@opentdf/sdk 0.1.0-beta.1701

package/dist/web/tdf3/src/crypto/index.js

@@ -0,0 +1,296 @@
+/**
+ * This file is for using native crypto in the browser.
+ *
+ * @private
+ */
+import { Algorithms } from '../ciphers/index.js';
+import { Binary } from '../binary.js';
+import { MIN_ASYMMETRIC_KEY_SIZE_BITS, } from './declarations.js';
+import { ConfigurationError, DecryptError } from '../../../src/errors.js';
+import { formatAsPem, removePemFormatting } from './crypto-utils.js';
+import { encodeArrayBuffer as hexEncode } from '../../../src/encodings/hex.js';
+import { decodeArrayBuffer as base64Decode } from '../../../src/encodings/base64.js';
+// Used to pass into native crypto functions
+const METHODS = ['encrypt', 'decrypt'];
+export const isSupported = typeof globalThis?.crypto !== 'undefined';
+export const method = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
+export const name = 'BrowserNativeCryptoService';
+/**
+ * Get a DOMString representing the algorithm to use for an
+ * asymmetric key generation.
+ */
+export function rsaOaepSha1(modulusLength = MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+    if (!modulusLength || modulusLength < MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+        throw new ConfigurationError('Invalid key size requested');
+    }
+    return {
+        name: 'RSA-OAEP',
+        hash: {
+            name: 'SHA-1',
+        },
+        modulusLength,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // 24 bit representation of 65537
+    };
+}
+export function rsaPkcs1Sha256(modulusLength = MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+    if (!modulusLength || modulusLength < MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+        throw new ConfigurationError('Invalid key size requested');
+    }
+    return {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: {
+            name: 'SHA-256',
+        },
+        modulusLength,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // 24 bit representation of 65537
+    };
+}
+/**
+ * Generate a random hex key
+ * @return New key as a hex string
+ */
+export async function generateKey(length) {
+    return randomBytesAsHex(length || 32);
+}
+/**
+ * Generate an RSA key pair
+ * @see    {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey}
+ * @param  size in bits
+ */
+export async function generateKeyPair(size) {
+    const algoDomString = rsaOaepSha1(size || MIN_ASYMMETRIC_KEY_SIZE_BITS);
+    return crypto.subtle.generateKey(algoDomString, true, METHODS);
+}
+/**
+ * Generate an RSA key pair suitable for signatures
+ * @see    {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey}
+ */
+export async function generateSigningKeyPair() {
+    return crypto.subtle.generateKey({
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: 'SHA-256',
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+    }, true, ['sign', 'verify']);
+}
+export async function cryptoToPemPair(keysMaybe) {
+    const keys = keysMaybe;
+    if (!keys.privateKey || !keys.publicKey) {
+        // These are only ever generated here, so this should not happen
+        throw new Error('internal: invalid keys');
+    }
+    const [exPublic, exPrivate] = await Promise.all([
+        crypto.subtle.exportKey('spki', keys.publicKey),
+        crypto.subtle.exportKey('pkcs8', keys.privateKey),
+    ]);
+    return {
+        publicKey: formatAsPem(exPublic, 'PUBLIC KEY'),
+        privateKey: formatAsPem(exPrivate, 'PRIVATE KEY'),
+    };
+}
+/**
+ * Encrypt using a public key
+ * @param payload Payload to encrypt
+ * @param publicKey PEM formatted public key
+ * @return Encrypted payload
+ */
+export async function encryptWithPublicKey(payload, publicKey) {
+    console.assert(typeof payload === 'object');
+    console.assert(typeof publicKey === 'string');
+    const algoDomString = rsaOaepSha1();
+    // Web Crypto APIs don't work with PEM formatted strings
+    publicKey = removePemFormatting(publicKey);
+    const keyBuffer = base64Decode(publicKey);
+    const cryptoKey = await crypto.subtle.importKey('spki', keyBuffer, algoDomString, false, [
+        'encrypt',
+    ]);
+    const result = await crypto.subtle.encrypt({ name: 'RSA-OAEP' }, cryptoKey, payload.asArrayBuffer());
+    return Binary.fromArrayBuffer(result);
+}
+/**
+ * Generate a 16-byte initialization vector
+ */
+export async function generateInitializationVector(length) {
+    return randomBytesAsHex(length || 16);
+}
+export async function randomBytes(byteLength) {
+    const r = new Uint8Array(byteLength);
+    crypto.getRandomValues(r);
+    return r;
+}
+/**
+ * Returns a promise to the encryption key as a binary string.
+ *
+ * Note: This function should almost never fail as it includes a fallback
+ * if for some reason the native generate key fails.
+ *
+ * @param length The key length, defaults to 256
+ *
+ * @returns The hex string.
+ */
+export async function randomBytesAsHex(length) {
+    // Create a typed array of the correct length to fill
+    const r = new Uint8Array(length);
+    crypto.getRandomValues(r);
+    return hexEncode(r.buffer);
+}
+/**
+ * Decrypt a public-key encrypted payload with a private key
+ * @param  encryptedPayload  Payload to decrypt
+ * @param  privateKey        PEM formatted private keynpmv
+ * @return Decrypted payload
+ */
+export async function decryptWithPrivateKey(encryptedPayload, privateKey) {
+    console.assert(typeof encryptedPayload === 'object', 'encryptedPayload must be object');
+    console.assert(typeof privateKey === 'string', 'privateKey must be string');
