npm - @opentdf/sdk - Versions diffs - 0.1.0-beta.1701 - Mend

@opentdf/sdk 0.1.0-beta.1701

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (566) hide show

package/README.md +52 -0
package/dist/cjs/package.json +3 -0
package/dist/cjs/src/access.js +155 -0
package/dist/cjs/src/auth/Eas.js +60 -0
package/dist/cjs/src/auth/auth.js +79 -0
package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +26 -0
package/dist/cjs/src/auth/oidc-externaljwt-provider.js +33 -0
package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +34 -0
package/dist/cjs/src/auth/oidc.js +222 -0
package/dist/cjs/src/auth/providers.js +143 -0
package/dist/cjs/src/encodings/base64.js +154 -0
package/dist/cjs/src/encodings/hex.js +70 -0
package/dist/cjs/src/encodings/index.js +29 -0
package/dist/cjs/src/errors.js +138 -0
package/dist/cjs/src/index.js +344 -0
package/dist/cjs/src/nanotdf/Client.js +296 -0
package/dist/cjs/src/nanotdf/NanoTDF.js +94 -0
package/dist/cjs/src/nanotdf/browser-entry.js +19 -0
package/dist/cjs/src/nanotdf/constants.js +5 -0
package/dist/cjs/src/nanotdf/decrypt.js +17 -0
package/dist/cjs/src/nanotdf/encrypt-dataset.js +38 -0
package/dist/cjs/src/nanotdf/encrypt.js +132 -0
package/dist/cjs/src/nanotdf/enum/CipherEnum.js +13 -0
package/dist/cjs/src/nanotdf/enum/CurveNameEnum.js +15 -0
package/dist/cjs/src/nanotdf/enum/EncodingEnum.js +8 -0
package/dist/cjs/src/nanotdf/enum/PolicyTypeEnum.js +11 -0
package/dist/cjs/src/nanotdf/enum/ProtocolEnum.js +10 -0
package/dist/cjs/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +11 -0
package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +29 -0
package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +11 -0
package/dist/cjs/src/nanotdf/index.js +25 -0
package/dist/cjs/src/nanotdf/interfaces/PolicyInterface.js +3 -0
package/dist/cjs/src/nanotdf/models/Ciphers.js +61 -0
package/dist/cjs/src/nanotdf/models/DefaultParams.js +27 -0
package/dist/cjs/src/nanotdf/models/EcCurves.js +39 -0
package/dist/cjs/src/nanotdf/models/Header.js +255 -0
package/dist/cjs/src/nanotdf/models/Payload.js +158 -0
package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +73 -0
package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +82 -0
package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +38 -0
package/dist/cjs/src/nanotdf/models/Policy/RemotePolicy.js +62 -0
package/dist/cjs/src/nanotdf/models/ResourceLocator.js +211 -0
package/dist/cjs/src/nanotdf/models/Signature.js +77 -0
package/dist/cjs/src/nanotdf-crypto/ciphers.js +17 -0
package/dist/cjs/src/nanotdf-crypto/decrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/digest.js +7 -0
package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +83 -0
package/dist/cjs/src/nanotdf-crypto/encrypt.js +24 -0
package/dist/cjs/src/nanotdf-crypto/enums.js +52 -0
package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +20 -0
package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +13 -0
package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +12 -0
package/dist/cjs/src/nanotdf-crypto/importRawKey.js +18 -0
package/dist/cjs/src/nanotdf-crypto/index.js +52 -0
package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +91 -0
package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +225 -0
package/dist/cjs/src/policy/api.js +58 -0
package/dist/cjs/src/policy/attributes.js +3 -0
package/dist/cjs/src/policy/granter.js +146 -0
package/dist/cjs/src/tdf/AttributeObject.js +15 -0
package/dist/cjs/src/tdf/AttributeObjectJwt.js +3 -0
package/dist/cjs/src/tdf/Crypto.js +47 -0
package/dist/cjs/src/tdf/EntityObject.js +3 -0
package/dist/cjs/src/tdf/NanoTDF/NanoTDF.js +38 -0
package/dist/cjs/src/tdf/Policy.js +50 -0
package/dist/cjs/src/tdf/PolicyObject.js +3 -0
package/dist/cjs/src/tdf/TypedArray.js +3 -0
package/dist/cjs/src/tdf/index.js +35 -0
package/dist/cjs/src/types/index.js +3 -0
package/dist/cjs/src/utils.js +147 -0
package/dist/cjs/src/version.js +12 -0
package/dist/cjs/tdf3/index.js +57 -0
package/dist/cjs/tdf3/src/assertions.js +118 -0
package/dist/cjs/tdf3/src/binary.js +153 -0
package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +56 -0
package/dist/cjs/tdf3/src/ciphers/algorithms.js +8 -0
package/dist/cjs/tdf3/src/ciphers/index.js +8 -0
package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +22 -0
package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +116 -0
package/dist/cjs/tdf3/src/client/builders.js +561 -0
package/dist/cjs/tdf3/src/client/index.js +460 -0
package/dist/cjs/tdf3/src/client/validation.js +63 -0
package/dist/cjs/tdf3/src/crypto/crypto-utils.js +116 -0
package/dist/cjs/tdf3/src/crypto/declarations.js +8 -0
package/dist/cjs/tdf3/src/crypto/index.js +315 -0
package/dist/cjs/tdf3/src/index.js +34 -0
package/dist/cjs/tdf3/src/models/attribute-set.js +122 -0
package/dist/cjs/tdf3/src/models/encryption-information.js +90 -0
package/dist/cjs/tdf3/src/models/index.js +25 -0
package/dist/cjs/tdf3/src/models/key-access.js +103 -0
package/dist/cjs/tdf3/src/models/manifest.js +3 -0
package/dist/cjs/tdf3/src/models/payload.js +3 -0
package/dist/cjs/tdf3/src/models/policy.js +24 -0
package/dist/cjs/tdf3/src/models/upsert-response.js +3 -0
package/dist/cjs/tdf3/src/tdf.js +907 -0
package/dist/cjs/tdf3/src/templates/default.html.js +98 -0
package/dist/cjs/tdf3/src/templates/escaper.js +15 -0
package/dist/cjs/tdf3/src/templates/index.js +12 -0
package/dist/cjs/tdf3/src/utils/buffer-crc32.js +48 -0
package/dist/cjs/tdf3/src/utils/chunkers.js +106 -0
package/dist/cjs/tdf3/src/utils/index.js +296 -0
package/dist/cjs/tdf3/src/utils/keysplit.js +61 -0
package/dist/cjs/tdf3/src/utils/zip-reader.js +253 -0
package/dist/cjs/tdf3/src/utils/zip-writer.js +308 -0
package/dist/cjs/tdf3/src/version.js +6 -0
package/dist/types/src/access.d.ts +47 -0
package/dist/types/src/access.d.ts.map +1 -0
package/dist/types/src/auth/Eas.d.ts +34 -0
package/dist/types/src/auth/Eas.d.ts.map +1 -0
package/dist/types/src/auth/auth.d.ts +86 -0
package/dist/types/src/auth/auth.d.ts.map +1 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +9 -0
package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +10 -0
package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -0
package/dist/types/src/auth/oidc.d.ts +104 -0
