@originator-profile/verify 0.4.0 → 0.5.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs +298 -254
  2. package/dist/index.d.cts +53 -135
  3. package/dist/index.d.mts +53 -135
  4. package/dist/index.mjs +297 -247
  5. package/package.json +9 -10
package/dist/index.d.cts CHANGED
@@ -1,10 +1,7 @@
1
+ import { ContentAttestation, Image, Target, ContentAttestationSet, OpVc, Jwk, CoreProfile, Certificate as Certificate$1, WebMediaProfile, WebsiteProfile, ArticleCA, JapaneseExistenceCertificate, OriginatorProfileSet, Jwks, SiteProfile, AllowedOrigin } from '@originator-profile/model';
1
2
  import { JwtVcDecodingResult, JwtVcVerificationResult, UnverifiedJwtVc, VerifiedJwtVc, VcValidator } from '@originator-profile/securing-mechanism';
2
- import { ContentAttestation, Target, ContentAttestationSet, JwtOpPayload, JwtDpPayload, Op, Dp, OpVc, Jwk, CoreProfile, Certificate as Certificate$1, WebMediaProfile, WebsiteProfile, ArticleCA, JapaneseExistenceCertificate, OriginatorProfileSet, Jwks, SiteProfile, CertificationSystem, AllowedOrigin } from '@originator-profile/model';
3
3
  import { Keys } from '@originator-profile/cryptography';
4
- import { DigestSriContent, ContentFetcher, ElementSelector } from '@originator-profile/sign';
5
- import { ErrorObject } from 'ajv';
6
- import { JWTVerifyResult, ResolvedKey, JWTPayload } from 'jose';
7
- import { JOSEError } from 'jose/errors';
4
+ import { DigestSriResult, ContentFetcher, ElementSelector } from '@originator-profile/sign';
8
5
 
9
6
  /** Content Attestation 復号失敗 */
10
7
  type CaDecodingFailure = JwtVcDecodingResult<ContentAttestation>;
@@ -47,7 +44,7 @@ declare class CaVerifyFailed extends Error {
47
44
  * @see {@link https://www.w3.org/TR/SRI/#the-integrity-attribute}
48
45
  * @example
49
46
  * ```ts
50
- * const content: DigestSriContent = {
47
+ * const content = {
51
48
  * id: "<URL>",
52
49
  * digestSRI: "sha256-...",
53
50
  * };
@@ -55,12 +52,36 @@ declare class CaVerifyFailed extends Error {
55
52
  * await verifyDigestSri(content); // true or false
56
53
  * ```
57
54
  */
58
- declare function verifyDigestSri(content: DigestSriContent, fetcher?: typeof fetch): Promise<boolean>;
55
+ declare function verifyDigestSri(content: DigestSriResult, fetcher?: typeof fetch): Promise<boolean>;
56
+ /**
57
+ * Image の digestSRI を検証する。
58
+ * 後方互換性の観点で、2027年までは検証失敗時に console.warn のみで処理を中断しない。
59
+ */
60
+ declare function verifyImageDigestSri(value: Image | undefined, fetcher?: typeof fetch): Promise<void>;
61
+
62
+ declare class IntegrityFetchFailed extends Error {
63
+ static get code(): "ERR_INTEGRITY_FETCH_FAILED";
64
+ readonly code: "ERR_INTEGRITY_FETCH_FAILED";
65
+ readonly ok = false;
66
+ /** 取得結果 */
67
+ result?: Error;
68
+ constructor(message: string, result: IntegrityFetchFailed["result"]);
69
+ }
70
+ declare class IntegrityVerificationFailed extends Error {
71
+ static get code(): "ERR_INTEGRITY_VERIFICATION_FAILED";
72
+ readonly code: "ERR_INTEGRITY_VERIFICATION_FAILED";
73
+ readonly ok = false;
74
+ /** 取得結果 */
75
+ result?: unknown;
76
+ constructor(message: string, result: IntegrityVerificationFailed["result"]);
77
+ }
59
78
 
60
79
  type IntegrityVerifyResult = {
61
80
  valid: boolean;
62
81
  failedIntegrities: ReadonlyArray<string>;
63
82
  };
83
+ type FetchIntegrityResult = IntegrityVerifyResult | IntegrityFetchFailed | IntegrityVerificationFailed;
84
+
64
85
  /** Target Integrity のコンテンツ取得・要素位置特定アルゴリズム */
65
