@opentdf/sdk 0.1.0-beta.1701

package/dist/cjs/src/tdf/index.js

@@ -0,0 +1,35 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Crypto = exports.Policy = exports.createAttribute = void 0;
+var AttributeObject_js_1 = require("./AttributeObject.js");
+Object.defineProperty(exports, "createAttribute", { enumerable: true, get: function () { return AttributeObject_js_1.createAttribute; } });
+var Policy_js_1 = require("./Policy.js");
+Object.defineProperty(exports, "Policy", { enumerable: true, get: function () { return __importDefault(Policy_js_1).default; } });
+exports.Crypto = __importStar(require("./Crypto.js"));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdGRmL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkRBQTZFO0FBQTlDLHFIQUFBLGVBQWUsT0FBQTtBQUk5Qyx5Q0FBZ0Q7QUFBdkMsb0hBQUEsT0FBTyxPQUFVO0FBQzFCLHNEQUFzQyJ9

package/dist/cjs/src/types/index.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdHlwZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/src/utils.js

@@ -0,0 +1,147 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractPemFromKeyString = exports.pemToCryptoPublicKey = exports.cryptoPublicToPem = exports.addNewLines = exports.estimateSkewFromHeaders = exports.estimateSkew = exports.rstrip = exports.isFirefox = exports.isBrowser = exports.padSlashToUrl = exports.validateSecureUrl = void 0;
+const jose_1 = require("jose");
+const index_js_1 = require("./encodings/index.js");
+const index_js_2 = require("./nanotdf-crypto/index.js");
+const errors_js_1 = require("./errors.js");
+/**
+ * Check to see if the given URL is 'secure'. This assumes:
+ *
+ * - `https` URLs are always secure
+ * - `http` URLS are allowed for localhost
+ * - And also for '`svc.cluster.local` and `.internal` URLs
+ *
+ * Note that this does not resolve the URL, so it is possible this could
+ * resolve to some other internal URL, and may return `false` on non-fully
+ * qualified internal URLs.
+ *
+ * @param url remote service to validate
+ * @returns the url is local or `https`
+ */
+function validateSecureUrl(url) {
+    const httpsRegex = /^https:/;
+    if (/^http:\/\/(localhost|127\.0\.0\.1)(:[0-9]{1,5})?($|\/)/.test(url)) {
+        console.warn(`Development URL detected: [${url}]`);
+    }
+    else if (/^http:\/\/([a-zA-Z.-]*[.])?svc\.cluster\.local($|\/)/.test(url) ||
+        /^http:\/\/([a-zA-Z.-]*[.])?internal(:[0-9]{1,5})?($|\/)/.test(url)) {
+        console.info(`Internal URL detected: [${url}]`);
+    }
+    else if (!httpsRegex.test(url)) {
+        console.error(`Insecure KAS URL loaded. Are you running in a secure environment? [${url}]`);
+        return false;
+    }
+    return true;
+}
+exports.validateSecureUrl = validateSecureUrl;
+function padSlashToUrl(u) {
+    if (u.endsWith('/')) {
+        return u;
+    }
+    return `${u}/`;
+}
+exports.padSlashToUrl = padSlashToUrl;
+function isBrowser() {
+    return typeof window !== 'undefined'; // eslint-disable-line
+}
+exports.isBrowser = isBrowser;
+const isFirefox = () => isBrowser() && 'InstallTrigger' in window;
+exports.isFirefox = isFirefox;
+const rstrip = (str, suffix = ' ') => {
+    while (str && suffix && str.endsWith(suffix)) {
+        str = str.slice(0, -suffix.length);
+    }
+    return str;
+};
+exports.rstrip = rstrip;
+/**
+ * Rough estimate of number of seconds to add to the current system clock time
+ * to get the clock time on the given server, or origin if not specified
+ * @param server a server to compute skew with
+ * @returns the number of seconds to add to the current local system clock time
+ * to get an rough guess of the time on the given server
+ */
+const estimateSkew = async (serverEndpoint = window.origin) => {
+    const localUnixTimeBefore = Date.now();
+    const response = await fetch(serverEndpoint);
+    return (0, exports.estimateSkewFromHeaders)(response.headers, localUnixTimeBefore);
+};
+exports.estimateSkew = estimateSkew;
+/**
+ * Rough estimate of number of seconds to add to the curren time to get
+ * the clock time on the server that responded with the headers object.
+ * @param headers A set of headers, which must include the `date` header
+ * @param dateNowBefore time before initiating the request, usually by calling
+ * `Date.now()`. Note this is in milliseconds since the epoch, while the
+ * estimate is given in seconds.
