@opentdf/sdk 0.3.0-beta.2029 → 0.3.0-beta.2166

package/tdf3/src/tdf.ts

@@ -24,7 +24,6 @@ import { generateKeyPair } from '../../src/nanotdf-crypto/generateKeyPair.js';
 import { keyAgreement } from '../../src/nanotdf-crypto/keyAgreement.js';
 import { pemPublicToCrypto } from '../../src/nanotdf-crypto/pemPublicToCrypto.js';
 import { type Chunker } from '../../src/seekable.js';
-import { PolicyObject } from '../../src/tdf/PolicyObject.js';
 import { tdfSpecVersion } from '../../src/version.js';
 import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js';
 import * as assertions from './assertions.js';
@@ -52,13 +51,16 @@ import {
   SplitType,
 } from './models/index.js';
 import { unsigned } from './utils/buffer-crc32.js';
-import { ZipReader, ZipWriter, keyMerge, concatUint8 } from './utils/index.js';
+import { ZipReader, ZipWriter, keyMerge, concatUint8, buffToString } from './utils/index.js';
 import { CentralDirectory } from './utils/zip-reader.js';
 import { ztdfSalt } from './crypto/salt.js';
+import { Payload } from './models/payload.js';
 
 // TODO: input validation on manifest JSON
 const DEFAULT_SEGMENT_SIZE = 1024 * 1024;
 
+const HEX_SEMVER_VERSION = '4.2.2';
+
 /**
  * Configuration for TDF3
  */
@@ -73,12 +75,7 @@ export type EncryptionOptions = {
 
 type KeyMiddleware = DecryptParams['keyMiddleware'];
 
-export type Metadata = {
-  connectOptions?: {
-    testUrl: string;
-  };
-  policyObject?: PolicyObject;
-};
+export type Metadata = unknown;
 
 export type BuildKeyAccess = {
   type: KeyAccessType;
@@ -150,6 +147,7 @@ export type EncryptConfiguration = {
   keyForEncryption: KeyInfo;
   keyForManifest: KeyInfo;
   assertionConfigs?: AssertionConfig[];
+  tdfSpecVersion?: string;
 };
 
 export type DecryptConfiguration = {
@@ -289,10 +287,11 @@ async function _generateManifest(
   keyInfo: KeyInfo,
   encryptionInformation: SplitKey,
   policy: Policy,
-  mimeType: string | undefined
+  mimeType: string | undefined,
+  targetSpecVersion: string | undefined
 ): Promise<Manifest> {
   // (maybe) Fields are quoted to avoid renaming
-  const payload = {
+  const payload: Payload = {
     type: 'reference',
     url: '0.payload',
     protocol: 'zip',
@@ -307,7 +306,8 @@ async function _generateManifest(
     // generate the manifest first, then insert integrity information into it
     encryptionInformation: encryptionInformationStr,
     assertions: assertions,
-    schemaVersion: tdfSpecVersion,
+    // when `targetSpecVersion` is provided, overrides the tdfSpecVersion
+    schemaVersion: targetSpecVersion || tdfSpecVersion,
   };
 }
 
@@ -340,6 +340,30 @@ async function getSignature(
   }
 }
 
+async function getSignatureVersion422(
+  unwrappedKeyBinary: Binary,
+  payloadBinary: Binary,
+  algorithmType: IntegrityAlgorithm,
+  cryptoService: CryptoService
+): Promise<string> {
+  switch (algorithmType.toUpperCase()) {
+    case 'GMAC':
+      // use the auth tag baked into the encrypted payload
+      return buffToString(Uint8Array.from(payloadBinary.asByteArray()).slice(-16), 'hex');
+    case 'HS256':
+      return await cryptoService.hmac(
+        buffToString(new Uint8Array(unwrappedKeyBinary.asArrayBuffer()), 'hex'),
+        buffToString(new Uint8Array(payloadBinary.asArrayBuffer()), 'utf-8')
+      );
+    default:
+      throw new ConfigurationError(`Unsupported signature alg [${algorithmType}]`);
+  }
+}
+
+function isTargetSpecLegacyTDF(targetSpecVersion?: string): boolean {
+  return targetSpecVersion === HEX_SEMVER_VERSION;
+}
+
 export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedReadableStream> {
   if (!cfg.authProvider) {
     throw new ConfigurationError('No authorization middleware defined');
@@ -368,6 +392,7 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
   let bytesProcessed = 0;
   let crcCounter = 0;
   let fileByteCount = 0;
+  let aggregateHash422 = '';
   const segmentHashList: Uint8Array[] = [];
 
