@originator-profile/opvc 0.5.0-beta.2 → 0.5.0-beta.3

package/README.md

@@ -122,7 +122,7 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/ca/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.2/packages/opvc/src/commands/ca/sign.ts)_
+_See code: [src/commands/ca/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.3/packages/opvc/src/commands/ca/sign.ts)_
 
 ## `opvc ca:unsigned`
 
@@ -207,7 +207,7 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/ca/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.2/packages/opvc/src/commands/ca/unsigned.ts)_
+_See code: [src/commands/ca/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.3/packages/opvc/src/commands/ca/unsigned.ts)_
 
 ## `opvc help [COMMAND]`
 
@@ -245,7 +245,7 @@ DESCRIPTION
   鍵ペアの生成
 ```
 
-_See code: [src/commands/key-gen/index.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.2/packages/opvc/src/commands/key-gen/index.ts)_
+_See code: [src/commands/key-gen/index.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.3/packages/opvc/src/commands/key-gen/index.ts)_
 
 ## `opvc sign`
 
@@ -412,7 +412,7 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.2/packages/opvc/src/commands/sign.ts)_
+_See code: [src/commands/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.3/packages/opvc/src/commands/sign.ts)_
 
 ## `opvc wsp:unsigned`
 
@@ -477,10 +477,56 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/wsp/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.2/packages/opvc/src/commands/wsp/unsigned.ts)_
+_See code: [src/commands/wsp/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.0-beta.3/packages/opvc/src/commands/wsp/unsigned.ts)_
 <!-- commandsstop -->
 <!-- prettier-ignore-end -->
 
+## Node.js から利用する
+
+`@originator-profile/opvc` は TypeScript/JavaScript からも利用できます。
+
+### ローカル環境でのContent Attestationの署名
+
+ローカルのプライベート鍵で署名する場合は `ContentAttestation.sign()` を使います。
+
+```ts
+import { ContentAttestation } from "@originator-profile/opvc";
+
+const jwt = await ContentAttestation.sign(input, privateKey, {
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+```
+
+### 未署名 Content Attestation の取得
+
+未署名の Content Attestation が必要な場合は `ContentAttestation.unsignedCa()` を使えます。
+
+```ts
+import { ContentAttestation } from "@originator-profile/opvc";
+
+const uca = await ContentAttestation.unsignedCa(input, {
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+```
+
+### CA Server経由での署名
+
+CA Server で署名する場合は `ContentAttestation.signByServer()` を使います。
+内部では未署名 Content Attestation を組み立てて CA server に送信し、返却された JWT を受け取ります。
+
+```ts
+import { ContentAttestation } from "@originator-profile/opvc";
+
+const jwt = await ContentAttestation.signByServer(input, {
+  endpoint: "https://example.com/ca",
+  accessToken: process.env.CA_SERVER_ACCESS_TOKEN!,
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+```
+
 ## Development
 
 ```sh

package/dist/commands/ca/sign.d.mts

@@ -1,12 +1,12 @@
 import { Command } from "@oclif/core";
-import * as _oclif_core_interfaces5 from "@oclif/core/interfaces";
+import * as _oclif_core_interfaces9 from "@oclif/core/interfaces";
 
 //#region src/commands/ca/sign.d.ts
 declare class CaSign extends Command {
   static summary: string;
   static description: string;
   static flags: {
-    identity: _oclif_core_interfaces5.OptionFlag<{
+    identity: _oclif_core_interfaces9.OptionFlag<{
       [x: string]: unknown;
       kty: string;
       kid: string;
@@ -17,10 +17,10 @@ declare class CaSign extends Command {
       x5c?: string[] | undefined;
       x5t?: string | undefined;
       "x5t#S256"?: string | undefined;
-    }, _oclif_core_interfaces5.CustomOptions>;
-    input: _oclif_core_interfaces5.OptionFlag<string, _oclif_core_interfaces5.CustomOptions>;
-    "issued-at": _oclif_core_interfaces5.OptionFlag<string | undefined, _oclif_core_interfaces5.CustomOptions>;
-    "expired-at": _oclif_core_interfaces5.OptionFlag<Date | undefined, _oclif_core_interfaces5.CustomOptions>;
+    }, _oclif_core_interfaces9.CustomOptions>;
+    input: _oclif_core_interfaces9.OptionFlag<string, _oclif_core_interfaces9.CustomOptions>;
+    "issued-at": _oclif_core_interfaces9.OptionFlag<string | undefined, _oclif_core_interfaces9.CustomOptions>;
+    "expired-at": _oclif_core_interfaces9.OptionFlag<Date | undefined, _oclif_core_interfaces9.CustomOptions>;
   };
   static examples: string[];
   run(): Promise<void>;