+ * @returns the number of seconds to add to the current local system clock time
+ * to get an rough guess of the time on the server that was used
+ */
+const estimateSkewFromHeaders = (headers, dateNowBefore) => {
+    const localUnixTimeBefore = (dateNowBefore || Date.now()) / 1000;
+    let serverDateString;
+    if (headers.get) {
+        serverDateString = headers.get('Date');
+    }
+    else {
+        serverDateString = headers.date;
+    }
+    if (serverDateString === null) {
+        throw Error('Cannot get access to Date header!');
+    }
+    const serverUnixTime = Date.parse(serverDateString) / 1000;
+    const localUnixTimeAfter = Date.now() / 1000;
+    const deltaBefore = serverUnixTime - localUnixTimeBefore;
+    const deltaAfter = serverUnixTime - localUnixTimeAfter;
+    return Math.round((deltaBefore + deltaAfter) / 2);
+};
+exports.estimateSkewFromHeaders = estimateSkewFromHeaders;
+function addNewLines(str) {
+    if (!str) {
+        return str;
+    }
+    let inputString = str;
+    let finalString = '';
+    while (inputString.length > 0) {
+        finalString += inputString.substring(0, 64) + '\r\n';
+        inputString = inputString.substring(64);
+    }
+    return finalString;
+}
+exports.addNewLines = addNewLines;
+async function cryptoPublicToPem(publicKey) {
+    if (publicKey.type !== 'public') {
+        throw new errors_js_1.ConfigurationError('incorrect key type');
+    }
+    const exportedPublicKey = await crypto.subtle.exportKey('spki', publicKey);
+    const b64 = index_js_1.base64.encodeArrayBuffer(exportedPublicKey);
+    const pem = addNewLines(b64);
+    return `-----BEGIN PUBLIC KEY-----\r\n${pem}-----END PUBLIC KEY-----`;
+}
+exports.cryptoPublicToPem = cryptoPublicToPem;
+async function pemToCryptoPublicKey(pem) {
+    if (/-----BEGIN PUBLIC KEY-----/.test(pem)) {
+        return (0, index_js_2.pemPublicToCrypto)(pem);
+    }
+    else if (/-----BEGIN CERTIFICATE-----/.test(pem)) {
+        return (0, index_js_2.pemCertToCrypto)(pem);
+    }
+    // This can happen in several circumstances:
+    // - When parsing a PEM key from a KAS server
+    // - When converting between PEM and CryptoKey formats for user provided session keys (e.g. for DPoP)
+    throw new TypeError(`unsupported pem type [${pem}]`);
+}
+exports.pemToCryptoPublicKey = pemToCryptoPublicKey;
+async function extractPemFromKeyString(keyString) {
+    let pem = keyString;
+    // Skip the public key extraction if we find that the KAS url provides a
+    // PEM-encoded key instead of certificate
+    if (keyString.includes('CERTIFICATE')) {
+        const cert = await (0, jose_1.importX509)(keyString, 'RS256', { extractable: true });
+        pem = await (0, jose_1.exportSPKI)(cert);
+    }
+    return pem;
+}
+exports.extractPemFromKeyString = extractPemFromKeyString;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EsK0JBQThDO0FBRTlDLG1EQUE4QztBQUM5Qyx3REFBK0U7QUFDL0UsMkNBQWlEO0FBRWpEOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFDSCxTQUFnQixpQkFBaUIsQ0FBQyxHQUFXO0lBQzNDLE1BQU0sVUFBVSxHQUFHLFNBQVMsQ0FBQztJQUM3QixJQUFJLHdEQUF3RCxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRTtRQUN0RSxPQUFPLENBQUMsSUFBSSxDQUFDLDhCQUE4QixHQUFHLEdBQUcsQ0FBQyxDQUFDO0tBQ3BEO1NBQU0sSUFDTCxzREFBc0QsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO1FBQ2hFLHlEQUF5RCxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFDbkU7UUFDQSxPQUFPLENBQUMsSUFBSSxDQUFDLDJCQUEyQixHQUFHLEdBQUcsQ0FBQyxDQUFDO0tBQ2pEO1NBQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUU7UUFDaEMsT0FBTyxDQUFDLEtBQUssQ0FBQyxzRUFBc0UsR0FBRyxHQUFHLENBQUMsQ0FBQztRQUM1RixPQUFPLEtBQUssQ0FBQztLQUNkO0lBQ0QsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDO0FBZEQsOENBY0M7QUFFRCxTQUFnQixhQUFhLENBQUMsQ0FBUztJQUNyQyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUU7UUFDbkIsT0FBTyxDQUFDLENBQUM7S0FDVjtJQUNELE9BQU8sR0FBRyxDQUFDLEdBQUcsQ0FBQztBQUNqQixDQUFDO0FBTEQsc0NBS0M7QUFFRCxTQUFnQixTQUFTO0lBQ3ZCLE9BQU8sT0FBTyxNQUFNLEtBQUssV0FBVyxDQUFDLENBQUMsc0JBQXNCO0FBQzlELENBQUM7QUFGRCw4QkFFQztBQUVNLE1BQU0sU0FBUyxHQUFHLEdBQVksRUFBRSxDQUFDLFNBQVMsRUFBRSxJQUFJLGdCQUFnQixJQUFJLE1BQU0sQ0FBQztBQUFyRSxRQUFBLFNBQVMsYUFBNEQ7QUFFM0UsTUFBTSxNQUFNLEdBQUcsQ0FBQyxHQUFXLEVBQUUsTUFBTSxHQUFHLEdBQUcsRUFBVSxFQUFFO0lBQzFELE9BQU8sR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxFQUFFO1FBQzVDLEdBQUcsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztLQUNwQztJQUNELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyxDQUFDO0FBTFcsUUFBQSxNQUFNLFVBS2pCO0FBRUY7Ozs7OztHQU1HO0FBQ0ksTUFBTSxZQUFZLEdBQUcsS0FBSyxFQUFFLGNBQWMsR0FBRyxNQUFNLENBQUMsTUFBTSxFQUFtQixFQUFFO0lBQ3BGLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO0lBQ3ZDLE1BQU0sUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQzdDLE9BQU8sSUFBQSwrQkFBdUIsRUFBQyxRQUFRLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLENBQUM7QUFDeEUsQ0FBQyxDQUFDO0FBSlcsUUFBQSxZQUFZLGdCQUl2QjtBQUlGOzs7Ozs7Ozs7R0FTRztBQUNJLE1BQU0sdUJBQXVCLEdBQUcsQ0FBQyxPQUFtQixFQUFFLGFBQXNCLEVBQVUsRUFBRTtJQUM3RixNQUFNLG1CQUFtQixHQUFHLENBQUMsYUFBYSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQztJQUNqRSxJQUFJLGdCQUFnQixDQUFDO0lBQ3JCLElBQUksT0FBTyxDQUFDLEdBQUcsRUFBRTtRQUNmLGdCQUFnQixHQUFJLE9BQW1CLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0tBQ3JEO1NBQU07UUFDTCxnQkFBZ0IsR0FBSSxPQUEwRCxDQUFDLElBQUksQ0FBQztLQUNyRjtJQUNELElBQUksZ0JBQWdCLEtBQUssSUFBSSxFQUFFO1FBQzdCLE1BQU0sS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7S0FDbEQ7SUFDRCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEdBQUcsSUFBSSxDQUFDO0lBQzNELE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztJQUM3QyxNQUFNLFdBQVcsR0FBRyxjQUFjLEdBQUcsbUJBQW1CLENBQUM7SUFDekQsTUFBTSxVQUFVLEdBQUcsY0FBYyxHQUFHLGtCQUFrQixDQUFDO0lBRXZELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLFdBQVcsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUNwRCxDQUFDLENBQUM7QUFqQlcsUUFBQSx1QkFBdUIsMkJBaUJsQztBQUVGLFNBQWdCLFdBQVcsQ0FBQyxHQUFXO0lBQ3JDLElBQUksQ0FBQyxHQUFHLEVBQUU7UUFDUixPQUFPLEdBQUcsQ0FBQztLQUNaO0lBQ0QsSUFBSSxXQUFXLEdBQUcsR0FBRyxDQUFDO0lBQ3RCLElBQUksV0FBVyxHQUFHLEVBQUUsQ0FBQztJQUNyQixPQUFPLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1FBQzdCLFdBQVcsSUFBSSxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsR0FBRyxNQUFNLENBQUM7UUFDckQsV0FBVyxHQUFHLFdBQVcsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLENBQUM7S0FDekM7SUFDRCxPQUFPLFdBQVcsQ0FBQztBQUNyQixDQUFDO0FBWEQsa0NBV0M7QUFFTSxLQUFLLFVBQVUsaUJBQWlCLENBQUMsU0FBb0I7SUFDMUQsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtRQUMvQixNQUFNLElBQUksOEJBQWtCLENBQUMsb0JBQW9CLENBQUMsQ0FBQztLQUNwRDtJQUVELE1BQU0saUJBQWlCLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDM0UsTUFBTSxHQUFHLEdBQUcsaUJBQU0sQ0FBQyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3hELE1BQU0sR0FBRyxHQUFHLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM3QixPQUFPLGlDQUFpQyxHQUFHLDBCQUEwQixDQUFDO0FBQ3hFLENBQUM7QUFURCw4Q0FTQztBQUVNLEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxHQUFXO0lBQ3BELElBQUksNEJBQTRCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFO1FBQzFDLE9BQU8sSUFBQSw0QkFBaUIsRUFBQyxHQUFHLENBQUMsQ0FBQztLQUMvQjtTQUFNLElBQUksNkJBQTZCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFO1FBQ2xELE9BQU8sSUFBQSwwQkFBZSxFQUFDLEdBQUcsQ0FBQyxDQUFDO0tBQzdCO0lBQ0QsNENBQTRDO0lBQzVDLDZDQUE2QztJQUM3QyxxR0FBcUc7SUFDckcsTUFBTSxJQUFJLFNBQVMsQ0FBQyx5QkFBeUIsR0FBRyxHQUFHLENBQUMsQ0FBQztBQUN2RCxDQUFDO0FBVkQsb0RBVUM7QUFFTSxLQUFLLFVBQVUsdUJBQXVCLENBQUMsU0FBaUI7SUFDN0QsSUFBSSxHQUFHLEdBQVcsU0FBUyxDQUFDO0lBRTVCLHdFQUF3RTtJQUN4RSx5Q0FBeUM7SUFDekMsSUFBSSxTQUFTLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxFQUFFO1FBQ3JDLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBQSxpQkFBVSxFQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN6RSxHQUFHLEdBQUcsTUFBTSxJQUFBLGlCQUFVLEVBQUMsSUFBSSxDQUFDLENBQUM7S0FDOUI7SUFFRCxPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUM7QUFYRCwwREFXQyJ9

package/dist/cjs/src/version.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clientType = exports.version = void 0;
+/**
+ * Exposes the released version number of the `@opentdf/sdk` package
+ */
+exports.version = '0.1.0';
+/**
+ * A string name used to label requests as coming from this library client.
+ */
+exports.clientType = 'web-sdk';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy92ZXJzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBOztHQUVHO0FBQ1UsUUFBQSxPQUFPLEdBQUcsT0FBTyxDQUFDO0FBRS9COztHQUVHO0FBQ1UsUUFBQSxVQUFVLEdBQUcsU0FBUyxDQUFDIn0=

package/dist/cjs/tdf3/index.js

@@ -0,0 +1,57 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebCryptoService = exports.version = exports.withHeaders = exports.createSessionKeys = exports.clientType = exports.TDF3Client = exports.SplitKey = exports.NanoTDFDatasetClient = exports.NanoTDFClient = exports.HttpRequest = exports.Errors = exports.EncryptParamsBuilder = exports.DecryptParamsBuilder = exports.DecoratedReadableStream = exports.Client = exports.Binary = exports.AuthProviders = exports.AppIdAuthProvider = exports.Algorithms = exports.AesGcmCipher = void 0;
+const binary_js_1 = require("./src/binary.js");
+Object.defineProperty(exports, "Binary", { enumerable: true, get: function () { return binary_js_1.Binary; } });
+const DecoratedReadableStream_js_1 = require("./src/client/DecoratedReadableStream.js");
+Object.defineProperty(exports, "DecoratedReadableStream", { enumerable: true, get: function () { return DecoratedReadableStream_js_1.DecoratedReadableStream; } });
+const builders_js_1 = require("./src/client/builders.js");
+Object.defineProperty(exports, "DecryptParamsBuilder", { enumerable: true, get: function () { return builders_js_1.DecryptParamsBuilder; } });
+Object.defineProperty(exports, "EncryptParamsBuilder", { enumerable: true, get: function () { return builders_js_1.EncryptParamsBuilder; } });
+const index_js_1 = require("./src/client/index.js");
+Object.defineProperty(exports, "createSessionKeys", { enumerable: true, get: function () { return index_js_1.createSessionKeys; } });
+const index_js_2 = require("./src/index.js");
+Object.defineProperty(exports, "Client", { enumerable: true, get: function () { return index_js_2.Client; } });
+Object.defineProperty(exports, "Errors", { enumerable: true, get: function () { return index_js_2.Errors; } });
+Object.defineProperty(exports, "TDF3Client", { enumerable: true, get: function () { return index_js_2.TDF3Client; } });
+const encryption_information_js_1 = require("./src/models/encryption-information.js");
