@originator-profile/sign 0.5.1 → 0.5.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@originator-profile/sign",
-  "version": "0.5.1",
+  "version": "0.5.2",
   "license": "Apache-2.0",
   "homepage": "https://docs.originator-profile.org",
   "repository": {
@@ -13,14 +13,8 @@
   },
   "type": "module",
   "exports": {
-    "require": {
-      "types": "./dist/index.d.cts",
-      "default": "./dist/index.cjs"
-    },
-    "import": {
-      "types": "./dist/index.d.mts",
-      "default": "./dist/index.mjs"
-    }
+    "types": "./dist/index.d.ts",
+    "default": "./dist/index.js"
   },
   "files": [
     "dist",
@@ -30,22 +24,23 @@
   ],
   "dependencies": {
     "jose": "^6.2.2",
-    "@originator-profile/cryptography": "0.5.1",
-    "@originator-profile/securing-mechanism": "0.5.1",
-    "@originator-profile/model": "0.5.1"
+    "@originator-profile/cryptography": "0.5.2",
+    "@originator-profile/securing-mechanism": "0.5.2",
+    "@originator-profile/model": "0.5.2"
   },
   "devDependencies": {
-    "date-fns": "^4.1.0",
-    "eslint": "^10.1.0",
-    "pkgroll": "^2.27.0",
-    "typescript": "^6.0.2",
-    "vitest": "^4.1.2",
-    "websri": "^1.0.1",
-    "@originator-profile/tsconfig": "0.5.1",
-    "eslint-config-originator-profile": "0.5.1"
+    "date-fns": "4.1.0",
+    "eslint": "10.2.0",
+    "pkgroll": "2.27.0",
+    "typescript": "6.0.2",
+    "vitest": "4.1.4",
+    "websri": "1.0.1",
+    "zod": "4.4.3",
+    "eslint-config-originator-profile": "0.5.2",
+    "@originator-profile/tsconfig": "0.5.2"
   },
   "scripts": {
-    "build": "pkgroll --clean-dist --target=node20",
+    "build": "pkgroll --clean-dist",
     "test": "vitest run",
     "lint": "eslint --fix .",
     "type-check": "tsc --noEmit"

package/dist/index.cjs

@@ -1,308 +0,0 @@
-'use strict';
-
-var securingMechanism = require('@originator-profile/securing-mechanism');
-
-const supportedHashAlgorithms = {
-  /** SHA-256 hash algorithm */
-  sha256: "SHA-256",
-  /** SHA-384 hash algorithm */
-  sha384: "SHA-384",
-  /** SHA-512 hash algorithm */
-  sha512: "SHA-512"
-};
-const IntegrityMetadataRegex = /^(?<alg>sha256|sha384|sha512)-(?<val>(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)(?:[?](?<opt>[\x21-\x7e]*))?$/;
-class IntegrityMetadata {
-  /** Hash algorithm */
-  alg;
-  /** The base64-encoded hash value of the resource */
-  val;
-  /** Optional additional attributes */
-  opt;
-  /**
-   * Creates an instance of `IntegrityMetadata` from a given object or string.
-   * @param integrity The integrity metadata input, which can be a string or object.
-   * @example
-   * ```js
-   * new IntegrityMetadata("sha256-MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM=")
-   * ```
-   *
-   * or
-   *
-   * ```js
-   * new IntegrityMetadata({
-   *   alg: "sha256",
-   *   val: "MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM=",
-   * })
-   * ```
-   */
-  constructor(integrity) {
-    const integrityString = typeof integrity === "object" && integrity !== null ? IntegrityMetadata.stringify(integrity) : String(integrity ?? "").trim();
-    const {
-      alg = "",
-      val = "",
-      opt
-    } = IntegrityMetadataRegex.exec(integrityString)?.groups ?? {};
-    Object.assign(this, {
-      alg,
-      val,
-      opt: opt?.split("?") ?? []
-    });
-  }
-  /**
-   * Compares the current integrity metadata with another object or string.
-   * @param integrity The integrity metadata to compare with.
-   * @returns `true` if the integrity metadata matches, `false` otherwise.
