@originator-profile/opvc 0.5.1 → 0.6.0-beta.1

package/README.md

@@ -34,6 +34,7 @@ opvc
 * [`opvc help [COMMAND]`](#opvc-help-command)
 * [`opvc key-gen`](#opvc-key-gen)
 * [`opvc sign`](#opvc-sign)
+* [`opvc wsp:sign`](#opvc-wspsign)
 * [`opvc wsp:unsigned`](#opvc-wspunsigned)
 
 ## `opvc ca:sign`
@@ -122,7 +123,7 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/ca/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.1/packages/opvc/src/commands/ca/sign.ts)_
+_See code: [src/commands/ca/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/ca/sign.ts)_
 
 ## `opvc ca:unsigned`
 
@@ -207,7 +208,7 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/ca/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.1/packages/opvc/src/commands/ca/unsigned.ts)_
+_See code: [src/commands/ca/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/ca/unsigned.ts)_
 
 ## `opvc help [COMMAND]`
 
@@ -227,7 +228,7 @@ DESCRIPTION
   Display help for opvc.
 ```
 
-_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/6.2.41/src/commands/help.ts)_
+_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/6.2.48/src/commands/help.ts)_
 
 ## `opvc key-gen`
 
@@ -245,7 +246,7 @@ DESCRIPTION
   鍵ペアの生成
 ```
 
-_See code: [src/commands/key-gen/index.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.1/packages/opvc/src/commands/key-gen/index.ts)_
+_See code: [src/commands/key-gen/index.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/key-gen/index.ts)_
 