   const zipWriter = new ZipWriter();
@@ -375,7 +400,8 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
     cfg.keyForManifest,
     cfg.encryptionInformation,
     cfg.policy,
-    cfg.mimeType
+    cfg.mimeType,
+    cfg.tdfSpecVersion ?? '4.3.0'
   );
 
   if (!manifest) {
@@ -460,17 +486,30 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
         crcCounter = 0;
         fileByteCount = 0;
 
-        // hash the concat of all hashes
-        const aggregateHash = await concatenateUint8Array(segmentHashList);
-
-        const payloadSig = await getSignature(
-          new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
-          aggregateHash,
-          cfg.integrityAlgorithm
-        );
+        let aggregateHash: string | Uint8Array;
+        if (isTargetSpecLegacyTDF(cfg.tdfSpecVersion)) {
+          aggregateHash = aggregateHash422;
+          const payloadSigStr = await getSignatureVersion422(
+            cfg.keyForEncryption.unwrappedKeyBinary,
+            Binary.fromString(aggregateHash),
+            cfg.integrityAlgorithm,
+            cfg.cryptoService
+          );
+          manifest.encryptionInformation.integrityInformation.rootSignature.sig =
+            base64.encode(payloadSigStr);
+        } else {
+          // hash the concat of all hashes
+          aggregateHash = await concatenateUint8Array(segmentHashList);
+
+          const payloadSig = await getSignature(
+            new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+            aggregateHash,
+            cfg.integrityAlgorithm
+          );
 
-        const rootSig = base64.encodeArrayBuffer(payloadSig);
-        manifest.encryptionInformation.integrityInformation.rootSignature.sig = rootSig;
+          const rootSig = base64.encodeArrayBuffer(payloadSig);
+          manifest.encryptionInformation.integrityInformation.rootSignature.sig = rootSig;
+        }
         manifest.encryptionInformation.integrityInformation.rootSignature.alg =
           cfg.integrityAlgorithm;
 
@@ -576,16 +615,30 @@ export async function writeStream(cfg: EncryptConfiguration): Promise<DecoratedR
       cfg.keyForEncryption.unwrappedKeyBinary
     );
     const payloadBuffer = new Uint8Array(encryptedResult.payload.asByteArray());
-    const payloadSig = await getSignature(
-      new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
-      new Uint8Array(encryptedResult.payload.asArrayBuffer()),
-      cfg.segmentIntegrityAlgorithm
-    );
+    let hash: string;
+    if (isTargetSpecLegacyTDF(cfg.tdfSpecVersion)) {
+      const payloadSigStr = await getSignatureVersion422(
+        cfg.keyForEncryption.unwrappedKeyBinary,
+        encryptedResult.payload,
+        cfg.segmentIntegrityAlgorithm,
+        cfg.cryptoService
+      );
+      // combined string of all hashes for root signature
+      aggregateHash422 += payloadSigStr;
+      hash = base64.encode(payloadSigStr);
+    } else {
+      const payloadSig = await getSignature(
+        new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()),
+        new Uint8Array(encryptedResult.payload.asArrayBuffer()),
+        cfg.segmentIntegrityAlgorithm
+      );
 