86
  declare const TargetIntegrityAlgorithm: {
66
87
  HtmlTargetIntegrity: {
@@ -94,7 +115,7 @@ declare const TargetIntegrityAlgorithm: {
94
115
  * await verifyIntegrity(content); // true or false
95
116
  * ```
96
117
  */
97
- declare function verifyIntegrity(content: Target, doc?: Document, fetcher?: typeof fetch): Promise<IntegrityVerifyResult>;
118
+ declare function verifyIntegrity(content: Target, doc?: Document, fetcher?: typeof fetch): Promise<FetchIntegrityResult>;
98
119
  type VerifyIntegrity = typeof verifyIntegrity;
99
120
 
100
121
  /**
@@ -171,116 +192,6 @@ declare function normalizeCasItem<Ca>(ca: Ca | CasItem<Ca>): CasItem<Ca>;
171
192
  */
172
193
  declare function verifyCas<T extends ContentAttestation = ContentAttestation>(cas: ContentAttestationSet, verifiedOps: VerifiedOps, url: string, verifyIntegrity: VerifyIntegrity, validator?: typeof VcValidator): Promise<CasVerificationResult<T>>;
173
194
 
174
- interface ProfilePair {
175
- op: {
176
- iss: string;
177
- sub: string;
178
- profile: string;
179
- };
180
- dp: {
181
- sub: string;
182
- profile: string;
183
- };
184
- }
185
- interface WebsiteProfilePair {
186
- "@context": string;
187
- website: ProfilePair;
188
- }
189
- interface AdProfilePair {
190
- "@context": string;
191
- ad: ProfilePair;
192
- }
193
- /** Profile の Token の復号結果 */
194
- type DecodeResult = {
195
- op: true;
196
- payload: JwtOpPayload;
197
- jwt: string;
198
- } | {
199
- dp: true;
200
- payload: JwtDpPayload;
201
- jwt: string;
202
- } | ProfileClaimsValidationFailed;
203
- /** Profile の Token の検証結果 */
204
- type VerifyTokenResult = (JWTVerifyResult & ResolvedKey & ({
205
- op: Op;
206
- jwt: string;
207
- } | {
208
- dp: Dp;
209
- jwt: string;
210
- })) | ProfileClaimsValidationFailed | ProfileTokenVerifyFailed;
211
- /** Profile Set */
212
- type Profiles = {
213
- profile: string[];
214
- ad?: ProfilePair[];
215
- };
216
- /** Profile の検証結果 */
217
- type VerifyResult = VerifyTokenResult | ProfilesResolveFailed | ProfilesVerifyFailed;
218
- /** Profile Set の検証結果 */
219
- type VerifyResults = VerifyResult[];
220
-
221
- declare class ProfileGenericError extends Error {
222
- static get code(): string;
223
- readonly code: string;
224
- }
225
- declare class ProfileClaimsValidationFailed extends ProfileGenericError {
226
- static get code(): "ERR_PROFILE_CLAIMS_VALIDATION_FAILED";
227
- readonly code: "ERR_PROFILE_CLAIMS_VALIDATION_FAILED";
228
- /** 復号結果 */
229
- result: {
230
- error?: JOSEError;
231
- errors?: ErrorObject[];
232
- payload?: JWTPayload;
233
- jwt: string;
234
- };
235
- constructor(message: string, result: ProfileClaimsValidationFailed["result"]);
236
- }
237
- declare class ProfileTokenVerifyFailed extends ProfileGenericError {
238
- static get code(): "ERR_PROFILE_TOKEN_VERIFY_FAILED";
239
- readonly code: "ERR_PROFILE_TOKEN_VERIFY_FAILED";
240
- /** 検証結果 */
241
- result: Exclude<DecodeResult, ProfileGenericError> & {
242
- error?: JOSEError;
243
- };
244
- constructor(message: string, result: ProfileTokenVerifyFailed["result"]);
245
- }
246
- declare class ProfileBodyExtractFailed extends ProfileGenericError {
247
- static get code(): "ERR_PROFILE_BODY_EXTRACT_FAILED";
248
- readonly code: "ERR_PROFILE_BODY_EXTRACT_FAILED";
249
- }
250
- declare class ProfileBodyVerifyFailed extends ProfileGenericError {
251
- static get code(): "ERR_PROFILE_BODY_VERIFY_FAILED";
252
- readonly code: "ERR_PROFILE_BODY_VERIFY_FAILED";