 ## `opvc sign`
 
@@ -412,7 +413,145 @@ FLAG DESCRIPTIONS
     }
 ```
 
-_See code: [src/commands/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.1/packages/opvc/src/commands/sign.ts)_
+_See code: [src/commands/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/sign.ts)_
+
+## `opvc wsp:sign`
+
+Website Profile の作成
+
+```
+USAGE
+  $ opvc wsp:sign -i <value> --input <filepath> [--issued-at <value>] [--expired-at <value>]
+
+FLAGS
+  -i, --identity=<value>    (required) プライベート鍵のファイルパス
+      --expired-at=<value>  有効期限 (ISO 8601)
+      --input=<filepath>    (required) 入力ファイルのパス (JSON 形式)
+      --issued-at=<value>   発行日時 (ISO 8601)
+
+DESCRIPTION
+  Website Profile の作成
+
+  Website Profile に署名します。
+  入力が単一オブジェクトの場合は JWT を、配列の場合は JWT の配列を標準出力に出力します。
+  配列入力時は全要素が同一の issuer / credentialSubject.id を持ち、
+  @context の @language がそれぞれ異なる必要があります。
+
+EXAMPLES
+  $ opvc wsp:sign \
+      -i account-key.example.priv.json \
+      --input website-profile.example.json
+
+  $ opvc wsp:sign \
+      -i account-key.example.priv.json \
+      --input website-profile.multilingual.example.json
+
+FLAG DESCRIPTIONS
+  -i, --identity=<value>  プライベート鍵のファイルパス
+
+    プライベート鍵のファイルパスを渡してください。プライベート鍵は JWK 形式か、PEM base64 でエンコードされた PKCS #8
+    形式にしてください。
+
+  --expired-at=<value>  有効期限 (ISO 8601)
+
+    日付のみの場合、その日の 24:00:00.000 より前まで有効、それ以外の場合、期限切れとなる日付・時刻・秒を指定します。
+
+  --input=<filepath>  入力ファイルのパス (JSON 形式)
+
+    Website Profile (WSP) の例:
+
+    {
+    "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://originator-profile.org/ns/credentials/v1",
+    "https://originator-profile.org/ns/cip/v1",
+    {
+    "@language": "ja"
+    }
+    ],
+    "type": [
+    "VerifiableCredential",
+    "WebsiteProfile"
+    ],
+    "issuer": "dns:example.com",
+    "credentialSubject": {
+    "id": "https://media.example.com/",
+    "type": "WebSite",
+    "name": "<Webサイトのタイトル>",
+    "description": "<Webサイトの説明>",
+    "image": {
+    "id": "https://media.example.com/image.png",
+    "digestSRI": "sha256-Upwn7gYMuRmJlD1ZivHk876vXHzokXrwXj50VgfnMnY="
+    },
+    "allowedOrigin": [
+    "https://media.example.com"
+    ]
+    }
+    }
+
+    多言語 Website Profile (配列) の例:
+
+    [
+    {
+    "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://originator-profile.org/ns/credentials/v1",
+    "https://originator-profile.org/ns/cip/v1",
+    {
+    "@language": "ja"
+    }
+    ],
+    "type": [
+    "VerifiableCredential",
+    "WebsiteProfile"
+    ],
+    "issuer": "dns:example.com",
+    "credentialSubject": {
+    "id": "https://media.example.com/",
+    "type": "WebSite",
+    "name": "<Webサイトのタイトル>",
+    "description": "<Webサイトの説明>",
+    "image": {
+    "id": "https://media.example.com/image.png",
+    "digestSRI": "sha256-Upwn7gYMuRmJlD1ZivHk876vXHzokXrwXj50VgfnMnY="
+    },
+    "allowedOrigin": [
+    "https://media.example.com"
+    ]
+    }
+    },
+    {
+    "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://originator-profile.org/ns/credentials/v1",
+    "https://originator-profile.org/ns/cip/v1",
+    {
+    "@language": "en"
+    }
+    ],
+    "type": [
+    "VerifiableCredential",
+    "WebsiteProfile"
+    ],
+    "issuer": "dns:example.com",
+    "credentialSubject": {
+    "id": "https://media.example.com/",
+    "type": "WebSite",
+    "name": "<Website title>",
+    "description": "<Website description>",
+    "image": {
+    "id": "https://media.example.com/image.png",
+    "digestSRI": "sha256-Upwn7gYMuRmJlD1ZivHk876vXHzokXrwXj50VgfnMnY="
+    },
+    "allowedOrigin": [
+    "https://media.example.com"
+    ]
+    }
+    }
+    ]
+```
+
+_See code: [src/commands/wsp/sign.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/wsp/sign.ts)_
 
 ## `opvc wsp:unsigned`
 
@@ -475,9 +614,74 @@ FLAG DESCRIPTIONS
     ]
     }
     }
+
+    多言語の Website Profile (配列) の例:
+
+    [
+    {
+    "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://originator-profile.org/ns/credentials/v1",
+    "https://originator-profile.org/ns/cip/v1",
+    {
+    "@language": "ja"
+    }
+    ],
+    "type": [
+    "VerifiableCredential",
+    "WebsiteProfile"
+    ],
+    "issuer": "<OP ID>",
+    "credentialSubject": {
+    "id": "<Web サイトのオリジン (形式: https://<ホスト名>)>",
+    "type": "WebSite",
+    "name": "<Web サイトの名称>",
+    "description": "<Web サイトの説明>",
+    "image": {
+    "id": "<サムネイル画像URL>",
+    "content": [
+    "<コンテンツ (data:// 形式URL)>"
+    ]
+    },
+    "allowedOrigin": [
+    "<Web サイトのオリジン (形式: https://<ホスト名>)>"
+    ]
+    }
+    },
+    {
+    "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://originator-profile.org/ns/credentials/v1",
+    "https://originator-profile.org/ns/cip/v1",
+    {
+    "@language": "en"
+    }
+    ],
+    "type": [
+    "VerifiableCredential",
+    "WebsiteProfile"
+    ],
+    "issuer": "<OP ID>",
+    "credentialSubject": {
+    "id": "<Web サイトのオリジン (形式: https://<ホスト名>)>",
+    "type": "WebSite",
+    "name": "<Web サイトの名称>",
+    "description": "<Web サイトの説明>",
+    "image": {
+    "id": "<サムネイル画像URL>",
+    "content": [
+    "<コンテンツ (data:// 形式URL)>"
+    ]
+    },
+    "allowedOrigin": [
+    "<Web サイトのオリジン (形式: https://<ホスト名>)>"
+    ]
+    }
+    }
+    ]
 ```
 
-_See code: [src/commands/wsp/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.5.1/packages/opvc/src/commands/wsp/unsigned.ts)_
+_See code: [src/commands/wsp/unsigned.ts](https://github.com/originator-profile/originator-profile/blob/v0.6.0-beta.1/packages/opvc/src/commands/wsp/unsigned.ts)_
 <!-- commandsstop -->
 <!-- prettier-ignore-end -->
 
@@ -485,6 +689,19 @@ _See code: [src/commands/wsp/unsigned.ts](https://github.com/originator-profile/
 