-   * @example
-   * ```js
-   * integrityMetadata.match("sha256-MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM=")
-   * ```
-   *
-   * or
-   *
-   * ```js
-   * integrityMetadata.match({
-   *   alg: "sha256",
-   *   val: "MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM=",
-   * })
-   * ```
-   */
-  match(integrity) {
-    const { alg, val } = new IntegrityMetadata(integrity);
-    if (!alg) return false;
-    if (!val) return false;
-    if (!(alg in supportedHashAlgorithms)) return false;
-    return alg === this.alg && val === this.val;
-  }
-  /**
-   * Converts the integrity metadata into a string representation.
-   * @returns The string representation of the integrity metadata.
-   */
-  toString() {
-    return IntegrityMetadata.stringify(this);
-  }
-  /**
-   * Converts the integrity metadata into a JSON string.
-   * @returns The JSON string representation of the integrity metadata.
-   */
-  toJSON() {
-    return this.toString();
-  }
-  /**
-   * Static method to stringify an integrity metadata object.
-   * @param integrity The integrity metadata object to stringify.
-   * @returns The stringified integrity metadata.
-   * @example
-   * ```js
-   * IntegrityMetadata.stringify({
-   *   alg: "sha256",
-   *   val: "MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM=",
-   * }) // "sha256-MV9b23bQeMQ7isAGTkoBZGErH853yGk0W/yUx1iU7dM="
-   * ```
-   */
-  static stringify({ alg, val, opt = [] }) {
-    if (!alg) return "";
-    if (!val) return "";
-    if (!(alg in supportedHashAlgorithms)) return "";
-    return `${alg}-${[val, ...opt].join("?")}`;
-  }
-}
-async function createIntegrityMetadata(hashAlgorithm, data, opt = []) {
-  const alg = hashAlgorithm.toLowerCase();
-  if (!(alg in supportedHashAlgorithms)) {
-    return new IntegrityMetadata("");
-  }
-  const hashAlgorithmIdentifier = supportedHashAlgorithms[alg];
-  const arrayBuffer = await crypto.subtle.digest(hashAlgorithmIdentifier, data);
-  const val = btoa(String.fromCharCode(...new Uint8Array(arrayBuffer)));
-  const integrity = IntegrityMetadata.stringify({ alg, val, opt });
-  return new IntegrityMetadata(integrity);
-}
-
-async function createDigestSri(alg, resource, fetcher = fetch) {
-  if (!(alg in supportedHashAlgorithms)) {
-    return { id: resource.id };
-  }
-  const meta = await Promise.all(
-    [resource.content ?? resource.id].flat().map(async (content) => {
-      const res = await fetcher(content);
-      const data = await res.arrayBuffer();
-      return await createIntegrityMetadata(alg, data);
-    })
-  );
-  return {
-    id: resource.id,
-    digestSRI: meta.join(" ")
-  };
-}
-
-class FetchFailed extends Error {
-  static get code() {
-    return "ERR_FETCH_FAILED";
-  }
-  code = FetchFailed.code;
-  ok = false;
-  error;
-  constructor(message, error) {
-    super(message);
-    this.error = error;
-  }
-}
-
-async function fetchAndSetDigestSri(alg, content) {
-  if (!content) return content;
-  if (typeof content.digestSRI !== "string") {
-    Object.assign(
-      content,
-      await createDigestSri(alg, content)
-    );
-  }
-  delete content.content;
-  return content;
-}
-
-const fetchHtmlContent = async (elements) => {
-  const text = elements.map((element) => element.outerHTML).join("");
-  return [new Response(text)];
-};
-const fetchTextContent = async (elements) => {
-  const text = elements.map((element) => element.textContent ?? "").join("");
-  return [new Response(text)];
-};
-const fetchVisibleTextContent = async (elements) => {
-  const text = elements.map((element) => element.innerText).join("");
-  return [new Response(text)];
-};
-const fetchExternalResource = async (elements, fetcher = fetch) => {
-  return await Promise.all(
-    elements.map(async (element) => {
-      const el = element;
-      const src = el.currentSrc || el.src;
-      if (!src) {
-        throw new Error("Element has no src or currentSrc property");
-      }
-      try {
-        return await fetcher(src);
-      } catch (e) {
-        if (e instanceof Error || e instanceof window.Error) {
-          throw new FetchFailed(`Failed to fetch`, e);