+Object.defineProperty(exports, "SplitKey", { enumerable: true, get: function () { return encryption_information_js_1.SplitKey; } });
+const auth_js_1 = require("../src/auth/auth.js");
+Object.defineProperty(exports, "AppIdAuthProvider", { enumerable: true, get: function () { return auth_js_1.AppIdAuthProvider; } });
+Object.defineProperty(exports, "HttpRequest", { enumerable: true, get: function () { return auth_js_1.HttpRequest; } });
+Object.defineProperty(exports, "withHeaders", { enumerable: true, get: function () { return auth_js_1.withHeaders; } });
+const aes_gcm_cipher_js_1 = require("./src/ciphers/aes-gcm-cipher.js");
+Object.defineProperty(exports, "AesGcmCipher", { enumerable: true, get: function () { return aes_gcm_cipher_js_1.AesGcmCipher; } });
+const index_js_3 = require("../src/index.js");
+Object.defineProperty(exports, "NanoTDFClient", { enumerable: true, get: function () { return index_js_3.NanoTDFClient; } });
+Object.defineProperty(exports, "NanoTDFDatasetClient", { enumerable: true, get: function () { return index_js_3.NanoTDFDatasetClient; } });
+Object.defineProperty(exports, "AuthProviders", { enumerable: true, get: function () { return index_js_3.AuthProviders; } });
+Object.defineProperty(exports, "version", { enumerable: true, get: function () { return index_js_3.version; } });
+Object.defineProperty(exports, "clientType", { enumerable: true, get: function () { return index_js_3.clientType; } });
+const algorithms_js_1 = require("./src/ciphers/algorithms.js");
+Object.defineProperty(exports, "Algorithms", { enumerable: true, get: function () { return algorithms_js_1.Algorithms; } });
+exports.WebCryptoService = __importStar(require("./src/crypto/index.js"));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0NBQXlDO0FBbUV2Qyx1RkFuRU8sa0JBQU0sT0FtRVA7QUFsRVIsd0ZBQWtGO0FBcUVoRix3R0FyRU8sb0RBQXVCLE9BcUVQO0FBcEV6QiwwREFXa0M7QUEyRGhDLHFHQXBFQSxrQ0FBb0IsT0FvRUE7QUFJcEIscUdBakVBLGtDQUFvQixPQWlFQTtBQTlEdEIsb0RBQTZFO0FBdUUzRSxrR0F2RTBCLDRCQUFpQixPQXVFMUI7QUFoRW5CLDZDQUE0RDtBQStDMUQsdUZBL0NPLGlCQUFNLE9BK0NQO0FBU04sdUZBeERlLGlCQUFNLE9Bd0RmO0FBTU4sMkZBOUR1QixxQkFBVSxPQThEdkI7QUE3RFosc0ZBSWdEO0FBd0Q5Qyx5RkExREEsb0NBQVEsT0EwREE7QUF2RFYsaURBTTZCO0FBZ0MzQixrR0FwQ0EsMkJBQWlCLE9Bb0NBO0FBYWpCLDRGQS9DQSxxQkFBVyxPQStDQTtBQVFYLDRGQXREQSxxQkFBVyxPQXNEQTtBQXBEYix1RUFBK0Q7QUE2QjdELDZGQTdCTyxnQ0FBWSxPQTZCUDtBQTVCZCw4Q0FNeUI7QUF1Q3ZCLDhGQTVDQSx3QkFBYSxPQTRDQTtBQUNiLHFHQTVDQSwrQkFBb0IsT0E0Q0E7QUFmcEIsOEZBNUJBLHdCQUFhLE9BNEJBO0FBcUJiLHdGQWhEQSxrQkFBTyxPQWdEQTtBQUhQLDJGQTVDQSxxQkFBVSxPQTRDQTtBQTFDWiwrREFBZ0c7QUFzQjlGLDJGQXRCTywwQkFBVSxPQXNCUDtBQTBCWiwwRUFBMEQifQ==

package/dist/cjs/tdf3/src/assertions.js

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CreateAssertion = exports.verify = exports.isAssertionConfig = exports.hash = void 0;
+const json_canonicalize_1 = require("json-canonicalize");
+const jose_1 = require("jose");
+const index_js_1 = require("../../src/encodings/index.js");
+const errors_js_1 = require("../../src/errors.js");
+/**
+ * Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
+ *
+ * @returns the hexadecimal string representation of the hash
+ */
+async function hash(a) {
+    const result = (0, json_canonicalize_1.canonicalizeEx)(a, { exclude: ['binding', 'hash', 'sign', 'verify'] });
+    const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(result));
+    return index_js_1.hex.encodeArrayBuffer(hash);
+}
+exports.hash = hash;
+/**
+ * Signs the given hash and signature using the provided key and sets the binding method and signature.
+ *
+ * @param hash - The hash to be signed.
+ * @param sig - The signature to be signed.
+ * @param {AssertionKey} key - The key used for signing.
+ * @returns {Promise<void>} A promise that resolves when the signing is complete.
+ */
+async function sign(thiz, assertionHash, sig, key) {
+    const payload = {
+        assertionHash,
+        assertionSig: sig,
+    };
+    let token;
+    try {
+        token = await new jose_1.SignJWT(payload).setProtectedHeader({ alg: key.alg }).sign(key.key);
+    }
+    catch (error) {
+        throw new errors_js_1.ConfigurationError(`Signing assertion failed: ${error.message}`, error);
+    }
+    thiz.binding.method = 'jws';
+    thiz.binding.signature = token;
+    return thiz;
+}
+// a function that takes an unknown or any object and asserts that it is or is not an AssertionConfig object
+function isAssertionConfig(obj) {
+    return (!!obj &&
+        typeof obj === 'object' &&
+        'id' in obj &&
+        typeof obj.id === 'string' &&
+        'type' in obj &&
+        (obj.type === 'handling' || obj.type === 'other') &&
+        'scope' in obj &&
+        (obj.scope === 'tdo' || obj.scope === 'payload') &&
+        'appliesToState' in obj &&
+        (obj.appliesToState === 'encrypted' || obj.appliesToState === 'unencrypted') &&
+        'statement' in obj &&
+        !!obj.statement &&
+        typeof obj.statement === 'object' &&
+        'format' in obj.statement &&
+        'schema' in obj.statement &&
+        'value' in obj.statement);
+}
+exports.isAssertionConfig = isAssertionConfig;
+/**
+ * Verifies the signature of the assertion using the provided key.