+    const algoDomString = rsaOaepSha1();
+    // Web Crypto APIs don't work with PEM formatted strings
+    const keyDataString = removePemFormatting(privateKey);
+    const keyData = base64Decode(keyDataString);
+    const key = await crypto.subtle.importKey('pkcs8', keyData, algoDomString, false, ['decrypt']);
+    const payload = await crypto.subtle.decrypt({ name: 'RSA-OAEP' }, key, encryptedPayload.asArrayBuffer());
+    const bufferView = new Uint8Array(payload);
+    return Binary.fromArrayBuffer(bufferView.buffer);
+}
+/**
+ * Decrypt content synchronously
+ * @param payload The payload to decrypt
+ * @param key     The encryption key
+ * @param iv      The initialization vector
+ * @param algorithm The algorithm to use for encryption
+ * @param authTag The authentication tag for authenticated crypto.
+ */
+export function decrypt(payload, key, iv, algorithm, authTag) {
+    return _doDecrypt(payload, key, iv, algorithm, authTag);
+}
+/**
+ * Encrypt content synchronously
+ * @param payload   The payload to encrypt
+ * @param key       The encryption key
+ * @param iv        The initialization vector
+ * @param algorithm The algorithm to use for encryption
+ */
+export function encrypt(payload, key, iv, algorithm) {
+    return _doEncrypt(payload, key, iv, algorithm);
+}
+async function _doEncrypt(payload, key, iv, algorithm) {
+    console.assert(payload != null);
+    console.assert(key != null);
+    console.assert(iv != null);
+    const payloadBuffer = payload.asArrayBuffer();
+    const algoDomString = getSymmetricAlgoDomString(iv, algorithm);
+    const importedKey = await _importKey(key, algoDomString);
+    const encrypted = await crypto.subtle.encrypt(algoDomString, importedKey, payloadBuffer);
+    if (algoDomString.name === 'AES-GCM') {
+        return {
+            payload: Binary.fromArrayBuffer(encrypted.slice(0, -16)),
+            authTag: Binary.fromArrayBuffer(encrypted.slice(-16)),
+        };
+    }
+    return {
+        payload: Binary.fromArrayBuffer(encrypted),
+    };
+}
+async function _doDecrypt(payload, key, iv, algorithm, authTag) {
+    console.assert(payload != null);
+    console.assert(key != null);
+    console.assert(iv != null);
+    let payloadBuffer = payload.asArrayBuffer();
+    // Concat the the auth tag to the payload for decryption
+    if (authTag) {
+        const authTagBuffer = authTag.asArrayBuffer();
+        const gcmPayload = new Uint8Array(payloadBuffer.byteLength + authTagBuffer.byteLength);
+        gcmPayload.set(new Uint8Array(payloadBuffer), 0);
+        gcmPayload.set(new Uint8Array(authTagBuffer), payloadBuffer.byteLength);
+        payloadBuffer = gcmPayload.buffer;
+    }
+    const algoDomString = getSymmetricAlgoDomString(iv, algorithm);
+    const importedKey = await _importKey(key, algoDomString);
+    algoDomString.iv = iv.asArrayBuffer();
+    const decrypted = await crypto.subtle
+        .decrypt(algoDomString, importedKey, payloadBuffer)
+        // Catching this error so we can specifically check for OperationError
+        .catch((err) => {
+        if (err.name === 'OperationError') {
+            throw new DecryptError(err);
+        }
+        throw err;
+    });
+    return { payload: Binary.fromArrayBuffer(decrypted) };
+}
+function _importKey(key, algorithm) {
+    return crypto.subtle.importKey('raw', key.asArrayBuffer(), algorithm, true, METHODS);
+}
+/**
+ * Get a DOMString representing the algorithm to use for a crypto
+ * operation. Defaults to AES-CBC.
+ * @param  {String|undefined} algorithm
+ * @return {DOMString} Algorithm to use
+ */
+function getSymmetricAlgoDomString(iv, algorithm) {
+    let nativeAlgorithm = 'AES-CBC';
+    if (algorithm === Algorithms.AES_256_GCM) {
+        nativeAlgorithm = 'AES-GCM';
+    }
+    return {
+        name: nativeAlgorithm,
+        iv: iv.asArrayBuffer(),
+    };
+}
+/**
+ * Create a SHA256 hash. Code refrenced from MDN:
+ * https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
+ * @param  content  String content
+ * @return Hex hash
+ */
+export async function sha256(content) {
+    const buffer = new TextEncoder().encode(content);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', buffer);
+    return hexEncode(hashBuffer);
+}
+/**
+ * Create an HMAC SHA256 hash
+ * @param  key     Key string
+ * @param  content Content string
+ * @return Hex hash
+ */
+export async function hmac(key, content) {
+    const contentBuffer = new TextEncoder().encode(content);
+    const keyBuffer = hex2Ab(key);
+    const cryptoKey = await crypto.subtle.importKey('raw', keyBuffer, {
+        name: 'HMAC',
+        hash: { name: 'SHA-256' },
+    }, true, ['sign', 'verify']);
+    const hashBuffer = await crypto.subtle.sign('HMAC', cryptoKey, contentBuffer);
+    return hexEncode(hashBuffer);
+}
+/**
+ * Create an ArrayBuffer from a hex string.
+ * https://developers.google.com/web/updates/2012/06/How-to-convert-ArrayBuffer-to-and-from-String?hl=en
+ * @param  hex - Hex string
+ */
+export function hex2Ab(hex) {
+    const buffer = new ArrayBuffer(hex.length / 2);
+    const bufferView = new Uint8Array(buffer);
+    for (let i = 0; i < hex.length; i += 2) {
+        bufferView[i / 2] = parseInt(hex.substr(i, 2), 16);
+    }
+    return buffer;
+}
+export const DefaultCryptoService = {
+    name,
+    method,
+    cryptoToPemPair,
+    decrypt,
+    decryptWithPrivateKey,
+    encrypt,
+    encryptWithPublicKey,
+    generateInitializationVector,
+    generateKey,
+    generateKeyPair,
+    generateSigningKeyPair,
+    hmac,
+    randomBytes,