-    segmentHashList.push(new Uint8Array(payloadSig));
+      segmentHashList.push(new Uint8Array(payloadSig));
+      hash = base64.encodeArrayBuffer(payloadSig);
+    }
 
     segmentInfos.push({
-      hash: base64.encodeArrayBuffer(payloadSig),
+      hash,
       segmentSize: chunk.length === segmentSizeDefault ? undefined : chunk.length,
       encryptedSegmentSize:
         payloadBuffer.length === encryptedSegmentSizeDefault ? undefined : payloadBuffer.length,
@@ -795,7 +848,7 @@ async function decryptChunk(
   hash: string,
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
-  isLegacyTDF: boolean
+  specVersion: string
 ): Promise<DecryptResult> {
   if (segmentIntegrityAlgorithm !== 'GMAC' && segmentIntegrityAlgorithm !== 'HS256') {
     throw new UnsupportedError(`Unsupported integrity alg [${segmentIntegrityAlgorithm}]`);
@@ -806,7 +859,7 @@ async function decryptChunk(
     segmentIntegrityAlgorithm
   );
 
-  const segmentHash = isLegacyTDF
+  const segmentHash = isTargetSpecLegacyTDF(specVersion)
     ? base64.encode(hex.encodeArrayBuffer(segmentSig))
     : base64.encodeArrayBuffer(segmentSig);
 
@@ -824,7 +877,7 @@ async function updateChunkQueue(
   cipher: SymmetricCipher,
   segmentIntegrityAlgorithm: IntegrityAlgorithm,
   cryptoService: CryptoService,
-  isLegacyTDF: boolean
+  specVersion: string
 ) {
   const chunksInOneDownload = 500;
   let requests = [];
@@ -865,7 +918,7 @@ async function updateChunkQueue(
             slice,
             cipher,
             segmentIntegrityAlgorithm,
-            isLegacyTDF,
+            specVersion,
           });
         }
       })()
@@ -879,7 +932,7 @@ export async function sliceAndDecrypt({
   slice,
   cipher,
   segmentIntegrityAlgorithm,
-  isLegacyTDF,
+  specVersion,
 }: {
   buffer: Uint8Array;
   reconstructedKeyBinary: Binary;
@@ -887,7 +940,7 @@ export async function sliceAndDecrypt({
   cipher: SymmetricCipher;
   cryptoService: CryptoService;
   segmentIntegrityAlgorithm: IntegrityAlgorithm;
-  isLegacyTDF: boolean;
+  specVersion: string;
 }) {
   for (const index in slice) {
     const { encryptedOffset, encryptedSegmentSize, plainSegmentSize } = slice[index];
@@ -909,7 +962,7 @@ export async function sliceAndDecrypt({
         slice[index]['hash'],
         cipher,
         segmentIntegrityAlgorithm,
-        isLegacyTDF
+        specVersion
       );
       if (plainSegmentSize && result.payload.length() !== plainSegmentSize) {
         throw new DecryptError(
@@ -965,8 +1018,8 @@ export async function decryptStreamFrom(
   const encryptedSegmentSizeDefault = defaultSegmentSize || DEFAULT_SEGMENT_SIZE;
 
   // check if the TDF is a legacy TDF
-  const specVersion = manifest.schemaVersion || manifest.tdf_spec_version;
-  const isLegacyTDF = !specVersion || specVersion.startsWith('3.');
+  const specVersion = manifest.schemaVersion || manifest.tdf_spec_version || '4.2.2';
+  const isLegacyTDF = isTargetSpecLegacyTDF(specVersion);
 
   // Decode each hash and store it in an array of Uint8Array
   const segmentHashList = segments.map(
@@ -1052,7 +1105,7 @@ export async function decryptStreamFrom(
     cipher,
     segmentIntegrityAlg,
     cfg.cryptoService,
-    isLegacyTDF
+    specVersion
   );
 
   let progress = 0;

package/dist/cjs/src/tdf/PolicyObject.js

@@ -1,3 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3lPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/tdf3/src/models/attribute-set.js