+ *
+ * @param {AssertionKey} key - The key used for verification.
+ * @returns {Promise<[string, string]>} A promise that resolves to a tuple containing the assertion hash and signature.
+ * @throws {Error} If the verification fails.
+ */
+async function verify(thiz, aggregateHash, key) {
+    let payload;
+    try {
+        const uj = await (0, jose_1.jwtVerify)(thiz.binding.signature, key.key, {
+            algorithms: [key.alg],
+        });
+        payload = uj.payload;
+    }
+    catch (error) {
+        throw new errors_js_1.InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
+    }
+    const { assertionHash, assertionSig } = payload;
+    // Get the hash of the assertion
+    const hashOfAssertion = await hash(thiz);
+    const combinedHash = aggregateHash + hashOfAssertion;
+    const encodedHash = index_js_1.base64.encode(combinedHash);
+    // check if assertionHash is same as hashOfAssertion
+    if (hashOfAssertion !== assertionHash) {
+        throw new errors_js_1.IntegrityError('Assertion hash mismatch');
+    }
+    // check if assertionSig is same as encodedHash
+    if (assertionSig !== encodedHash) {
+        throw new errors_js_1.IntegrityError('Failed integrity check on assertion signature');
+    }
+}
+exports.verify = verify;
+/**
+ * Creates an Assertion object with the specified properties.
+ */
+async function CreateAssertion(aggregateHash, assertionConfig) {
+    if (!assertionConfig.signingKey) {
+        throw new errors_js_1.ConfigurationError('Assertion signing key is required');
+    }
+    const a = {
+        id: assertionConfig.id,
+        type: assertionConfig.type,
+        scope: assertionConfig.scope,
+        appliesToState: assertionConfig.appliesToState,
+        statement: assertionConfig.statement,
+        // empty binding
+        binding: { method: '', signature: '' },
+    };
+    const assertionHash = await hash(a);
+    const combinedHash = aggregateHash + assertionHash;
+    const encodedHash = index_js_1.base64.encode(combinedHash);
+    return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
+}
+exports.CreateAssertion = CreateAssertion;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEseURBQW1EO0FBQ25ELCtCQUF3RDtBQUN4RCwyREFBMkQ7QUFDM0QsbURBQTJGO0FBb0MzRjs7OztHQUlHO0FBQ0ksS0FBSyxVQUFVLElBQUksQ0FBQyxDQUFZO0lBQ3JDLE1BQU0sTUFBTSxHQUFHLElBQUEsa0NBQWMsRUFBQyxDQUFDLEVBQUUsRUFBRSxPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7SUFFckYsTUFBTSxJQUFJLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUNyRixPQUFPLGNBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUNyQyxDQUFDO0FBTEQsb0JBS0M7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsS0FBSyxVQUFVLElBQUksQ0FDakIsSUFBZSxFQUNmLGFBQXFCLEVBQ3JCLEdBQVcsRUFDWCxHQUFpQjtJQUVqQixNQUFNLE9BQU8sR0FBcUI7UUFDaEMsYUFBYTtRQUNiLFlBQVksRUFBRSxHQUFHO0tBQ2xCLENBQUM7SUFFRixJQUFJLEtBQWEsQ0FBQztJQUNsQixJQUFJO1FBQ0YsS0FBSyxHQUFHLE1BQU0sSUFBSSxjQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsa0JBQWtCLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztLQUN2RjtJQUFDLE9BQU8sS0FBSyxFQUFFO1FBQ2QsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7S0FDbkY7SUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sR0FBRyxLQUFLLENBQUM7SUFDNUIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDO0lBQy9CLE9BQU8sSUFBSSxDQUFDO0FBQ2QsQ0FBQztBQUVELDRHQUE0RztBQUM1RyxTQUFnQixpQkFBaUIsQ0FBQyxHQUFZO0lBQzVDLE9BQU8sQ0FDTCxDQUFDLENBQUMsR0FBRztRQUNMLE9BQU8sR0FBRyxLQUFLLFFBQVE7UUFDdkIsSUFBSSxJQUFJLEdBQUc7UUFDWCxPQUFPLEdBQUcsQ0FBQyxFQUFFLEtBQUssUUFBUTtRQUMxQixNQUFNLElBQUksR0FBRztRQUNiLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUM7UUFDakQsT0FBTyxJQUFJLEdBQUc7UUFDZCxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEtBQUssU0FBUyxDQUFDO1FBQ2hELGdCQUFnQixJQUFJLEdBQUc7UUFDdkIsQ0FBQyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVcsSUFBSSxHQUFHLENBQUMsY0FBYyxLQUFLLGFBQWEsQ0FBQztRQUM1RSxXQUFXLElBQUksR0FBRztRQUNsQixDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVM7UUFDZixPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUTtRQUNqQyxRQUFRLElBQUksR0FBRyxDQUFDLFNBQVM7UUFDekIsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLE9BQU8sSUFBSSxHQUFHLENBQUMsU0FBUyxDQUN6QixDQUFDO0FBQ0osQ0FBQztBQW5CRCw4Q0FtQkM7QUFFRDs7Ozs7O0dBTUc7QUFDSSxLQUFLLFVBQVUsTUFBTSxDQUMxQixJQUFlLEVBQ2YsYUFBcUIsRUFDckIsR0FBaUI7SUFFakIsSUFBSSxPQUF5QixDQUFDO0lBQzlCLElBQUk7UUFDRixNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUEsZ0JBQVMsRUFBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFO1lBQzFELFVBQVUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUM7U0FDdEIsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxHQUFHLEVBQUUsQ0FBQyxPQUEyQixDQUFDO0tBQzFDO0lBQUMsT0FBTyxLQUFLLEVBQUU7UUFDZCxNQUFNLElBQUksNEJBQWdCLENBQUMsK0JBQStCLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztLQUNuRjtJQUNELE1BQU0sRUFBRSxhQUFhLEVBQUUsWUFBWSxFQUFFLEdBQUcsT0FBTyxDQUFDO0lBRWhELGdDQUFnQztJQUNoQyxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN6QyxNQUFNLFlBQVksR0FBRyxhQUFhLEdBQUcsZUFBZSxDQUFDO0lBQ3JELE1BQU0sV0FBVyxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBRWhELG9EQUFvRDtJQUNwRCxJQUFJLGVBQWUsS0FBSyxhQUFhLEVBQUU7UUFDckMsTUFBTSxJQUFJLDBCQUFjLENBQUMseUJBQXlCLENBQUMsQ0FBQztLQUNyRDtJQUVELCtDQUErQztJQUMvQyxJQUFJLFlBQVksS0FBSyxXQUFXLEVBQUU7UUFDaEMsTUFBTSxJQUFJLDBCQUFjLENBQUMsK0NBQStDLENBQUMsQ0FBQztLQUMzRTtBQUNILENBQUM7QUE5QkQsd0JBOEJDO0FBRUQ7O0dBRUc7QUFDSSxLQUFLLFVBQVUsZUFBZSxDQUNuQyxhQUFxQixFQUNyQixlQUFnQztJQUVoQyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRTtRQUMvQixNQUFNLElBQUksOEJBQWtCLENBQUMsbUNBQW1DLENBQUMsQ0FBQztLQUNuRTtJQUVELE1BQU0sQ0FBQyxHQUFjO1FBQ25CLEVBQUUsRUFBRSxlQUFlLENBQUMsRUFBRTtRQUN0QixJQUFJLEVBQUUsZUFBZSxDQUFDLElBQUk7UUFDMUIsS0FBSyxFQUFFLGVBQWUsQ0FBQyxLQUFLO1FBQzVCLGNBQWMsRUFBRSxlQUFlLENBQUMsY0FBYztRQUM5QyxTQUFTLEVBQUUsZUFBZSxDQUFDLFNBQVM7UUFDcEMsZ0JBQWdCO1FBQ2hCLE9BQU8sRUFBRSxFQUFFLE1BQU0sRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRTtLQUN2QyxDQUFDO0lBRUYsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDcEMsTUFBTSxZQUFZLEdBQUcsYUFBYSxHQUFHLGFBQWEsQ0FBQztJQUNuRCxNQUFNLFdBQVcsR0FBRyxpQkFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUVoRCxPQUFPLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUMvRSxDQUFDO0FBdkJELDBDQXVCQyJ9

package/dist/cjs/tdf3/src/binary.js

@@ -0,0 +1,153 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Binary = void 0;
+const errors_js_1 = require("../../src/errors.js");
+const index_js_1 = require("./utils/index.js");
+/**
+ * Provides a binary type that can be initialized with many different forms of
+ * data
+ *
+ * TODO(PLAT-1230): Deprecate this.
+ * 1. asX methods sometimes return copies, sometimes references.
+ * 2. We should be using ArrayBuffer/TypedArray for performance/correctness.
+ * 3. It is confusing how we represent data in Strings, historically leading to
+ *    encoding errors.
+ */
+class Binary {
+    /**
+     * Initializes the binary class from the string
+     */
+    static fromString(data) {
+        return new StringBinary(data);
+    }
+    /**
+     * Initializes the binary class from the base64
+     */
+    static fromBase64(data) {
+        return new ArrayBufferBinary(Uint8Array.from((0, index_js_1.base64ToBytes)(data)).buffer);
+    }
+    /**
+     * Initializes the binary class from an arrayBuffer
+     */
+    static fromArrayBuffer(data) {
+        return new ArrayBufferBinary(data);
+    }
+    /**
+     * Initializes the binary class from an array of bytes
+     */
+    static fromByteArray(data) {
+        return new ByteArrayBinary(data);
+    }
+    isArrayBuffer() {
+        return false;
+    }
+    isByteArray() {
+        return false;
+    }
+    isString() {
+        return false;
+    }
+}
+exports.Binary = Binary;
+function adjustSliceParams(length, start, end) {
+    if (start < 0) {
+        start = length + start;
+    }
+    if (end && end < 0) {
+        end = length + end;
+    }
+    return [start, end];
+}
+class ArrayBufferBinary extends Binary {
+    constructor(value) {
+        super();
+        this.value = value;
+    }
+    asArrayBuffer() {
+        return this.value;
+    }
+    asByteArray() {
+        const uint8Array = new Uint8Array(this.value);
+        return Array.from(uint8Array);
+    }
+    asString(encoding = 'binary') {
+        const uint8Array = new Uint8Array(this.value);
+        return (0, index_js_1.buffToString)(uint8Array, encoding);
+    }
+    isArrayBuffer() {
+        return true;
+    }
+    length() {
+        return this.value.byteLength;
+    }
+    slice(start, end) {
+        const [s, e] = adjustSliceParams(this.value.byteLength, start, end);
+        return new ArrayBufferBinary(this.value.slice(s, e));
+    }
+}
+class ByteArrayBinary extends Binary {
+    constructor(value) {
+        super();
+        this.value = value;
+    }
+    asArrayBuffer() {
+        const buf = new Uint8Array(this.value);
+        return buf.buffer;
+    }
+    asByteArray() {
+        return this.value;
+    }
+    asString(encoding = 'binary') {
+        const uint8Array = new Uint8Array(this.value);
+        return (0, index_js_1.buffToString)(uint8Array, encoding);
+    }
+    isByteArray() {
+        return true;
+    }
+    length() {
+        return this.value.length;
+    }
+    slice(start, end) {
+        const [s, e] = adjustSliceParams(this.length(), start, end);
+        return new ByteArrayBinary(this.value.slice(s, e));
+    }
+}
+class StringBinary extends Binary {
+    constructor(value) {
+        super();
+        this.value = value;
+    }
+    asArrayBuffer() {
+        const { length } = this.value;
+        const buffer = new ArrayBuffer(length);
+        const bufferView = new Uint8Array(buffer);
+        for (let i = 0; i < length; i++) {
+            bufferView[i] = this.value.charCodeAt(i);
+        }
+        return buffer;
+    }
+    asByteArray() {
+        const byteArray = [];
+        for (let i = 0; i < this.value.length; i++) {
+            byteArray.push(this.value.charCodeAt(i));
+        }
+        return byteArray;
+    }
+    asString(encoding) {
+        if (encoding) {
+            throw new errors_js_1.ConfigurationError('Method doesnt accept encoding param, it returns binary string in original format');
+        }
+        return this.value;
+    }
+    isString() {
+        return true;