 `@originator-profile/opvc` は TypeScript/JavaScript からも利用できます。
 
+### ローカル環境でのWebsite Profileの署名
+
+ローカルのプライベート鍵で署名する場合は `WebsiteProfile.sign()` を使います。
+
+```ts
+import { WebsiteProfile } from "@originator-profile/opvc";
+
+const jwt = await WebsiteProfile.sign(input, privateKey, {
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+```
+
 ### ローカル環境でのContent Attestationの署名
 
 ローカルのプライベート鍵で署名する場合は `ContentAttestation.sign()` を使います。
@@ -527,6 +744,29 @@ const jwt = await ContentAttestation.signByServer(input, {
 });
 ```
 
+### Website Profile の署名 (単一 / 多言語)
+
+`WebsiteProfile.sign()` は単一の未署名 Website Profile を JWT 文字列として署名するほか、
+配列を渡すと JWT 文字列の配列を返します。これは SiteProfile の `sites` に直接組み込めます。
+配列入力時は全要素が同一の `issuer` / `credentialSubject.id` を持ち、
+`@context` の `@language` がそれぞれ異なる必要があります。
+
+```ts
+import { WebsiteProfile } from "@originator-profile/opvc";
+
+// 単一の場合: JWT 文字列を返します
+const jwt = await WebsiteProfile.sign(input, privateKey, {
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+
+// 多言語の場合: JWT 文字列の配列を返します
+const sites = await WebsiteProfile.sign([inputJa, inputEn], privateKey, {
+  issuedAt: new Date(),
+  expiredAt: "2027-03-31",
+});
+```
+
 ## Development
 
 ```sh

package/bin/dev.cmd

@@ -1,3 +1,3 @@
 @echo off
 
-node --experimental-strip-types --no-warnings=ExperimentalWarning "%~dp0\dev.ts" %*
+node "%~dp0\dev.ts" %*

package/bin/dev.ts

@@ -1,4 +1,4 @@
-#!/usr/bin/env -S node --experimental-strip-types --disable-warning=ExperimentalWarning
+#!/usr/bin/env node
 
 import { execute } from "@oclif/core";
 

package/dist/commands/ca/{sign.mjs → sign.js}

@@ -1,5 +1,5 @@
-import { n as sign } from "../../content-attestation-duY49Hxp.mjs";
-import { r as privateKey, t as expirationDate } from "../../flags-BGhMpQzg.mjs";
+import { n as sign } from "../../content-attestation-Dd-YcVIv.js";
+import { r as privateKey, t as expirationDate } from "../../flags-BSM3ANoc.js";
 import { Command, Flags } from "@oclif/core";
 import fs from "node:fs/promises";
 //#region src/commands/ca/sign.ts

package/dist/commands/ca/{unsigned.mjs → unsigned.js}

@@ -1,5 +1,5 @@
-import { r as unsignedCa } from "../../content-attestation-duY49Hxp.mjs";
-import { t as expirationDate } from "../../flags-BGhMpQzg.mjs";
+import { r as unsignedCa } from "../../content-attestation-Dd-YcVIv.js";
+import { t as expirationDate } from "../../flags-BSM3ANoc.js";
 import { Command, Flags } from "@oclif/core";
 import fs from "node:fs/promises";
 //#region src/commands/ca/unsigned.ts

package/dist/commands/{sign.mjs → sign.js}

@@ -1,4 +1,4 @@
-import { n as opId, r as privateKey, t as expirationDate } from "../flags-BGhMpQzg.mjs";
+import { n as opId, r as privateKey, t as expirationDate } from "../flags-BSM3ANoc.js";
 import { fetchAndSetDigestSri } from "@originator-profile/sign";
 import { addYears } from "date-fns";
 import { Command, Flags } from "@oclif/core";

