0sOEJBQWUsR0FBRyxLQUFLLENBQUMsQ0FBQyx3QkFBd0I7QUFtRjFELGVBQWUsY0FBYyxDQUFDIn0=

package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js

@@ -0,0 +1,33 @@
+import AbstractPolicy from './AbstractPolicy.js';
+import EmbeddedPolicy from './EmbeddedPolicy.js';
+import RemotePolicy from './RemotePolicy.js';
+import PolicyTypeEnum from '../../enum/PolicyTypeEnum.js';
+import { UnsupportedFeatureError } from '../../../errors.js';
+function parse(buff, useEcdsaBinding, curve) {
+    const type = buff[AbstractPolicy.TYPE_BYTE_OFF];
+    let policy;
+    let offset;
+    // Check if remote policy
+    if (type === PolicyTypeEnum.Remote) {
+        ({ policy, offset } = RemotePolicy.parse(buff.subarray(AbstractPolicy.TYPE_BYTE_LEN), useEcdsaBinding));
+    }
+    else if ([
+        //  Check if is an embedded policy
+        PolicyTypeEnum.EmbeddedEncrypted,
+        PolicyTypeEnum.EmbeddedEncryptedPKA,
+        PolicyTypeEnum.EmbeddedText,
+    ].includes(type)) {
+        ({ policy, offset } = EmbeddedPolicy.parse(buff.subarray(AbstractPolicy.TYPE_BYTE_LEN), useEcdsaBinding, type));
+    }
+    else {
+        throw new UnsupportedFeatureError(`unsupported policy type: ${type}`);
+    }
+    return {
+        policy,
+        offset: offset + AbstractPolicy.TYPE_BYTE_LEN,
+    };
+}
+export default {
+    parse,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5RmFjdG9yeS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmL21vZGVscy9Qb2xpY3kvUG9saWN5RmFjdG9yeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLGNBQWMsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRCxPQUFPLGNBQWMsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRCxPQUFPLFlBQVksTUFBTSxtQkFBbUIsQ0FBQztBQUM3QyxPQUFPLGNBQWMsTUFBTSw4QkFBOEIsQ0FBQztBQUMxRCxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUc3RCxTQUFTLEtBQUssQ0FDWixJQUFnQixFQUNoQixlQUF3QixFQUN4QixLQUFvQjtJQUVwQixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ2hELElBQUksTUFBc0IsQ0FBQztJQUMzQixJQUFJLE1BQWMsQ0FBQztJQUVuQix5QkFBeUI7SUFDekIsSUFBSSxJQUFJLEtBQUssY0FBYyxDQUFDLE1BQU0sRUFBRTtRQUNsQyxDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLFlBQVksQ0FBQyxLQUFLLENBQ3RDLElBQUksQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLGFBQWEsQ0FBQyxFQUMzQyxlQUFlLENBQ2hCLENBQUMsQ0FBQztLQUNKO1NBQU0sSUFDTDtRQUNFLGtDQUFrQztRQUNsQyxjQUFjLENBQUMsaUJBQWlCO1FBQ2hDLGNBQWMsQ0FBQyxvQkFBb0I7UUFDbkMsY0FBYyxDQUFDLFlBQVk7S0FDNUIsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQ2hCO1FBQ0EsQ0FBQyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxjQUFjLENBQUMsS0FBSyxDQUN4QyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQyxhQUFhLENBQUMsRUFDM0MsZUFBZSxFQUNmLElBQUksQ0FDTCxDQUFDLENBQUM7S0FDSjtTQUFNO1FBQ0wsTUFBTSxJQUFJLHVCQUF1QixDQUFDLDRCQUE0QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0tBQ3ZFO0lBRUQsT0FBTztRQUNMLE1BQU07UUFDTixNQUFNLEVBQUUsTUFBTSxHQUFHLGNBQWMsQ0FBQyxhQUFhO0tBQzlDLENBQUM7QUFDSixDQUFDO0FBRUQsZUFBZTtJQUNiLEtBQUs7Q0FDTixDQUFDIn0=

package/dist/web/src/nanotdf/models/Policy/RemotePolicy.js

@@ -0,0 +1,57 @@
+import AbstractPolicy from './AbstractPolicy.js';
+import ResourceLocator from '../ResourceLocator.js';
+import PolicyTypeEnum from '../../enum/PolicyTypeEnum.js';
+/**
+ * Set remote policy body
+ *
+ * If the policy type is set to use a Remote Policy, then the Resource Locator object described in Section 3.4.1 is
+ * used to describe the remote policy.