-        }
-        throw e;
-      }
-    })
-  );
-};
-const selectByCss = (params) => {
-  return Array.from(
-    params.document.querySelectorAll(params.cssSelector)
-  );
-};
-const selectByIntegrity = (params) => {
-  return selectByCss({
-    ...params,
-    cssSelector: `[integrity=${JSON.stringify(String(params.integrity))}]`
-  });
-};
-async function createIntegrity(alg, { content = "", ...target }, doc) {
-  if (![
-    "TextTargetIntegrity",
-    "VisibleTextTargetIntegrity",
-    "HtmlTargetIntegrity",
-    "ExternalResourceTargetIntegrity"
-  ].includes(target.type)) {
-    return null;
-  }
-  if (!(alg in supportedHashAlgorithms)) {
-    return null;
-  }
-  if (target.type === "ExternalResourceTargetIntegrity") {
-    const meta2 = await Promise.all(
-      [content].flat().map(async (content2) => {
-        const res2 = URL.canParse(content2) ? await fetch(content2) : new Response(content2);
-        const data2 = await res2.arrayBuffer();
-        return await createIntegrityMetadata(alg, data2);
-      })
-    );
-    return {
-      ...target,
-      integrity: meta2.join(" ")
-    };
-  }
-  doc ??= document;
-  const { contentFetcher, elementSelector } = {
-    HtmlTargetIntegrity: {
-      contentFetcher: fetchHtmlContent,
-      elementSelector: selectByCss
-    },
-    TextTargetIntegrity: {
-      contentFetcher: fetchTextContent,
-      elementSelector: selectByCss
-    },
-    VisibleTextTargetIntegrity: {
-      contentFetcher: fetchVisibleTextContent,
-      elementSelector: selectByCss
-    }
-  }[target.type];
-  const elements = elementSelector({ ...target, document: doc });
-  if (elements.length === 0) return null;
-  const [res] = await contentFetcher(elements);
-  if (!res) return null;
-  const data = await res.arrayBuffer();
-  const meta = await createIntegrityMetadata(alg, data);
-  return {
-    ...target,
-    integrity: meta.toString()
-  };
-}
-
-class IntegrityCalculationError extends Error {
-}
-async function fetchAndSetTargetIntegrity(alg, obj, documentProvider = async () => document) {
-  const target = await Promise.all(
-    obj.target.map(async (raw, i) => {
-      if (raw.integrity) {
-        const { content: _, ...target3 } = raw;
-        return target3;
-      }
-      const doc = raw.type === "ExternalResourceTargetIntegrity" ? void 0 : await documentProvider(raw);
-      const target2 = await createIntegrity(alg, raw, doc);
-      if (!target2) {
-        throw new IntegrityCalculationError(
-          `Failed to create integrity for element target[${i}].`
-        );
-      }
-      return target2;
-    })
-  );
-  return Object.assign(obj, { target });
-}
-
-async function signCa(uca, privateKey, {
-  alg = "ES256",
-  issuedAt = /* @__PURE__ */ new Date(),
-  expiredAt,
-  integrityAlg = "sha256",
-  documentProvider = async () => document
-}) {
-  await fetchAndSetDigestSri(integrityAlg, uca.credentialSubject.image);
-  await fetchAndSetTargetIntegrity(integrityAlg, uca, documentProvider);
-  return await securingMechanism.signJwtVc(uca, privateKey, { alg, issuedAt, expiredAt });
-}
-
-async function signCp(cp, privateKey, options) {
-  return securingMechanism.signJwtVc(cp, privateKey, options);
-}
-
-exports.FetchFailed = FetchFailed;
-exports.IntegrityCalculationError = IntegrityCalculationError;
-exports.createDigestSri = createDigestSri;
-exports.createIntegrity = createIntegrity;
-exports.fetchAndSetDigestSri = fetchAndSetDigestSri;
-exports.fetchAndSetTargetIntegrity = fetchAndSetTargetIntegrity;
-exports.fetchExternalResource = fetchExternalResource;
-exports.fetchHtmlContent = fetchHtmlContent;
-exports.fetchTextContent = fetchTextContent;
-exports.fetchVisibleTextContent = fetchVisibleTextContent;
-exports.selectByCss = selectByCss;
-exports.selectByIntegrity = selectByIntegrity;
-exports.signCa = signCa;
-exports.signCp = signCp;

package/dist/index.d.cts

@@ -1,211 +0,0 @@
-import { RawTarget, Target, UnsignedContentAttestation, Jwk, CoreProfile } from '@originator-profile/model';
-
-/**
- * Represents the available hash algorithms used for Subresource Integrity.