package/dist/commands/wsp/sign.d.ts

@@ -0,0 +1,29 @@
+import { Command } from "@oclif/core";
+import * as _$_oclif_core_interfaces0 from "@oclif/core/interfaces";
+
+//#region src/commands/wsp/sign.d.ts
+declare class WspSign extends Command {
+  static summary: string;
+  static description: string;
+  static flags: {
+    identity: _$_oclif_core_interfaces0.OptionFlag<{
+      [x: string]: unknown;
+      kty: string;
+      kid: string;
+      use?: string | undefined;
+      key_ops?: string[] | undefined;
+      alg?: string | undefined;
+      x5u?: string | undefined;
+      x5c?: string[] | undefined;
+      x5t?: string | undefined;
+      "x5t#S256"?: string | undefined;
+    }, _$_oclif_core_interfaces0.CustomOptions>;
+    input: _$_oclif_core_interfaces0.OptionFlag<string, _$_oclif_core_interfaces0.CustomOptions>;
+    "issued-at": _$_oclif_core_interfaces0.OptionFlag<string | undefined, _$_oclif_core_interfaces0.CustomOptions>;
+    "expired-at": _$_oclif_core_interfaces0.OptionFlag<Date | undefined, _$_oclif_core_interfaces0.CustomOptions>;
+  };
+  static examples: string[];
+  run(): Promise<void>;
+}
+//#endregion
+export { WspSign };

package/dist/commands/wsp/sign.js

@@ -0,0 +1,93 @@
+import { t as sign } from "../../website-profile-Brt0iuRN.js";
+import { r as privateKey, t as expirationDate } from "../../flags-BSM3ANoc.js";
+import { Command, Flags } from "@oclif/core";
+import fs from "node:fs/promises";
+//#region src/commands/wsp/sign.ts
+const exampleWebsiteProfile = {
+	"@context": [
+		"https://www.w3.org/ns/credentials/v2",
+		"https://originator-profile.org/ns/credentials/v1",
+		"https://originator-profile.org/ns/cip/v1",
+		{ "@language": "ja" }
+	],
+	type: ["VerifiableCredential", "WebsiteProfile"],
+	issuer: "dns:example.com",
+	credentialSubject: {
+		id: "https://media.example.com/",
+		type: "WebSite",
+		name: "<Webサイトのタイトル>",
+		description: "<Webサイトの説明>",
+		image: {
+			id: "https://media.example.com/image.png",
+			digestSRI: "sha256-Upwn7gYMuRmJlD1ZivHk876vXHzokXrwXj50VgfnMnY="
+		},
+		allowedOrigin: ["https://media.example.com"]
+	}
+};
+const exampleMultilingualWebsiteProfile = [exampleWebsiteProfile, {
+	...exampleWebsiteProfile,
+	"@context": [
+		"https://www.w3.org/ns/credentials/v2",
+		"https://originator-profile.org/ns/credentials/v1",
+		"https://originator-profile.org/ns/cip/v1",
+		{ "@language": "en" }
+	],
+	credentialSubject: {
+		...exampleWebsiteProfile.credentialSubject,
+		name: "<Website title>",
+		description: "<Website description>"
+	}
+}];
+var WspSign = class WspSign extends Command {
+	static summary = "Website Profile の作成";
+	static description = `\
+Website Profile に署名します。
+入力が単一オブジェクトの場合は JWT を、配列の場合は JWT の配列を標準出力に出力します。
+配列入力時は全要素が同一の issuer / credentialSubject.id を持ち、
+@context の @language がそれぞれ異なる必要があります。`;
+	static flags = {
+		identity: privateKey({ required: true }),
+		input: Flags.string({
+			summary: "入力ファイルのパス (JSON 形式)",
+			helpValue: "<filepath>",
+			description: `\
+Website Profile (WSP) の例:
+
+${JSON.stringify(exampleWebsiteProfile, null, "  ")}
+
+多言語 Website Profile (配列) の例:
+
+${JSON.stringify(exampleMultilingualWebsiteProfile, null, "  ")}`,
+			required: true
+		}),
+		"issued-at": Flags.string({ description: "発行日時 (ISO 8601)" }),
+		"expired-at": expirationDate()
+	};
+	static examples = [`\
+$ <%= config.bin %> <%= command.id %> \\
+    -i account-key.example.priv.json \\
+    --input website-profile.example.json`, `\
+$ <%= config.bin %> <%= command.id %> \\
+    -i account-key.example.priv.json \\
+    --input website-profile.multilingual.example.json`];
+	async run() {
+		const { flags } = await this.parse(WspSign);
+		const inputBuffer = await fs.readFile(flags.input);
+		const input = JSON.parse(inputBuffer.toString());
+		if (Array.isArray(input)) {
+			const result = await sign(input, flags.identity, {
+				issuedAt: flags["issued-at"],
+				expiredAt: flags["expired-at"]
+			});
+			this.logJson(result);
+		} else {
+			const jwt = await sign(input, flags.identity, {
+				issuedAt: flags["issued-at"],
+				expiredAt: flags["expired-at"]
+			});
+			this.log(jwt);
+		}
+	}
+};
+//#endregion
+export { WspSign };