253
- /** 検証結果 */
254
- result: {
255
- error?: JOSEError;
256
- body: string;
257
- };
258
- constructor(message: string, result: ProfileBodyVerifyFailed["result"]);
259
- }
260
- declare class ProfilesResolveFailed extends ProfileGenericError {
261
- static get code(): "ERR_PROFILES_RESOLVE_FAILED";
262
- readonly code: "ERR_PROFILES_RESOLVE_FAILED";
263
- /** 検証結果 */
264
- result: Exclude<DecodeResult, ProfileGenericError>;
265
- constructor(message: string, result: ProfilesResolveFailed["result"]);
266
- }
267
- declare class ProfilesVerifyFailed extends ProfileGenericError {
268
- static get code(): "ERR_PROFILES_VERIFY_FAILED";
269
- readonly code: "ERR_PROFILES_VERIFY_FAILED";
270
- /** 検証結果 */
271
- result: Exclude<DecodeResult | VerifyTokenResult, ProfileGenericError>;
272
- constructor(message: string, result: ProfilesVerifyFailed["result"]);
273
- }
274
- declare class CertificationSystemValidationFailed extends ProfileGenericError {
275
- static get code(): "ERR_CERTIFICATION_SYSTEM_VALIDATION_FAILED";
276
- readonly code: "ERR_CERTIFICATION_SYSTEM_VALIDATION_FAILED";
277
- /** 検証結果 */
278
- result: {
279
- payload?: unknown;
280
- };
281
- constructor(message: string, result: CertificationSystemValidationFailed["result"]);
282
- }
283
-
284
195
  // Definitions by: Eddie Atkinson <https://github.com/eddie-atkinson>
285
196
 
286
197
  type Operation = "add" | "replace" | "remove" | "move";
@@ -415,19 +326,36 @@ declare class OpVerifyFailed extends Error {
415
326
  readonly code: string;
416
327
  constructor(message: string, result: OpVerificationFailure);
417
328
  }
329
+ /**
330
+ * 証明書の有効期限エラー
331
+ *
332
+ * 証明書の有効期限チェックに失敗しました。次の原因で使用されます。
333
+ *
334
+ * - 証明書の有効期限が開始していない (validFrom より前)
335
+ * - 証明書の有効期限が切れている (validUntil より後)
336
+ *
337
+ * なお、validFrom と validUntil はオプショナルフィールドのため、
338
+ * 片方のみが指定されている場合もあります。
339
+ **/
340
+ declare class CertificateExpired<T extends OpVc> extends Error {
341
+ result: VerifiedJwtVc<T>;
342
+ static get code(): string;
343
+ readonly code: string;
344
+ constructor(message: string, result: VerifiedJwtVc<T>);
345
+ }
418
346
 
419
347
  type Certificate = Certificate$1 | JapaneseExistenceCertificate;
420
348
  /** Originator Profile 復号失敗 */
421
349
  type OpDecodingFailure = {
422
350
  core: JwtVcDecodingResult<CoreProfile>;
423
351
  annotations?: JwtVcDecodingResult<Certificate>[];
424
- media?: JwtVcDecodingResult<WebMediaProfile>;
352
+ media?: JwtVcDecodingResult<WebMediaProfile>[];
425
353
  };
426
354
  /** 復号済み Originator Profile */
427
355
  type DecodedOp = {
428
356
  core: UnverifiedJwtVc<CoreProfile>;
429
357
  annotations?: UnverifiedJwtVc<Certificate>[];
430
- media: UnverifiedJwtVc<WebMediaProfile>;
358
+ media?: UnverifiedJwtVc<WebMediaProfile>[];
431
359
  };
432
360
  /** Originator Profile 復号結果 */
433
361
  type OpDecodingResult = DecodedOp | OpInvalid;
@@ -441,13 +369,13 @@ type OpsDecodingResult = DecodedOps | OpsInvalid;
441
369
  type OpVerificationFailure = {
442
370
  core: JwtVcVerificationResult<CoreProfile> | CoreProfileNotFound<CoreProfile>;
443
371
  annotations?: (JwtVcVerificationResult<Certificate> | CoreProfileNotFound<Certificate>)[];
444
- media?: JwtVcVerificationResult<WebMediaProfile> | CoreProfileNotFound<WebMediaProfile>;
372
+ media?: (JwtVcVerificationResult<WebMediaProfile> | CoreProfileNotFound<WebMediaProfile>)[];
445
373
  };
446
374
  /** 検証済み Originator Profile */
447
375