- * @see {@link https://www.w3.org/TR/CSP2/#hash_algo}
- */
-type HashAlgorithm = "sha256" | "sha384" | "sha512";
-
-type DigestSriSource = {
-    id: string;
-    content?: string | string[];
-};
-type DigestSriResult = {
-    id: string;
-    digestSRI: string;
-};
-type DigestSriContent = DigestSriSource | DigestSriResult;
-type ContentFetcher = (elements: ReadonlyArray<HTMLElement>, fetcher?: typeof fetch) => Promise<ReadonlyArray<Response>>;
-type ElementSelector = (params: {
-    cssSelector?: string;
-    integrity?: string;
-    document: Document;
-}) => ReadonlyArray<HTMLElement>;
-/** 文脈に応じて Document を提供する関数 */
-type DocumentProvider = (raw: RawTarget) => Promise<Document>;
-
-/**
- * `digestSRI` の作成
- *
- * `content` にアクセスし `digestSRI` を計算します。
- * なお、`content` プロパティは削除されます。
- * `content` プロパティが存在しない場合、`id` にアクセスし `digestSRI` 計算します。
- *
- * 複数のコンテンツが指定された場合、それぞれのハッシュ値がスペース区切りで結合されます。
- *
- * @see {@link https://www.w3.org/TR/SRI/#the-integrity-attribute}
- * @example
- * 単一コンテンツ
- * ```ts
- * const resource = {
- *   id: "<URL>",
- *   content: "<コンテンツ (URL)>", // 省略可能
- * };
- *
- * const { digestSRI } = await createDigestSri("sha256", resource);
- * console.log(digestSRI); // sha256-...
- * ```
- *
- * @example
- * 複数コンテンツ
- * ```ts
- * const resource = {
- *   id: "<URL>",
- *   content: ["<コンテンツURL1>", "<コンテンツURL2>"],
- * };
- *
- * const { digestSRI } = await createDigestSri("sha256", resource);
- * console.log(digestSRI); // sha256-... sha256-...
- * ```
- */
-declare function createDigestSri(alg: HashAlgorithm, resource: DigestSriSource, fetcher?: typeof fetch): Promise<DigestSriContent>;
-
-declare class FetchFailed extends Error {
-    static get code(): "ERR_FETCH_FAILED";
-    readonly code: "ERR_FETCH_FAILED";
-    readonly ok = false;
-    error: Error;
-    constructor(message: string, error: Error);
-}
-
-/**
- * オブジェクトへの `digestSRI` の割り当て
- *
- * `digestSRI` を省略した場合、`content` にアクセスし `digestSRI` を計算します。
- * なお、`content` プロパティは削除されます。
- * `content` プロパティが存在しない場合、`id` にアクセスし `digestSRI` 計算します。
- * @see {@link https://www.w3.org/TR/SRI/#the-integrity-attribute}
- * @example
- * ```ts
- * const resource = {
- *   id: "<URL>",
- *   content: "<コンテンツ (URL)>", // 省略可能
- * };
- *
- * await fetchAndSetDigestSri("sha256", resource);
- *
- * console.log(resource);
- * // {
- * //   id: "<URL>",
- * //   digestSRI: "sha256-..."
- * // }
- * ```
- */
-declare function fetchAndSetDigestSri(alg: HashAlgorithm, content: unknown): Promise<DigestSriResult | undefined>;
-
-/** Integrityの計算に失敗 (例: 検証対象が存在しない) エラー */
-declare class IntegrityCalculationError extends Error {
-}
-/**
- * 未署名 Content Attestation への Target Integrity の割り当て
- * target[].integrity を省略した場合、type に準じて content から integrity を計算します。
- * 一方、target[].integrity が含まれる場合、その値をそのまま使用します。
- * なお、いずれも target[].content プロパティが削除される点にご注意ください。
- * @see {@link https://docs.originator-profile.org/opb/content-integrity-descriptor/}
- * @throws {IntegrityCalculationError} Integrityの計算に失敗 (例: 検証対象が存在しない)
- * @example
- * ```ts
- * const uca = {
- *   // ...