package/dist/types/src/auth/oidc.d.ts.map +1 -0
package/dist/types/src/auth/providers.d.ts +67 -0
package/dist/types/src/auth/providers.d.ts.map +1 -0
package/dist/types/src/encodings/base64.d.ts +18 -0
package/dist/types/src/encodings/base64.d.ts.map +1 -0
package/dist/types/src/encodings/hex.d.ts +5 -0
package/dist/types/src/encodings/hex.d.ts.map +1 -0
package/dist/types/src/encodings/index.d.ts +3 -0
package/dist/types/src/encodings/index.d.ts.map +1 -0
package/dist/types/src/errors.d.ts +72 -0
package/dist/types/src/errors.d.ts.map +1 -0
package/dist/types/src/index.d.ts +138 -0
package/dist/types/src/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/Client.d.ts +95 -0
package/dist/types/src/nanotdf/Client.d.ts.map +1 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts +25 -0
package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -0
package/dist/types/src/nanotdf/browser-entry.d.ts +17 -0
package/dist/types/src/nanotdf/browser-entry.d.ts.map +1 -0
package/dist/types/src/nanotdf/constants.d.ts +2 -0
package/dist/types/src/nanotdf/constants.d.ts.map +1 -0
package/dist/types/src/nanotdf/decrypt.d.ts +9 -0
package/dist/types/src/nanotdf/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts +12 -0
package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -0
package/dist/types/src/nanotdf/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +10 -0
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts +12 -0
package/dist/types/src/nanotdf/enum/CurveNameEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts +5 -0
package/dist/types/src/nanotdf/enum/EncodingEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts +7 -0
package/dist/types/src/nanotdf/enum/ProtocolEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts +8 -0
package/dist/types/src/nanotdf/enum/ResourceLocatorIdentifierEnum.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts +20 -0
package/dist/types/src/nanotdf/helpers/calculateByCurve.d.ts.map +1 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +9 -0
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -0
package/dist/types/src/nanotdf/index.d.ts +9 -0
package/dist/types/src/nanotdf/index.d.ts.map +1 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts +17 -0
package/dist/types/src/nanotdf/interfaces/PolicyInterface.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts +14 -0
package/dist/types/src/nanotdf/models/Ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts +21 -0
package/dist/types/src/nanotdf/models/DefaultParams.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts +15 -0
package/dist/types/src/nanotdf/models/EcCurves.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Header.d.ts +73 -0
package/dist/types/src/nanotdf/models/Header.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Payload.d.ts +47 -0
package/dist/types/src/nanotdf/models/Payload.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts +52 -0
package/dist/types/src/nanotdf/models/Policy/AbstractPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts +35 -0
package/dist/types/src/nanotdf/models/Policy/EmbeddedPolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts +11 -0
package/dist/types/src/nanotdf/models/Policy/PolicyFactory.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts +31 -0
package/dist/types/src/nanotdf/models/Policy/RemotePolicy.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts +65 -0
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -0
package/dist/types/src/nanotdf/models/Signature.d.ts +33 -0
package/dist/types/src/nanotdf/models/Signature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts +8 -0
package/dist/types/src/nanotdf-crypto/ciphers.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/decrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts +3 -0
package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts +35 -0
package/dist/types/src/nanotdf-crypto/ecdsaSignature.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts +14 -0
package/dist/types/src/nanotdf-crypto/encrypt.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts +42 -0
package/dist/types/src/nanotdf-crypto/enums.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts +7 -0
package/dist/types/src/nanotdf-crypto/exportCryptoKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +10 -0
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +5 -0
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +13 -0
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/index.d.ts +12 -0
package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts +28 -0
package/dist/types/src/nanotdf-crypto/pemPublicToCrypto.d.ts.map +1 -0
package/dist/types/src/policy/api.d.ts +4 -0
package/dist/types/src/policy/api.d.ts.map +1 -0
package/dist/types/src/policy/attributes.d.ts +95 -0
package/dist/types/src/policy/attributes.d.ts.map +1 -0
package/dist/types/src/policy/granter.d.ts +23 -0
package/dist/types/src/policy/granter.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObject.d.ts +13 -0
package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts +4 -0
package/dist/types/src/tdf/AttributeObjectJwt.d.ts.map +1 -0
package/dist/types/src/tdf/Crypto.d.ts +37 -0
package/dist/types/src/tdf/Crypto.d.ts.map +1 -0
package/dist/types/src/tdf/EntityObject.d.ts +18 -0
package/dist/types/src/tdf/EntityObject.d.ts.map +1 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +99 -0
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -0
package/dist/types/src/tdf/Policy.d.ts +28 -0
package/dist/types/src/tdf/Policy.d.ts.map +1 -0
package/dist/types/src/tdf/PolicyObject.d.ts +11 -0
package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -0
package/dist/types/src/tdf/TypedArray.d.ts +3 -0
package/dist/types/src/tdf/TypedArray.d.ts.map +1 -0
package/dist/types/src/tdf/index.d.ts +7 -0
package/dist/types/src/tdf/index.d.ts.map +1 -0
package/dist/types/src/types/index.d.ts +45 -0
package/dist/types/src/types/index.d.ts.map +1 -0
package/dist/types/src/utils.d.ts +45 -0
package/dist/types/src/utils.d.ts.map +1 -0
package/dist/types/src/version.d.ts +9 -0
package/dist/types/src/version.d.ts.map +1 -0
package/dist/types/tdf3/index.d.ts +16 -0
package/dist/types/tdf3/index.d.ts.map +1 -0
package/dist/types/tdf3/src/assertions.d.ts +63 -0