@@ -1,122 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AttributeSet = void 0;
-const jose_1 = require("jose");
-class AttributeSet {
-    constructor() {
-        this.verbose = false;
-        this.attributes = [];
-    }
-    /**
-     * Check if attribute is in the list
-     * @param attribute URL of the attribute
-     * @return if attribute is in the set
-     */
-    has(attribute = '') {
-        // This could be much more elegant with something other than an
-        // array as the data structure. This is OK-ish only because the
-        // expected size of the data structure is small
-        // console.log(">>> ----- Has Attribute" + attribute);
-        return !!this.attributes.find((attrObj) => attrObj.attribute === attribute);
-    }
-    /**
-     * Get an attribute by URL
-     * @param  attribute URL of the attribute
-     * @return attribute in object form, if found
-     */
-    get(attribute = '') {
-        // This could be much more elegant with something other than an
-        // array as the data structure. This is OK-ish only because the
-        // expected size of the data structure is small
-        // console.log(">>> ----- Get Attribute" + attribute);
-        const result = this.attributes.filter((attrObj) => attrObj.attribute == attribute);
-        return result.length > 0 ? result[0] : null;
-    }
-    /**
-     * Get all the attributes.
-     * @return default attribute in object form or null
-     */
-    getDefault() {
-        return this.defaultAttribute || null;
-    }
-    /**
-     * Get the default attribute, if it exists.
-     * @return return all the attribute urls
-     */
-    getUrls() {
-        return this.attributes.map((attr) => attr.attribute);
-    }
-    /**
-     * Add an attribute to the set. Should be idempotent.
-     * @param attrObj AttributeObject to add, in non-JWT form
-     * @return the attribute object if successful, or null
-     */
-    addAttribute(attrObj) {
-        // Check for duplicate entries to assure idempotency.
-        if (this.has(attrObj.attribute)) {
-            // This may be a common occurance, so only un-comment this log message
-            // if you want verbose mode.
-            // console.log(`Attribute ${attrObj.attribute} is already loaded.`);
-            return null; // reject silently
-        }
-        if (attrObj.isDefault === true) {
-            if (this.defaultAttribute && this.defaultAttribute.attribute !== attrObj.attribute) {
-                // Remove the existing default attribute to make room for the new one
-                this.deleteAttribute(this.defaultAttribute.attribute);
-            }
-            this.defaultAttribute = attrObj;
-        }
-        this.attributes.push(attrObj);
-        return attrObj;
-    }
-    /**
-     * Delete an attribute from the set. Should be idempotent.
-     * @param attrUrl - URL of Attribute object to delete.
-     * @return The attribute object if successful or null if not
-     */
-    deleteAttribute(attrUrl = '') {
-        const deleted = this.get(attrUrl);
-        if (deleted) {
-            this.attributes = this.attributes.filter((attrObj) => attrObj.attribute != attrUrl);
-        }
-        return deleted;
-    }
-    /**
-     * Add a list of attributes in object form
-     * @param  attributes List of attribute objects as provided in an EntityObject
-     * @param  easPublicKey EAS public key for decrypting the JWTs
-     * @return list of attribute objects
-     */
-    addAttributes(attributes = []) {
-        return attributes
-            .map((attrObj) => {
-            return this.addAttribute(attrObj); // Returns promise
-        })
-            .filter((x) => x);
-    }
-    /**
-     * Add an attribute in JWT form = { jwt: <string jwt> }
-     * @param  {Object} jwtAttribute - Attribute object in JWT form.
-     * @return {Object} - Decrypted and added attribute object