  type VerifiedOp = {
448
376
  core: VerifiedJwtVc<CoreProfile>;
449
377
  annotations?: VerifiedJwtVc<Certificate>[];
450
- media?: VerifiedJwtVc<WebMediaProfile>;
378
+ media?: VerifiedJwtVc<WebMediaProfile>[];
451
379
  };
452
380
  /** Originator Profile 検証結果 */
453
381
  type OpVerificationResult = VerifiedOp | OpVerifyFailed;
@@ -511,11 +439,11 @@ declare class SiteProfileVerifyFailed extends Error {
511
439
  /** Site Profile 検証失敗 */
512
440
  type SpVerificationFailure = {
513
441
  originators: OpsVerificationResult;
514
- credential?: JwtVcVerificationResult<WebsiteProfile> | JwtVcDecodingResult<WebsiteProfile> | CoreProfileNotFound<WebsiteProfile>;
442
+ sites: (JwtVcVerificationResult<WebsiteProfile> | JwtVcDecodingResult<WebsiteProfile> | CoreProfileNotFound<WebsiteProfile>)[];
515
443
  };
516
444
  type VerifiedSp = {
517
445
  originators: VerifiedOps;
518
- credential: VerifiedJwtVc<WebsiteProfile>;
446
+ sites: VerifiedJwtVc<WebsiteProfile>[];
519
447
  };
520
448
  type SpVerificationResult = VerifiedSp | SiteProfileInvalid | SiteProfileVerifyFailed;
521
449
 
@@ -531,16 +459,6 @@ type SpVerificationResult = VerifiedSp | SiteProfileInvalid | SiteProfileVerifyF
531
459
  */
532
460
  declare function SpVerifier(sp: SiteProfile, keys: Keys, issuer: string | string[], origin: URL["origin"], verifyOrigin?: boolean, validator?: typeof VcValidator): () => Promise<SpVerificationResult>;
533
461
 
534
- /** 認証制度ペイロードの確認のためのバリデーター */
535
- declare function CertificationSystemValidator(): (payload: unknown) => true | CertificationSystemValidationFailed;
536
- type CertificationSystemValidator = ReturnType<typeof CertificationSystemValidator>;
537
- /**
538
- * 認証制度の検証
539
- * @param payload ペイロード
540
- * @return 検証結果
541
- */
542
- declare function validateCertificationSystem(payload: unknown): CertificationSystem | CertificationSystemValidationFailed;
543
-
544
462
  /**
545
463
  * URLオリジンが対象のオリジンの中に含まれているのか検証する
546
464
  * @param origin 対象とするオリジン
@@ -549,4 +467,4 @@ declare function validateCertificationSystem(payload: unknown): CertificationSys
549
467
  */
550
468
  declare function verifyAllowedOrigin(origin: URL["origin"], allowedOrigins: AllowedOrigin): boolean;
551
469
 
552
- export { type AdProfilePair, type CaDecodingFailure, type CaDecodingResult, CaInvalid, type CaVerificationFailure, type CaVerificationResult, CaVerifier, CaVerifyFailed, type CasItem, type CasVerificationFailure, type CasVerificationResult, CasVerifyFailed, type Certificate, CertificationSystemValidationFailed, CertificationSystemValidator, CoreProfileNotFound, type DecodeResult, type DecodedCa, type DecodedOp, type DecodedOps, type IntegrityVerifyResult, type MappedKeys, type OpDecodingFailure, type OpDecodingResult, OpInvalid, type OpVerificationFailure, type OpVerificationResult, OpVerifyFailed, type OpsDecodingFailure, type OpsDecodingResult, OpsInvalid, type OpsVerificationFailure, type OpsVerificationResult, OpsVerifier, OpsVerifyFailed, ProfileBodyExtractFailed, ProfileBodyVerifyFailed, ProfileClaimsValidationFailed, ProfileGenericError, type ProfilePair, ProfileTokenVerifyFailed, type Profiles, ProfilesResolveFailed, ProfilesVerifyFailed, SiteProfileInvalid, SiteProfileVerifyFailed, type SpVerificationFailure, type SpVerificationResult, SpVerifier, TargetIntegrityAlgorithm, type TupledKeys, type VerifiedCa, type VerifiedCas, type VerifiedOp, type VerifiedOps, type VerifiedSp, type VerifyIntegrity, type VerifyResult, VerifyResultFactory, type VerifyResults, type VerifyTokenResult, type WebsiteProfilePair, article, caId, caUrl, certificate, cp, decodeOps, getMappedKeys, getTupledKeys, normalizeCasItem, opId, patch, validateCertificationSystem, verifyAllowedOrigin, verifyCas, verifyDigestSri, verifyIntegrity, wmp, wsp };
