@opentdf/sdk 0.8.0-beta.74 → 0.8.0-rc.73

package/README.md

@@ -1,9 +1,12 @@
 # An OpenTDF Library for Browser Applications
 
-This project presents client code to write and read OpenTDF data formats (ZTDF).
+This project presents client code to write and read a OpenTDF data formats. This included NanoTDF
+and collections and Base TDF3.
 
 ## Usage
 
+### NanoTDF
+
 ```typescript
 import { type Chunker, OpenTDF } from '@opentdf/sdk';
 
@@ -21,14 +24,36 @@ const client = new OpenTDF({
   },
   dpopKeys: authProvider.getSigningKey(),
 });
+const cipherText = await client.createNanoTDF({
+  source: { type: 'stream', location: source },
+});
+
+const clearText = await client.read({ type: 'stream', location: cipherText });
+```
+
+### ZTDF
 
-// Encrypt
+```typescript
+import { type Chunker, OpenTDF } from '@opentdf/sdk';
+
+const oidcCredentials: RefreshTokenCredentials = {
+  clientId: keycloakClientId,
+  exchange: 'refresh',
+  refreshToken: refreshToken,
+  oidcOrigin: keycloakUrl,
+};
+const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
+const client = new OpenTDF({
+  authProvider,
+  defaultCreateOptions: {
+    defaultKASEndpoint: kasEndpoint, // Server used for Key Access Control
+  },
+  dpopKeys: authProvider.getSigningKey(),
+});
 const cipherText = await client.createZTDF({
   source: { type: 'stream', location: source },
   autoconfigure: false,
 });
 
-// Decrypt
-const reader = client.open({ source: { type: 'stream', location: cipherText } });
-const clearText = await reader.decrypt();
+const clearText = await client.read({ type: 'stream', location: cipherText });
 ```

package/dist/cjs/src/nanoclients.js

@@ -0,0 +1,292 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NanoTDFDatasetClient = exports.NanoTDFClient = void 0;
+const index_js_1 = require("./nanotdf/index.js");
+const index_js_2 = require("./nanotdf-crypto/index.js");
+const Policy_js_1 = require("./tdf/Policy.js");
+const access_js_1 = require("./access.js");
+const errors_js_1 = require("./errors.js");
+// Define default options
+const defaultOptions = {
+    ecdsaBinding: false,
+};
+/**
+ * NanoTDF SDK Client. Deprecated in favor of OpenTDF.
+ *
+ */
+class NanoTDFClient extends index_js_1.Client {
+    /**
+     * Decrypt ciphertext
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    async decrypt(ciphertext) {
+        // Parse ciphertext
+        const nanotdf = index_js_1.NanoTDF.from(ciphertext);
+        // TODO: The version number should be fetched from the API
+        const version = '0.0.1';
+        const kasUrl = nanotdf.header.getKasRewrapUrl();
+        // Rewrap key on every request
+        const { unwrappedKey: ukey } = await this.rewrapKey(nanotdf.header.toBuffer(), kasUrl, nanotdf.header.magicNumberVersion, version);
+        if (!ukey) {
+            throw new Error('internal: key rewrap failure');
+        }
+        // Return decrypt promise
+        return (0, index_js_1.decrypt)(ukey, nanotdf);
+    }
+    /**
+     * Decrypt ciphertext of the legacy TDF, with the older, smaller i.v. calculation.
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    async decryptLegacyTDF(ciphertext) {
+        // Parse ciphertext
+        const nanotdf = index_js_1.NanoTDF.from(ciphertext, undefined, true);
+        const legacyVersion = '0.0.0';
+        // Rewrap key on every request
+        const { unwrappedKey: key } = await this.rewrapKey(nanotdf.header.toBuffer(), nanotdf.header.getKasRewrapUrl(), nanotdf.header.magicNumberVersion, legacyVersion);
+        if (!key) {
+            throw new Error('internal: failed unwrap');
+        }
+        // Return decrypt promise
+        return (0, index_js_1.decrypt)(key, nanotdf);
+    }
+    /**
+     * Encrypts the given data using the NanoTDF encryption scheme.