-     */
-    addJwtAttribute(jwtAttribute) {
-        const attrJwt = jwtAttribute?.jwt;
-        // Can't verify the JWT because the client does not have the easPublicKey,
-        // but the contents of the JWT can be decoded.
-        const attrObjPayload = attrJwt && (0, jose_1.decodeJwt)(attrJwt);
-        if (!attrObjPayload) {
-            return null;
-        }
-        // JWT payloads contain many things, incluing .iat and .exp. This
-        // extraneous material should be stripped away before adding the
-        // attribute to the attributeSet.
-        const { attribute, displayName, pubKey, kasUrl } = attrObjPayload;
-        const attrObj = { attribute, displayName, pubKey, kasUrl, jwt: attrJwt };
-        if (attrObjPayload.isDefault) {
-            attrObj.isDefault = !!attrObjPayload.isDefault;
-        }
-        return this.addAttribute(attrObj);
-    }
-}
-exports.AttributeSet = AttributeSet;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlLXNldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9hdHRyaWJ1dGUtc2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtCQUFpQztBQVlqQyxNQUFhLFlBQVk7SUFPdkI7UUFKQSxZQUFPLEdBQVksS0FBSyxDQUFDO1FBS3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsR0FBRyxDQUFDLFNBQVMsR0FBRyxFQUFFO1FBQ2hCLCtEQUErRDtRQUMvRCwrREFBK0Q7UUFDL0QsK0NBQStDO1FBQy9DLHNEQUFzRDtRQUN0RCxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxTQUFTLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEdBQUcsQ0FBQyxTQUFTLEdBQUcsRUFBRTtRQUNoQiwrREFBK0Q7UUFDL0QsK0RBQStEO1FBQy9ELCtDQUErQztRQUMvQyxzREFBc0Q7UUFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksU0FBUyxDQUFDLENBQUM7UUFDbkYsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7T0FHRztJQUNILFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxJQUFJLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7T0FHRztJQUNILE9BQU87UUFDTCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsT0FBd0I7UUFDbkMscURBQXFEO1FBQ3JELElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxzRUFBc0U7WUFDdEUsNEJBQTRCO1lBQzVCLG9FQUFvRTtZQUNwRSxPQUFPLElBQUksQ0FBQyxDQUFDLGtCQUFrQjtRQUNqQyxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsU0FBUyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQy9CLElBQUksSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLEtBQUssT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUNuRixxRUFBcUU7Z0JBQ3JFLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELENBQUM7WUFDRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsT0FBTyxDQUFDO1FBQ2xDLENBQUM7UUFDRCxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGVBQWUsQ0FBQyxPQUFPLEdBQUcsRUFBRTtRQUMxQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xDLElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsU0FBUyxJQUFJLE9BQU8sQ0FBQyxDQUFDO1FBQ3RGLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxhQUFhLENBQUMsYUFBZ0MsRUFBRTtRQUM5QyxPQUFPLFVBQVU7YUFDZCxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUNmLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGtCQUFrQjtRQUN2RCxDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsZUFBZSxDQUFDLFlBQTZCO1FBQzNDLE1BQU0sT0FBTyxHQUFHLFlBQVksRUFBRSxHQUFHLENBQUM7UUFDbEMsMEVBQTBFO1FBQzFFLDhDQUE4QztRQUM5QyxNQUFNLGNBQWMsR0FBRyxPQUFPLElBQUksSUFBQSxnQkFBUyxFQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3JELElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUNwQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxpRUFBaUU7UUFDakUsZ0VBQWdFO1FBQ2hFLGlDQUFpQztRQUNqQyxNQUFNLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsY0FBaUMsQ0FBQztRQUNyRixNQUFNLE9BQU8sR0FBb0IsRUFBRSxTQUFTLEVBQUUsV0FBVyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzFGLElBQUksY0FBYyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzdCLE9BQU8sQ0FBQyxTQUFTLEdBQUcsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUM7UUFDakQsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwQyxDQUFDO0NBQ0Y7QUFqSUQsb0NBaUlDIn0=