package/dist/commands/ca/sign.mjs

@@ -1,4 +1,4 @@
-import { n as sign } from "../../content-attestation-rNiF6uH4.mjs";
+import { n as sign } from "../../content-attestation-M-2LmatR.mjs";
 import { r as privateKey, t as expirationDate } from "../../flags-CFmMpf5A.mjs";
 import { Command, Flags } from "@oclif/core";
 import fs from "node:fs/promises";

package/dist/commands/ca/unsigned.d.mts

@@ -1,14 +1,14 @@
 import { Command } from "@oclif/core";
-import * as _oclif_core_interfaces13 from "@oclif/core/interfaces";
+import * as _oclif_core_interfaces25 from "@oclif/core/interfaces";
 
 //#region src/commands/ca/unsigned.d.ts
 declare class CaUnsigned extends Command {
   static summary: string;
   static description: string;
   static flags: {
-    input: _oclif_core_interfaces13.OptionFlag<string, _oclif_core_interfaces13.CustomOptions>;
-    "issued-at": _oclif_core_interfaces13.OptionFlag<string | undefined, _oclif_core_interfaces13.CustomOptions>;
-    "expired-at": _oclif_core_interfaces13.OptionFlag<Date | undefined, _oclif_core_interfaces13.CustomOptions>;
+    input: _oclif_core_interfaces25.OptionFlag<string, _oclif_core_interfaces25.CustomOptions>;
+    "issued-at": _oclif_core_interfaces25.OptionFlag<string | undefined, _oclif_core_interfaces25.CustomOptions>;
+    "expired-at": _oclif_core_interfaces25.OptionFlag<Date | undefined, _oclif_core_interfaces25.CustomOptions>;
   };
   static examples: string[];
   run(): Promise<void>;

package/dist/commands/ca/unsigned.mjs

@@ -1,4 +1,4 @@
-import { r as unsignedCa } from "../../content-attestation-rNiF6uH4.mjs";
+import { r as unsignedCa } from "../../content-attestation-M-2LmatR.mjs";
 import { t as expirationDate } from "../../flags-CFmMpf5A.mjs";
 import { Command, Flags } from "@oclif/core";
 import fs from "node:fs/promises";

package/dist/commands/key-gen/index.d.mts

@@ -1,11 +1,11 @@
 import { Command } from "@oclif/core";
-import * as _oclif_core_interfaces29 from "@oclif/core/interfaces";
+import * as _oclif_core_interfaces23 from "@oclif/core/interfaces";
 
 //#region src/commands/key-gen/index.d.ts
 declare class KeyGen extends Command {
   static description: string;
   static flags: {
-    output: _oclif_core_interfaces29.OptionFlag<string, _oclif_core_interfaces29.CustomOptions>;
+    output: _oclif_core_interfaces23.OptionFlag<string, _oclif_core_interfaces23.CustomOptions>;
   };
   run(): Promise<void>;
 }

package/dist/commands/sign.d.mts

@@ -1,12 +1,12 @@
 import { Command } from "@oclif/core";
-import * as _oclif_core_interfaces19 from "@oclif/core/interfaces";
+import * as _oclif_core_interfaces0 from "@oclif/core/interfaces";
 