- *   target: [
- *     {
- *       type: "<Target Integrityの種別>",
- *       cssSelector: "<CSS セレクター>",
- *     },
- *   ],
- * };
- *
- * await fetchAndSetTargetIntegrity("sha256", uca);
- *
- * console.log(uca.target);
- * // [
- * //   {
- * //     type: "<Target Integrityの種別>",
- * //     cssSelector: "<CSS セレクター>",
- * //     integrity: "sha256-..."
- * //   }
- * // ]
- * ```
- */
-declare function fetchAndSetTargetIntegrity<T extends {
-    target: ReadonlyArray<RawTarget>;
-}>(alg: HashAlgorithm, obj: T, documentProvider?: DocumentProvider): Promise<T & {
-    target: ReadonlyArray<Target>;
-}>;
-
-/** element.outerHTML and join("") */
-declare const fetchHtmlContent: ContentFetcher;
-/** element.textContent and join("") */
-declare const fetchTextContent: ContentFetcher;
-/** element.innerText and join("") */
-declare const fetchVisibleTextContent: ContentFetcher;
-/**
- * Fetches external resources from elements by using their `currentSrc` or `src` property.
- * HTMLImageElement (<img>) and HTMLMediaElement (<video>, <audio>) support the `currentSrc` property,
- * which represents the actual source URL currently in use after source selection (e.g., <img srcset>, <video> with multiple <source>).
- * `currentSrc` is preferred over `src` because it reflects the final selected resource, ensuring integrity checks are performed on the actual loaded content.
- * Falls back to `src` if `currentSrc` is not available.
- */
-declare const fetchExternalResource: ContentFetcher;
-declare const selectByCss: ElementSelector;
-declare const selectByIntegrity: ElementSelector;
-/**
- * Target Integrity の作成
- *
- * `ExternalResourceTargetIntegrity` で複数のコンテンツが指定された場合、それぞれのハッシュ値がスペース区切りで結合されます。
- *
- * @see {@link https://docs.originator-profile.org/opb/content-integrity-descriptor/}
- * @example
- * 基本的な使用例
- * ```ts
- * const content = {
- *   type: "HtmlTargetIntegrity", // or ***TargetIntegrity
- *   cssSelector: "<CSS セレクター>",
- * };
- *
- * const { integrity } = await createIntegrity("sha256", content);
- * console.log(integrity); // sha256-...
- * ```
- *
- * @example
- * ExternalResourceTargetIntegrity で複数コンテンツ
- * ```ts
- * const content = {
- *   type: "ExternalResourceTargetIntegrity",
- *   content: ["<コンテンツURL1>", "<コンテンツURL2>"],
- * };
- *
- * const { integrity } = await createIntegrity("sha256", content);
- * console.log(integrity); // sha256-... sha256-...
- * ```
- */
-declare function createIntegrity(alg: HashAlgorithm, { content, ...target }: RawTarget, doc?: Document): Promise<Target | null>;
-
-/**
- * Content Attestation への署名
- * @param uca 未署名 Content Attestation オブジェクト
- * @param privateKey プライベート鍵
- * @return JWT でエンコードされた Content Attestation
- */
-declare function signCa(uca: UnsignedContentAttestation, privateKey: Jwk, { alg, issuedAt, expiredAt, integrityAlg, documentProvider, }: {
-    alg?: string;
-    issuedAt?: Date;
-    expiredAt: Date;
-    integrityAlg?: HashAlgorithm;
-    documentProvider?: DocumentProvider;
-}): Promise<string>;
-
-/**
- * CP への署名
- * @param cp CoreProfile オブジェクト
- * @param privateKey プライベート鍵
- * @return JWT でエンコードされた CP
- */
-declare function signCp(cp: CoreProfile, privateKey: Jwk, options: {
-    alg?: string;
-    issuedAt: Date;
-    expiredAt: Date;
-}): Promise<string>;
-
-export { FetchFailed, IntegrityCalculationError, createDigestSri, createIntegrity, fetchAndSetDigestSri, fetchAndSetTargetIntegrity, fetchExternalResource, fetchHtmlContent, fetchTextContent, fetchVisibleTextContent, selectByCss, selectByIntegrity, signCa, signCp };
-export type { ContentFetcher, DigestSriContent, DigestSriResult, DigestSriSource, DocumentProvider, ElementSelector };