package/dist/types/src/tdf/PolicyObject.d.ts

@@ -1,10 +0,0 @@
-import { type AttributeObject } from './AttributeObject.js';
-export interface PolicyObjectBody {
-    readonly dataAttributes: AttributeObject[];
-    readonly dissem: string[];
-}
-export interface PolicyObject {
-    readonly uuid: string;
-    readonly body: PolicyObjectBody;
-}
-//# sourceMappingURL=PolicyObject.d.ts.map

package/dist/types/src/tdf/PolicyObject.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PolicyObject.d.ts","sourceRoot":"","sources":["../../../../src/tdf/PolicyObject.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,cAAc,EAAE,eAAe,EAAE,CAAC;IAC3C,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;CACjC"}

package/dist/types/tdf3/src/models/attribute-set.d.ts

@@ -1,65 +0,0 @@
-export type AttributeObject = {
-    attribute: string;
-    kasUrl?: string;
-    kid?: string;
-    pubKey?: string;
-    displayName?: string;
-    isDefault?: boolean;
-    jwt?: string;
-};
-export declare class AttributeSet {
-    attributes: AttributeObject[];
-    verbose: boolean;
-    defaultAttribute?: AttributeObject;
-    constructor();
-    /**
-     * Check if attribute is in the list
-     * @param attribute URL of the attribute
-     * @return if attribute is in the set
-     */
-    has(attribute?: string): boolean;
-    /**
-     * Get an attribute by URL
-     * @param  attribute URL of the attribute
-     * @return attribute in object form, if found
-     */
-    get(attribute?: string): AttributeObject | null;
-    /**
-     * Get all the attributes.
-     * @return default attribute in object form or null
-     */
-    getDefault(): AttributeObject | null;
-    /**
-     * Get the default attribute, if it exists.
-     * @return return all the attribute urls
-     */
-    getUrls(): string[];
-    /**
-     * Add an attribute to the set. Should be idempotent.
-     * @param attrObj AttributeObject to add, in non-JWT form
-     * @return the attribute object if successful, or null
-     */
-    addAttribute(attrObj: AttributeObject): AttributeObject | null;
-    /**
-     * Delete an attribute from the set. Should be idempotent.
-     * @param attrUrl - URL of Attribute object to delete.
-     * @return The attribute object if successful or null if not
-     */
-    deleteAttribute(attrUrl?: string): AttributeObject | null;
-    /**
-     * Add a list of attributes in object form
-     * @param  attributes List of attribute objects as provided in an EntityObject
-     * @param  easPublicKey EAS public key for decrypting the JWTs
-     * @return list of attribute objects
-     */
-    addAttributes(attributes?: AttributeObject[]): (AttributeObject | null)[];
-    /**
-     * Add an attribute in JWT form = { jwt: <string jwt> }
-     * @param  {Object} jwtAttribute - Attribute object in JWT form.
-     * @return {Object} - Decrypted and added attribute object
-     */
-    addJwtAttribute(jwtAttribute: {
-        jwt: string;
-    }): AttributeObject | null;
-}
-//# sourceMappingURL=attribute-set.d.ts.map

package/dist/types/tdf3/src/models/attribute-set.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"attribute-set.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/models/attribute-set.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,eAAe,GAAG;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,qBAAa,YAAY;IACvB,UAAU,EAAE,eAAe,EAAE,CAAC;IAE9B,OAAO,EAAE,OAAO,CAAS;IAEzB,gBAAgB,CAAC,EAAE,eAAe,CAAC;;IAMnC;;;;OAIG;IACH,GAAG,CAAC,SAAS,SAAK,GAAG,OAAO;IAQ5B;;;;OAIG;IACH,GAAG,CAAC,SAAS,SAAK,GAAG,eAAe,GAAG,IAAI;IAS3C;;;OAGG;IACH,UAAU,IAAI,eAAe,GAAG,IAAI;IAIpC;;;OAGG;IACH,OAAO,IAAI,MAAM,EAAE;IAInB;;;;OAIG;IACH,YAAY,CAAC,OAAO,EAAE,eAAe,GAAG,eAAe,GAAG,IAAI;IAoB9D;;;;OAIG;IACH,eAAe,CAAC,OAAO,SAAK,GAAG,eAAe,GAAG,IAAI;IAQrD;;;;;OAKG;IACH,aAAa,CAAC,UAAU,GAAE,eAAe,EAAO,GAAG,CAAC,eAAe,GAAG,IAAI,CAAC,EAAE;IAQ7E;;;;OAIG;IACH,eAAe,CAAC,YAAY,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE;CAkB9C"}

package/dist/web/src/tdf/PolicyObject.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3lPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/tdf3/src/models/attribute-set.js