package/dist/commands/wsp/{unsigned.mjs → unsigned.js}

@@ -1,5 +1,5 @@
-import { t as unsignedWsp } from "../../website-profile-B3Q2-h2n.mjs";
-import { t as expirationDate } from "../../flags-BGhMpQzg.mjs";
+import { n as unsignedWsp } from "../../website-profile-Brt0iuRN.js";
+import { t as expirationDate } from "../../flags-BSM3ANoc.js";
 import { Command, Flags } from "@oclif/core";
 import fs from "node:fs/promises";
 //#region src/commands/wsp/unsigned.ts
@@ -24,6 +24,23 @@ const exampleWebsiteProfile = {
 		allowedOrigin: ["<Web サイトのオリジン (形式: https://<ホスト名>)>"]
 	}
 };
+const exampleMultilingualWebsiteProfile = [{
+	...exampleWebsiteProfile,
+	"@context": [
+		"https://www.w3.org/ns/credentials/v2",
+		"https://originator-profile.org/ns/credentials/v1",
+		"https://originator-profile.org/ns/cip/v1",
+		{ "@language": "ja" }
+	]
+}, {
+	...exampleWebsiteProfile,
+	"@context": [
+		"https://www.w3.org/ns/credentials/v2",
+		"https://originator-profile.org/ns/credentials/v1",
+		"https://originator-profile.org/ns/cip/v1",
+		{ "@language": "en" }
+	]
+}];
 var WspUnsigned = class WspUnsigned extends Command {
 	static summary = "未署名 Website Profile の取得";
 	static description = "標準出力に未署名 Website Profile を出力します。";
@@ -34,7 +51,11 @@ var WspUnsigned = class WspUnsigned extends Command {
 			description: `\
 Website Profile の例:
 
-${JSON.stringify(exampleWebsiteProfile, null, "  ")}`,
+${JSON.stringify(exampleWebsiteProfile, null, "  ")}
+
+多言語の Website Profile (配列) の例:
+
+${JSON.stringify(exampleMultilingualWebsiteProfile, null, "  ")}`,
 			required: true
 		}),
 		"issued-at": Flags.string({ description: "発行日時 (ISO 8601)" }),

package/dist/{content-attestation-duY49Hxp.mjs → content-attestation-Dd-YcVIv.js}

@@ -1,9 +1,9 @@
-import { t as __exportAll } from "./chunk-CfYAbeIz.mjs";
+import { t as __exportAll } from "./chunk-pbuEa-1d.js";
+import { t as parseDates } from "./timing-options-BWzawYM4.js";
 import { JSDOM } from "jsdom";
-import { parseExpirationDate } from "@originator-profile/core";
 import { UnsignedContentAttestation } from "@originator-profile/model";
 import { fetchAndSetDigestSri, fetchAndSetTargetIntegrity, signCa } from "@originator-profile/sign";
-import { addYears, getUnixTime } from "date-fns";
+import { getUnixTime } from "date-fns";
 import { BadRequestError } from "http-errors-enhanced";
 //#region src/document-provider.ts
 async function documentProvider({ type, content = "" }) {
@@ -28,19 +28,6 @@ var content_attestation_exports = /* @__PURE__ */ __exportAll({
 	signByServer: () => signByServer,
 	unsignedCa: () => unsignedCa
 });
-function assertValidDate(value, fieldName) {
-	if (Number.isNaN(value.getTime())) throw new BadRequestError(`${fieldName} must be a valid date.`);
-}
-function parseDates({ issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
-	const issuedAt = new Date(issuedAtDateOrString);
-	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : new Date(expiredAtDateOrString);
-	assertValidDate(issuedAt, "issuedAt");
-	assertValidDate(expiredAt, "expiredAt");
-	return {
-		issuedAt,
-		expiredAt
-	};
-}
 /**
 * 未署名 Content Attestation の取得
 * @param uca 未署名 Content Attestation オブジェクト

package/dist/{index.d.mts → index.d.ts}

@@ -1,5 +1,5 @@
-import { Jwk, RawTarget, UnsignedContentAttestation, UnsignedWebsiteProfile } from "@originator-profile/model";
-import { DocumentProvider } from "@originator-profile/sign";
+import { Jwk, RawTarget, UnsignedContentAttestation, UnsignedWebsiteProfile, UnsignedWebsiteProfileSet } from "@originator-profile/model";
+import { DocumentProvider, UnsignedWebsiteProfileInput } from "@originator-profile/sign";
 