470
+ export { type CaDecodingFailure, type CaDecodingResult, CaInvalid, type CaVerificationFailure, type CaVerificationResult, CaVerifier, CaVerifyFailed, type CasItem, type CasVerificationFailure, type CasVerificationResult, CasVerifyFailed, type Certificate, CertificateExpired, CoreProfileNotFound, type DecodedCa, type DecodedOp, type DecodedOps, type FetchIntegrityResult, IntegrityFetchFailed, IntegrityVerificationFailed, type IntegrityVerifyResult, type MappedKeys, type OpDecodingFailure, type OpDecodingResult, OpInvalid, type OpVerificationFailure, type OpVerificationResult, OpVerifyFailed, type OpsDecodingFailure, type OpsDecodingResult, OpsInvalid, type OpsVerificationFailure, type OpsVerificationResult, OpsVerifier, OpsVerifyFailed, SiteProfileInvalid, SiteProfileVerifyFailed, type SpVerificationFailure, type SpVerificationResult, SpVerifier, TargetIntegrityAlgorithm, type TupledKeys, type VerifiedCa, type VerifiedCas, type VerifiedOp, type VerifiedOps, type VerifiedSp, type VerifyIntegrity, VerifyResultFactory, article, caId, caUrl, certificate, cp, decodeOps, getMappedKeys, getTupledKeys, normalizeCasItem, opId, patch, verifyAllowedOrigin, verifyCas, verifyDigestSri, verifyImageDigestSri, verifyIntegrity, wmp, wsp };
package/dist/index.d.mts CHANGED
@@ -1,10 +1,7 @@
1
+ import { ContentAttestation, Image, Target, ContentAttestationSet, OpVc, Jwk, CoreProfile, Certificate as Certificate$1, WebMediaProfile, WebsiteProfile, ArticleCA, JapaneseExistenceCertificate, OriginatorProfileSet, Jwks, SiteProfile, AllowedOrigin } from '@originator-profile/model';
1
2
  import { JwtVcDecodingResult, JwtVcVerificationResult, UnverifiedJwtVc, VerifiedJwtVc, VcValidator } from '@originator-profile/securing-mechanism';
2
- import { ContentAttestation, Target, ContentAttestationSet, JwtOpPayload, JwtDpPayload, Op, Dp, OpVc, Jwk, CoreProfile, Certificate as Certificate$1, WebMediaProfile, WebsiteProfile, ArticleCA, JapaneseExistenceCertificate, OriginatorProfileSet, Jwks, SiteProfile, CertificationSystem, AllowedOrigin } from '@originator-profile/model';
3
3
  import { Keys } from '@originator-profile/cryptography';
4
- import { DigestSriContent, ContentFetcher, ElementSelector } from '@originator-profile/sign';
5
- import { ErrorObject } from 'ajv';
6
- import { JWTVerifyResult, ResolvedKey, JWTPayload } from 'jose';
7
- import { JOSEError } from 'jose/errors';
4
+ import { DigestSriResult, ContentFetcher, ElementSelector } from '@originator-profile/sign';
8
5
 
9
6
  /** Content Attestation 復号失敗 */
10
7
  type CaDecodingFailure = JwtVcDecodingResult<ContentAttestation>;
@@ -47,7 +44,7 @@ declare class CaVerifyFailed extends Error {
47
44
  * @see {@link https://www.w3.org/TR/SRI/#the-integrity-attribute}
48
45
  * @example
49
46
  * ```ts
50
- * const content: DigestSriContent = {
47
+ * const content = {
51
48
  * id: "<URL>",
52
49
  * digestSRI: "sha256-...",
53
50
  * };
@@ -55,12 +52,36 @@ declare class CaVerifyFailed extends Error {
55
52
  * await verifyDigestSri(content); // true or false
56
53
  * ```
57
54
  */
58
- declare function verifyDigestSri(content: DigestSriContent, fetcher?: typeof fetch): Promise<boolean>;