@@ -1,118 +0,0 @@
-import { decodeJwt } from 'jose';
-export class AttributeSet {
-    constructor() {
-        this.verbose = false;
-        this.attributes = [];
-    }
-    /**
-     * Check if attribute is in the list
-     * @param attribute URL of the attribute
-     * @return if attribute is in the set
-     */
-    has(attribute = '') {
-        // This could be much more elegant with something other than an
-        // array as the data structure. This is OK-ish only because the
-        // expected size of the data structure is small
-        // console.log(">>> ----- Has Attribute" + attribute);
-        return !!this.attributes.find((attrObj) => attrObj.attribute === attribute);
-    }
-    /**
-     * Get an attribute by URL
-     * @param  attribute URL of the attribute
-     * @return attribute in object form, if found
-     */
-    get(attribute = '') {
-        // This could be much more elegant with something other than an
-        // array as the data structure. This is OK-ish only because the
-        // expected size of the data structure is small
-        // console.log(">>> ----- Get Attribute" + attribute);
-        const result = this.attributes.filter((attrObj) => attrObj.attribute == attribute);
-        return result.length > 0 ? result[0] : null;
-    }
-    /**
-     * Get all the attributes.
-     * @return default attribute in object form or null
-     */
-    getDefault() {
-        return this.defaultAttribute || null;
-    }
-    /**
-     * Get the default attribute, if it exists.
-     * @return return all the attribute urls
-     */
-    getUrls() {
-        return this.attributes.map((attr) => attr.attribute);
-    }
-    /**
-     * Add an attribute to the set. Should be idempotent.
-     * @param attrObj AttributeObject to add, in non-JWT form
-     * @return the attribute object if successful, or null
-     */
-    addAttribute(attrObj) {
-        // Check for duplicate entries to assure idempotency.
-        if (this.has(attrObj.attribute)) {
-            // This may be a common occurance, so only un-comment this log message
-            // if you want verbose mode.
-            // console.log(`Attribute ${attrObj.attribute} is already loaded.`);
-            return null; // reject silently
-        }
-        if (attrObj.isDefault === true) {
-            if (this.defaultAttribute && this.defaultAttribute.attribute !== attrObj.attribute) {
-                // Remove the existing default attribute to make room for the new one
-                this.deleteAttribute(this.defaultAttribute.attribute);
-            }
-            this.defaultAttribute = attrObj;
-        }
-        this.attributes.push(attrObj);
-        return attrObj;
-    }
-    /**
-     * Delete an attribute from the set. Should be idempotent.
-     * @param attrUrl - URL of Attribute object to delete.
-     * @return The attribute object if successful or null if not
-     */
-    deleteAttribute(attrUrl = '') {
-        const deleted = this.get(attrUrl);
-        if (deleted) {
-            this.attributes = this.attributes.filter((attrObj) => attrObj.attribute != attrUrl);
-        }
-        return deleted;
-    }
-    /**
-     * Add a list of attributes in object form
-     * @param  attributes List of attribute objects as provided in an EntityObject
-     * @param  easPublicKey EAS public key for decrypting the JWTs
-     * @return list of attribute objects
-     */
-    addAttributes(attributes = []) {
-        return attributes
-            .map((attrObj) => {
-            return this.addAttribute(attrObj); // Returns promise
-        })
-            .filter((x) => x);
-    }
-    /**
-     * Add an attribute in JWT form = { jwt: <string jwt> }
-     * @param  {Object} jwtAttribute - Attribute object in JWT form.
-     * @return {Object} - Decrypted and added attribute object
-     */
-    addJwtAttribute(jwtAttribute) {
-        const attrJwt = jwtAttribute?.jwt;
-        // Can't verify the JWT because the client does not have the easPublicKey,