 //#region src/commands/sign.d.ts
 declare class VcSign extends Command {
   static summary: string;
   static description: string;
   static flags: {
-    identity: _oclif_core_interfaces19.OptionFlag<{
+    identity: _oclif_core_interfaces0.OptionFlag<{
       [x: string]: unknown;
       kty: string;
       kid: string;
@@ -17,11 +17,11 @@ declare class VcSign extends Command {
       x5c?: string[] | undefined;
       x5t?: string | undefined;
       "x5t#S256"?: string | undefined;
-    }, _oclif_core_interfaces19.CustomOptions>;
-    id: _oclif_core_interfaces19.OptionFlag<string | undefined, _oclif_core_interfaces19.CustomOptions>;
-    input: _oclif_core_interfaces19.OptionFlag<string, _oclif_core_interfaces19.CustomOptions>;
-    "issued-at": _oclif_core_interfaces19.OptionFlag<string | undefined, _oclif_core_interfaces19.CustomOptions>;
-    "expired-at": _oclif_core_interfaces19.OptionFlag<Date | undefined, _oclif_core_interfaces19.CustomOptions>;
+    }, _oclif_core_interfaces0.CustomOptions>;
+    id: _oclif_core_interfaces0.OptionFlag<string | undefined, _oclif_core_interfaces0.CustomOptions>;
+    input: _oclif_core_interfaces0.OptionFlag<string, _oclif_core_interfaces0.CustomOptions>;
+    "issued-at": _oclif_core_interfaces0.OptionFlag<string | undefined, _oclif_core_interfaces0.CustomOptions>;
+    "expired-at": _oclif_core_interfaces0.OptionFlag<Date | undefined, _oclif_core_interfaces0.CustomOptions>;
   };
   static examples: string[];
   run(): Promise<void>;

package/dist/commands/wsp/unsigned.d.mts

@@ -1,14 +1,14 @@
 import { Command } from "@oclif/core";
-import * as _oclif_core_interfaces0 from "@oclif/core/interfaces";
+import * as _oclif_core_interfaces17 from "@oclif/core/interfaces";
 
 //#region src/commands/wsp/unsigned.d.ts
 declare class WspUnsigned extends Command {
   static summary: string;
   static description: string;
   static flags: {
-    input: _oclif_core_interfaces0.OptionFlag<string, _oclif_core_interfaces0.CustomOptions>;
-    "issued-at": _oclif_core_interfaces0.OptionFlag<string | undefined, _oclif_core_interfaces0.CustomOptions>;
-    "expired-at": _oclif_core_interfaces0.OptionFlag<Date | undefined, _oclif_core_interfaces0.CustomOptions>;
+    input: _oclif_core_interfaces17.OptionFlag<string, _oclif_core_interfaces17.CustomOptions>;
+    "issued-at": _oclif_core_interfaces17.OptionFlag<string | undefined, _oclif_core_interfaces17.CustomOptions>;
+    "expired-at": _oclif_core_interfaces17.OptionFlag<Date | undefined, _oclif_core_interfaces17.CustomOptions>;
   };
   static examples: string[];
   run(): Promise<void>;