+     *
+     * @param data The data to be encrypted.
+     * @param options The encryption options (currently unused).
+     * @returns A promise that resolves to the encrypted data as an ArrayBuffer.
+     * @throws If the initialization vector is not a number.
+     */
+    async encrypt(data, options) {
+        // For encrypt always generate the client ephemeralKeyPair
+        const ephemeralKeyPair = await this.ephemeralKeyPair;
+        const initializationVector = this.iv;
+        if (typeof initializationVector !== 'number') {
+            throw new errors_js_1.ConfigurationError('NanoTDF clients are single use. Please generate a new client and keypair.');
+        }
+        delete this.iv;
+        if (!this.kasPubKey) {
+            this.kasPubKey = await (0, access_js_1.fetchECKasPubKey)(this.kasUrl);
+        }
+        // Create a policy for the tdf
+        const policy = new Policy_js_1.PolicyBuilder();
+        // Add data attributes.
+        for (const dataAttribute of this.dataAttributes) {
+            const attribute = {
+                attribute: dataAttribute,
+                pubKey: this.kasPubKey.publicKey,
+                kasUrl: this.kasUrl,
+            };
+            policy.addAttribute(attribute);
+        }
+        if (this.dissems.length == 0 && this.dataAttributes.length == 0) {
+            console.warn('This policy has an empty attributes list and an empty dissemination list. This will allow any entity with a valid Entity Object to access this TDF.');
+        }
+        // Encrypt the policy.
+        const policyObjectAsStr = policy.toJSON();
+        // IV is always '1', since the new keypair is generated on encrypt
+        // using the same key is fine.
+        const lengthAsUint32 = new Uint32Array(1);
+        lengthAsUint32[0] = initializationVector;
+        const lengthAsUint24 = new Uint8Array(lengthAsUint32.buffer);
+        // NOTE: We are only interested in only first 3 bytes.
+        const payloadIV = new Uint8Array(12).fill(0);
+        payloadIV[9] = lengthAsUint24[2];
+        payloadIV[10] = lengthAsUint24[1];
+        payloadIV[11] = lengthAsUint24[0];
+        const mergedOptions = { ...defaultOptions, ...options };
+        return (0, index_js_1.encrypt)(policyObjectAsStr, this.kasPubKey, ephemeralKeyPair, payloadIV, data, mergedOptions.ecdsaBinding);
+    }
+}
+exports.NanoTDFClient = NanoTDFClient;
+/**
+ * NanoTDF Dataset SDK Client
+ *
+ *
+ * @example
+ * ```
+ * import { clientSecretAuthProvider, NanoTDFDatasetClient } from '@opentdf/sdk';
+ *
+ * const OIDC_ENDPOINT = 'http://localhost:65432/auth/realms/opentdf';
+ * const KAS_URL = 'http://localhost:65432/api/kas/';
+ *
+ * const ciphertext = '...';
+ * const client = new NanoTDFDatasetClient({
+ *   authProvider: await clientSecretAuthProvider({
+ *     clientId: 'tdf-client',
+ *     clientSecret: '123-456',
+ *     exchange: 'client',
+ *     oidcOrigin: OIDC_ENDPOINT,
+ *   }),
+ *   kasEndpoint: KAS_URL,
+ * });
+ * const plaintext = client.decrypt(ciphertext);
+ * console.log('Plaintext', plaintext);
+ * ```
+ */
+class NanoTDFDatasetClient extends index_js_1.Client {
+    /**
+     * Create new NanoTDF Dataset Client
+     *
+     * The Ephemeral Key Pair can either be provided or will be generate when fetching the entity object. Once set it
+     * cannot be changed. If a new ephemeral key is desired it a new client should be initialized.
+     * There is no performance impact for creating a new client IFF the ephemeral key pair is provided.