package/dist/types/tdf3/src/assertions.d.ts.map +1 -0
package/dist/types/tdf3/src/binary.d.ts +38 -0
package/dist/types/tdf3/src/binary.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +18 -0
package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts +4 -0
package/dist/types/tdf3/src/ciphers/algorithms.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/index.d.ts +3 -0
package/dist/types/tdf3/src/ciphers/index.d.ts.map +1 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +14 -0
package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +53 -0
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -0
package/dist/types/tdf3/src/client/builders.d.ts +436 -0
package/dist/types/tdf3/src/client/builders.d.ts.map +1 -0
package/dist/types/tdf3/src/client/index.d.ts +139 -0
package/dist/types/tdf3/src/client/index.d.ts.map +1 -0
package/dist/types/tdf3/src/client/validation.d.ts +8 -0
package/dist/types/tdf3/src/client/validation.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +34 -0
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts +60 -0
package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -0
package/dist/types/tdf3/src/crypto/index.d.ts +103 -0
package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -0
package/dist/types/tdf3/src/index.d.ts +5 -0
package/dist/types/tdf3/src/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts +65 -0
package/dist/types/tdf3/src/models/attribute-set.d.ts.map +1 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts +49 -0
package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -0
package/dist/types/tdf3/src/models/index.d.ts +9 -0
package/dist/types/tdf3/src/models/index.d.ts.map +1 -0
package/dist/types/tdf3/src/models/key-access.d.ts +42 -0
package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -0
package/dist/types/tdf3/src/models/manifest.d.ts +9 -0
package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -0
package/dist/types/tdf3/src/models/payload.d.ts +7 -0
package/dist/types/tdf3/src/models/payload.d.ts.map +1 -0
package/dist/types/tdf3/src/models/policy.d.ts +13 -0
package/dist/types/tdf3/src/models/policy.d.ts.map +1 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts +16 -0
package/dist/types/tdf3/src/models/upsert-response.d.ts.map +1 -0
package/dist/types/tdf3/src/tdf.d.ts +152 -0
package/dist/types/tdf3/src/tdf.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/default.html.d.ts +8 -0
package/dist/types/tdf3/src/templates/default.html.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/escaper.d.ts +6 -0
package/dist/types/tdf3/src/templates/escaper.d.ts.map +1 -0
package/dist/types/tdf3/src/templates/index.d.ts +3 -0
package/dist/types/tdf3/src/templates/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts +2 -0
package/dist/types/tdf3/src/utils/buffer-crc32.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts +29 -0
package/dist/types/tdf3/src/utils/chunkers.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/index.d.ts +36 -0
package/dist/types/tdf3/src/utils/index.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts +19 -0
package/dist/types/tdf3/src/utils/keysplit.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts +63 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts +35 -0
package/dist/types/tdf3/src/utils/zip-writer.d.ts.map +1 -0
package/dist/types/tdf3/src/version.d.ts +3 -0
package/dist/types/tdf3/src/version.d.ts.map +1 -0
package/dist/web/package.json +3 -0
package/dist/web/src/access.js +147 -0
package/dist/web/src/auth/Eas.js +55 -0
package/dist/web/src/auth/auth.js +71 -0
package/dist/web/src/auth/oidc-clientcredentials-provider.js +22 -0
package/dist/web/src/auth/oidc-externaljwt-provider.js +29 -0
package/dist/web/src/auth/oidc-refreshtoken-provider.js +30 -0
package/dist/web/src/auth/oidc.js +215 -0
package/dist/web/src/auth/providers.js +119 -0
package/dist/web/src/encodings/base64.js +147 -0
package/dist/web/src/encodings/hex.js +63 -0
package/dist/web/src/encodings/index.js +3 -0
package/dist/web/src/errors.js +123 -0
package/dist/web/src/index.js +313 -0
package/dist/web/src/nanotdf/Client.js +268 -0
package/dist/web/src/nanotdf/NanoTDF.js +89 -0
package/dist/web/src/nanotdf/browser-entry.js +14 -0
package/dist/web/src/nanotdf/constants.js +2 -0
package/dist/web/src/nanotdf/decrypt.js +14 -0
package/dist/web/src/nanotdf/encrypt-dataset.js +32 -0
package/dist/web/src/nanotdf/encrypt.js +126 -0
package/dist/web/src/nanotdf/enum/CipherEnum.js +11 -0
package/dist/web/src/nanotdf/enum/CurveNameEnum.js +13 -0
package/dist/web/src/nanotdf/enum/EncodingEnum.js +6 -0
package/dist/web/src/nanotdf/enum/PolicyTypeEnum.js +9 -0
package/dist/web/src/nanotdf/enum/ProtocolEnum.js +8 -0
package/dist/web/src/nanotdf/enum/ResourceLocatorIdentifierEnum.js +9 -0
package/dist/web/src/nanotdf/helpers/calculateByCurve.js +24 -0
package/dist/web/src/nanotdf/helpers/getHkdfSalt.js +8 -0
package/dist/web/src/nanotdf/index.js +11 -0
package/dist/web/src/nanotdf/interfaces/PolicyInterface.js +2 -0
package/dist/web/src/nanotdf/models/Ciphers.js +54 -0
package/dist/web/src/nanotdf/models/DefaultParams.js +22 -0
package/dist/web/src/nanotdf/models/EcCurves.js +32 -0
package/dist/web/src/nanotdf/models/Header.js +250 -0
package/dist/web/src/nanotdf/models/Payload.js +156 -0
package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +71 -0
package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +77 -0
package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +33 -0
package/dist/web/src/nanotdf/models/Policy/RemotePolicy.js +57 -0
package/dist/web/src/nanotdf/models/ResourceLocator.js +206 -0
package/dist/web/src/nanotdf/models/Signature.js +74 -0
package/dist/web/src/nanotdf-crypto/ciphers.js +14 -0
package/dist/web/src/nanotdf-crypto/decrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/digest.js +4 -0
package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +77 -0
package/dist/web/src/nanotdf-crypto/encrypt.js +21 -0
package/dist/web/src/nanotdf-crypto/enums.js +49 -0
package/dist/web/src/nanotdf-crypto/exportCryptoKey.js +17 -0
package/dist/web/src/nanotdf-crypto/generateKeyPair.js +10 -0
package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +9 -0