 //#region src/document-provider.d.ts
 declare function documentProvider$1({
@@ -18,14 +18,16 @@ type HashAlgorithm = "sha256" | "sha384" | "sha512";
  * representations for cryptographic operations. These algorithms are referenced by name when
  * working with hashing functions in Web Crypto APIs.
  */
-declare namespace content_attestation_d_exports {
-  export { sign, signByServer, unsignedCa };
-}
-type ContentAttestationTimingOptions = {
+//#endregion
+//#region src/timing-options.d.ts
+type TimingOptions = {
   issuedAt?: Date | string;
   expiredAt?: Date | string;
 };
-type UnsignedCaOptions = ContentAttestationTimingOptions & {
+declare namespace content_attestation_d_exports {
+  export { sign$1 as sign, signByServer, unsignedCa };
+}
+type UnsignedCaOptions = TimingOptions & {
   integrityAlg?: HashAlgorithm;
   documentProvider?: DocumentProvider;
 };
@@ -47,7 +49,7 @@ declare function unsignedCa(uca: UnsignedContentAttestation, {
  * @throws {BadRequestError} 入力が UnsignedContentAttestation スキーマに適合しない場合/検証対象のコンテンツが存在しない/コンテンツにアクセスできない/Integrityの計算に失敗
  * @return Content Attestation
  */
-declare function sign(uca: UnsignedContentAttestation, privateKey: Jwk, options?: ContentAttestationTimingOptions): Promise<string>;
+declare function sign$1(uca: UnsignedContentAttestation, privateKey: Jwk, options?: TimingOptions): Promise<string>;
 /**
  * CA server 経由で Content Attestation を作成
  * @param uca 未署名 Content Attestation オブジェクト
@@ -65,20 +67,29 @@ declare function signByServer(uca: UnsignedContentAttestation, {
   accessToken: string;
 }): Promise<string>;
 declare namespace website_profile_d_exports {
-  export { unsignedWsp };
+  export { sign, unsignedWsp };
 }
 /**
  * 未署名 Website Profile の取得
- * @param uwsp 未署名 Website Profile オブジェクト
- * @throws {Error} 入力が UnsignedWebsiteProfile スキーマに適合しない場合
- * @return 未署名 Website Profile オブジェクト
+ *
+ * 配列を渡した場合、全要素が同一の `issuer` と `credentialSubject.id` を持ち、
+ * `@context` の `@language` がそれぞれ異なることを検証します。
+ *
+ * @param uwsp 未署名 Website Profile オブジェクト (単一または配列)
+ * @throws {BadRequestError} 配列入力の整合性違反や入力が UnsignedWebsiteProfile スキーマに適合しない場合
+ * @return 未署名 Website Profile (配列入力時は配列)
  */
-declare function unsignedWsp(uwsp: UnsignedWebsiteProfile, {
-  issuedAt: issuedAtDateOrString,
-  expiredAt: expiredAtDateOrString
-}: {
-  issuedAt?: Date | string;
-  expiredAt?: Date | string;
-}): Promise<UnsignedWebsiteProfile>;
+declare function unsignedWsp<U extends UnsignedWebsiteProfileInput>(uwsp: U, options: TimingOptions): Promise<U extends unknown[] ? UnsignedWebsiteProfileSet : UnsignedWebsiteProfile>;
+/**
+ * Website Profile への署名
+ *
+ * 配列を渡した場合、各要素を個別に署名して JWT 文字列の配列を返します。
+ *
+ * @param uwsp 未署名 Website Profile (単一または配列)
+ * @param privateKey プライベート鍵
+ * @throws {BadRequestError} 配列入力の整合性違反や入力が UnsignedWebsiteProfile スキーマに適合しない場合
+ * @return 単一入力時は JWT 文字列、配列入力時は JWT 文字列の配列
+ */
+declare function sign<U extends UnsignedWebsiteProfileInput>(uwsp: U, privateKey: Jwk, options?: TimingOptions): Promise<U extends unknown[] ? string[] : string>;
 //#endregion
 export { content_attestation_d_exports as ContentAttestation, website_profile_d_exports as WebsiteProfile, documentProvider$1 as documentProvider };