+    sha256,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jcnlwdG8vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7R0FJRztBQUVILE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRCxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ3RDLE9BQU8sRUFJTCw0QkFBNEIsR0FFN0IsTUFBTSxtQkFBbUIsQ0FBQztBQUMzQixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsWUFBWSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDMUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxtQkFBbUIsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ3JFLE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxTQUFTLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUMvRSxPQUFPLEVBQUUsaUJBQWlCLElBQUksWUFBWSxFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFHckYsNENBQTRDO0FBQzVDLE1BQU0sT0FBTyxHQUFlLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ25ELE1BQU0sQ0FBQyxNQUFNLFdBQVcsR0FBRyxPQUFPLFVBQVUsRUFBRSxNQUFNLEtBQUssV0FBVyxDQUFDO0FBRXJFLE1BQU0sQ0FBQyxNQUFNLE1BQU0sR0FBRyw2Q0FBNkMsQ0FBQztBQUNwRSxNQUFNLENBQUMsTUFBTSxJQUFJLEdBQUcsNEJBQTRCLENBQUM7QUFFakQ7OztHQUdHO0FBQ0gsTUFBTSxVQUFVLFdBQVcsQ0FDekIsZ0JBQXdCLDRCQUE0QjtJQUVwRCxJQUFJLENBQUMsYUFBYSxJQUFJLGFBQWEsR0FBRyw0QkFBNEIsRUFBRTtRQUNsRSxNQUFNLElBQUksa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztLQUM1RDtJQUNELE9BQU87UUFDTCxJQUFJLEVBQUUsVUFBVTtRQUNoQixJQUFJLEVBQUU7WUFDSixJQUFJLEVBQUUsT0FBTztTQUNkO1FBQ0QsYUFBYTtRQUNiLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUMsRUFBRSxpQ0FBaUM7S0FDdEYsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLFVBQVUsY0FBYyxDQUM1QixnQkFBd0IsNEJBQTRCO0lBRXBELElBQUksQ0FBQyxhQUFhLElBQUksYUFBYSxHQUFHLDRCQUE0QixFQUFFO1FBQ2xFLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO0tBQzVEO0lBQ0QsT0FBTztRQUNMLElBQUksRUFBRSxtQkFBbUI7UUFDekIsSUFBSSxFQUFFO1lBQ0osSUFBSSxFQUFFLFNBQVM7U0FDaEI7UUFDRCxhQUFhO1FBQ2IsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQyxFQUFFLGlDQUFpQztLQUN0RixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsV0FBVyxDQUFDLE1BQWU7SUFDL0MsT0FBTyxnQkFBZ0IsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLENBQUM7QUFDeEMsQ0FBQztBQUVEOzs7O0dBSUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FBQyxJQUFhO0lBQ2pELE1BQU0sYUFBYSxHQUFHLFdBQVcsQ0FBQyxJQUFJLElBQUksNEJBQTRCLENBQUMsQ0FBQztJQUN4RSxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLGFBQWEsRUFBRSxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDakUsQ0FBQztBQUVEOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsc0JBQXNCO0lBQzFDLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQzlCO1FBQ0UsSUFBSSxFQUFFLG1CQUFtQjtRQUN6QixJQUFJLEVBQUUsU0FBUztRQUNmLGFBQWEsRUFBRSxJQUFJO1FBQ25CLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDbkQsRUFDRCxJQUFJLEVBQ0osQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQ25CLENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQUMsU0FBa0I7SUFDdEQsTUFBTSxJQUFJLEdBQUcsU0FBMEIsQ0FBQztJQUN4QyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUU7UUFDdkMsZ0VBQWdFO1FBQ2hFLE1BQU0sSUFBSSxLQUFLLENBQUMsd0JBQXdCLENBQUMsQ0FBQztLQUMzQztJQUVELE1BQU0sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDO1FBQzlDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQy9DLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDO0tBQ2xELENBQUMsQ0FBQztJQUNILE9BQU87UUFDTCxTQUFTLEVBQUUsV0FBVyxDQUFDLFFBQVEsRUFBRSxZQUFZLENBQUM7UUFDOUMsVUFBVSxFQUFFLFdBQVcsQ0FBQyxTQUFTLEVBQUUsYUFBYSxDQUFDO0tBQ2xELENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLG9CQUFvQixDQUFDLE9BQWUsRUFBRSxTQUFpQjtJQUMzRSxPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDO0lBQzVDLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxTQUFTLEtBQUssUUFBUSxDQUFDLENBQUM7SUFFOUMsTUFBTSxhQUFhLEdBQUcsV0FBVyxFQUFFLENBQUM7SUFFcEMsd0RBQXdEO0lBQ3hELFNBQVMsR0FBRyxtQkFBbUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUUzQyxNQUFNLFNBQVMsR0FBRyxZQUFZLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDMUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUU7UUFDdkYsU0FBUztLQUNWLENBQUMsQ0FBQztJQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQ3hDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxFQUNwQixTQUFTLEVBQ1QsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUN4QixDQUFDO0lBQ0YsT0FBTyxNQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQ3hDLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsNEJBQTRCLENBQUMsTUFBZTtJQUNoRSxPQUFPLGdCQUFnQixDQUFDLE1BQU0sSUFBSSxFQUFFLENBQUMsQ0FBQztBQUN4QyxDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxXQUFXLENBQUMsVUFBa0I7SUFDbEQsTUFBTSxDQUFDLEdBQUcsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDckMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUMxQixPQUFPLENBQUMsQ0FBQztBQUNYLENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGdCQUFnQixDQUFDLE1BQWM7SUFDbkQscURBQXFEO0lBQ3JELE1BQU0sQ0FBQyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ2pDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDMUIsT0FBTyxTQUFTLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQzdCLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLGdCQUF3QixFQUN4QixVQUFrQjtJQUVsQixPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sZ0JBQWdCLEtBQUssUUFBUSxFQUFFLGlDQUFpQyxDQUFDLENBQUM7SUFDeEYsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLFVBQVUsS0FBSyxRQUFRLEVBQUUsMkJBQTJCLENBQUMsQ0FBQztJQUU1RSxNQUFNLGFBQWEsR0FBRyxXQUFXLEVBQUUsQ0FBQztJQUVwQyx3REFBd0Q7SUFDeEQsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDdEQsTUFBTSxPQUFPLEdBQUcsWUFBWSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRTVDLE1BQU0sR0FBRyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztJQUMvRixNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUN6QyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsRUFDcEIsR0FBRyxFQUNILGdCQUFnQixDQUFDLGFBQWEsRUFBRSxDQUNqQyxDQUFDO0lBQ0YsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDM0MsT0FBTyxNQUFNLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNuRCxDQUFDO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sVUFBVSxPQUFPLENBQ3JCLE9BQWUsRUFDZixHQUFXLEVBQ1gsRUFBVSxFQUNWLFNBQXdCLEVBQ3hCLE9BQWdCO0lBRWhCLE9BQU8sVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUMxRCxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLE9BQU8sQ0FDckIsT0FBZSxFQUNmLEdBQVcsRUFDWCxFQUFVLEVBQ1YsU0FBd0I7SUFFeEIsT0FBTyxVQUFVLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsU0FBUyxDQUFDLENBQUM7QUFDakQsQ0FBQztBQUVELEtBQUssVUFBVSxVQUFVLENBQ3ZCLE9BQWUsRUFDZixHQUFXLEVBQ1gsRUFBVSxFQUNWLFNBQXdCO0lBRXhCLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxDQUFDO0lBQ2hDLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxJQUFJLElBQUksQ0FBQyxDQUFDO0lBQzVCLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxJQUFJLElBQUksQ0FBQyxDQUFDO0lBRTNCLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUM5QyxNQUFNLGFBQWEsR0FBRyx5QkFBeUIsQ0FBQyxFQUFFLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFFL0QsTUFBTSxXQUFXLEdBQUcsTUFBTSxVQUFVLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBQ3pELE1BQU0sU0FBUyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLFdBQVcsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUN6RixJQUFJLGFBQWEsQ0FBQyxJQUFJLEtBQUssU0FBUyxFQUFFO1FBQ3BDLE9BQU87WUFDTCxPQUFPLEVBQUUsTUFBTSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3hELE9BQU8sRUFBRSxNQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztTQUN0RCxDQUFDO0tBQ0g7SUFDRCxPQUFPO1FBQ0wsT0FBTyxFQUFFLE1BQU0sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDO0tBQzNDLENBQUM7QUFDSixDQUFDO0FBRUQsS0FBSyxVQUFVLFVBQVUsQ0FDdkIsT0FBZSxFQUNmLEdBQVcsRUFDWCxFQUFVLEVBQ1YsU0FBd0IsRUFDeEIsT0FBZ0I7SUFFaEIsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDLENBQUM7SUFDaEMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLElBQUksSUFBSSxDQUFDLENBQUM7SUFDNUIsT0FBTyxDQUFDLE1BQU0sQ0FBQyxFQUFFLElBQUksSUFBSSxDQUFDLENBQUM7SUFFM0IsSUFBSSxhQUFhLEdBQUcsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDO0lBRTVDLHdEQUF3RDtJQUN4RCxJQUFJLE9BQU8sRUFBRTtRQUNYLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUM5QyxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxhQUFhLENBQUMsVUFBVSxHQUFHLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUN2RixVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2pELFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxVQUFVLENBQUMsYUFBYSxDQUFDLEVBQUUsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ3hFLGFBQWEsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDO0tBQ25DO0lBRUQsTUFBTSxhQUFhLEdBQUcseUJBQXlCLENBQUMsRUFBRSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBRS9ELE1BQU0sV0FBVyxHQUFHLE1BQU0sVUFBVSxDQUFDLEdBQUcsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUN6RCxhQUFhLENBQUMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUV0QyxNQUFNLFNBQVMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNO1NBQ2xDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsV0FBVyxFQUFFLGFBQWEsQ0FBQztRQUNuRCxzRUFBc0U7U0FDckUsS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7UUFDYixJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssZ0JBQWdCLEVBQUU7WUFDakMsTUFBTSxJQUFJLFlBQVksQ0FBQyxHQUFHLENBQUMsQ0FBQztTQUM3QjtRQUVELE1BQU0sR0FBRyxDQUFDO0lBQ1osQ0FBQyxDQUFDLENBQUM7SUFDTCxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztBQUN4RCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsR0FBVyxFQUFFLFNBQXNDO0lBQ3JFLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxhQUFhLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0FBQ3ZGLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILFNBQVMseUJBQXlCLENBQ2hDLEVBQVUsRUFDVixTQUF3QjtJQUV4QixJQUFJLGVBQWUsR0FBRyxTQUFTLENBQUM7SUFDaEMsSUFBSSxTQUFTLEtBQUssVUFBVSxDQUFDLFdBQVcsRUFBRTtRQUN4QyxlQUFlLEdBQUcsU0FBUyxDQUFDO0tBQzdCO0lBRUQsT0FBTztRQUNMLElBQUksRUFBRSxlQUFlO1FBQ3JCLEVBQUUsRUFBRSxFQUFFLENBQUMsYUFBYSxFQUFFO0tBQ3ZCLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE1BQU0sQ0FBQyxPQUFlO0lBQzFDLE1BQU0sTUFBTSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ2pELE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2pFLE9BQU8sU0FBUyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQVcsRUFBRSxPQUFlO0lBQ3JELE1BQU0sYUFBYSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3hELE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM5QixNQUFNLFNBQVMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUM3QyxLQUFLLEVBQ0wsU0FBUyxFQUNUO1FBQ0UsSUFBSSxFQUFFLE1BQU07UUFDWixJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO0tBQzFCLEVBQ0QsSUFBSSxFQUNKLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUNuQixDQUFDO0lBQ0YsTUFBTSxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsU0FBUyxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBQzlFLE9BQU8sU0FBUyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxVQUFVLE1BQU0sQ0FBQyxHQUFXO0lBQ2hDLE1BQU0sTUFBTSxHQUFHLElBQUksV0FBVyxDQUFDLEdBQUcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDL0MsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFMUMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRTtRQUN0QyxVQUFVLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztLQUNwRDtJQUVELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRCxNQUFNLENBQUMsTUFBTSxvQkFBb0IsR0FBa0I7SUFDakQsSUFBSTtJQUNKLE1BQU07SUFDTixlQUFlO0lBQ2YsT0FBTztJQUNQLHFCQUFxQjtJQUNyQixPQUFPO0lBQ1Asb0JBQW9CO0lBQ3BCLDRCQUE0QjtJQUM1QixXQUFXO0lBQ1gsZUFBZTtJQUNmLHNCQUFzQjtJQUN0QixJQUFJO0lBQ0osV0FBVztJQUNYLE1BQU07Q0FDUCxDQUFDIn0=