+ */
+class RemotePolicy extends AbstractPolicy {
+    static parse(buff, useEcdsaBinding) {
+        let offset = 0;
+        const resource = ResourceLocator.parse(buff);
+        offset += resource.offset;
+        const { binding, newOffset: bindingOffset } = this.parseBinding(buff, useEcdsaBinding, offset);
+        offset = bindingOffset;
+        return {
+            policy: new RemotePolicy(PolicyTypeEnum.Remote, binding, resource),
+            offset,
+        };
+    }
+    constructor(type, binding, resource) {
+        super(type, binding);
+        this.type = PolicyTypeEnum.Remote;
+        this.type = PolicyTypeEnum.Remote;
+        this.remotePolicy = resource;
+    }
+    /**
+     * Length of policy
+     *
+     * @returns { number } length
+     */
+    getLength() {
+        return (
+        // Type length
+        1 +
+            // Resource locator length
+            this.remotePolicy.length +
+            // Binding length
+            this.binding.length);
+    }
+    /**
+     * Return the content of the policy
+     */
+    toBuffer() {
+        const target = new Uint8Array(this.getLength());
+        target.set([PolicyTypeEnum.Remote], 0);
+        // Write the remote policy location
+        const resourceLocatorAsBuf = this.remotePolicy.toBuffer();
+        target.set(resourceLocatorAsBuf, 1);
+        // Write the binding.
+        target.set(this.binding, resourceLocatorAsBuf.length + 1);
+        return target;
+    }
+}
+export default RemotePolicy;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVtb3RlUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvbW9kZWxzL1BvbGljeS9SZW1vdGVQb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxjQUFjLE1BQU0scUJBQXFCLENBQUM7QUFDakQsT0FBTyxlQUFlLE1BQU0sdUJBQXVCLENBQUM7QUFFcEQsT0FBTyxjQUFjLE1BQU0sOEJBQThCLENBQUM7QUFFMUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFlBQWEsU0FBUSxjQUFjO0lBSXZDLE1BQU0sQ0FBVSxLQUFLLENBQ25CLElBQWdCLEVBQ2hCLGVBQXdCO1FBRXhCLElBQUksTUFBTSxHQUFHLENBQUMsQ0FBQztRQUNmLE1BQU0sUUFBUSxHQUFHLGVBQWUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDN0MsTUFBTSxJQUFJLFFBQVEsQ0FBQyxNQUFNLENBQUM7UUFFMUIsTUFBTSxFQUFFLE9BQU8sRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQy9GLE1BQU0sR0FBRyxhQUFhLENBQUM7UUFFdkIsT0FBTztZQUNMLE1BQU0sRUFBRSxJQUFJLFlBQVksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxRQUFRLENBQUM7WUFDbEUsTUFBTTtTQUNQLENBQUM7SUFDSixDQUFDO0lBRUQsWUFBWSxJQUFvQixFQUFFLE9BQW1CLEVBQUUsUUFBeUI7UUFDOUUsS0FBSyxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQXJCTCxTQUFJLEdBQW1CLGNBQWMsQ0FBQyxNQUFNLENBQUM7UUFzQjdELElBQUksQ0FBQyxJQUFJLEdBQUcsY0FBYyxDQUFDLE1BQU0sQ0FBQztRQUNsQyxJQUFJLENBQUMsWUFBWSxHQUFHLFFBQVEsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNNLFNBQVM7UUFDaEIsT0FBTztRQUNMLGNBQWM7UUFDZCxDQUFDO1lBQ0QsMEJBQTBCO1lBQzFCLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTTtZQUN4QixpQkFBaUI7WUFDakIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQ3BCLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDTSxRQUFRO1FBQ2YsTUFBTSxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7UUFFaEQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUV2QyxtQ0FBbUM7UUFDbkMsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQzFELE1BQU0sQ0FBQyxHQUFHLENBQUMsb0JBQW9CLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFFcEMscUJBQXFCO1FBQ3JCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxvQkFBb0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFFMUQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztDQUNGO0FBRUQsZUFBZSxZQUFZLENBQUMifQ==

package/dist/web/src/nanotdf/models/ResourceLocator.js

@@ -0,0 +1,206 @@
+import { ConfigurationError, InvalidFileError } from '../../errors.js';
+import ProtocolEnum from '../enum/ProtocolEnum.js';
+import ResourceLocatorIdentifierEnum from '../enum/ResourceLocatorIdentifierEnum.js';
+/**
+ *
+ * The Resource Locator is a way for the nanotdf to represent references to external resources in as succinct a format
+ * as possible.