package/dist/content-attestation-M-2LmatR.mjs

@@ -0,0 +1,122 @@
+import { t as __export } from "./chunk-DJTHdtxa.mjs";
+import { JSDOM } from "jsdom";
+import { parseExpirationDate } from "@originator-profile/core";
+import { fetchAndSetDigestSri, fetchAndSetTargetIntegrity, signCa } from "@originator-profile/sign";
+import { addYears, getUnixTime } from "date-fns";
+import { BadRequestError } from "http-errors-enhanced";
+
+//#region src/document-provider.ts
+async function documentProvider({ type, content = "" }) {
+	if (type === "ExternalResourceTargetIntegrity") throw new Error("ExternalResourceTargetIntegrity is not supported in this context.");
+	if (Array.isArray(content) && content.length > 1) throw new Error("Multiple contents are not supported in this context.");
+	[content] = [content].flat();
+	let url;
+	let html = "";
+	if (URL.canParse(content)) {
+		url = content;
+		html = await fetch(url).then((res) => res.text());
+	} else {
+		url = void 0;
+		html = content;
+	}
+	return new JSDOM(html, { url }).window.document;
+}
+
+//#endregion
+//#region src/content-attestation.ts
+var content_attestation_exports = /* @__PURE__ */ __export({
+	sign: () => sign,
+	signByServer: () => signByServer,
+	unsignedCa: () => unsignedCa
+});
+function assertValidDate(value, fieldName) {
+	if (Number.isNaN(value.getTime())) throw new BadRequestError(`${fieldName} must be a valid date.`);
+}
+function parseDates({ issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
+	const issuedAt = new Date(issuedAtDateOrString);
+	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : new Date(expiredAtDateOrString);
+	assertValidDate(issuedAt, "issuedAt");
+	assertValidDate(expiredAt, "expiredAt");
+	return {
+		issuedAt,
+		expiredAt
+	};
+}
+async function prepareUnsignedCa(uca, { integrityAlg = "sha256", documentProvider: documentProvider$1 = documentProvider, ...timingOptions }) {
+	const { issuedAt, expiredAt } = parseDates(timingOptions);
+	uca.credentialSubject.id ??= `urn:uuid:${crypto.randomUUID()}`;
+	try {
+		await fetchAndSetDigestSri(integrityAlg, uca.credentialSubject.image);
+		await fetchAndSetTargetIntegrity(integrityAlg, uca, documentProvider$1);
+	} catch (e) {
+		throw new BadRequestError(e.message);
+	}
+	return {
+		...uca,
+		iss: uca.issuer,
+		sub: uca.credentialSubject.id,
+		iat: getUnixTime(issuedAt),
+		exp: getUnixTime(expiredAt)
+	};
+}
+/**
+* Content Attestation への署名
+* @param uca 未署名 Content Attestation オブジェクト
+* @param privateKey プライベート鍵
+* @return Content Attestation
+*/
+async function sign(uca, privateKey, options = {}) {
+	const { issuedAt, expiredAt } = parseDates(options);
+	uca.credentialSubject.id ??= `urn:uuid:${crypto.randomUUID()}`;
+	return await signCa(uca, privateKey, {
+		issuedAt,
+		expiredAt,
+		documentProvider
+	});
+}
+/**
+* 未署名 Content Attestation の取得
+* @param uca 未署名 Content Attestation オブジェクト
+* @throws {BadRequestError} 検証対象のコンテンツが存在しない/コンテンツにアクセスできない/Integrityの計算に失敗
+* @return 未署名 Content Attestation オブジェクト
+*/
+async function unsignedCa(uca, options) {
+	return await prepareUnsignedCa(uca, options);
+}
+/**
+* CA server 経由で Content Attestation を作成
+* @param uca 未署名 Content Attestation オブジェクト
+* @param options Content Attestation の生成オプション
+* @param options.endpoint CA server のエンドポイント URL
+* @param options.accessToken CA server 呼び出しに利用する Bearer トークン
+* @return JWT でエンコードされた Content Attestation
+*/
+async function signByServer(uca, { endpoint, accessToken, ...options }) {
+	const payload = await prepareUnsignedCa(uca, options);
+	const response = await fetch(endpoint, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json",
+			Authorization: `Bearer ${accessToken}`
+		},
+		body: JSON.stringify(payload)
+	});
+	if (!response.ok) {
+		const responseBody$1 = await response.text();
+		throw new Error(`CA API error: ${response.status} ${response.statusText}: ${responseBody$1}`);
+	}
+	const responseBody = (await response.text()).trim();
+	if (responseBody === "") throw new Error("CA API returned no JWT.");
+	let result;
+	try {
+		result = JSON.parse(responseBody);
+	} catch {
+		return responseBody;
+	}
+	if (typeof result === "string") return result;
+	if (Array.isArray(result) && typeof result[0] === "string") return result[0];
+	throw new Error("CA API returned no JWT.");
+}
+
+//#endregion
+export { documentProvider as i, sign as n, unsignedCa as r, content_attestation_exports as t };

package/dist/index.d.mts

@@ -1,4 +1,6 @@
+import { DocumentProvider } from "@originator-profile/sign";
 import { Jwk, RawTarget, UnsignedContentAttestation, UnsignedWebsiteProfile } from "@originator-profile/model";
+import { HashAlgorithm } from "websri";
 