package/dist/web/tdf3/src/index.js

@@ -0,0 +1,5 @@
+export * as Client from './client/index.js';
+export { Client as TDF3Client } from './client/index.js';
+export * as Errors from '../../src/errors.js';
+export { version, clientType } from './version.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90ZGYzL3NyYy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssTUFBTSxNQUFNLG1CQUFtQixDQUFDO0FBQzVDLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDekQsT0FBTyxLQUFLLE1BQU0sTUFBTSxxQkFBcUIsQ0FBQztBQUM5QyxPQUFPLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGNBQWMsQ0FBQyJ9

package/dist/web/tdf3/src/models/attribute-set.js

@@ -0,0 +1,118 @@
+import { decodeJwt } from 'jose';
+export class AttributeSet {
+    constructor() {
+        this.verbose = false;
+        this.attributes = [];
+    }
+    /**
+     * Check if attribute is in the list
+     * @param attribute URL of the attribute
+     * @return if attribute is in the set
+     */
+    has(attribute = '') {
+        // This could be much more elegant with something other than an
+        // array as the data structure. This is OK-ish only because the
+        // expected size of the data structure is small
+        // console.log(">>> ----- Has Attribute" + attribute);
+        return !!this.attributes.find((attrObj) => attrObj.attribute === attribute);
+    }
+    /**
+     * Get an attribute by URL
+     * @param  attribute URL of the attribute
+     * @return attribute in object form, if found
+     */
+    get(attribute = '') {
+        // This could be much more elegant with something other than an
+        // array as the data structure. This is OK-ish only because the
+        // expected size of the data structure is small
+        // console.log(">>> ----- Get Attribute" + attribute);
+        const result = this.attributes.filter((attrObj) => attrObj.attribute == attribute);
+        return result.length > 0 ? result[0] : null;
+    }
+    /**
+     * Get all the attributes.
+     * @return default attribute in object form or null
+     */
+    getDefault() {
+        return this.defaultAttribute || null;
+    }
+    /**
+     * Get the default attribute, if it exists.
+     * @return return all the attribute urls
+     */
+    getUrls() {
+        return this.attributes.map((attr) => attr.attribute);
+    }
+    /**
+     * Add an attribute to the set. Should be idempotent.
+     * @param attrObj AttributeObject to add, in non-JWT form
+     * @return the attribute object if successful, or null
+     */
+    addAttribute(attrObj) {
+        // Check for duplicate entries to assure idempotency.
+        if (this.has(attrObj.attribute)) {
+            // This may be a common occurance, so only un-comment this log message
+            // if you want verbose mode.
+            // console.log(`Attribute ${attrObj.attribute} is already loaded.`);
+            return null; // reject silently
+        }
+        if (attrObj.isDefault === true) {
+            if (this.defaultAttribute && this.defaultAttribute.attribute !== attrObj.attribute) {
+                // Remove the existing default attribute to make room for the new one
+                this.deleteAttribute(this.defaultAttribute.attribute);
+            }
+            this.defaultAttribute = attrObj;
+        }
+        this.attributes.push(attrObj);
+        return attrObj;
+    }
+    /**
+     * Delete an attribute from the set. Should be idempotent.
+     * @param attrUrl - URL of Attribute object to delete.
+     * @return The attribute object if successful or null if not
+     */
+    deleteAttribute(attrUrl = '') {
+        const deleted = this.get(attrUrl);
+        if (deleted) {
+            this.attributes = this.attributes.filter((attrObj) => attrObj.attribute != attrUrl);
+        }
+        return deleted;
+    }
+    /**
+     * Add a list of attributes in object form
+     * @param  attributes List of attribute objects as provided in an EntityObject
+     * @param  easPublicKey EAS public key for decrypting the JWTs
+     * @return list of attribute objects
+     */
+    addAttributes(attributes = []) {
+        return attributes
+            .map((attrObj) => {
+            return this.addAttribute(attrObj); // Returns promise
+        })
+            .filter((x) => x);
+    }
+    /**
+     * Add an attribute in JWT form = { jwt: <string jwt> }
+     * @param  {Object} jwtAttribute - Attribute object in JWT form.
+     * @return {Object} - Decrypted and added attribute object
+     */
+    addJwtAttribute(jwtAttribute) {
+        const attrJwt = jwtAttribute?.jwt;
+        // Can't verify the JWT because the client does not have the easPublicKey,
+        // but the contents of the JWT can be decoded.
+        const attrObjPayload = attrJwt && decodeJwt(attrJwt);
+        if (!attrObjPayload) {
+            return null;
+        }
+        // JWT payloads contain many things, incluing .iat and .exp. This
+        // extraneous material should be stripped away before adding the
+        // attribute to the attributeSet.
+        const { attribute, displayName, pubKey, kasUrl } = attrObjPayload;
+        const attrObj = { attribute, displayName, pubKey, kasUrl, jwt: attrJwt };
+        if (attrObjPayload.isDefault) {
+            attrObj.isDefault = !!attrObjPayload.isDefault;
+        }
+        return this.addAttribute(attrObj);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlLXNldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9hdHRyaWJ1dGUtc2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFZakMsTUFBTSxPQUFPLFlBQVk7SUFPdkI7UUFKQSxZQUFPLEdBQVksS0FBSyxDQUFDO1FBS3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsR0FBRyxDQUFDLFNBQVMsR0FBRyxFQUFFO1FBQ2hCLCtEQUErRDtRQUMvRCwrREFBK0Q7UUFDL0QsK0NBQStDO1FBQy9DLHNEQUFzRDtRQUN0RCxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxTQUFTLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEdBQUcsQ0FBQyxTQUFTLEdBQUcsRUFBRTtRQUNoQiwrREFBK0Q7UUFDL0QsK0RBQStEO1FBQy9ELCtDQUErQztRQUMvQyxzREFBc0Q7UUFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksU0FBUyxDQUFDLENBQUM7UUFDbkYsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7T0FHRztJQUNILFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxJQUFJLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7T0FHRztJQUNILE9BQU87UUFDTCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsT0FBd0I7UUFDbkMscURBQXFEO1FBQ3JELElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUU7WUFDL0Isc0VBQXNFO1lBQ3RFLDRCQUE0QjtZQUM1QixvRUFBb0U7WUFDcEUsT0FBTyxJQUFJLENBQUMsQ0FBQyxrQkFBa0I7U0FDaEM7UUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEtBQUssSUFBSSxFQUFFO1lBQzlCLElBQUksSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLEtBQUssT0FBTyxDQUFDLFNBQVMsRUFBRTtnQkFDbEYscUVBQXFFO2dCQUNyRSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsQ0FBQzthQUN2RDtZQUNELElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxPQUFPLENBQUM7U0FDakM7UUFDRCxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGVBQWUsQ0FBQyxPQUFPLEdBQUcsRUFBRTtRQUMxQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xDLElBQUksT0FBTyxFQUFFO1lBQ1gsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsSUFBSSxPQUFPLENBQUMsQ0FBQztTQUNyRjtRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILGFBQWEsQ0FBQyxhQUFnQyxFQUFFO1FBQzlDLE9BQU8sVUFBVTthQUNkLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO1lBQ2YsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsa0JBQWtCO1FBQ3ZELENBQUMsQ0FBQzthQUNELE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxlQUFlLENBQUMsWUFBNkI7UUFDM0MsTUFBTSxPQUFPLEdBQUcsWUFBWSxFQUFFLEdBQUcsQ0FBQztRQUNsQywwRUFBMEU7UUFDMUUsOENBQThDO1FBQzlDLE1BQU0sY0FBYyxHQUFHLE9BQU8sSUFBSSxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDckQsSUFBSSxDQUFDLGNBQWMsRUFBRTtZQUNuQixPQUFPLElBQUksQ0FBQztTQUNiO1FBQ0QsaUVBQWlFO1FBQ2pFLGdFQUFnRTtRQUNoRSxpQ0FBaUM7UUFDakMsTUFBTSxFQUFFLFNBQVMsRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLGNBQWlDLENBQUM7UUFDckYsTUFBTSxPQUFPLEdBQW9CLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUUsQ0FBQztRQUMxRixJQUFJLGNBQWMsQ0FBQyxTQUFTLEVBQUU7WUFDNUIsT0FBTyxDQUFDLFNBQVMsR0FBRyxDQUFDLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQztTQUNoRDtRQUNELE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwQyxDQUFDO0NBQ0YifQ==