+ *
+ * | Section       | Minimum Length (B) | Maximum Length (B) |
+ * |---------------|--------------------|--------------------|
+ * | Protocol Enum | 1                  | 1                  |
+ * | Body Length   | 1                  | 1                  |
+ * | Body          | 1                  | 255                |
+ * | Identifier    | 0                  | n                  |
+ *
+ * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#3312-kas
+ * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#341-resource-locator
+ */
+class ResourceLocator {
+    constructor(protocol, lengthOfBody, body, offset, id, idType = ResourceLocatorIdentifierEnum.None) {
+        this.protocol = protocol;
+        this.lengthOfBody = lengthOfBody;
+        this.body = body;
+        this.offset = offset;
+        this.id = id;
+        this.idType = idType;
+    }
+    /**
+     * Construct a new URL or URL + identifier pair, for use with NanoTDF envelopes.
+     * @param url The URL to encrypt; `http` and `https` schemes are supported
+     * @param identifier An optional identifier.
+     *    For KAS URLs, this is usually a public key identifier (kid). Limit 32 characters
+     * @returns a value representing the URL and identifier, if present.
+     *    This method throws an Error if the URL is invalid or of the wrong schema,
+     *    or if the identifier is an unsupported value.
+     */
+    static fromURL(url, identifier) {
+        const [protocolStr, body] = url.split('://');
+        let protocol;
+        // Validate and set protocol identifier byte
+        switch (protocolStr.toLowerCase()) {
+            case 'http':
+                protocol = ProtocolEnum.Http;
+                break;
+            case 'https':
+                protocol = ProtocolEnum.Https;
+                break;
+            default:
+                throw new ConfigurationError(`resource locator protocol [${protocolStr}] unsupported`);
+        }
+        // Set identifier padded length and protocol identifier byte
+        const identifierType = (() => {
+            if (!identifier) {
+                return ResourceLocatorIdentifierEnum.None;
+            }
+            const identifierLength = new TextEncoder().encode(identifier).length;
+            if (identifierLength <= 2) {
+                return ResourceLocatorIdentifierEnum.TwoBytes;
+            }
+            else if (identifierLength <= 8) {
+                return ResourceLocatorIdentifierEnum.EightBytes;
+            }
+            else if (identifierLength <= 32) {
+                return ResourceLocatorIdentifierEnum.ThirtyTwoBytes;
+            }
+            throw new ConfigurationError(`unsupported identifier length: ${identifier.length}`);
+        })();
+        // Create buffer to hold protocol, body length, body, and identifier
+        const lengthOfBody = new TextEncoder().encode(body).length;
+        if (lengthOfBody == 0) {
+            throw new ConfigurationError('url body empty');
+        }
+        const identifierLength = identifierType.valueOf();
+        const offset = ResourceLocator.BODY_OFFSET + lengthOfBody + identifierLength;
+        return new ResourceLocator(protocol, lengthOfBody, body, offset, identifier, identifierType);
+    }
+    static parse(buff) {
+        // Protocol
+        const protocolAndIdentifierType = buff[ResourceLocator.PROTOCOL_OFFSET];
+        // Length of body
+        const lengthOfBody = buff[ResourceLocator.LENGTH_OFFSET];
+        if (lengthOfBody == 0) {
+            throw new InvalidFileError('url body empty');
+        }
+        // Body as utf8 string
+        const decoder = new TextDecoder();
+        let offset = ResourceLocator.BODY_OFFSET + lengthOfBody;
+        if (offset > buff.length) {
+            throw new InvalidFileError('url parser: out of bounds error');
+        }
+        const body = decoder.decode(buff.subarray(ResourceLocator.BODY_OFFSET, offset));
+        const protocol = protocolAndIdentifierType & 0xf;
+        switch (protocol) {
+            case ProtocolEnum.Http:
+            case ProtocolEnum.Https:
+                break;
+            default:
+                throw new InvalidFileError(`url parser: unsupported protocol type [${protocol}]`);
+        }
+        // identifier
+        const identifierTypeNibble = protocolAndIdentifierType & 0xf0;
+        let identifierType = ResourceLocatorIdentifierEnum.None;
+        if (identifierTypeNibble === ResourceLocator.IDENTIFIER_2_BYTE) {
+            identifierType = ResourceLocatorIdentifierEnum.TwoBytes;
+        }
+        else if (identifierTypeNibble === ResourceLocator.IDENTIFIER_8_BYTE) {
+            identifierType = ResourceLocatorIdentifierEnum.EightBytes;
+        }
+        else if (identifierTypeNibble === ResourceLocator.IDENTIFIER_32_BYTE) {
+            identifierType = ResourceLocatorIdentifierEnum.ThirtyTwoBytes;
+        }
+        else if (identifierTypeNibble !== ResourceLocator.IDENTIFIER_0_BYTE) {
+            throw new InvalidFileError(`url parser: unsupported fragment type [${identifierTypeNibble}]`);
+        }
+        let identifier = undefined;
+        switch (identifierType) {
+            case ResourceLocatorIdentifierEnum.None:
+                // noop
+                break;
+            case ResourceLocatorIdentifierEnum.TwoBytes:
+            case ResourceLocatorIdentifierEnum.EightBytes:
+            case ResourceLocatorIdentifierEnum.ThirtyTwoBytes: {
+                const kidStart = offset;
+                offset = kidStart + identifierType.valueOf();
+                if (offset > buff.length) {
+                    throw new InvalidFileError('url parser: out of bounds error');
+                }
+                const kidSubarray = buff.subarray(kidStart, offset);
+                // Remove padding (assuming the padding is null bytes, 0x00)
+                const zeroIndex = kidSubarray.indexOf(0);
+                if (zeroIndex >= 0) {
+                    const trimmedSubarray = kidSubarray.subarray(0, zeroIndex);
+                    identifier = decoder.decode(trimmedSubarray);
+                }
+                else {
+                    identifier = decoder.decode(kidSubarray);
+                }
+                break;
+            }
+        }
+        return new ResourceLocator(protocol, lengthOfBody, body, offset, identifier, identifierType);
+    }
+    /**
+     * Length
+     *
+     * @returns { number } Length of resource locator
+     */
+    get length() {
+        return this.offset;
+    }
+    get url() {
+        switch (this.protocol) {
+            case ProtocolEnum.Http:
+                return 'http://' + this.body;
+            case ProtocolEnum.Https:
+                return 'https://' + this.body;
+            default:
+                throw new ConfigurationError(`resource locator protocol unsupported [${this.protocol}]`);
+        }
+    }
+    /**
+     * Return the contents of the Resource Locator in buffer
+     */
+    toBuffer() {
+        const target = new Uint8Array(ResourceLocator.BODY_OFFSET + this.body.length + this.idType);
+        let idTypeNibble = 0;
+        switch (this.idType) {
+            case ResourceLocatorIdentifierEnum.TwoBytes:
+                idTypeNibble = ResourceLocator.IDENTIFIER_2_BYTE;
+                break;
+            case ResourceLocatorIdentifierEnum.EightBytes:
+                idTypeNibble = ResourceLocator.IDENTIFIER_8_BYTE;
+                break;
+            case ResourceLocatorIdentifierEnum.ThirtyTwoBytes:
+                idTypeNibble = ResourceLocator.IDENTIFIER_32_BYTE;
+                break;
+        }
+        target.set([this.protocol | idTypeNibble], ResourceLocator.PROTOCOL_OFFSET);
+        target.set([this.lengthOfBody], ResourceLocator.LENGTH_OFFSET);
+        target.set(new TextEncoder().encode(this.body), ResourceLocator.BODY_OFFSET);
+        if (this.id) {
+            target.set(new TextEncoder().encode(this.id), ResourceLocator.BODY_OFFSET + this.body.length);
+        }
+        return target;
+    }
+    /**
+     * Get Identifier
+     *