 //#region src/document-provider.d.ts
 declare function documentProvider({
@@ -6,34 +8,46 @@ declare function documentProvider({
   content
 }: RawTarget): Promise<Document>;
 declare namespace content_attestation_d_exports {
-  export { sign, unsignedCa };
+  export { sign, signByServer, unsignedCa };
 }
+type ContentAttestationTimingOptions = {
+  issuedAt?: Date | string;
+  expiredAt?: Date | string;
+};
+type UnsignedCaOptions = ContentAttestationTimingOptions & {
+  integrityAlg?: HashAlgorithm;
+  documentProvider?: DocumentProvider;
+};
 /**
  * Content Attestation への署名
  * @param uca 未署名 Content Attestation オブジェクト
  * @param privateKey プライベート鍵
  * @return Content Attestation
  */
-declare function sign(uca: UnsignedContentAttestation, privateKey: Jwk, {
-  issuedAt: issuedAtDateOrString,
-  expiredAt: expiredAtDateOrString
-}: {
-  issuedAt?: Date | string;
-  expiredAt?: Date | string;
-}): Promise<string>;
+declare function sign(uca: UnsignedContentAttestation, privateKey: Jwk, options?: ContentAttestationTimingOptions): Promise<string>;
 /**
  * 未署名 Content Attestation の取得
  * @param uca 未署名 Content Attestation オブジェクト
  * @throws {BadRequestError} 検証対象のコンテンツが存在しない/コンテンツにアクセスできない/Integrityの計算に失敗
  * @return 未署名 Content Attestation オブジェクト
  */
-declare function unsignedCa(uca: UnsignedContentAttestation, {
-  issuedAt: issuedAtDateOrString,
-  expiredAt: expiredAtDateOrString
-}: {
-  issuedAt?: Date | string;
-  expiredAt?: Date | string;
-}): Promise<UnsignedContentAttestation>;
+declare function unsignedCa(uca: UnsignedContentAttestation, options: UnsignedCaOptions): Promise<UnsignedContentAttestation>;
+/**
+ * CA server 経由で Content Attestation を作成
+ * @param uca 未署名 Content Attestation オブジェクト
+ * @param options Content Attestation の生成オプション
+ * @param options.endpoint CA server のエンドポイント URL
+ * @param options.accessToken CA server 呼び出しに利用する Bearer トークン
+ * @return JWT でエンコードされた Content Attestation
+ */
+declare function signByServer(uca: UnsignedContentAttestation, {
+  endpoint,
+  accessToken,
+  ...options
+}: UnsignedCaOptions & {
+  endpoint: string;
+  accessToken: string;
+}): Promise<string>;
 declare namespace website_profile_d_exports {
   export { unsignedWsp };
 }

package/dist/index.mjs

@@ -1,4 +1,4 @@
-import { i as documentProvider, t as content_attestation_exports } from "./content-attestation-rNiF6uH4.mjs";
+import { i as documentProvider, t as content_attestation_exports } from "./content-attestation-M-2LmatR.mjs";
 import { n as website_profile_exports } from "./website-profile-Dhto-mS2.mjs";
 