+    }
+    length() {
+        return this.value.length;
+    }
+    slice(start, end) {
+        const [s, e] = adjustSliceParams(this.value.length, start, end);
+        return new StringBinary(this.value.substring(s, e));
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmluYXJ5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdGRmMy9zcmMvYmluYXJ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLG1EQUF5RDtBQUN6RCwrQ0FBa0Y7QUFFbEY7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBc0IsTUFBTTtJQUMxQjs7T0FFRztJQUNILE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBWTtRQUM1QixPQUFPLElBQUksWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBWTtRQUM1QixPQUFPLElBQUksaUJBQWlCLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFBLHdCQUFhLEVBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsZUFBZSxDQUFDLElBQWlCO1FBQ3RDLE9BQU8sSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsYUFBYSxDQUFDLElBQWM7UUFDakMsT0FBTyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNuQyxDQUFDO0lBRUQsYUFBYTtRQUNYLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVELFdBQVc7UUFDVCxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRCxRQUFRO1FBQ04sT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0NBV0Y7QUFsREQsd0JBa0RDO0FBRUQsU0FBUyxpQkFBaUIsQ0FBQyxNQUFjLEVBQUUsS0FBYSxFQUFFLEdBQVk7SUFDcEUsSUFBSSxLQUFLLEdBQUcsQ0FBQyxFQUFFO1FBQ2IsS0FBSyxHQUFHLE1BQU0sR0FBRyxLQUFLLENBQUM7S0FDeEI7SUFDRCxJQUFJLEdBQUcsSUFBSSxHQUFHLEdBQUcsQ0FBQyxFQUFFO1FBQ2xCLEdBQUcsR0FBRyxNQUFNLEdBQUcsR0FBRyxDQUFDO0tBQ3BCO0lBQ0QsT0FBTyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztBQUN0QixDQUFDO0FBRUQsTUFBTSxpQkFBa0IsU0FBUSxNQUFNO0lBR3BDLFlBQVksS0FBa0I7UUFDNUIsS0FBSyxFQUFFLENBQUM7UUFDUixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRVEsYUFBYTtRQUNwQixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7SUFDcEIsQ0FBQztJQUVRLFdBQVc7UUFDbEIsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRVEsUUFBUSxDQUFDLFdBQThCLFFBQVE7UUFDdEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sSUFBQSx1QkFBWSxFQUFDLFVBQVUsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRVEsYUFBYTtRQUNwQixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFUSxNQUFNO1FBQ2IsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQztJQUMvQixDQUFDO0lBRVEsS0FBSyxDQUFDLEtBQWEsRUFBRSxHQUFZO1FBQ3hDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ3BFLE9BQU8sSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN2RCxDQUFDO0NBQ0Y7QUFFRCxNQUFNLGVBQWdCLFNBQVEsTUFBTTtJQUdsQyxZQUFZLEtBQWU7UUFDekIsS0FBSyxFQUFFLENBQUM7UUFDUixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQixDQUFDO0lBRVEsYUFBYTtRQUNwQixNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDdkMsT0FBTyxHQUFHLENBQUMsTUFBTSxDQUFDO0lBQ3BCLENBQUM7SUFFUSxXQUFXO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQztJQUNwQixDQUFDO0lBRVEsUUFBUSxDQUFDLFdBQThCLFFBQVE7UUFDdEQsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE9BQU8sSUFBQSx1QkFBWSxFQUFDLFVBQVUsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBRVEsV0FBVztRQUNsQixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFUSxNQUFNO1FBQ2IsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQztJQUMzQixDQUFDO0lBRVEsS0FBSyxDQUFDLEtBQWEsRUFBRSxHQUFZO1FBQ3hDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztRQUM1RCxPQUFPLElBQUksZUFBZSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7Q0FDRjtBQUVELE1BQU0sWUFBYSxTQUFRLE1BQU07SUFHL0IsWUFBWSxLQUFhO1FBQ3ZCLEtBQUssRUFBRSxDQUFDO1FBQ1IsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7SUFDckIsQ0FBQztJQUVELGFBQWE7UUFDWCxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQztRQUM5QixNQUFNLE1BQU0sR0FBRyxJQUFJLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN2QyxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMxQyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFO1lBQy9CLFVBQVUsQ0FBQyxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUMxQztRQUNELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxXQUFXO1FBQ1QsTUFBTSxTQUFTLEdBQUcsRUFBRSxDQUFDO1FBQ3JCLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRTtZQUMxQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDMUM7UUFDRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQsUUFBUSxDQUFDLFFBQTRCO1FBQ25DLElBQUksUUFBUSxFQUFFO1lBQ1osTUFBTSxJQUFJLDhCQUFrQixDQUMxQixrRkFBa0YsQ0FDbkYsQ0FBQztTQUNIO1FBQ0QsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDO0lBQ3BCLENBQUM7SUFFUSxRQUFRO1FBQ2YsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQsTUFBTTtRQUNKLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFhLEVBQUUsR0FBWTtRQUMvQixNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxHQUFHLGlCQUFpQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNoRSxPQUFPLElBQUksWUFBWSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RELENBQUM7Q0FDRiJ9

package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AesGcmCipher = void 0;
+const binary_js_1 = require("../binary.js");
+const algorithms_js_1 = require("./algorithms.js");
+const symmetric_cipher_base_js_1 = require("./symmetric-cipher-base.js");
+const index_js_1 = require("../utils/index.js");
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+// Should this be a Binary, Buffer, or... both?