+     * Returns the identifier of the ResourceLocator or an empty string if no identifier is present.
+     * @returns { string } Identifier of the resource locator.
+     */
+    get identifier() {
+        return this.id ?? '';
+    }
+}
+ResourceLocator.PROTOCOL_OFFSET = 0;
+ResourceLocator.PROTOCOL_LENGTH = 1;
+ResourceLocator.LENGTH_OFFSET = 1;
+ResourceLocator.LENGTH_LENGTH = 1;
+ResourceLocator.BODY_OFFSET = 2;
+ResourceLocator.IDENTIFIER_0_BYTE = 0 << 4; // 0
+ResourceLocator.IDENTIFIER_2_BYTE = 1 << 4; // 16
+ResourceLocator.IDENTIFIER_8_BYTE = 2 << 4; // 32
+ResourceLocator.IDENTIFIER_32_BYTE = 3 << 4; // 48
+export default ResourceLocator;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUmVzb3VyY2VMb2NhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvbW9kZWxzL1Jlc291cmNlTG9jYXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN2RSxPQUFPLFlBQVksTUFBTSx5QkFBeUIsQ0FBQztBQUNuRCxPQUFPLDZCQUE2QixNQUFNLDBDQUEwQyxDQUFDO0FBRXJGOzs7Ozs7Ozs7Ozs7OztHQWNHO0FBQ0gsTUFBcUIsZUFBZTtJQVdsQyxZQUNXLFFBQXNCLEVBQ3RCLFlBQW9CLEVBQ3BCLElBQVksRUFDWixNQUFjLEVBQ2QsRUFBVyxFQUNYLFNBQXdDLDZCQUE2QixDQUFDLElBQUk7UUFMMUUsYUFBUSxHQUFSLFFBQVEsQ0FBYztRQUN0QixpQkFBWSxHQUFaLFlBQVksQ0FBUTtRQUNwQixTQUFJLEdBQUosSUFBSSxDQUFRO1FBQ1osV0FBTSxHQUFOLE1BQU0sQ0FBUTtRQUNkLE9BQUUsR0FBRixFQUFFLENBQVM7UUFDWCxXQUFNLEdBQU4sTUFBTSxDQUFvRTtJQUNsRixDQUFDO0lBRUo7Ozs7Ozs7O09BUUc7SUFDSCxNQUFNLENBQUMsT0FBTyxDQUFDLEdBQVcsRUFBRSxVQUFtQjtRQUM3QyxNQUFNLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFN0MsSUFBSSxRQUFzQixDQUFDO1FBRTNCLDRDQUE0QztRQUM1QyxRQUFRLFdBQVcsQ0FBQyxXQUFXLEVBQUUsRUFBRTtZQUNqQyxLQUFLLE1BQU07Z0JBQ1QsUUFBUSxHQUFHLFlBQVksQ0FBQyxJQUFJLENBQUM7Z0JBQzdCLE1BQU07WUFDUixLQUFLLE9BQU87Z0JBQ1YsUUFBUSxHQUFHLFlBQVksQ0FBQyxLQUFLLENBQUM7Z0JBQzlCLE1BQU07WUFDUjtnQkFDRSxNQUFNLElBQUksa0JBQWtCLENBQUMsOEJBQThCLFdBQVcsZUFBZSxDQUFDLENBQUM7U0FDMUY7UUFFRCw0REFBNEQ7UUFDNUQsTUFBTSxjQUFjLEdBQUcsQ0FBQyxHQUFHLEVBQUU7WUFDM0IsSUFBSSxDQUFDLFVBQVUsRUFBRTtnQkFDZixPQUFPLDZCQUE2QixDQUFDLElBQUksQ0FBQzthQUMzQztZQUNELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDLENBQUMsTUFBTSxDQUFDO1lBQ3JFLElBQUksZ0JBQWdCLElBQUksQ0FBQyxFQUFFO2dCQUN6QixPQUFPLDZCQUE2QixDQUFDLFFBQVEsQ0FBQzthQUMvQztpQkFBTSxJQUFJLGdCQUFnQixJQUFJLENBQUMsRUFBRTtnQkFDaEMsT0FBTyw2QkFBNkIsQ0FBQyxVQUFVLENBQUM7YUFDakQ7aUJBQU0sSUFBSSxnQkFBZ0IsSUFBSSxFQUFFLEVBQUU7Z0JBQ2pDLE9BQU8sNkJBQTZCLENBQUMsY0FBYyxDQUFDO2FBQ3JEO1lBQ0QsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtDQUFrQyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztRQUN0RixDQUFDLENBQUMsRUFBRSxDQUFDO1FBRUwsb0VBQW9FO1FBQ3BFLE1BQU0sWUFBWSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUMzRCxJQUFJLFlBQVksSUFBSSxDQUFDLEVBQUU7WUFDckIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGdCQUFnQixDQUFDLENBQUM7U0FDaEQ7UUFDRCxNQUFNLGdCQUFnQixHQUFHLGNBQWMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNsRCxNQUFNLE1BQU0sR0FBRyxlQUFlLENBQUMsV0FBVyxHQUFHLFlBQVksR0FBRyxnQkFBZ0IsQ0FBQztRQUM3RSxPQUFPLElBQUksZUFBZSxDQUFDLFFBQVEsRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsY0FBYyxDQUFDLENBQUM7SUFDL0YsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBZ0I7UUFDM0IsV0FBVztRQUNYLE1BQU0seUJBQXlCLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUN4RSxpQkFBaUI7UUFDakIsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUN6RCxJQUFJLFlBQVksSUFBSSxDQUFDLEVBQUU7WUFDckIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLGdCQUFnQixDQUFDLENBQUM7U0FDOUM7UUFDRCxzQkFBc0I7UUFDdEIsTUFBTSxPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUNsQyxJQUFJLE1BQU0sR0FBRyxlQUFlLENBQUMsV0FBVyxHQUFHLFlBQVksQ0FBQztRQUN4RCxJQUFJLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ3hCLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO1NBQy9EO1FBQ0QsTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUNoRixNQUFNLFFBQVEsR0FBRyx5QkFBeUIsR0FBRyxHQUFHLENBQUM7UUFDakQsUUFBUSxRQUFRLEVBQUU7WUFDaEIsS0FBSyxZQUFZLENBQUMsSUFBSSxDQUFDO1lBQ3ZCLEtBQUssWUFBWSxDQUFDLEtBQUs7Z0JBQ3JCLE1BQU07WUFDUjtnQkFDRSxNQUFNLElBQUksZ0JBQWdCLENBQUMsMENBQTBDLFFBQVEsR0FBRyxDQUFDLENBQUM7U0FDckY7UUFDRCxhQUFhO1FBQ2IsTUFBTSxvQkFBb0IsR0FBRyx5QkFBeUIsR0FBRyxJQUFJLENBQUM7UUFDOUQsSUFBSSxjQUFjLEdBQUcsNkJBQTZCLENBQUMsSUFBSSxDQUFDO1FBQ3hELElBQUksb0JBQW9CLEtBQUssZUFBZSxDQUFDLGlCQUFpQixFQUFFO1lBQzlELGNBQWMsR0FBRyw2QkFBNkIsQ0FBQyxRQUFRLENBQUM7U0FDekQ7YUFBTSxJQUFJLG9CQUFvQixLQUFLLGVBQWUsQ0FBQyxpQkFBaUIsRUFBRTtZQUNyRSxjQUFjLEdBQUcsNkJBQTZCLENBQUMsVUFBVSxDQUFDO1NBQzNEO2FBQU0sSUFBSSxvQkFBb0IsS0FBSyxlQUFlLENBQUMsa0JBQWtCLEVBQUU7WUFDdEUsY0FBYyxHQUFHLDZCQUE2QixDQUFDLGNBQWMsQ0FBQztTQUMvRDthQUFNLElBQUksb0JBQW9CLEtBQUssZUFBZSxDQUFDLGlCQUFpQixFQUFFO1lBQ3JFLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywwQ0FBMEMsb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1NBQy9GO1FBRUQsSUFBSSxVQUFVLEdBQXVCLFNBQVMsQ0FBQztRQUUvQyxRQUFRLGNBQWMsRUFBRTtZQUN0QixLQUFLLDZCQUE2QixDQUFDLElBQUk7Z0JBQ3JDLE9BQU87Z0JBQ1AsTUFBTTtZQUNSLEtBQUssNkJBQTZCLENBQUMsUUFBUSxDQUFDO1lBQzVDLEtBQUssNkJBQTZCLENBQUMsVUFBVSxDQUFDO1lBQzlDLEtBQUssNkJBQTZCLENBQUMsY0FBYyxDQUFDLENBQUM7Z0JBQ2pELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQztnQkFDeEIsTUFBTSxHQUFHLFFBQVEsR0FBRyxjQUFjLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQzdDLElBQUksTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUU7b0JBQ3hCLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO2lCQUMvRDtnQkFDRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDcEQsNERBQTREO2dCQUM1RCxNQUFNLFNBQVMsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUN6QyxJQUFJLFNBQVMsSUFBSSxDQUFDLEVBQUU7b0JBQ2xCLE1BQU0sZUFBZSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLFNBQVMsQ0FBQyxDQUFDO29CQUMzRCxVQUFVLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQztpQkFDOUM7cUJBQU07b0JBQ0wsVUFBVSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7aUJBQzFDO2dCQUNELE1BQU07YUFDUDtTQUNGO1FBQ0QsT0FBTyxJQUFJLGVBQWUsQ0FBQyxRQUFRLEVBQUUsWUFBWSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLGNBQWMsQ0FBQyxDQUFDO0lBQy9GLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsSUFBSSxNQUFNO1FBQ1IsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JCLENBQUM7SUFFRCxJQUFJLEdBQUc7UUFDTCxRQUFRLElBQUksQ0FBQyxRQUFRLEVBQUU7WUFDckIsS0FBSyxZQUFZLENBQUMsSUFBSTtnQkFDcEIsT0FBTyxTQUFTLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztZQUMvQixLQUFLLFlBQVksQ0FBQyxLQUFLO2dCQUNyQixPQUFPLFVBQVUsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQ2hDO2dCQUNFLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQ0FBMEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUM7U0FDNUY7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxRQUFRO1FBQ04sTUFBTSxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsZUFBZSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDNUYsSUFBSSxZQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3JCLFFBQVEsSUFBSSxDQUFDLE1BQU0sRUFBRTtZQUNuQixLQUFLLDZCQUE2QixDQUFDLFFBQVE7Z0JBQ3pDLFlBQVksR0FBRyxlQUFlLENBQUMsaUJBQWlCLENBQUM7Z0JBQ2pELE1BQU07WUFDUixLQUFLLDZCQUE2QixDQUFDLFVBQVU7Z0JBQzNDLFlBQVksR0FBRyxlQUFlLENBQUMsaUJBQWlCLENBQUM7Z0JBQ2pELE1BQU07WUFDUixLQUFLLDZCQUE2QixDQUFDLGNBQWM7Z0JBQy9DLFlBQVksR0FBRyxlQUFlLENBQUMsa0JBQWtCLENBQUM7Z0JBQ2xELE1BQU07U0FDVDtRQUNELE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxHQUFHLFlBQVksQ0FBQyxFQUFFLGVBQWUsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUM1RSxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLGVBQWUsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUMvRCxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDN0UsSUFBSSxJQUFJLENBQUMsRUFBRSxFQUFFO1lBQ1gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEVBQUUsZUFBZSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1NBQy9GO1FBQ0QsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsSUFBSSxVQUFVO1FBQ1osT0FBTyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUN2QixDQUFDOztBQTlMZSwrQkFBZSxHQUFHLENBQUMsQ0FBQztBQUNwQiwrQkFBZSxHQUFHLENBQUMsQ0FBQztBQUNwQiw2QkFBYSxHQUFHLENBQUMsQ0FBQztBQUNsQiw2QkFBYSxHQUFHLENBQUMsQ0FBQztBQUNsQiwyQkFBVyxHQUFHLENBQUMsQ0FBQztBQUNoQixpQ0FBaUIsR0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBSTtBQUN4QyxpQ0FBaUIsR0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSztBQUN6QyxpQ0FBaUIsR0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSztBQUN6QyxrQ0FBa0IsR0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSztlQVR2QyxlQUFlIn0=