package/dist/web/tdf3/src/models/encryption-information.js

@@ -0,0 +1,86 @@
+import { keySplit } from '../utils/index.js';
+import { base64, hex } from '../../../src/encodings/index.js';
+import { Binary } from '../binary.js';
+import { ConfigurationError } from '../../../src/errors.js';
+export class SplitKey {
+    constructor(cipher) {
+        this.cipher = cipher;
+        this.cryptoService = cipher.cryptoService;
+        this.keyAccess = [];
+    }
+    async generateKey() {
+        const unwrappedKey = await this.cipher.generateKey();
+        const unwrappedKeyBinary = Binary.fromString(hex.decode(unwrappedKey));
+        const unwrappedKeyIvBinary = await this.generateIvBinary();
+        return { unwrappedKeyBinary, unwrappedKeyIvBinary };
+    }
+    async encrypt(contentBinary, keyBinary, ivBinaryOptional) {
+        const ivBinary = ivBinaryOptional || (await this.generateIvBinary());
+        return this.cipher.encrypt(contentBinary, keyBinary, ivBinary);
+    }
+    async decrypt(content, keyBinary) {
+        return this.cipher.decrypt(content, keyBinary);
+    }
+    async getKeyAccessObjects(policy, keyInfo) {
+        const splitIds = [...new Set(this.keyAccess.map(({ sid }) => sid))].sort((a, b) => a.localeCompare(b));
+        const unwrappedKeySplitBuffers = await keySplit(new Uint8Array(keyInfo.unwrappedKeyBinary.asByteArray()), splitIds.length, this.cryptoService);
+        const splitsByName = Object.fromEntries(splitIds.map((sid, index) => [sid, unwrappedKeySplitBuffers[index]]));
+        const keyAccessObjects = [];
+        for (const item of this.keyAccess) {
+            // use the key split to encrypt metadata for each key access object
+            const unwrappedKeySplitBuffer = splitsByName[item.sid];
+            const unwrappedKeySplitBinary = Binary.fromArrayBuffer(unwrappedKeySplitBuffer.buffer);
+            const metadata = item.metadata || '';
+            const metadataStr = (typeof metadata === 'object'
+                ? JSON.stringify(metadata)
+                : typeof metadata === 'string'
+                    ? metadata
+                    : () => {
+                        throw new ConfigurationError("KAO generation failure: metadata isn't a string or object");
+                    });
+            const metadataBinary = Binary.fromArrayBuffer(new TextEncoder().encode(metadataStr));
+            const encryptedMetadataResult = await this.encrypt(metadataBinary, unwrappedKeySplitBinary, keyInfo.unwrappedKeyIvBinary);
+            const encryptedMetadataOb = {
+                ciphertext: base64.encode(encryptedMetadataResult.payload.asString()),
+                iv: base64.encode(keyInfo.unwrappedKeyIvBinary.asString()),
+            };
+            const encryptedMetadataStr = JSON.stringify(encryptedMetadataOb);
+            const keyAccessObject = await item.write(policy, unwrappedKeySplitBuffer, encryptedMetadataStr);
+            keyAccessObjects.push(keyAccessObject);
+        }
+        return keyAccessObjects;
+    }
+    async generateIvBinary() {
+        const iv = await this.cipher.generateInitializationVector();
+        return Binary.fromString(hex.decode(iv));
+    }
+    async write(policy, keyInfo) {
+        const algorithm = this.cipher?.name;
+        if (!algorithm) {
+            // Hard coded as part of the cipher object. This should not be reachable.
+            throw new ConfigurationError('uninitialized cipher type');
+        }
+        const keyAccessObjects = await this.getKeyAccessObjects(policy, keyInfo);
+        // For now we're only concerned with a single (first) key access object
+        const policyForManifest = base64.encode(JSON.stringify(policy));
+        return {
+            type: 'split',
+            keyAccess: keyAccessObjects,
+            method: {
+                algorithm,
+                isStreamable: false,
+                iv: base64.encode(keyInfo.unwrappedKeyIvBinary.asString()),
+            },
+            integrityInformation: {
+                rootSignature: {
+                    alg: 'HS256',
+                    sig: '',
+                },
+                segmentHashAlg: 'GMAC',
+                segments: [],
+            },
+            policy: policyForManifest,
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdGlvbi1pbmZvcm1hdGlvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9lbmNyeXB0aW9uLWluZm9ybWF0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUM3QyxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQzlELE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFVdEMsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFzQzVELE1BQU0sT0FBTyxRQUFRO0lBSW5CLFlBQTRCLE1BQXVCO1FBQXZCLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQ2pELElBQUksQ0FBQyxhQUFhLEdBQUcsTUFBTSxDQUFDLGFBQWEsQ0FBQztRQUMxQyxJQUFJLENBQUMsU0FBUyxHQUFHLEVBQUUsQ0FBQztJQUN0QixDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDckQsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUN2RSxNQUFNLG9CQUFvQixHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFDM0QsT0FBTyxFQUFFLGtCQUFrQixFQUFFLG9CQUFvQixFQUFFLENBQUM7SUFDdEQsQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPLENBQ1gsYUFBcUIsRUFDckIsU0FBaUIsRUFDakIsZ0JBQXlCO1FBRXpCLE1BQU0sUUFBUSxHQUFHLGdCQUFnQixJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQyxDQUFDO1FBQ3JFLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLFNBQVMsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFtQixFQUFFLFNBQWlCO1FBQ2xELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFRCxLQUFLLENBQUMsbUJBQW1CLENBQUMsTUFBYyxFQUFFLE9BQWdCO1FBQ3hELE1BQU0sUUFBUSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FDaEYsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsQ0FDbkIsQ0FBQztRQUNGLE1BQU0sd0JBQXdCLEdBQUcsTUFBTSxRQUFRLENBQzdDLElBQUksVUFBVSxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxFQUN4RCxRQUFRLENBQUMsTUFBTSxFQUNmLElBQUksQ0FBQyxhQUFhLENBQ25CLENBQUM7UUFDRixNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsV0FBVyxDQUNyQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLEVBQUUsd0JBQXdCLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUNyRSxDQUFDO1FBRUYsTUFBTSxnQkFBZ0IsR0FBRyxFQUFFLENBQUM7UUFDNUIsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFO1lBQ2pDLG1FQUFtRTtZQUNuRSxNQUFNLHVCQUF1QixHQUFHLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDdkQsTUFBTSx1QkFBdUIsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLHVCQUF1QixDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBRXZGLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDO1lBQ3JDLE1BQU0sV0FBVyxHQUFHLENBQ2xCLE9BQU8sUUFBUSxLQUFLLFFBQVE7Z0JBQzFCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQztnQkFDMUIsQ0FBQyxDQUFDLE9BQU8sUUFBUSxLQUFLLFFBQVE7b0JBQzVCLENBQUMsQ0FBQyxRQUFRO29CQUNWLENBQUMsQ0FBQyxHQUFHLEVBQUU7d0JBQ0gsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiwyREFBMkQsQ0FDNUQsQ0FBQztvQkFDSixDQUFDLENBQ0UsQ0FBQztZQUVaLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxlQUFlLENBQUMsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQztZQUVyRixNQUFNLHVCQUF1QixHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FDaEQsY0FBYyxFQUNkLHVCQUF1QixFQUN2QixPQUFPLENBQUMsb0JBQW9CLENBQzdCLENBQUM7WUFFRixNQUFNLG1CQUFtQixHQUFHO2dCQUMxQixVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUM7Z0JBQ3JFLEVBQUUsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQyxRQUFRLEVBQUUsQ0FBQzthQUMzRCxDQUFDO1lBRUYsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLENBQUM7WUFDakUsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUN0QyxNQUFNLEVBQ04sdUJBQXVCLEVBQ3ZCLG9CQUFvQixDQUNyQixDQUFDO1lBQ0YsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1NBQ3hDO1FBRUQsT0FBTyxnQkFBZ0IsQ0FBQztJQUMxQixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQjtRQUNwQixNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsNEJBQTRCLEVBQUUsQ0FBQztRQUM1RCxPQUFPLE1BQU0sQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSyxDQUFDLE1BQWMsRUFBRSxPQUFnQjtRQUMxQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsU0FBUyxFQUFFO1lBQ2QseUVBQXlFO1lBQ3pFLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1NBQzNEO1FBQ0QsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsdUVBQXVFO1FBQ3ZFLE1BQU0saUJBQWlCLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFFaEUsT0FBTztZQUNMLElBQUksRUFBRSxPQUFPO1lBQ2IsU0FBUyxFQUFFLGdCQUFnQjtZQUMzQixNQUFNLEVBQUU7Z0JBQ04sU0FBUztnQkFDVCxZQUFZLEVBQUUsS0FBSztnQkFDbkIsRUFBRSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLG9CQUFvQixDQUFDLFFBQVEsRUFBRSxDQUFDO2FBQzNEO1lBQ0Qsb0JBQW9CLEVBQUU7Z0JBQ3BCLGFBQWEsRUFBRTtvQkFDYixHQUFHLEVBQUUsT0FBTztvQkFDWixHQUFHLEVBQUUsRUFBRTtpQkFDUjtnQkFDRCxjQUFjLEVBQUUsTUFBTTtnQkFDdEIsUUFBUSxFQUFFLEVBQUU7YUFDYjtZQUNELE1BQU0sRUFBRSxpQkFBaUI7U0FDMUIsQ0FBQztJQUNKLENBQUM7Q0FDRiJ9