-        // but the contents of the JWT can be decoded.
-        const attrObjPayload = attrJwt && decodeJwt(attrJwt);
-        if (!attrObjPayload) {
-            return null;
-        }
-        // JWT payloads contain many things, incluing .iat and .exp. This
-        // extraneous material should be stripped away before adding the
-        // attribute to the attributeSet.
-        const { attribute, displayName, pubKey, kasUrl } = attrObjPayload;
-        const attrObj = { attribute, displayName, pubKey, kasUrl, jwt: attrJwt };
-        if (attrObjPayload.isDefault) {
-            attrObj.isDefault = !!attrObjPayload.isDefault;
-        }
-        return this.addAttribute(attrObj);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlLXNldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9hdHRyaWJ1dGUtc2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFZakMsTUFBTSxPQUFPLFlBQVk7SUFPdkI7UUFKQSxZQUFPLEdBQVksS0FBSyxDQUFDO1FBS3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsR0FBRyxDQUFDLFNBQVMsR0FBRyxFQUFFO1FBQ2hCLCtEQUErRDtRQUMvRCwrREFBK0Q7UUFDL0QsK0NBQStDO1FBQy9DLHNEQUFzRDtRQUN0RCxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxTQUFTLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEdBQUcsQ0FBQyxTQUFTLEdBQUcsRUFBRTtRQUNoQiwrREFBK0Q7UUFDL0QsK0RBQStEO1FBQy9ELCtDQUErQztRQUMvQyxzREFBc0Q7UUFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksU0FBUyxDQUFDLENBQUM7UUFDbkYsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7T0FHRztJQUNILFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxJQUFJLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7T0FHRztJQUNILE9BQU87UUFDTCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsT0FBd0I7UUFDbkMscURBQXFEO1FBQ3JELElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUNoQyxzRUFBc0U7WUFDdEUsNEJBQTRCO1lBQzVCLG9FQUFvRTtZQUNwRSxPQUFPLElBQUksQ0FBQyxDQUFDLGtCQUFrQjtRQUNqQyxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsU0FBUyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQy9CLElBQUksSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLEtBQUssT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUNuRixxRUFBcUU7Z0JBQ3JFLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELENBQUM7WUFDRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsT0FBTyxDQUFDO1FBQ2xDLENBQUM7UUFDRCxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGVBQWUsQ0FBQyxPQUFPLEdBQUcsRUFBRTtRQUMxQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xDLElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsU0FBUyxJQUFJLE9BQU8sQ0FBQyxDQUFDO1FBQ3RGLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxhQUFhLENBQUMsYUFBZ0MsRUFBRTtRQUM5QyxPQUFPLFVBQVU7YUFDZCxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUNmLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGtCQUFrQjtRQUN2RCxDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsZUFBZSxDQUFDLFlBQTZCO1FBQzNDLE1BQU0sT0FBTyxHQUFHLFlBQVksRUFBRSxHQUFHLENBQUM7UUFDbEMsMEVBQTBFO1FBQzFFLDhDQUE4QztRQUM5QyxNQUFNLGNBQWMsR0FBRyxPQUFPLElBQUksU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3JELElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUNwQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxpRUFBaUU7UUFDakUsZ0VBQWdFO1FBQ2hFLGlDQUFpQztRQUNqQyxNQUFNLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsY0FBaUMsQ0FBQztRQUNyRixNQUFNLE9BQU8sR0FBb0IsRUFBRSxTQUFTLEVBQUUsV0FBVyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE9BQU8sRUFBRSxDQUFDO1FBQzFGLElBQUksY0FBYyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzdCLE9BQU8sQ0FBQyxTQUFTLEdBQUcsQ0FBQyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUM7UUFDakQsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwQyxDQUFDO0NBQ0YifQ==

package/src/tdf/PolicyObject.ts

@@ -1,11 +0,0 @@
-import { type AttributeObject } from './AttributeObject.js';
-
-export interface PolicyObjectBody {
-  readonly dataAttributes: AttributeObject[];
-  readonly dissem: string[];
-}
-
-export interface PolicyObject {
-  readonly uuid: string;
-  readonly body: PolicyObjectBody;
-}