package/dist/web/src/nanotdf-crypto/importRawKey.js +15 -0
package/dist/web/src/nanotdf-crypto/index.js +12 -0
package/dist/web/src/nanotdf-crypto/keyAgreement.js +87 -0
package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +197 -0
package/dist/web/src/policy/api.js +54 -0
package/dist/web/src/policy/attributes.js +2 -0
package/dist/web/src/policy/granter.js +141 -0
package/dist/web/src/tdf/AttributeObject.js +11 -0
package/dist/web/src/tdf/AttributeObjectJwt.js +2 -0
package/dist/web/src/tdf/Crypto.js +44 -0
package/dist/web/src/tdf/EntityObject.js +2 -0
package/dist/web/src/tdf/NanoTDF/NanoTDF.js +35 -0
package/dist/web/src/tdf/Policy.js +48 -0
package/dist/web/src/tdf/PolicyObject.js +2 -0
package/dist/web/src/tdf/TypedArray.js +2 -0
package/dist/web/src/tdf/index.js +4 -0
package/dist/web/src/types/index.js +2 -0
package/dist/web/src/utils.js +133 -0
package/dist/web/src/version.js +9 -0
package/dist/web/tdf3/index.js +13 -0
package/dist/web/tdf3/src/assertions.js +111 -0
package/dist/web/tdf3/src/binary.js +149 -0
package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +52 -0
package/dist/web/tdf3/src/ciphers/algorithms.js +5 -0
package/dist/web/tdf3/src/ciphers/index.js +3 -0
package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +18 -0
package/dist/web/tdf3/src/client/DecoratedReadableStream.js +107 -0
package/dist/web/tdf3/src/client/builders.js +557 -0
package/dist/web/tdf3/src/client/index.js +423 -0
package/dist/web/tdf3/src/client/validation.js +58 -0
package/dist/web/tdf3/src/crypto/crypto-utils.js +107 -0
package/dist/web/tdf3/src/crypto/declarations.js +5 -0
package/dist/web/tdf3/src/crypto/index.js +296 -0
package/dist/web/tdf3/src/index.js +5 -0
package/dist/web/tdf3/src/models/attribute-set.js +118 -0
package/dist/web/tdf3/src/models/encryption-information.js +86 -0
package/dist/web/tdf3/src/models/index.js +9 -0
package/dist/web/tdf3/src/models/key-access.js +74 -0
package/dist/web/tdf3/src/models/manifest.js +2 -0
package/dist/web/tdf3/src/models/payload.js +2 -0
package/dist/web/tdf3/src/models/policy.js +20 -0
package/dist/web/tdf3/src/models/upsert-response.js +2 -0
package/dist/web/tdf3/src/tdf.js +866 -0
package/dist/web/tdf3/src/templates/default.html.js +96 -0
package/dist/web/tdf3/src/templates/escaper.js +10 -0
package/dist/web/tdf3/src/templates/index.js +3 -0
package/dist/web/tdf3/src/utils/buffer-crc32.js +44 -0
package/dist/web/tdf3/src/utils/chunkers.js +96 -0
package/dist/web/tdf3/src/utils/index.js +248 -0
package/dist/web/tdf3/src/utils/keysplit.js +55 -0
package/dist/web/tdf3/src/utils/zip-reader.js +247 -0
package/dist/web/tdf3/src/utils/zip-writer.js +302 -0
package/dist/web/tdf3/src/version.js +3 -0
package/package.json +126 -0
package/src/access.ts +198 -0
package/src/auth/Eas.ts +79 -0
package/src/auth/auth.ts +141 -0
package/src/auth/oidc-clientcredentials-provider.ts +32 -0
package/src/auth/oidc-externaljwt-provider.ts +41 -0
package/src/auth/oidc-refreshtoken-provider.ts +41 -0
package/src/auth/oidc.ts +307 -0
package/src/auth/providers.ts +139 -0
package/src/encodings/base64.ts +160 -0
package/src/encodings/hex.ts +69 -0
package/src/encodings/index.ts +2 -0
package/src/errors.ts +113 -0
package/src/index.ts +441 -0
package/src/nanotdf/Client.ts +349 -0
package/src/nanotdf/NanoTDF.ts +121 -0
package/src/nanotdf/browser-entry.ts +20 -0
package/src/nanotdf/constants.ts +1 -0
package/src/nanotdf/decrypt.ts +19 -0
package/src/nanotdf/encrypt-dataset.ts +52 -0
package/src/nanotdf/encrypt.ts +197 -0
package/src/nanotdf/enum/CipherEnum.ts +10 -0
package/src/nanotdf/enum/CurveNameEnum.ts +12 -0
package/src/nanotdf/enum/EncodingEnum.ts +5 -0
package/src/nanotdf/enum/PolicyTypeEnum.ts +8 -0
package/src/nanotdf/enum/ProtocolEnum.ts +7 -0
package/src/nanotdf/enum/ResourceLocatorIdentifierEnum.ts +8 -0
package/src/nanotdf/helpers/calculateByCurve.ts +26 -0
package/src/nanotdf/helpers/getHkdfSalt.ts +15 -0
package/src/nanotdf/index.ts +10 -0
package/src/nanotdf/interfaces/PolicyInterface.ts +27 -0
package/src/nanotdf/models/Ciphers.ts +67 -0
package/src/nanotdf/models/DefaultParams.ts +24 -0
package/src/nanotdf/models/EcCurves.ts +40 -0
package/src/nanotdf/models/Header.ts +322 -0
package/src/nanotdf/models/Payload.ts +196 -0
package/src/nanotdf/models/Policy/AbstractPolicy.ts +90 -0
package/src/nanotdf/models/Policy/EmbeddedPolicy.ts +101 -0
package/src/nanotdf/models/Policy/PolicyFactory.ts +48 -0
package/src/nanotdf/models/Policy/RemotePolicy.ts +74 -0
package/src/nanotdf/models/ResourceLocator.ts +212 -0
package/src/nanotdf/models/Signature.ts +85 -0
package/src/nanotdf-crypto/ciphers.ts +13 -0
package/src/nanotdf-crypto/decrypt.ts +30 -0
package/src/nanotdf-crypto/digest.ts +8 -0
package/src/nanotdf-crypto/ecdsaSignature.ts +109 -0
package/src/nanotdf-crypto/encrypt.ts +30 -0
package/src/nanotdf-crypto/enums.ts +47 -0
package/src/nanotdf-crypto/exportCryptoKey.ts +17 -0
package/src/nanotdf-crypto/generateKeyPair.ts +19 -0
package/src/nanotdf-crypto/generateRandomNumber.ts +8 -0
package/src/nanotdf-crypto/importRawKey.ts +19 -0
package/src/nanotdf-crypto/index.ts +11 -0
package/src/nanotdf-crypto/keyAgreement.ts +139 -0
package/src/nanotdf-crypto/pemPublicToCrypto.ts +232 -0
package/src/package-lock.json +6 -0
package/src/package.json +3 -0
package/src/platform/authorization/authorization_connect.d.ts +44 -0
package/src/platform/authorization/authorization_connect.js +44 -0
package/src/platform/authorization/authorization_pb.d.ts +707 -0
package/src/platform/authorization/authorization_pb.js +372 -0
package/src/platform/common/common_pb.d.ts +129 -0
package/src/platform/common/common_pb.js +58 -0
package/src/platform/entityresolution/entity_resolution_connect.d.ts +35 -0
package/src/platform/entityresolution/entity_resolution_connect.js +35 -0
package/src/platform/entityresolution/entity_resolution_pb.d.ts +242 -0
package/src/platform/entityresolution/entity_resolution_pb.js +139 -0
package/src/platform/kas/kas_connect.d.ts +59 -0
package/src/platform/kas/kas_connect.js +59 -0
package/src/platform/kas/kas_pb.d.ts +200 -0
package/src/platform/kas/kas_pb.js +84 -0
package/src/platform/policy/attributes/attributes_connect.d.ts +168 -0
package/src/platform/policy/attributes/attributes_connect.js +168 -0