+function processGcmPayload(source) {
+    // Read the 12 byte IV from the beginning of the stream
+    const payloadIv = binary_js_1.Binary.fromArrayBuffer(source.slice(0, 12));
+    // Slice the final 16 bytes of the buffer for the authentication tag
+    const payloadAuthTag = binary_js_1.Binary.fromArrayBuffer(source.slice(-16));
+    return {
+        payload: binary_js_1.Binary.fromArrayBuffer(source.slice(12, -16)),
+        payloadIv,
+        payloadAuthTag,
+    };
+}
+class AesGcmCipher extends symmetric_cipher_base_js_1.SymmetricCipher {
+    constructor(cryptoService) {
+        super(cryptoService);
+        this.name = 'AES-256-GCM';
+        this.ivLength = IV_LENGTH;
+        this.keyLength = KEY_LENGTH;
+    }
+    /**
+     * Encrypts the payload using AES w/ GCM mode.  This function will take the
+     * result from the crypto service and construct the payload automatically from
+     * it's parts.  There is no need to process the payload.
+     */
+    async encrypt(payload, key, iv) {
+        const toConcat = [];
+        const result = await this.cryptoService.encrypt(payload, key, iv, algorithms_js_1.Algorithms.AES_256_GCM);
+        toConcat.push(new Uint8Array(iv.asArrayBuffer()));
+        toConcat.push(new Uint8Array(result.payload.asArrayBuffer()));
+        if (result.authTag) {
+            toConcat.push(new Uint8Array(result.authTag.asArrayBuffer()));
+        }
+        result.payload = binary_js_1.Binary.fromArrayBuffer((0, index_js_1.concatUint8)(toConcat).buffer);
+        return result;
+    }
+    /**
+     * Encrypts the payload using AES w/ CBC mode
+     * @returns
+     */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    async decrypt(buffer, key, iv) {
+        const { payload, payloadIv, payloadAuthTag } = processGcmPayload(buffer);
+        return this.cryptoService.decrypt(payload, key, payloadIv, algorithms_js_1.Algorithms.AES_256_GCM, payloadAuthTag);
+    }
+}
+exports.AesGcmCipher = AesGcmCipher;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWVzLWdjbS1jaXBoZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2Flcy1nY20tY2lwaGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDRDQUFzQztBQUN0QyxtREFBNkM7QUFDN0MseUVBQTZEO0FBQzdELGdEQUFnRDtBQVFoRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxTQUFTLEdBQUcsRUFBRSxDQUFDO0FBT3JCLCtDQUErQztBQUMvQyxTQUFTLGlCQUFpQixDQUFDLE1BQW1CO0lBQzVDLHVEQUF1RDtJQUN2RCxNQUFNLFNBQVMsR0FBRyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRTlELG9FQUFvRTtJQUNwRSxNQUFNLGNBQWMsR0FBRyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUVqRSxPQUFPO1FBQ0wsT0FBTyxFQUFFLGtCQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdEQsU0FBUztRQUNULGNBQWM7S0FDZixDQUFDO0FBQ0osQ0FBQztBQUVELE1BQWEsWUFBYSxTQUFRLDBDQUFlO0lBQy9DLFlBQVksYUFBNEI7UUFDdEMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3JCLElBQUksQ0FBQyxJQUFJLEdBQUcsYUFBYSxDQUFDO1FBQzFCLElBQUksQ0FBQyxRQUFRLEdBQUcsU0FBUyxDQUFDO1FBQzFCLElBQUksQ0FBQyxTQUFTLEdBQUcsVUFBVSxDQUFDO0lBQzlCLENBQUM7SUFFRDs7OztPQUlHO0lBQ00sS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFlLEVBQUUsR0FBVyxFQUFFLEVBQVU7UUFDN0QsTUFBTSxRQUFRLEdBQWlCLEVBQUUsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLDBCQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDMUYsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2xELFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDOUQsSUFBSSxNQUFNLENBQUMsT0FBTyxFQUFFO1lBQ2xCLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7U0FDL0Q7UUFDRCxNQUFNLENBQUMsT0FBTyxHQUFHLGtCQUFNLENBQUMsZUFBZSxDQUFDLElBQUEsc0JBQVcsRUFBQyxRQUFRLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN0RSxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsNkRBQTZEO0lBQ3BELEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBbUIsRUFBRSxHQUFXLEVBQUUsRUFBVztRQUNsRSxNQUFNLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FBRyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV6RSxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUMvQixPQUFPLEVBQ1AsR0FBRyxFQUNILFNBQVMsRUFDVCwwQkFBVSxDQUFDLFdBQVcsRUFDdEIsY0FBYyxDQUNmLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF6Q0Qsb0NBeUNDIn0=

package/dist/cjs/tdf3/src/ciphers/algorithms.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Algorithms = void 0;
+exports.Algorithms = {
+    AES_256_CBC: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
+    AES_256_GCM: 'http://www.w3.org/2009/xmlenc11#aes256-gcm',
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWxnb3JpdGhtcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL2NpcGhlcnMvYWxnb3JpdGhtcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFLYSxRQUFBLFVBQVUsR0FBd0M7SUFDN0QsV0FBVyxFQUFFLDZDQUE2QztJQUMxRCxXQUFXLEVBQUUsNENBQTRDO0NBQzFELENBQUMifQ==

package/dist/cjs/tdf3/src/ciphers/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Algorithms = exports.AesGcmCipher = void 0;
+var aes_gcm_cipher_js_1 = require("./aes-gcm-cipher.js");
+Object.defineProperty(exports, "AesGcmCipher", { enumerable: true, get: function () { return aes_gcm_cipher_js_1.AesGcmCipher; } });
+var algorithms_js_1 = require("./algorithms.js");
+Object.defineProperty(exports, "Algorithms", { enumerable: true, get: function () { return algorithms_js_1.Algorithms; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLHlEQUFtRDtBQUExQyxpSEFBQSxZQUFZLE9BQUE7QUFDckIsaURBQTZDO0FBQXBDLDJHQUFBLFVBQVUsT0FBQSJ9