55
+ declare function verifyDigestSri(content: DigestSriResult, fetcher?: typeof fetch): Promise<boolean>;
56
+ /**
57
+ * Image の digestSRI を検証する。
58
+ * 後方互換性の観点で、2027年までは検証失敗時に console.warn のみで処理を中断しない。
59
+ */
60
+ declare function verifyImageDigestSri(value: Image | undefined, fetcher?: typeof fetch): Promise<void>;
61
+
62
+ declare class IntegrityFetchFailed extends Error {
63
+ static get code(): "ERR_INTEGRITY_FETCH_FAILED";
64
+ readonly code: "ERR_INTEGRITY_FETCH_FAILED";
65
+ readonly ok = false;
66
+ /** 取得結果 */
67
+ result?: Error;
68
+ constructor(message: string, result: IntegrityFetchFailed["result"]);
69
+ }
70
+ declare class IntegrityVerificationFailed extends Error {
71
+ static get code(): "ERR_INTEGRITY_VERIFICATION_FAILED";
72
+ readonly code: "ERR_INTEGRITY_VERIFICATION_FAILED";
73
+ readonly ok = false;
74
+ /** 取得結果 */
75
+ result?: unknown;
76
+ constructor(message: string, result: IntegrityVerificationFailed["result"]);
77
+ }
59
78
 
60
79
  type IntegrityVerifyResult = {
61
80
  valid: boolean;
62
81
  failedIntegrities: ReadonlyArray<string>;
63
82
  };
83
+ type FetchIntegrityResult = IntegrityVerifyResult | IntegrityFetchFailed | IntegrityVerificationFailed;
84
+
64
85
  /** Target Integrity のコンテンツ取得・要素位置特定アルゴリズム */
65
86
  declare const TargetIntegrityAlgorithm: {
66
87
  HtmlTargetIntegrity: {
@@ -94,7 +115,7 @@ declare const TargetIntegrityAlgorithm: {
94
115
  * await verifyIntegrity(content); // true or false
95
116
  * ```
96
117
  */
97
- declare function verifyIntegrity(content: Target, doc?: Document, fetcher?: typeof fetch): Promise<IntegrityVerifyResult>;
118
+ declare function verifyIntegrity(content: Target, doc?: Document, fetcher?: typeof fetch): Promise<FetchIntegrityResult>;
98
119
  type VerifyIntegrity = typeof verifyIntegrity;
99
120
 
100
121
  /**
@@ -171,116 +192,6 @@ declare function normalizeCasItem<Ca>(ca: Ca | CasItem<Ca>): CasItem<Ca>;
171
192
  */
172
193
  declare function verifyCas<T extends ContentAttestation = ContentAttestation>(cas: ContentAttestationSet, verifiedOps: VerifiedOps, url: string, verifyIntegrity: VerifyIntegrity, validator?: typeof VcValidator): Promise<CasVerificationResult<T>>;
173
194
 
174
- interface ProfilePair {
175
- op: {
176
- iss: string;
177
- sub: string;
178
- profile: string;
179
- };
180
- dp: {
181
- sub: string;
182
- profile: string;
183
- };
184
- }
185
- interface WebsiteProfilePair {
186
- "@context": string;
187
- website: ProfilePair;
188
- }
189
- interface AdProfilePair {
190
- "@context": string;
191
- ad: ProfilePair;
192
- }
193
- /** Profile の Token の復号結果 */
194
- type DecodeResult = {
195
- op: true;
196
- payload: JwtOpPayload;
197
- jwt: string;
198
- } | {
199
- dp: true;
200
- payload: JwtDpPayload;
201
- jwt: string;
202
- } | ProfileClaimsValidationFailed;
203
- /** Profile の Token の検証結果 */
204
- type VerifyTokenResult = (JWTVerifyResult & ResolvedKey & ({
205
- op: Op;
206
- jwt: string;
207
- } | {
208
- dp: Dp;
209
- jwt: string;
210
- })) | ProfileClaimsValidationFailed | ProfileTokenVerifyFailed;
211
- /** Profile Set */
212
- type Profiles = {
213
- profile: string[];
214
- ad?: ProfilePair[];
215
- };
216
- /** Profile の検証結果 */
217
- type VerifyResult = VerifyTokenResult | ProfilesResolveFailed | ProfilesVerifyFailed;
218
- /** Profile Set の検証結果 */
219
- type VerifyResults = VerifyResult[];
220
-
221