package/dist/web/tdf3/src/models/index.js

@@ -0,0 +1,9 @@
+export * from './attribute-set.js';
+export * from './encryption-information.js';
+export * from './key-access.js';
+export * from './manifest.js';
+export * from './payload.js';
+export * from './policy.js';
+export * from './upsert-response.js';
+export * from '../assertions.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9tb2RlbHMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLDZCQUE2QixDQUFDO0FBQzVDLGNBQWMsaUJBQWlCLENBQUM7QUFDaEMsY0FBYyxlQUFlLENBQUM7QUFDOUIsY0FBYyxjQUFjLENBQUM7QUFDN0IsY0FBYyxhQUFhLENBQUM7QUFDNUIsY0FBYyxzQkFBc0IsQ0FBQztBQUNyQyxjQUFjLGtCQUFrQixDQUFDIn0=

package/dist/web/tdf3/src/models/key-access.js

@@ -0,0 +1,74 @@
+import { Binary } from '../binary.js';
+import { base64, hex } from '../../../src/encodings/index.js';
+import * as cryptoService from '../crypto/index.js';
+export function isRemote(keyAccessJSON) {
+    return keyAccessJSON.type === 'remote';
+}
+export class Wrapped {
+    constructor(url, kid, publicKey, metadata, sid) {
+        this.url = url;
+        this.kid = kid;
+        this.publicKey = publicKey;
+        this.metadata = metadata;
+        this.sid = sid;
+        this.type = 'wrapped';
+    }
+    async write(policy, keyBuffer, encryptedMetadataStr) {
+        const policyStr = JSON.stringify(policy);
+        const unwrappedKeyBinary = Binary.fromArrayBuffer(keyBuffer.buffer);
+        const wrappedKeyBinary = await cryptoService.encryptWithPublicKey(unwrappedKeyBinary, this.publicKey);
+        const policyBinding = await cryptoService.hmac(hex.encodeArrayBuffer(keyBuffer), base64.encode(policyStr));
+        this.keyAccessObject = {
+            type: 'wrapped',
+            url: this.url,
+            protocol: 'kas',
+            wrappedKey: base64.encode(wrappedKeyBinary.asString()),
+            encryptedMetadata: base64.encode(encryptedMetadataStr),
+            policyBinding: {
+                alg: 'HS256',
+                hash: base64.encode(policyBinding),
+            },
+        };
+        if (this.kid) {
+            this.keyAccessObject.kid = this.kid;
+        }
+        if (this.sid?.length) {
+            this.keyAccessObject.sid = this.sid;
+        }
+        return this.keyAccessObject;
+    }
+}
+export class Remote {
+    constructor(url, kid, publicKey, metadata, sid) {
+        this.url = url;
+        this.kid = kid;
+        this.publicKey = publicKey;
+        this.metadata = metadata;
+        this.sid = sid;
+        this.type = 'remote';
+    }
+    async write(policy, keyBuffer, encryptedMetadataStr) {
+        const policyStr = JSON.stringify(policy);
+        const policyBinding = await cryptoService.hmac(hex.encodeArrayBuffer(keyBuffer), base64.encode(policyStr));
+        const unwrappedKeyBinary = Binary.fromArrayBuffer(keyBuffer.buffer);
+        const wrappedKeyBinary = await cryptoService.encryptWithPublicKey(unwrappedKeyBinary, this.publicKey);
+        // this.wrappedKey = wrappedKeyBinary.asBuffer().toString('hex');
+        this.wrappedKey = base64.encode(wrappedKeyBinary.asString());
+        this.keyAccessObject = {
+            type: 'remote',
+            url: this.url,
+            protocol: 'kas',
+            wrappedKey: this.wrappedKey,
+            encryptedMetadata: base64.encode(encryptedMetadataStr),
+            policyBinding: {
+                alg: 'HS256',
+                hash: base64.encode(policyBinding),
+            },
+        };
+        if (this.kid) {
+            this.keyAccessObject.kid = this.kid;
+        }
+        return this.keyAccessObject;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWFjY2Vzcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9rZXktYWNjZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUM5RCxPQUFPLEtBQUssYUFBYSxNQUFNLG9CQUFvQixDQUFDO0FBS3BELE1BQU0sVUFBVSxRQUFRLENBQUMsYUFBMEM7SUFDakUsT0FBTyxhQUFhLENBQUMsSUFBSSxLQUFLLFFBQVEsQ0FBQztBQUN6QyxDQUFDO0FBRUQsTUFBTSxPQUFPLE9BQU87SUFJbEIsWUFDa0IsR0FBVyxFQUNYLEdBQXVCLEVBQ3ZCLFNBQWlCLEVBQ2pCLFFBQWlCLEVBQ2pCLEdBQVc7UUFKWCxRQUFHLEdBQUgsR0FBRyxDQUFRO1FBQ1gsUUFBRyxHQUFILEdBQUcsQ0FBb0I7UUFDdkIsY0FBUyxHQUFULFNBQVMsQ0FBUTtRQUNqQixhQUFRLEdBQVIsUUFBUSxDQUFTO1FBQ2pCLFFBQUcsR0FBSCxHQUFHLENBQVE7UUFScEIsU0FBSSxHQUFHLFNBQVMsQ0FBQztJQVN2QixDQUFDO0lBRUosS0FBSyxDQUFDLEtBQUssQ0FDVCxNQUFjLEVBQ2QsU0FBcUIsRUFDckIsb0JBQTRCO1FBRTVCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwRSxNQUFNLGdCQUFnQixHQUFHLE1BQU0sYUFBYSxDQUFDLG9CQUFvQixDQUMvRCxrQkFBa0IsRUFDbEIsSUFBSSxDQUFDLFNBQVMsQ0FDZixDQUFDO1FBRUYsTUFBTSxhQUFhLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUM1QyxHQUFHLENBQUMsaUJBQWlCLENBQUMsU0FBUyxDQUFDLEVBQ2hDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQ3pCLENBQUM7UUFFRixJQUFJLENBQUMsZUFBZSxHQUFHO1lBQ3JCLElBQUksRUFBRSxTQUFTO1lBQ2YsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ2IsUUFBUSxFQUFFLEtBQUs7WUFDZixVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUN0RCxpQkFBaUIsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFDO1lBQ3RELGFBQWEsRUFBRTtnQkFDYixHQUFHLEVBQUUsT0FBTztnQkFDWixJQUFJLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLENBQUM7YUFDbkM7U0FDRixDQUFDO1FBQ0YsSUFBSSxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQ1osSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQztTQUNyQztRQUNELElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUU7WUFDcEIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQztTQUNyQztRQUVELE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQztJQUM5QixDQUFDO0NBQ0Y7QUFFRCxNQUFNLE9BQU8sTUFBTTtJQU1qQixZQUNrQixHQUFXLEVBQ1gsR0FBdUIsRUFDdkIsU0FBaUIsRUFDakIsUUFBaUIsRUFDakIsR0FBVztRQUpYLFFBQUcsR0FBSCxHQUFHLENBQVE7UUFDWCxRQUFHLEdBQUgsR0FBRyxDQUFvQjtRQUN2QixjQUFTLEdBQVQsU0FBUyxDQUFRO1FBQ2pCLGFBQVEsR0FBUixRQUFRLENBQVM7UUFDakIsUUFBRyxHQUFILEdBQUcsQ0FBUTtRQVZwQixTQUFJLEdBQUcsUUFBUSxDQUFDO0lBV3RCLENBQUM7SUFFSixLQUFLLENBQUMsS0FBSyxDQUNULE1BQWMsRUFDZCxTQUFxQixFQUNyQixvQkFBNEI7UUFFNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN6QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGFBQWEsQ0FBQyxJQUFJLENBQzVDLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsRUFDaEMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FDekIsQ0FBQztRQUNGLE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDcEUsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGFBQWEsQ0FBQyxvQkFBb0IsQ0FDL0Qsa0JBQWtCLEVBQ2xCLElBQUksQ0FBQyxTQUFTLENBQ2YsQ0FBQztRQUVGLGlFQUFpRTtRQUNqRSxJQUFJLENBQUMsVUFBVSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUU3RCxJQUFJLENBQUMsZUFBZSxHQUFHO1lBQ3JCLElBQUksRUFBRSxRQUFRO1lBQ2QsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ2IsUUFBUSxFQUFFLEtBQUs7WUFDZixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0IsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQztZQUN0RCxhQUFhLEVBQUU7Z0JBQ2IsR0FBRyxFQUFFLE9BQU87Z0JBQ1osSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDO2FBQ25DO1NBQ0YsQ0FBQztRQUNGLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRTtZQUNaLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7U0FDckM7UUFDRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUM7SUFDOUIsQ0FBQztDQUNGIn0=

package/dist/web/tdf3/src/models/manifest.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuaWZlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9tb2RlbHMvbWFuaWZlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/tdf3/src/models/payload.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGF5bG9hZC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9wYXlsb2FkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIifQ==

package/dist/web/tdf3/src/models/policy.js

@@ -0,0 +1,20 @@
+import { ConfigurationError } from '../../../src/errors.js';
+export const CURRENT_VERSION = '1.1.0';
+export function validatePolicyObject(policyMaybe) {
+    if (typeof policyMaybe !== 'object') {
+        throw new ConfigurationError(`The given policy reference must be an object, not: ${policyMaybe}`);
+    }
+    const policy = policyMaybe;
+    const missingFields = [];
+    if (!policy.uuid)
+        missingFields.push('uuid');
+    if (!policy.body)
+        missingFields.push('body', 'body.dissem');
+    if (policy.body && !policy.body.dissem)
+        missingFields.push('body.dissem');
+    if (missingFields.length) {
+        throw new ConfigurationError(`The given policy object requires the following properties: ${missingFields}`);
+    }
+    return true;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvbW9kZWxzL3BvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUc1RCxNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsT0FBTyxDQUFDO0FBYXZDLE1BQU0sVUFBVSxvQkFBb0IsQ0FBQyxXQUFvQjtJQUN2RCxJQUFJLE9BQU8sV0FBVyxLQUFLLFFBQVEsRUFBRTtRQUNuQyxNQUFNLElBQUksa0JBQWtCLENBQzFCLHNEQUFzRCxXQUFXLEVBQUUsQ0FDcEUsQ0FBQztLQUNIO0lBQ0QsTUFBTSxNQUFNLEdBQUcsV0FBcUIsQ0FBQztJQUNyQyxNQUFNLGFBQWEsR0FBRyxFQUFFLENBQUM7SUFDekIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJO1FBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUM3QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUk7UUFBRSxhQUFhLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQztJQUM1RCxJQUFJLE1BQU0sQ0FBQyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU07UUFBRSxhQUFhLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRTFFLElBQUksYUFBYSxDQUFDLE1BQU0sRUFBRTtRQUN4QixNQUFNLElBQUksa0JBQWtCLENBQzFCLDhEQUE4RCxhQUFhLEVBQUUsQ0FDOUUsQ0FBQztLQUNIO0lBQ0QsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDIn0=