package/src/platform/policy/attributes/attributes_pb.d.ts +929 -0
package/src/platform/policy/attributes/attributes_pb.js +363 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.d.ts +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_connect.js +62 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +283 -0
package/src/platform/policy/kasregistry/key_access_server_registry_pb.js +113 -0
package/src/platform/policy/namespaces/namespaces_connect.d.ts +62 -0
package/src/platform/policy/namespaces/namespaces_connect.js +62 -0
package/src/platform/policy/namespaces/namespaces_pb.d.ts +270 -0
package/src/platform/policy/namespaces/namespaces_pb.js +110 -0
package/src/platform/policy/objects_pb.d.ts +725 -0
package/src/platform/policy/objects_pb.js +288 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.d.ts +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_connect.js +259 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +314 -0
package/src/platform/policy/resourcemapping/resource_mapping_pb.js +142 -0
package/src/platform/policy/selectors_pb.d.ts +269 -0
package/src/platform/policy/selectors_pb.js +110 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.d.ts +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_connect.js +118 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +672 -0
package/src/platform/policy/subjectmapping/subject_mapping_pb.js +260 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.d.ts +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_connect.js +26 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +75 -0
package/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +35 -0
package/src/policy/api.ts +61 -0
package/src/policy/attributes.ts +117 -0
package/src/policy/granter.ts +181 -0
package/src/tdf/AttributeObject.ts +27 -0
package/src/tdf/AttributeObjectJwt.ts +3 -0
package/src/tdf/Crypto.ts +42 -0
package/src/tdf/EntityObject.ts +18 -0
package/src/tdf/NanoTDF/NanoTDF.ts +120 -0
package/src/tdf/Policy.ts +51 -0
package/src/tdf/PolicyObject.ts +12 -0
package/src/tdf/TypedArray.ts +12 -0
package/src/tdf/index.ts +6 -0
package/src/types/index.ts +55 -0
package/src/utils.ts +149 -0
package/src/version.ts +9 -0
package/tdf3/index.ts +91 -0
package/tdf3/package-lock.json +6 -0
package/tdf3/package.json +3 -0
package/tdf3/src/assertions.ts +191 -0
package/tdf3/src/binary.ts +195 -0
package/tdf3/src/ciphers/aes-gcm-cipher.ts +76 -0
package/tdf3/src/ciphers/algorithms.ts +9 -0
package/tdf3/src/ciphers/index.ts +2 -0
package/tdf3/src/ciphers/symmetric-cipher-base.ts +38 -0
package/tdf3/src/client/DecoratedReadableStream.ts +148 -0
package/tdf3/src/client/builders.ts +701 -0
package/tdf3/src/client/index.ts +637 -0
package/tdf3/src/client/validation.ts +79 -0
package/tdf3/src/crypto/crypto-utils.ts +119 -0
package/tdf3/src/crypto/declarations.ts +89 -0
package/tdf3/src/crypto/index.ts +394 -0
package/tdf3/src/index.ts +4 -0
package/tdf3/src/models/attribute-set.ts +142 -0
package/tdf3/src/models/encryption-information.ts +172 -0
package/tdf3/src/models/index.ts +8 -0
package/tdf3/src/models/key-access.ts +128 -0
package/tdf3/src/models/manifest.ts +9 -0
package/tdf3/src/models/payload.ts +6 -0
package/tdf3/src/models/policy.ts +35 -0
package/tdf3/src/models/upsert-response.ts +17 -0
package/tdf3/src/tdf.ts +1351 -0
package/tdf3/src/templates/default.html.ts +105 -0
package/tdf3/src/templates/escaper.ts +10 -0
package/tdf3/src/templates/index.ts +2 -0
package/tdf3/src/utils/buffer-crc32.ts +46 -0
package/tdf3/src/utils/chunkers.ts +118 -0
package/tdf3/src/utils/index.ts +309 -0
package/tdf3/src/utils/keysplit.ts +63 -0
package/tdf3/src/utils/zip-reader.ts +341 -0
package/tdf3/src/utils/zip-writer.ts +375 -0
package/tdf3/src/version.ts +2 -0
package/tdf3/types.d.ts +14 -0

package/tdf3/src/client/index.ts ADDED Viewed

@@ -0,0 +1,637 @@
+import { v4 } from 'uuid';
+import axios from 'axios';
+import {
+  ZipReader,
+  fromBuffer,
+  fromDataSource,
+  streamToBuffer,
+  isAppIdProviderCheck,
+  type Chunker,
+  keyMiddleware as defaultKeyMiddleware,
+} from '../utils/index.js';
+import { base64 } from '../../../src/encodings/index.js';
+import {
+  buildKeyAccess,
+  EncryptConfiguration,
+  fetchKasPublicKey,
+  loadTDFStream,
+  unwrapHtml,
+  validatePolicyObject,
+  readStream,
+  wrapHtml,
+  writeStream,
+} from '../tdf.js';
+import { OIDCRefreshTokenProvider } from '../../../src/auth/oidc-refreshtoken-provider.js';
+import { OIDCExternalJwtProvider } from '../../../src/auth/oidc-externaljwt-provider.js';
+import { CryptoService } from '../crypto/declarations.js';
+import {
+  type AuthProvider,
+  AppIdAuthProvider,
+  HttpRequest,
+  withHeaders,
+} from '../../../src/auth/auth.js';
+import EAS from '../../../src/auth/Eas.js';
+import {
+  cryptoPublicToPem,
+  pemToCryptoPublicKey,
+  rstrip,
+  validateSecureUrl,
+} from '../../../src/utils.js';
+import {
+  EncryptParams,
+  DecryptParams,
+  type Scope,
+  DecryptStreamMiddleware,
+  EncryptKeyMiddleware,
+  EncryptStreamMiddleware,
+  SplitStep,
+} from './builders.js';
+import { DecoratedReadableStream } from './DecoratedReadableStream.js';
+import {
+  DEFAULT_SEGMENT_SIZE,
+  DecryptParamsBuilder,
+  type DecryptSource,
+  EncryptParamsBuilder,
+} from './builders.js';
+import { KasPublicKeyInfo, OriginAllowList } from '../../../src/access.js';
+import { ConfigurationError } from '../../../src/errors.js';
+import { EntityObject } from '../../../src/tdf/EntityObject.js';
+import { Binary } from '../binary.js';
+import { AesGcmCipher } from '../ciphers/aes-gcm-cipher.js';
+import { toCryptoKeyPair } from '../crypto/crypto-utils.js';
+import * as defaultCryptoService from '../crypto/index.js';
+import { type AttributeObject, AttributeSet, type Policy, SplitKey } from '../models/index.js';
+import { plan } from '../../../src/policy/granter.js';
+import { attributeFQNsAsValues } from '../../../src/policy/api.js';
+import { type Value } from '../../../src/policy/attributes.js';
+const GLOBAL_BYTE_LIMIT = 64 * 1000 * 1000 * 1000; // 64 GB, see WS-9363.
+const HTML_BYTE_LIMIT = 100 * 1000 * 1000; // 100 MB, see WS-9476.
+// No default config for now. Delegate to Virtru wrapper for endpoints.