package/dist/{index.mjs → index.js}

@@ -1,3 +1,3 @@
-import { i as documentProvider, t as content_attestation_exports } from "./content-attestation-duY49Hxp.mjs";
-import { n as website_profile_exports } from "./website-profile-B3Q2-h2n.mjs";
+import { i as documentProvider, t as content_attestation_exports } from "./content-attestation-Dd-YcVIv.js";
+import { r as website_profile_exports } from "./website-profile-Brt0iuRN.js";
 export { content_attestation_exports as ContentAttestation, website_profile_exports as WebsiteProfile, documentProvider };

package/dist/timing-options-BWzawYM4.js

@@ -0,0 +1,19 @@
+import { addYears } from "date-fns";
+import { BadRequestError } from "http-errors-enhanced";
+import { parseExpirationDate } from "@originator-profile/core";
+//#region src/timing-options.ts
+function assertValidDate(value, fieldName) {
+	if (Number.isNaN(value.getTime())) throw new BadRequestError(`${fieldName} must be a valid date.`);
+}
+function parseDates({ issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
+	const issuedAt = new Date(issuedAtDateOrString);
+	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : new Date(expiredAtDateOrString);
+	assertValidDate(issuedAt, "issuedAt");
+	assertValidDate(expiredAt, "expiredAt");
+	return {
+		issuedAt,
+		expiredAt
+	};
+}
+//#endregion
+export { parseDates as t };

package/dist/website-profile-Brt0iuRN.js

@@ -0,0 +1,60 @@
+import { t as __exportAll } from "./chunk-pbuEa-1d.js";
+import { t as parseDates } from "./timing-options-BWzawYM4.js";
+import { UnsignedWebsiteProfileInput, fetchAndSetDigestSri, signWsp } from "@originator-profile/sign";
+import { getUnixTime } from "date-fns";
+import { BadRequestError } from "http-errors-enhanced";
+//#region src/website-profile.ts
+var website_profile_exports = /* @__PURE__ */ __exportAll({
+	sign: () => sign,
+	unsignedWsp: () => unsignedWsp
+});
+/**
+* 未署名 Website Profile の取得
+*
+* 配列を渡した場合、全要素が同一の `issuer` と `credentialSubject.id` を持ち、
+* `@context` の `@language` がそれぞれ異なることを検証します。
+*
+* @param uwsp 未署名 Website Profile オブジェクト (単一または配列)
+* @throws {BadRequestError} 配列入力の整合性違反や入力が UnsignedWebsiteProfile スキーマに適合しない場合
+* @return 未署名 Website Profile (配列入力時は配列)
+*/
+async function unsignedWsp(uwsp, options) {
+	const timing = parseDates(options);
+	async function build(u) {
+		await fetchAndSetDigestSri("sha256", u.credentialSubject.image);
+		return {
+			...u,
+			iss: u.issuer,
+			sub: u.credentialSubject.id,
+			iat: getUnixTime(timing.issuedAt),
+			exp: getUnixTime(timing.expiredAt)
+		};
+	}
+	try {
+		UnsignedWebsiteProfileInput.parse(uwsp);
+		if (Array.isArray(uwsp)) return await Promise.all(uwsp.map(build));
+		return await build(uwsp);
+	} catch (e) {
+		throw new BadRequestError(e.message, { cause: e });
+	}
+}
+/**
+* Website Profile への署名
+*
+* 配列を渡した場合、各要素を個別に署名して JWT 文字列の配列を返します。
+*
+* @param uwsp 未署名 Website Profile (単一または配列)
+* @param privateKey プライベート鍵
+* @throws {BadRequestError} 配列入力の整合性違反や入力が UnsignedWebsiteProfile スキーマに適合しない場合
+* @return 単一入力時は JWT 文字列、配列入力時は JWT 文字列の配列
+*/
+async function sign(uwsp, privateKey, options = {}) {
+	const timing = parseDates(options);
+	try {
+		return await signWsp(uwsp, privateKey, timing);
+	} catch (e) {
+		throw new BadRequestError(e.message, { cause: e });
+	}
+}
+//#endregion
+export { unsignedWsp as n, website_profile_exports as r, sign as t };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@originator-profile/opvc",
-  "version": "0.5.1",
+  "version": "0.6.0-beta.1",
   "license": "Apache-2.0",
   "homepage": "https://docs.originator-profile.org",
   "repository": {
@@ -19,10 +19,9 @@
     "LICENSE",
     "NOTICE"
   ],
-  "bin": "bin/run.js",
   "exports": {
-    "types": "./dist/index.d.mts",
-    "default": "./dist/index.mjs"
+    "types": "./dist/index.d.ts",
+    "default": "./dist/index.js"
   },
   "oclif": {
     "bin": "opvc",
@@ -39,26 +38,29 @@
     "http-errors-enhanced": "^4.0.2",
     "jose": "^6.2.2",
     "jsdom": "^29.0.1",
-    "@originator-profile/cryptography": "0.5.1",
-    "@originator-profile/core": "0.5.1",
-    "@originator-profile/securing-mechanism": "0.5.1",
-    "@originator-profile/model": "0.5.1",
-    "@originator-profile/sign": "0.5.1"
+    "@originator-profile/cryptography": "0.6.0-beta.1",
+    "@originator-profile/model": "0.6.0-beta.1",
+    "@originator-profile/core": "0.6.0-beta.1",
+    "@originator-profile/sign": "0.6.0-beta.1",
+    "@originator-profile/securing-mechanism": "0.6.0-beta.1"
   },
   "devDependencies": {
-    "@types/node": "^25.5.0",
-    "eslint": "^10.1.0",
-    "oclif": "^4.22.96",
-    "tsdown": "^0.21.7",
-    "typescript": "^6.0.2",
-    "websri": "^1.0.1",
-    "@originator-profile/tsconfig": "0.5.1",
-    "eslint-config-originator-profile": "0.5.1"
+    "@types/node": "25.6.0",
+    "eslint": "10.2.0",
+    "oclif": "4.23.0",
+    "tsdown": "0.21.7",
+    "typescript": "6.0.2",
+    "websri": "1.0.1",
+    "@originator-profile/tsconfig": "0.6.0-beta.1",
+    "eslint-config-originator-profile": "0.6.0-beta.1"
   },
   "scripts": {
     "build": "tsdown && oclif manifest && oclif readme",
     "lint": "eslint --fix .",
     "type-check": "tsc",
-    "test": "node --experimental-strip-types --no-warnings=ExperimentalWarning --test"
+    "test": "node --test"
+  },
+  "bin": {
+    "opvc": "bin/run.js"
   }
 }

package/dist/website-profile-B3Q2-h2n.mjs

@@ -1,28 +0,0 @@
-import { t as __exportAll } from "./chunk-CfYAbeIz.mjs";
-import { parseExpirationDate } from "@originator-profile/core";
-import { UnsignedWebsiteProfile } from "@originator-profile/model";
-import { fetchAndSetDigestSri } from "@originator-profile/sign";
-import { addYears, getUnixTime } from "date-fns";
-//#region src/website-profile.ts
-var website_profile_exports = /* @__PURE__ */ __exportAll({ unsignedWsp: () => unsignedWsp });
-/**
-* 未署名 Website Profile の取得
-* @param uwsp 未署名 Website Profile オブジェクト
-* @throws {Error} 入力が UnsignedWebsiteProfile スキーマに適合しない場合
-* @return 未署名 Website Profile オブジェクト
-*/
-async function unsignedWsp(uwsp, { issuedAt: issuedAtDateOrString = /* @__PURE__ */ new Date(), expiredAt: expiredAtDateOrString = addYears(/* @__PURE__ */ new Date(), 1) }) {
-	UnsignedWebsiteProfile.parse(uwsp);
-	const issuedAt = new Date(issuedAtDateOrString);
-	const expiredAt = typeof expiredAtDateOrString === "string" ? parseExpirationDate(expiredAtDateOrString) : expiredAtDateOrString;
-	await fetchAndSetDigestSri("sha256", uwsp.credentialSubject.image);
-	return {
-		iss: uwsp.issuer,
-		sub: uwsp.credentialSubject.id,
-		iat: getUnixTime(issuedAt),
-		exp: getUnixTime(expiredAt),
-		...uwsp
-	};
-}
-//#endregion
-export { website_profile_exports as n, unsignedWsp as t };