 export { content_attestation_exports as ContentAttestation, website_profile_exports as WebsiteProfile, documentProvider };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@originator-profile/opvc",
-  "version": "0.5.0-beta.2",
+  "version": "0.5.0-beta.3",
   "license": "Apache-2.0",
   "homepage": "https://docs.originator-profile.org",
   "repository": {
@@ -39,11 +39,11 @@
     "http-errors-enhanced": "^4.0.0",
     "jose": "^6.0.11",
     "jsdom": "^27.0.0",
-    "@originator-profile/core": "0.5.0-beta.2",
-    "@originator-profile/securing-mechanism": "0.5.0-beta.2",
-    "@originator-profile/cryptography": "0.5.0-beta.2",
-    "@originator-profile/sign": "0.5.0-beta.2",
-    "@originator-profile/model": "0.5.0-beta.2"
+    "@originator-profile/core": "0.5.0-beta.3",
+    "@originator-profile/cryptography": "0.5.0-beta.3",
+    "@originator-profile/model": "0.5.0-beta.3",
+    "@originator-profile/sign": "0.5.0-beta.3",
+    "@originator-profile/securing-mechanism": "0.5.0-beta.3"
   },
   "devDependencies": {
     "@types/node": "^24.3.1",
@@ -52,8 +52,8 @@
     "tsdown": "^0.16.7",
     "typescript": "^5.8.3",
     "websri": "^1.0.1",
-    "eslint-config-originator-profile": "0.5.0-beta.2",
-    "@originator-profile/tsconfig": "0.5.0-beta.2"
+    "@originator-profile/tsconfig": "0.5.0-beta.3",
+    "eslint-config-originator-profile": "0.5.0-beta.3"
   },
   "scripts": {
     "build": "tsdown && oclif manifest && oclif readme",

package/dist/content-attestation-rNiF6uH4.mjs

@@ -1,73 +0,0 @@
-import { t as __export } from "./chunk-DJTHdtxa.mjs";
-import { JSDOM } from "jsdom";
-import { parseExpirationDate } from "@originator-profile/core";
-import { fetchAndSetDigestSri, fetchAndSetTargetIntegrity, signCa } from "@originator-profile/sign";
-import { addYears, getUnixTime } from "date-fns";
-import { BadRequestError } from "http-errors-enhanced";
-
-//#region src/document-provider.ts
-async function documentProvider({ type, content = "" }) {
-	if (type === "ExternalResourceTargetIntegrity") throw new Error("ExternalResourceTargetIntegrity is not supported in this context.");
-	if (Array.isArray(content) && content.length > 1) throw new Error("Multiple contents are not supported in this context.");
-	[content] = [content].flat();
-	let url;
-	let html = "";
-	if (URL.canParse(content)) {
-		url = content;
-		html = await fetch(url).then((res) => res.text());
-	} else {
-		url = void 0;
-		html = content;
-	}
-	return new JSDOM(html, { url }).window.document;
-}
-
-//#endregion
-//#region src/content-attestation.ts
-var content_attestation_exports = /* @__PURE__ */ __export({
-	sign: () => sign,
-	unsignedCa: () => unsignedCa
-});
-/**
-* Content Attestation への署名
-* @param uca 未署名 Content Attestation オブジェクト
-* @param privateKey プライベート鍵
-* @return Content Attestation
-*/
-async function sign(uca, privateKey, { issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
-	const issuedAt = new Date(issuedAtDateOrString);
-	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : expiredAtDateOrString;
-	uca.credentialSubject.id ??= `urn:uuid:${crypto.randomUUID()}`;
-	return await signCa(uca, privateKey, {
-		issuedAt,
-		expiredAt,
-		documentProvider
-	});
-}
-/**
-* 未署名 Content Attestation の取得
-* @param uca 未署名 Content Attestation オブジェクト
-* @throws {BadRequestError} 検証対象のコンテンツが存在しない/コンテンツにアクセスできない/Integrityの計算に失敗
-* @return 未署名 Content Attestation オブジェクト
-*/
-async function unsignedCa(uca, { issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
-	const issuedAt = new Date(issuedAtDateOrString);
-	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : expiredAtDateOrString;
-	uca.credentialSubject.id ??= `urn:uuid:${crypto.randomUUID()}`;
-	try {
-		await fetchAndSetDigestSri("sha256", uca.credentialSubject.image);
-		await fetchAndSetTargetIntegrity("sha256", uca, documentProvider);
-	} catch (e) {
-		throw new BadRequestError(e.message);
-	}
-	return {
-		iss: uca.issuer,
-		sub: uca.credentialSubject.id,
-		iat: getUnixTime(issuedAt),
-		exp: getUnixTime(expiredAt),
-		...uca
-	};
-}
-
-//#endregion
-export { documentProvider as i, sign as n, unsignedCa as r, content_attestation_exports as t };