package/dist/web/src/nanotdf/models/Signature.js

@@ -0,0 +1,74 @@
+import { lengthOfPublicKey, lengthOfSignature } from '../helpers/calculateByCurve.js';
+import { ConfigurationError } from '../../errors.js';
+/**
+ * NanoTDF Signature
+ *
+ * The signature section is an optional section that contains an ECDSA signature used to cryptographically bind the Header and Payload to a creator of the nanotdf. The key used for signing is the private key of the creator of the nanotdf. The ECC Params used for the signature are described in Section 3.3.1.4.2. The private key used for this signature is distinctly different than the ephemeral private key. This is a persistent key belonging to an individual, entity, or device that creates nanotdfs. The signature is used to authenticate the entire nanotdf and contains both the public key related to the creators private key and the resulting signature. The structure of this section:
+ *
+ * | Section    | Minimum Length (B) | Maximum Length (B) |
+ * |------------|--------------------|--------------------|
+ * | Public Key | 33                 | 67                 |
+ * | Signature  | 64                 | 132                |
+ *
+ * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#333-signature
+ */
+export default class Signature {
+    static parse(header, buff) {
+        let offset = 0;
+        /**
+         * Parse the public key
+         *
+         * This section contains the compressed public key of the private key used to sign the message.
+         */
+        // TODO: Resolve where offset is missing 1 byte
+        const publicKeyLength = lengthOfPublicKey(header.signatureCurveName) + 1;
+        const publicKey = buff.subarray(offset, offset + publicKeyLength);
+        offset += publicKeyLength;
+        /**
+         * Parse signature
+         *
+         * This section contains the encoded `r` and `s` values of the ECDSA signature.
+         *
+         * ECDSA signatures are big endian encodings of the `r` and `s` values of an ECDSA signature.The length of `r` and `s`
+         * values is determined by the ECC Mode used for the signature. The encoding for the signature is the big endian
+         * encodings of R and S concatenated to each other. For example, `r = 1` and `s = 2` for an ECDSA signature of a
+         * ecp256k1 key would be (line breaks and spaces are added for easier visualization):
+         *
+         * ```
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+         * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
+         * ```
+         *
+         * @link https://github.com/virtru/nanotdf/blob/master/spec/index.md#52-ecdsa-signature-encoding
+         */
+        const signatureLength = lengthOfSignature(header.signatureCurveName);
+        const signature = buff.subarray(offset, offset + signatureLength);
+        offset += signatureLength;
+        return { signature: new Signature(publicKey, signature), offset };
+    }
+    constructor(publicKey, signature) {
+        this.publicKey = publicKey;
+        this.signature = signature;
+    }
+    /**
+     * Length
+     *
+     * @returns { number } Length of signature
+     */
+    get length() {
+        return this.publicKey.length + this.signature.length;
+    }
+    /**
+     * Copy the contents of the signature to buffer
+     */
+    copyToBuffer(target) {
+        if (this.length > target.length) {
+            throw new ConfigurationError('Invalid buffer size to copy signature');
+        }
+        target.set(this.publicKey, 0);
+        target.set(this.signature, this.publicKey.length);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2lnbmF0dXJlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvbW9kZWxzL1NpZ25hdHVyZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUN0RixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUVyRDs7Ozs7Ozs7Ozs7R0FXRztBQUNILE1BQU0sQ0FBQyxPQUFPLE9BQU8sU0FBUztJQUk1QixNQUFNLENBQUMsS0FBSyxDQUFDLE1BQWMsRUFBRSxJQUFnQjtRQUMzQyxJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7UUFFZjs7OztXQUlHO1FBQ0gsK0NBQStDO1FBQy9DLE1BQU0sZUFBZSxHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN6RSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxNQUFNLEdBQUcsZUFBZSxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLGVBQWUsQ0FBQztRQUUxQjs7Ozs7Ozs7Ozs7Ozs7Ozs7O1dBa0JHO1FBQ0gsTUFBTSxlQUFlLEdBQUcsaUJBQWlCLENBQUMsTUFBTSxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDckUsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLGVBQWUsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sSUFBSSxlQUFlLENBQUM7UUFFMUIsT0FBTyxFQUFFLFNBQVMsRUFBRSxJQUFJLFNBQVMsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUM7SUFDcEUsQ0FBQztJQUVELFlBQVksU0FBcUIsRUFBRSxTQUFxQjtRQUN0RCxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztRQUMzQixJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILElBQUksTUFBTTtRQUNSLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7SUFDdkQsQ0FBQztJQUVEOztPQUVHO0lBQ0gsWUFBWSxDQUFDLE1BQWtCO1FBQzdCLElBQUksSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxFQUFFO1lBQy9CLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1NBQ3ZFO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3BELENBQUM7Q0FDRiJ9

package/dist/web/src/nanotdf-crypto/ciphers.js

@@ -0,0 +1,14 @@
+export var Ciphers;
+(function (Ciphers) {
+    Ciphers["AesGcm"] = "AES-GCM";
+})(Ciphers || (Ciphers = {}));
+export var CipherTagLengths;
+(function (CipherTagLengths) {
+    CipherTagLengths[CipherTagLengths["AesGcm"] = 128] = "AesGcm";
+})(CipherTagLengths || (CipherTagLengths = {}));
+const cipherKeys = [];
+for (const cipherKey in Ciphers) {
+    cipherKeys.push(cipherKey);
+}
+export const supportedCiphers = cipherKeys;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2lwaGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9jaXBoZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE1BQU0sQ0FBTixJQUFZLE9BRVg7QUFGRCxXQUFZLE9BQU87SUFDakIsNkJBQWtCLENBQUE7QUFDcEIsQ0FBQyxFQUZXLE9BQU8sS0FBUCxPQUFPLFFBRWxCO0FBRUQsTUFBTSxDQUFOLElBQVksZ0JBRVg7QUFGRCxXQUFZLGdCQUFnQjtJQUMxQiw2REFBWSxDQUFBO0FBQ2QsQ0FBQyxFQUZXLGdCQUFnQixLQUFoQixnQkFBZ0IsUUFFM0I7QUFFRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7QUFDdEIsS0FBSyxNQUFNLFNBQVMsSUFBSSxPQUFPLEVBQUU7SUFDL0IsVUFBVSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztDQUM1QjtBQUNELE1BQU0sQ0FBQyxNQUFNLGdCQUFnQixHQUFHLFVBQVUsQ0FBQyJ9

package/dist/web/src/nanotdf-crypto/decrypt.js

@@ -0,0 +1,21 @@
+import { Ciphers, CipherTagLengths } from './ciphers.js';
+/**
+ * Decrypt plaintext buffer to plaintext buffer
+ *
+ * Only supports AES-GCM
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt
+ *
+ * @param key Encryption key
+ * @param ciphertext Encrypted buffer
+ * @param iv Initialization vector
+ * @param tagLength Size (bits) of authentication tag
+ * @returns Resolves plaintext buffer
+ */
+export default async function decrypt(key, ciphertext, iv, tagLength) {
+    return crypto.subtle.decrypt({
+        name: Ciphers.AesGcm,
+        iv,
+        tagLength: tagLength || CipherTagLengths.AesGcm,
+    }, key, ciphertext);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjcnlwdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9kZWNyeXB0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFekQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssVUFBVSxPQUFPLENBQ25DLEdBQWMsRUFDZCxVQUFzQixFQUN0QixFQUFjLEVBQ2QsU0FBa0I7SUFFbEIsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FDMUI7UUFDRSxJQUFJLEVBQUUsT0FBTyxDQUFDLE1BQU07UUFDcEIsRUFBRTtRQUNGLFNBQVMsRUFBRSxTQUFTLElBQUksZ0JBQWdCLENBQUMsTUFBTTtLQUNoRCxFQUNELEdBQUcsRUFDSCxVQUFVLENBQ1gsQ0FBQztBQUNKLENBQUMifQ==

package/dist/web/src/nanotdf-crypto/digest.js

@@ -0,0 +1,4 @@
+export default function digest(hashType, data) {
+    return crypto.subtle.digest(hashType, data);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlnZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2RpZ2VzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxNQUFNLENBQUMsT0FBTyxVQUFVLE1BQU0sQ0FDNUIsUUFBNkIsRUFDN0IsSUFBOEI7SUFFOUIsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDOUMsQ0FBQyJ9