+const defaultClientConfig = { oidcOrigin: '', cryptoService: defaultCryptoService };
+export const uploadBinaryToS3 = async function (
+  stream: ReadableStream<Uint8Array>,
+  uploadUrl: string,
+  fileSize: number
+) {
+  try {
+    const body: Uint8Array = await streamToBuffer(stream);
+    await axios.put(uploadUrl, body, {
+      headers: {
+        'Content-Length': fileSize,
+        'content-type': 'application/zip',
+        'cache-control': 'no-store',
+      },
+      maxContentLength: Infinity,
+      maxBodyLength: Infinity,
+    });
+  } catch (e) {
+    console.error(e);
+    throw e;
+  }
+};
+const getFirstTwoBytes = async (chunker: Chunker) => new TextDecoder().decode(await chunker(0, 2));
+const makeChunkable = async (source: DecryptSource) => {
+  if (!source) {
+    throw new ConfigurationError('invalid source');
+  }
+  // dump stream to buffer
+  // we don't support streams anyways (see zipreader.js)
+  let initialChunker: Chunker;
+  let buf = null;
+  switch (source.type) {
+    case 'stream':
+      buf = await streamToBuffer(source.location);
+      initialChunker = fromBuffer(buf);
+      break;
+    case 'buffer':
+      buf = source.location;
+      initialChunker = fromBuffer(buf);
+      break;
+    case 'chunker':
+      initialChunker = source.location;
+      break;
+    default:
+      initialChunker = await fromDataSource(source);
+  }
+  const magic: string = await getFirstTwoBytes(initialChunker);
+  // Pull first two bytes from source.
+  if (magic === 'PK') {
+    return initialChunker;
+  }
+  // Unwrap if it's html.
+  // If NOT zip (html), convert/dump to buffer, unwrap, and continue.
+  const htmlBuf = buf ?? (await initialChunker());
+  const zipBuf = unwrapHtml(htmlBuf);
+  return fromBuffer(zipBuf);
+};
+export interface ClientConfig {
+  cryptoService?: CryptoService;
+  organizationName?: string;
+  clientId?: string;
+  dpopEnabled?: boolean;
+  dpopKeys?: Promise<CryptoKeyPair>;
+  kasEndpoint?: string;
+  /**
+   * Service to use to look up ABAC. Used during autoconfigure. Defaults to
+   * kasEndpoint without the trailing `/kas` path segment, if present.
+   */
+  policyEndpoint?: string;
+  /**
+   * List of allowed KASes to connect to for rewrap requests.
+   * Defaults to `[kasEndpoint]`.
+   */
+  allowedKases?: string[];
+  ignoreAllowList?: boolean;
+  easEndpoint?: string;
+  // DEPRECATED Ignored
+  keyRewrapEndpoint?: string;
+  // DEPRECATED Ignored
+  keyUpsertEndpoint?: string;
+  refreshToken?: string;
+  kasPublicKey?: string;
+  oidcOrigin?: string;
+  externalJwt?: string;
+  authProvider?: AuthProvider | AppIdAuthProvider;
+  readerUrl?: string;
+  entityObjectEndpoint?: string;
+  fileStreamServiceWorker?: string;
+  progressHandler?: (bytesProcessed: number) => void;
+}
+/*
+ * Extract a keypair provided as part of the options dict.
+ * Default to using the clientwide keypair, generating one if necessary.
+ *
+ * Additionally, update the auth injector with the (potentially new) pubkey
+ */
+export async function createSessionKeys({
+  authProvider,
+  // FIXME use cryptoservice to generate keys again
+  cryptoService,
+  dpopKeys,
+}: {
+  authProvider?: AuthProvider | AppIdAuthProvider;
+  cryptoService: CryptoService;
+  dpopKeys?: Promise<CryptoKeyPair>;
+}): Promise<CryptoKeyPair> {
+  let signingKeys: CryptoKeyPair;
+  if (dpopKeys) {
+    signingKeys = await dpopKeys;
+  } else {
+    const keys = await cryptoService.generateSigningKeyPair();
+    // signingKeys = await crypto.subtle.generateKey(rsaPkcs1Sha256(), true, ['sign']);
+    signingKeys = await toCryptoKeyPair(keys);
+  }
+  // This will contact the auth server and forcibly refresh the auth token claims,
+  // binding the token and the (new) pubkey together.
+  // Note that we base64 encode the PEM string here as a quick workaround, simply because
+  // a formatted raw PEM string isn't a valid header value and sending it raw makes keycloak's
+  // header parser barf. There are more subtle ways to solve this, but this works for now.
+  if (authProvider && !isAppIdProviderCheck(authProvider)) {
+    await authProvider?.updateClientPublicKey(signingKeys);
+  }
+  return signingKeys;
+}
+/*
+ * Create a policy object for an encrypt operation.
+ */
+function asPolicy(scope: Scope): Policy {
+  if (scope.policyObject) {
+    // use the client override if provided
+    return scope.policyObject;
+  }
+  const policyId = scope.policyId ?? v4();
+  let dataAttributes: AttributeObject[];
+  if (scope.attributeValues) {
+    dataAttributes = scope.attributeValues
+      .filter(({ fqn }) => !!fqn)
+      .map(({ fqn }): AttributeObject => {
+        return { attribute: fqn! };
+      });
+  } else {
+    dataAttributes = (scope.attributes ?? []).map((attribute) =>
+      typeof attribute === 'string' ? { attribute } : attribute
+    );
+  }
+  return {
+    uuid: policyId,
+    body: {
+      dataAttributes,
+      dissem: scope.dissem ?? [],
+    },
+  };
+}
+export class Client {
+  readonly cryptoService: CryptoService;
+  /**
+   * Default kas endpoint, if present. Required for encrypt.
+   */
+  readonly kasEndpoint: string;
+  /**
+   * Policy service endpoint, if present.
+   * Required for autoconfiguration with ABAC.
+   */
+  readonly policyEndpoint: string;
+  /**
+   * List of allowed KASes to connect to for rewrap requests.
+   * Defaults to `[this.kasEndpoint]`.
+   */
+  readonly allowedKases: OriginAllowList;
+  readonly kasKeys: Record<string, Promise<KasPublicKeyInfo>> = {};
+  readonly easEndpoint?: string;
+  readonly clientId?: string;
+  readonly authProvider?: AuthProvider | AppIdAuthProvider;
+  readonly readerUrl?: string;
+  readonly fileStreamServiceWorker?: string;
+  /**
+   * Session binding keys. Used for DPoP and signed request bodies.
+   */
+  readonly dpopKeys: Promise<CryptoKeyPair>;
+  readonly eas?: EAS;
+  readonly dpopEnabled: boolean;
+  readonly clientConfig: ClientConfig;
+  /**
+   * An abstraction for protecting and accessing data using TDF3 services.