- declare class ProfileGenericError extends Error {
222
- static get code(): string;
223
- readonly code: string;
224
- }
225
- declare class ProfileClaimsValidationFailed extends ProfileGenericError {
226
- static get code(): "ERR_PROFILE_CLAIMS_VALIDATION_FAILED";
227
- readonly code: "ERR_PROFILE_CLAIMS_VALIDATION_FAILED";
228
- /** 復号結果 */
229
- result: {
230
- error?: JOSEError;
231
- errors?: ErrorObject[];
232
- payload?: JWTPayload;
233
- jwt: string;
234
- };
235
- constructor(message: string, result: ProfileClaimsValidationFailed["result"]);
236
- }
237
- declare class ProfileTokenVerifyFailed extends ProfileGenericError {
238
- static get code(): "ERR_PROFILE_TOKEN_VERIFY_FAILED";
239
- readonly code: "ERR_PROFILE_TOKEN_VERIFY_FAILED";
240
- /** 検証結果 */
241
- result: Exclude<DecodeResult, ProfileGenericError> & {
242
- error?: JOSEError;
243
- };
244
- constructor(message: string, result: ProfileTokenVerifyFailed["result"]);
245
- }
246
- declare class ProfileBodyExtractFailed extends ProfileGenericError {
247
- static get code(): "ERR_PROFILE_BODY_EXTRACT_FAILED";
248
- readonly code: "ERR_PROFILE_BODY_EXTRACT_FAILED";
249
- }
250
- declare class ProfileBodyVerifyFailed extends ProfileGenericError {
251
- static get code(): "ERR_PROFILE_BODY_VERIFY_FAILED";
252
- readonly code: "ERR_PROFILE_BODY_VERIFY_FAILED";
253
- /** 検証結果 */
254
- result: {
255
- error?: JOSEError;
256
- body: string;
257
- };
258
- constructor(message: string, result: ProfileBodyVerifyFailed["result"]);
259
- }
260
- declare class ProfilesResolveFailed extends ProfileGenericError {
261
- static get code(): "ERR_PROFILES_RESOLVE_FAILED";
262
- readonly code: "ERR_PROFILES_RESOLVE_FAILED";
263
- /** 検証結果 */
264
- result: Exclude<DecodeResult, ProfileGenericError>;
265
- constructor(message: string, result: ProfilesResolveFailed["result"]);
266
- }
267
- declare class ProfilesVerifyFailed extends ProfileGenericError {
268
- static get code(): "ERR_PROFILES_VERIFY_FAILED";
269
- readonly code: "ERR_PROFILES_VERIFY_FAILED";
270
- /** 検証結果 */
271
- result: Exclude<DecodeResult | VerifyTokenResult, ProfileGenericError>;
272
- constructor(message: string, result: ProfilesVerifyFailed["result"]);
273
- }
274
- declare class CertificationSystemValidationFailed extends ProfileGenericError {
275
- static get code(): "ERR_CERTIFICATION_SYSTEM_VALIDATION_FAILED";
276
- readonly code: "ERR_CERTIFICATION_SYSTEM_VALIDATION_FAILED";
277
- /** 検証結果 */
278
- result: {
279
- payload?: unknown;
280
- };
281
- constructor(message: string, result: CertificationSystemValidationFailed["result"]);
282
- }
283
-
284
195
  // Definitions by: Eddie Atkinson <https://github.com/eddie-atkinson>
285
196
 
286
197
  type Operation = "add" | "replace" | "remove" | "move";
@@ -415,19 +326,36 @@ declare class OpVerifyFailed extends Error {
415
326
  readonly code: string;
416
327
  constructor(message: string, result: OpVerificationFailure);
417
328
  }
329
+ /**
330
+ * 証明書の有効期限エラー
331
+ *
332
+ * 証明書の有効期限チェックに失敗しました。次の原因で使用されます。
333
+ *
334
+ * - 証明書の有効期限が開始していない (validFrom より前)
335
+ * - 証明書の有効期限が切れている (validUntil より後)
336
+ *
337
+ * なお、validFrom と validUntil はオプショナルフィールドのため、
338
+ * 片方のみが指定されている場合もあります。
339
+ **/
340
+ declare class CertificateExpired<T extends OpVc> extends Error {
341
+ result: VerifiedJwtVc<T>;
342
+ static get code(): string;
343
+ readonly code: string;
344
+ constructor(message: string, result: VerifiedJwtVc<T>);
345
+ }
418
346
 
419
347