+     *
+     * @param clientConfig OIDC client credentials
+     * @param kasUrl Key access service URL
+     * @param ephemeralKeyPair (optional) ephemeral key pair to use
+     * @param maxKeyIterations Max iteration to performe without a key rotation
+     */
+    constructor(opts) {
+        if (opts.maxKeyIterations &&
+            opts.maxKeyIterations > NanoTDFDatasetClient.NTDF_MAX_KEY_ITERATIONS) {
+            throw new errors_js_1.ConfigurationError(`key iteration exceeds max iterations(${NanoTDFDatasetClient.NTDF_MAX_KEY_ITERATIONS})`);
+        }
+        super(opts);
+        this.maxKeyIteration = opts.maxKeyIterations || NanoTDFDatasetClient.NTDF_MAX_KEY_ITERATIONS;
+        this.keyIterationCount = 0;
+    }
+    /**
+     * Encrypt data
+     *
+     * Pass a string, TypedArray, or ArrayBuffer data and get a promise which resolves ciphertext
+     *
+     * @param data to decrypt
+     */
+    async encrypt(data, options) {
+        // Intial encrypt
+        if (this.keyIterationCount == 0) {
+            const mergedOptions = { ...defaultOptions, ...options };
+            this.ecdsaBinding = mergedOptions.ecdsaBinding;
+            // For encrypt always generate the client ephemeralKeyPair
+            const ephemeralKeyPair = await this.ephemeralKeyPair;
+            if (!this.kasPubKey) {
+                this.kasPubKey = await (0, access_js_1.fetchECKasPubKey)(this.kasUrl);
+            }
+            // Create a policy for the tdf
+            const policy = new Policy_js_1.PolicyBuilder();
+            // Add data attributes.
+            for (const dataAttribute of this.dataAttributes) {
+                const attribute = {
+                    attribute: dataAttribute,
+                    kasPubKey: this.kasPubKey.publicKey,
+                    kasUrl: this.kasUrl,
+                };
+                policy.addAttribute(attribute);
+            }
+            if (this.dissems.length == 0 || this.dataAttributes.length == 0) {
+                console.warn('This policy has an empty attributes list and an empty dissemination list. This will allow any entity with a valid Entity Object to access this TDF.');
+            }
+            // Encrypt the policy.
+            const policyObjectAsStr = policy.toJSON();
+            const ivVector = this.generateIV();
+            // Generate a symmetric key.
+            this.symmetricKey = await (0, index_js_2.keyAgreement)(ephemeralKeyPair.privateKey, await this.kasPubKey.key, await (0, index_js_1.getHkdfSalt)(index_js_1.DefaultParams.magicNumberVersion));
+            const nanoTDFBuffer = await (0, index_js_1.encrypt)(policyObjectAsStr, this.kasPubKey, ephemeralKeyPair, ivVector, data, this.ecdsaBinding);
+            // Cache the header and increment the key iteration
+            if (!this.cachedHeader) {
+                const nanoTDF = index_js_1.NanoTDF.from(nanoTDFBuffer);
+                this.cachedHeader = nanoTDF.header;
+            }
+            this.keyIterationCount += 1;
+            return nanoTDFBuffer;
+        }
+        this.keyIterationCount += 1;
+        if (!this.cachedHeader) {
+            throw new errors_js_1.ConfigurationError('invalid dataset client: empty nanoTDF header');
+        }
+        if (!this.symmetricKey) {
+            throw new errors_js_1.ConfigurationError('invalid dataset client: empty dek');
+        }
+        this.keyIterationCount += 1;
+        if (this.keyIterationCount == this.maxKeyIteration) {
+            // reset the key iteration
+            this.keyIterationCount = 0;
+        }
+        const ivVector = this.generateIV();
+        return (0, index_js_1.encryptDataset)(this.symmetricKey, this.cachedHeader, ivVector, data);
+    }
+    /**
+     * Decrypt ciphertext
+     *
+     * Pass a base64 string, TypedArray, or ArrayBuffer ciphertext and get a promise which resolves plaintext
+     *
+     * @param ciphertext Ciphertext to decrypt
+     */
+    async decrypt(ciphertext) {
+        // Parse ciphertext
+        const nanotdf = index_js_1.NanoTDF.from(ciphertext);
+        if (!this.cachedEphemeralKey) {
+            // First decrypt
+            return this.rewrapAndDecrypt(nanotdf);
+        }
+        // Other encrypts
+        if (this.cachedEphemeralKey.toString() == nanotdf.header.ephemeralPublicKey.toString()) {
+            const ukey = this.unwrappedKey;
+            if (!ukey) {
+                // These should have thrown already.