+   * @param {Object} [config.keypair] - keypair generated for signing. Optional, will be generated by sdk if not passed
+   * @param {String} [config.clientId]
+   * @param {String} [config.kasEndpoint] - Key Access Server url
+   * @param {String} [config.refreshToken] - After logging in to browser OIDC interface user
+   * receives fresh token that needed by SDK for auth needs
+   * @param {String} [config.externalJwt] - JWT from external authority (eg Google)
+   * @param {String} [config.oidcOrigin] - Endpoint of authentication service
+   */
+  constructor(config: ClientConfig) {
+    const clientConfig = { ...defaultClientConfig, ...config };
+    this.cryptoService = clientConfig.cryptoService;
+    this.dpopEnabled = !!(clientConfig.dpopEnabled || clientConfig.dpopKeys);
+    clientConfig.readerUrl && (this.readerUrl = clientConfig.readerUrl);
+    if (clientConfig.kasEndpoint) {
+      this.kasEndpoint = clientConfig.kasEndpoint;
+    } else {
+      // handle Deprecated `kasRewrapEndpoint` parameter
+      if (!clientConfig.keyRewrapEndpoint) {
+        throw new ConfigurationError('KAS definition not found');
+      }
+      this.kasEndpoint = clientConfig.keyRewrapEndpoint.replace(/\/rewrap$/, '');
+    }
+    this.kasEndpoint = rstrip(this.kasEndpoint, '/');
+    if (clientConfig.policyEndpoint) {
+      this.policyEndpoint = rstrip(clientConfig.policyEndpoint, '/');
+    } else if (this.kasEndpoint.endsWith('/kas')) {
+      this.policyEndpoint = this.kasEndpoint.slice(0, -4);
+    }
+    const kasOrigin = new URL(this.kasEndpoint).origin;
+    if (clientConfig.allowedKases) {
+      this.allowedKases = new OriginAllowList(
+        clientConfig.allowedKases,
+        !!clientConfig.ignoreAllowList
+      );
+      if (!validateSecureUrl(this.kasEndpoint) && !this.allowedKases.allows(kasOrigin)) {
+        throw new ConfigurationError(`Invalid KAS endpoint [${this.kasEndpoint}]`);
+      }
+    } else {
+      if (!validateSecureUrl(this.kasEndpoint)) {
+        throw new ConfigurationError(
+          `Invalid KAS endpoint [${this.kasEndpoint}]; to force, please list it among allowedKases`
+        );
+      }
+      this.allowedKases = new OriginAllowList([kasOrigin], !!clientConfig.ignoreAllowList);
+    }
+    this.authProvider = config.authProvider;
+    this.clientConfig = clientConfig;
+    if (this.authProvider && isAppIdProviderCheck(this.authProvider)) {
+      this.eas = new EAS({
+        authProvider: this.authProvider,
+        endpoint:
+          clientConfig.entityObjectEndpoint ?? `${clientConfig.easEndpoint}/api/entityobject`,
+      });
+    }
+    this.clientId = clientConfig.clientId;
+    if (!this.authProvider) {
+      if (!clientConfig.clientId) {
+        throw new ConfigurationError('Client ID or custom AuthProvider must be defined');
+      }
+      //Are we exchanging a refreshToken for a bearer token (normal AuthCode browser auth flow)?
+      //If this is a browser context, we expect the caller to handle the initial
+      //browser-based OIDC login and authentication process against the OIDC endpoint using their chosen method,
+      //and provide us with a valid refresh token/clientId obtained from that process.
+      if (clientConfig.refreshToken) {
+        this.authProvider = new OIDCRefreshTokenProvider({
+          clientId: clientConfig.clientId,
+          refreshToken: clientConfig.refreshToken,
+          oidcOrigin: clientConfig.oidcOrigin,
+        });
+      } else if (clientConfig.externalJwt) {
+        //Are we exchanging a JWT previously issued by a trusted external entity (e.g. Google) for a bearer token?
+        this.authProvider = new OIDCExternalJwtProvider({
+          clientId: clientConfig.clientId,
+          externalJwt: clientConfig.externalJwt,
+          oidcOrigin: clientConfig.oidcOrigin,
+        });
+      }
+    }
+    this.dpopKeys = createSessionKeys({
+      authProvider: this.authProvider,
+      cryptoService: this.cryptoService,
+      dpopKeys: clientConfig.dpopKeys,
+    });
+    if (clientConfig.kasPublicKey) {
+      this.kasKeys[this.kasEndpoint] = Promise.resolve({
+        url: this.kasEndpoint,
+        algorithm: 'rsa:2048',
+        key: pemToCryptoPublicKey(clientConfig.kasPublicKey),
+        publicKey: clientConfig.kasPublicKey,
+      });
+    }
+  }
+  /**
+   * Encrypt plaintext into TDF ciphertext. One of the core operations of the Virtru SDK.
+   *
+   * @param scope dissem and attributes for constructing the policy
+   * @param source source object of unencrypted data
+   * @param [asHtml] If we should wrap the TDF data in a self-opening HTML wrapper. Defaults to false
+   * @param [autoconfigure] If we should use scope.attributes to configure KAOs
+   * @param [metadata] Additional non-secret data to store with the TDF
+   * @param [opts] Test only
+   * @param [mimeType] mime type of source. defaults to `unknown`
+   * @param [offline] Where to store the policy. Defaults to `false` - which results in `upsert` events to store/update a policy
+   * @param [windowSize] - segment size in bytes. Defaults to a a million bytes.
+   * @param [keyMiddleware] - function that handle keys
+   * @param [streamMiddleware] - function that handle stream
+   * @param [eo] - (deprecated) entity object
+   * @return a {@link https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable} a new stream containing the TDF ciphertext
+   */
+  async encrypt({
+    scope = { attributes: [], dissem: [] },
+    autoconfigure,
+    source,
+    asHtml = false,
+    metadata,
+    mimeType,
+    offline = false,
+    windowSize = DEFAULT_SEGMENT_SIZE,
+    eo,
+    keyMiddleware = defaultKeyMiddleware,
+    streamMiddleware = async (stream: DecoratedReadableStream) => stream,
+    splitPlan,
+    assertionConfigs = [],
+  }: EncryptParams): Promise<DecoratedReadableStream> {
+    const dpopKeys = await this.dpopKeys;
+    const policyObject = asPolicy(scope);
+    validatePolicyObject(policyObject);
+    if (!splitPlan && autoconfigure) {
+      let avs: Value[] = scope.attributeValues ?? [];
+      const fqns: string[] = scope.attributes
+        ? scope.attributes.map((attribute) =>
+            typeof attribute === 'string' ? attribute : attribute.attribute
+          )
+        : [];
+      if (!avs.length && fqns.length) {
+        // Hydrate avs from policy endpoint givnen the fqns
+        if (!this.policyEndpoint) {
+          throw new ConfigurationError('policyEndpoint not set in TDF3 Client constructor');
+        }
+        avs = await attributeFQNsAsValues(
+          this.policyEndpoint,
+          this.authProvider as AuthProvider,
+          ...fqns
+        );
+      } else if (scope.attributeValues) {
+        avs = scope.attributeValues;
+        if (!scope.attributes) {
+          scope.attributes = avs.map(({ fqn }) => fqn);
+        }
+      }
+      if (
+        avs.length != scope.attributes?.length ||
+        !avs.map(({ fqn }) => fqn).every((a) => fqns.indexOf(a) >= 0)
+      ) {
+        throw new ConfigurationError(
+          `Attribute mismatch between [${fqns}] and explicit values ${JSON.stringify(
+            avs.map(({ fqn }) => fqn)
+          )}`
+        );
+      }
+      const detailedPlan = plan(avs);
+      splitPlan = detailedPlan.map((kat) => {
+        const { kas, sid } = kat;
+        if (kas?.publicKey?.cached?.keys && !(kas.uri in this.kasKeys)) {
+          const keys = kas.publicKey.cached.keys.filter(
+            ({ alg }) => alg == 'KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048'
+          );
+          if (keys?.length) {
+            const key = keys[0];
+            this.kasKeys[kas.uri] = Promise.resolve({
+              key: pemToCryptoPublicKey(key.pem),
+              publicKey: key.pem,
+              url: kas.uri,
+              algorithm: 'rsa:2048',
+              kid: key.kid,
+            });
+          }
+        }
+        return { kas: kas.uri, sid };
+      });
+    }
+    // TODO: Refactor underlying builder to remove some of this unnecessary config.