+                throw new Error('internal: key rewrap failure');
+            }
+            // Return decrypt promise
+            return (0, index_js_1.decrypt)(ukey, nanotdf);
+        }
+        else {
+            return this.rewrapAndDecrypt(nanotdf);
+        }
+    }
+    async rewrapAndDecrypt(nanotdf) {
+        // TODO: The version number should be fetched from the API
+        const version = '0.0.1';
+        // Rewrap key on every request
+        const { unwrappedKey: ukey } = await this.rewrapKey(nanotdf.header.toBuffer(), nanotdf.header.getKasRewrapUrl(), nanotdf.header.magicNumberVersion, version);
+        if (!ukey) {
+            // These should have thrown already.
+            throw new Error('internal: key rewrap failure');
+        }
+        this.cachedEphemeralKey = nanotdf.header.ephemeralPublicKey;
+        this.unwrappedKey = ukey;
+        // Return decrypt promise
+        return (0, index_js_1.decrypt)(ukey, nanotdf);
+    }
+    generateIV() {
+        const iv = this.iv;
+        if (iv === undefined) {
+            // iv has passed the maximum iteration count for this dek
+            throw new errors_js_1.ConfigurationError('dataset full');
+        }
+        // assert iv ∈ ℤ ∩ (0, 2^24)
+        if (!Number.isInteger(iv) || iv <= 0 || 0xff_ffff < iv) {
+            // Something has fiddled with the iv outside of the expected behavior
+            // could indicate a race condition, e.g. if two workers or handlers are
+            // processing the file at once, for example.
+            throw new Error('internal: invalid state');
+        }
+        const lengthAsUint32 = new Uint32Array(1);
+        lengthAsUint32[0] = iv;
+        const lengthAsUint24 = new Uint8Array(lengthAsUint32.buffer);
+        // NOTE: We are only interested in only first 3 bytes.
+        const ivVector = new Uint8Array(index_js_1.Client.IV_SIZE).fill(0);
+        ivVector[9] = lengthAsUint24[2];
+        ivVector[10] = lengthAsUint24[1];
+        ivVector[11] = lengthAsUint24[0];
+        // Increment the IV
+        if (iv == 0xff_ffff) {
+            delete this.iv;
+        }
+        else {
+            this.iv = iv + 1;
+        }
+        return ivVector;
+    }
+}
+exports.NanoTDFDatasetClient = NanoTDFDatasetClient;
+// Total unique IVs(2^24 -1) used for encrypting the nano tdf payloads
+// IV starts from 1 since the 0 IV is reserved for policy encryption
+NanoTDFDatasetClient.NTDF_MAX_KEY_ITERATIONS = 8388606;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmFub2NsaWVudHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbmFub2NsaWVudHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsaURBUzRCO0FBQzVCLHdEQUF5RDtBQUN6RCwrQ0FBZ0Q7QUFDaEQsMkNBQStDO0FBRS9DLDJDQUFpRDtBQVFqRCx5QkFBeUI7QUFDekIsTUFBTSxjQUFjLEdBQW1CO0lBQ3JDLFlBQVksRUFBRSxLQUFLO0NBQ3BCLENBQUM7QUFFRjs7O0dBR0c7QUFDSCxNQUFhLGFBQWMsU0FBUSxpQkFBTTtJQUN2Qzs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQW9DO1FBQ2hELG1CQUFtQjtRQUNuQixNQUFNLE9BQU8sR0FBRyxrQkFBTyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUV6QywwREFBMEQ7UUFDMUQsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3hCLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxFQUFFLENBQUM7UUFFaEQsOEJBQThCO1FBQzlCLE1BQU0sRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUNqRCxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUN6QixNQUFNLEVBQ04sT0FBTyxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsRUFDakMsT0FBTyxDQUNSLENBQUM7UUFFRixJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUM7UUFDbEQsQ0FBQztRQUNELHlCQUF5QjtRQUN6QixPQUFPLElBQUEsa0JBQU8sRUFBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFvQztRQUN6RCxtQkFBbUI7UUFDbkIsTUFBTSxPQUFPLEdBQUcsa0JBQU8sQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUUxRCxNQUFNLGFBQWEsR0FBRyxPQUFPLENBQUM7UUFDOUIsOEJBQThCO1FBQzlCLE1BQU0sRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUNoRCxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUN6QixPQUFPLENBQUMsTUFBTSxDQUFDLGVBQWUsRUFBRSxFQUNoQyxPQUFPLENBQUMsTUFBTSxDQUFDLGtCQUFrQixFQUNqQyxhQUFhLENBQ2QsQ0FBQztRQUVGLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBQ0QseUJBQXlCO1FBQ3pCLE9BQU8sSUFBQSxrQkFBTyxFQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILEtBQUssQ0FBQyxPQUFPLENBQUMsSUFBOEIsRUFBRSxPQUF3QjtRQUNwRSwwREFBMEQ7UUFDMUQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztRQUNyRCxNQUFNLG9CQUFvQixHQUFHLElBQUksQ0FBQyxFQUFFLENBQUM7UUFFckMsSUFBSSxPQUFPLG9CQUFvQixLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIsMkVBQTJFLENBQzVFLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBRWYsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwQixJQUFJLENBQUMsU0FBUyxHQUFHLE1BQU0sSUFBQSw0QkFBZ0IsRUFBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELDhCQUE4QjtRQUM5QixNQUFNLE1BQU0sR0FBRyxJQUFJLHlCQUFhLEVBQUUsQ0FBQztRQUVuQyx1QkFBdUI7UUFDdkIsS0FBSyxNQUFNLGFBQWEsSUFBSSxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDaEQsTUFBTSxTQUFTLEdBQW9CO2dCQUNqQyxTQUFTLEVBQUUsYUFBYTtnQkFDeEIsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUztnQkFDaEMsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2FBQ3BCLENBQUM7WUFDRixNQUFNLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2pDLENBQUM7UUFFRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUUsQ0FBQztZQUNoRSxPQUFPLENBQUMsSUFBSSxDQUNWLHFKQUFxSixDQUN0SixDQUFDO1FBQ0osQ0FBQztRQUVELHNCQUFzQjtRQUN0QixNQUFNLGlCQUFpQixHQUFHLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUUxQyxrRUFBa0U7UUFDbEUsOEJBQThCO1FBQzlCLE1BQU0sY0FBYyxHQUFHLElBQUksV0FBVyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsR0FBRyxvQkFBb0IsQ0FBQztRQUV6QyxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0Qsc0RBQXNEO1FBQ3RELE1BQU0sU0FBUyxHQUFHLElBQUksVUFBVSxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3QyxTQUFTLENBQUMsQ0FBQyxDQUFDLEdBQUcsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2pDLFNBQVMsQ0FBQyxFQUFFLENBQUMsR0FBRyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbEMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUVsQyxNQUFNLGFBQWEsR0FBbUIsRUFBRSxHQUFHLGNBQWMsRUFBRSxHQUFHLE9BQU8sRUFBRSxDQUFDO1FBQ3hFLE9BQU8sSUFBQSxrQkFBTyxFQUNaLGlCQUFpQixFQUNqQixJQUFJLENBQUMsU0FBUyxFQUNkLGdCQUFnQixFQUNoQixTQUFTLEVBQ1QsSUFBSSxFQUNKLGFBQWEsQ0FBQyxZQUFZLENBQzNCLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUEvSEQsc0NBK0hDO0FBTUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXdCRztBQUNILE1BQWEsb0JBQXFCLFNBQVEsaUJBQU07SUFhOUM7Ozs7Ozs7Ozs7O09BV0c7SUFDSCxZQUFZLElBQW1CO1FBQzdCLElBQ0UsSUFBSSxDQUFDLGdCQUFnQjtZQUNyQixJQUFJLENBQUMsZ0JBQWdCLEdBQUcsb0JBQW9CLENBQUMsdUJBQXVCLEVBQ3BFLENBQUM7WUFDRCxNQUFNLElBQUksOEJBQWtCLENBQzFCLHdDQUF3QyxvQkFBb0IsQ0FBQyx1QkFBdUIsR0FBRyxDQUN4RixDQUFDO1FBQ0osQ0FBQztRQUNELEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVaLElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixJQUFJLG9CQUFvQixDQUFDLHVCQUF1QixDQUFDO1FBQzdGLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQyxPQUFPLENBQUMsSUFBOEIsRUFBRSxPQUF3QjtRQUNwRSxpQkFBaUI7UUFDakIsSUFBSSxJQUFJLENBQUMsaUJBQWlCLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDaEMsTUFBTSxhQUFhLEdBQW1CLEVBQUUsR0FBRyxjQUFjLEVBQUUsR0FBRyxPQUFPLEVBQUUsQ0FBQztZQUN4RSxJQUFJLENBQUMsWUFBWSxHQUFHLGFBQWEsQ0FBQyxZQUFZLENBQUM7WUFDL0MsMERBQTBEO1lBQzFELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFFckQsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDcEIsSUFBSSxDQUFDLFNBQVMsR0FBRyxNQUFNLElBQUEsNEJBQWdCLEVBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3ZELENBQUM7WUFFRCw4QkFBOEI7WUFDOUIsTUFBTSxNQUFNLEdBQUcsSUFBSSx5QkFBYSxFQUFFLENBQUM7WUFFbkMsdUJBQXVCO1lBQ3ZCLEtBQUssTUFBTSxhQUFhLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO2dCQUNoRCxNQUFNLFNBQVMsR0FBRztvQkFDaEIsU0FBUyxFQUFFLGFBQWE7b0JBQ3hCLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVM7b0JBQ25DLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtpQkFDcEIsQ0FBQztnQkFDRixNQUFNLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ2pDLENBQUM7WUFFRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDaEUsT0FBTyxDQUFDLElBQUksQ0FDVixxSkFBcUosQ0FDdEosQ0FBQztZQUNKLENBQUM7WUFFRCxzQkFBc0I7WUFDdEIsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7WUFFMUMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBRW5DLDRCQUE0QjtZQUM1QixJQUFJLENBQUMsWUFBWSxHQUFHLE1BQU0sSUFBQSx1QkFBWSxFQUNwQyxnQkFBZ0IsQ0FBQyxVQUFVLEVBQzNCLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLEVBQ3hCLE1BQU0sSUFBQSxzQkFBVyxFQUFDLHdCQUFhLENBQUMsa0JBQWtCLENBQUMsQ0FDcEQsQ0FBQztZQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBQSxrQkFBTyxFQUNqQyxpQkFBaUIsRUFDakIsSUFBSSxDQUFDLFNBQVMsRUFDZCxnQkFBZ0IsRUFDaEIsUUFBUSxFQUNSLElBQUksRUFDSixJQUFJLENBQUMsWUFBWSxDQUNsQixDQUFDO1lBRUYsbURBQW1EO1lBQ25ELElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBQ3ZCLE1BQU0sT0FBTyxHQUFHLGtCQUFPLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO2dCQUM1QyxJQUFJLENBQUMsWUFBWSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7WUFDckMsQ0FBQztZQUVELElBQUksQ0FBQyxpQkFBaUIsSUFBSSxDQUFDLENBQUM7WUFFNUIsT0FBTyxhQUFhLENBQUM7UUFDdkIsQ0FBQztRQUVELElBQUksQ0FBQyxpQkFBaUIsSUFBSSxDQUFDLENBQUM7UUFFNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksOEJBQWtCLENBQUMsOENBQThDLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksOEJBQWtCLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUNwRSxDQUFDO1FBRUQsSUFBSSxDQUFDLGlCQUFpQixJQUFJLENBQUMsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxpQkFBaUIsSUFBSSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDbkQsMEJBQTBCO1lBQzFCLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxDQUFDLENBQUM7UUFDN0IsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUVuQyxPQUFPLElBQUEseUJBQWMsRUFBQyxJQUFJLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQW9DO1FBQ2hELG1CQUFtQjtRQUNuQixNQUFNLE9BQU8sR0FBRyxrQkFBTyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUV6QyxJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDN0IsZ0JBQWdCO1lBQ2hCLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3hDLENBQUM7UUFFRCxpQkFBaUI7UUFDakIsSUFBSSxJQUFJLENBQUMsa0JBQWtCLENBQUMsUUFBUSxFQUFFLElBQUksT0FBTyxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDO1lBQ3ZGLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUM7WUFDL0IsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNWLG9DQUFvQztnQkFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO1lBQ2xELENBQUM7WUFDRCx5QkFBeUI7WUFDekIsT0FBTyxJQUFBLGtCQUFPLEVBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ2hDLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDeEMsQ0FBQztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsT0FBZ0I7UUFDckMsMERBQTBEO1FBQzFELE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUN4Qiw4QkFBOEI7UUFDOUIsTUFBTSxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQ2pELE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLEVBQ3pCLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxFQUFFLEVBQ2hDLE9BQU8sQ0FBQyxNQUFNLENBQUMsa0JBQWtCLEVBQ2pDLE9BQU8sQ0FDUixDQUFDO1FBQ0YsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ1Ysb0NBQW9DO1lBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQztRQUNsRCxDQUFDO1FBRUQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsa0JBQWtCLENBQUM7UUFDNUQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUM7UUFFekIseUJBQXlCO1FBQ3pCLE9BQU8sSUFBQSxrQkFBTyxFQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQsVUFBVTtRQUNSLE1BQU0sRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDbkIsSUFBSSxFQUFFLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDckIseURBQXlEO1lBQ3pELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBQ0QsNEJBQTRCO1FBQzVCLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksU0FBUyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3ZELHFFQUFxRTtZQUNyRSx1RUFBdUU7WUFDdkUsNENBQTRDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsSUFBSSxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDMUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUV2QixNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0Qsc0RBQXNEO1FBQ3RELE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUFDLGlCQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3hELFFBQVEsQ0FBQyxDQUFDLENBQUMsR0FBRyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDaEMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNqQyxRQUFRLENBQUMsRUFBRSxDQUFDLEdBQUcsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRWpDLG1CQUFtQjtRQUNuQixJQUFJLEVBQUUsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUNwQixPQUFPLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDakIsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbkIsQ0FBQztRQUVELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7O0FBdk5ILG9EQXdOQztBQXZOQyxzRUFBc0U7QUFDdEUsb0VBQW9FO0FBQ3BELDRDQUF1QixHQUFHLE9BQU8sQ0FBQyJ9

package/dist/cjs/src/nanoindex.js

@@ -0,0 +1,47 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clientType = exports.version = exports.attributeFQNsAsValues = exports.AuthProviders = void 0;
+exports.AuthProviders = __importStar(require("./auth/providers.js"));
+var api_js_1 = require("./policy/api.js");
+Object.defineProperty(exports, "attributeFQNsAsValues", { enumerable: true, get: function () { return api_js_1.attributeFQNsAsValues; } });
+__exportStar(require("./nanoclients.js"), exports);
+var version_js_1 = require("./version.js");
+Object.defineProperty(exports, "version", { enumerable: true, get: function () { return version_js_1.version; } });
+Object.defineProperty(exports, "clientType", { enumerable: true, get: function () { return version_js_1.clientType; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmFub2luZGV4LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL25hbm9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxxRUFBcUQ7QUFDckQsMENBQXdEO0FBQS9DLCtHQUFBLHFCQUFxQixPQUFBO0FBQzlCLG1EQUFpQztBQUNqQywyQ0FBbUQ7QUFBMUMscUdBQUEsT0FBTyxPQUFBO0FBQUUsd0dBQUEsVUFBVSxPQUFBIn0=