+    const byteLimit = asHtml ? HTML_BYTE_LIMIT : GLOBAL_BYTE_LIMIT;
+    const encryptionInformation = new SplitKey(new AesGcmCipher(this.cryptoService));
+    let attributeSet: undefined | AttributeSet;
+    let entity: undefined | EntityObject;
+    if (eo) {
+      entity = eo;
+      const s = new AttributeSet();
+      eo.attributes.forEach((attr) => s.addJwtAttribute(attr));
+      attributeSet = s;
+    }
+    const splits: SplitStep[] = splitPlan?.length ? splitPlan : [{ kas: this.kasEndpoint }];
+    encryptionInformation.keyAccess = await Promise.all(
+      splits.map(async ({ kas, sid }) => {
+        if (!(kas in this.kasKeys)) {
+          this.kasKeys[kas] = fetchKasPublicKey(kas);
+        }
+        const kasPublicKey = await this.kasKeys[kas];
+        return buildKeyAccess({
+          attributeSet,
+          type: offline ? 'wrapped' : 'remote',
+          url: kasPublicKey.url,
+          kid: kasPublicKey.kid,
+          publicKey: kasPublicKey.publicKey,
+          metadata,
+          sid,
+        });
+      })
+    );
+    const { keyForEncryption, keyForManifest } = await (keyMiddleware as EncryptKeyMiddleware)();
+    const ecfg: EncryptConfiguration = {
+      allowList: this.allowedKases,
+      attributeSet,
+      byteLimit,
+      cryptoService: this.cryptoService,
+      dpopKeys,
+      encryptionInformation,
+      entity,
+      segmentSizeDefault: windowSize,
+      integrityAlgorithm: 'HS256',
+      segmentIntegrityAlgorithm: 'GMAC',
+      contentStream: source,
+      mimeType,
+      policy: policyObject,
+      authProvider: this.authProvider,
+      progressHandler: this.clientConfig.progressHandler,
+      keyForEncryption,
+      keyForManifest,
+      assertionConfigs,
+    };
+    const stream = await (streamMiddleware as EncryptStreamMiddleware)(await writeStream(ecfg));
+    if (!asHtml) {
+      return stream;
+    }
+    // Wrap if it's html.
+    if (!stream.manifest) {
+      throw new Error('internal: missing manifest in encrypt function');
+    }
+    const htmlBuf = wrapHtml(await stream.toBuffer(), stream.manifest, this.readerUrl ?? '');
+    return new DecoratedReadableStream({
+      pull(controller: ReadableStreamDefaultController) {
+        controller.enqueue(htmlBuf);
+        controller.close();
+      },
+    });
+  }
+  /**
+   * Decrypt TDF ciphertext into plaintext. One of the core operations of the Virtru SDK.
+   *
+   * @param params keyMiddleware fucntion to process key
+   * @param params streamMiddleware fucntion to process streamMiddleware
+   * @param params.source A data stream object, one of remote, stream, buffer, etc. types.
+   * @param params.eo Optional entity object (legacy AuthZ)
+   * @param params.assertionVerificationKeys Optional verification keys for assertions.
+   * @return a {@link https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable} stream containing the decrypted plaintext.
+   * @see DecryptParamsBuilder
+   */
+  async decrypt({
+    eo,
+    source,
+    keyMiddleware = async (key: Binary) => key,
+    streamMiddleware = async (stream: DecoratedReadableStream) => stream,
+    assertionVerificationKeys,
+    noVerifyAssertions,
+  }: DecryptParams): Promise<DecoratedReadableStream> {
+    const dpopKeys = await this.dpopKeys;
+    let entityObject;
+    if (this.eas || eo) {
+      const sessionPublicKey = await cryptoPublicToPem(dpopKeys.publicKey);
+      if (eo && eo.publicKey == sessionPublicKey) {
+        entityObject = eo;
+      } else if (this.eas) {
+        entityObject = await this.eas.fetchEntityObject({
+          publicKey: sessionPublicKey,
+        });
+      }
+    }
+    if (!this.authProvider) {
+      throw new ConfigurationError('AuthProvider missing');
+    }
+    const chunker = await makeChunkable(source);
+    // Await in order to catch any errors from this call.
+    // TODO: Write error event to stream and don't await.
+    return await (streamMiddleware as DecryptStreamMiddleware)(
+      await readStream({
+        allowList: this.allowedKases,
+        authProvider: this.authProvider,
+        chunker,
+        cryptoService: this.cryptoService,
+        dpopKeys,
+        entity: entityObject,
+        fileStreamServiceWorker: this.clientConfig.fileStreamServiceWorker,
+        keyMiddleware,
+        progressHandler: this.clientConfig.progressHandler,
+        assertionVerificationKeys,
+        noVerifyAssertions,
+      })
+    );
+  }
+  /**
+   * Get the unique policyId associated with TDF ciphertext. Useful for managing authorization policies of encrypted data.
+   * <br/><br/>
+   * The policyId is embedded in the ciphertext so this is a local operation.
+   *
+   * @param {object} source - Required. TDF data stream,
+   * generated using {@link DecryptParamsBuilder#build|DecryptParamsBuilder's build()}.
+   * @return {string} - the unique policyId, which can be used for tracking purposes or policy management operations.
+   * @see DecryptParamsBuilder
+   */
+  async getPolicyId({ source }: { source: DecryptSource }) {
+    const chunker = await makeChunkable(source);
+    const zipHelper = new ZipReader(chunker);
+    const centralDirectory = await zipHelper.getCentralDirectory();
+    const manifest = await zipHelper.getManifest(centralDirectory, '0.manifest.json');
+    const policyJson = base64.decode(manifest.encryptionInformation.policy);
+    return JSON.parse(policyJson).uuid;
+  }
+  async loadTDFStream({ source }: { source: DecryptSource }) {
+    const chunker = await makeChunkable(source);
+    return loadTDFStream(chunker);
+  }
+}
+export type { AuthProvider };
+export {
+  AppIdAuthProvider,
+  DecryptParamsBuilder,
+  DecryptSource,
+  EncryptParamsBuilder,
+  HttpRequest,
+  fromDataSource,
+  withHeaders,
+};