  type Certificate = Certificate$1 | JapaneseExistenceCertificate;
420
348
  /** Originator Profile 復号失敗 */
421
349
  type OpDecodingFailure = {
422
350
  core: JwtVcDecodingResult<CoreProfile>;
423
351
  annotations?: JwtVcDecodingResult<Certificate>[];
424
- media?: JwtVcDecodingResult<WebMediaProfile>;
352
+ media?: JwtVcDecodingResult<WebMediaProfile>[];
425
353
  };
426
354
  /** 復号済み Originator Profile */
427
355
  type DecodedOp = {
428
356
  core: UnverifiedJwtVc<CoreProfile>;
429
357
  annotations?: UnverifiedJwtVc<Certificate>[];
430
- media: UnverifiedJwtVc<WebMediaProfile>;
358
+ media?: UnverifiedJwtVc<WebMediaProfile>[];
431
359
  };
432
360
  /** Originator Profile 復号結果 */
433
361
  type OpDecodingResult = DecodedOp | OpInvalid;
@@ -441,13 +369,13 @@ type OpsDecodingResult = DecodedOps | OpsInvalid;
441
369
  type OpVerificationFailure = {
442
370
  core: JwtVcVerificationResult<CoreProfile> | CoreProfileNotFound<CoreProfile>;
443
371
  annotations?: (JwtVcVerificationResult<Certificate> | CoreProfileNotFound<Certificate>)[];
444
- media?: JwtVcVerificationResult<WebMediaProfile> | CoreProfileNotFound<WebMediaProfile>;
372
+ media?: (JwtVcVerificationResult<WebMediaProfile> | CoreProfileNotFound<WebMediaProfile>)[];
445
373
  };
446
374
  /** 検証済み Originator Profile */
447
375
  type VerifiedOp = {
448
376
  core: VerifiedJwtVc<CoreProfile>;
449
377
  annotations?: VerifiedJwtVc<Certificate>[];
450
- media?: VerifiedJwtVc<WebMediaProfile>;
378
+ media?: VerifiedJwtVc<WebMediaProfile>[];
451
379
  };
452
380
  /** Originator Profile 検証結果 */
453
381
  type OpVerificationResult = VerifiedOp | OpVerifyFailed;
@@ -511,11 +439,11 @@ declare class SiteProfileVerifyFailed extends Error {
511
439
  /** Site Profile 検証失敗 */
512
440
  type SpVerificationFailure = {
513
441
  originators: OpsVerificationResult;
514
- credential?: JwtVcVerificationResult<WebsiteProfile> | JwtVcDecodingResult<WebsiteProfile> | CoreProfileNotFound<WebsiteProfile>;
442
+ sites: (JwtVcVerificationResult<WebsiteProfile> | JwtVcDecodingResult<WebsiteProfile> | CoreProfileNotFound<WebsiteProfile>)[];
515
443
  };
516
444
  type VerifiedSp = {
517
445
  originators: VerifiedOps;
518
- credential: VerifiedJwtVc<WebsiteProfile>;
446
+ sites: VerifiedJwtVc<WebsiteProfile>[];
519
447
  };
520
448
  type SpVerificationResult = VerifiedSp | SiteProfileInvalid | SiteProfileVerifyFailed;
521
449
 
@@ -531,16 +459,6 @@ type SpVerificationResult = VerifiedSp | SiteProfileInvalid | SiteProfileVerifyF
531
459
  */
532
460
  declare function SpVerifier(sp: SiteProfile, keys: Keys, issuer: string | string[], origin: URL["origin"], verifyOrigin?: boolean, validator?: typeof VcValidator): () => Promise<SpVerificationResult>;
533
461
 
534
- /** 認証制度ペイロードの確認のためのバリデーター */
535
- declare function CertificationSystemValidator(): (payload: unknown) => true | CertificationSystemValidationFailed;
536
- type CertificationSystemValidator = ReturnType<typeof CertificationSystemValidator>;
537
- /**
538
- * 認証制度の検証
539
- * @param payload ペイロード
540
- * @return 検証結果
541
- */
542
- declare function validateCertificationSystem(payload: unknown): CertificationSystem | CertificationSystemValidationFailed;
543
-
544
462
  /**
545
463
  * URLオリジンが対象のオリジンの中に含まれているのか検証する
546
464
  * @param origin 対象とするオリジン
@@ -549,4 +467,4 @@ declare function validateCertificationSystem(payload: unknown): CertificationSys
549
467
  */
550
468
  declare function verifyAllowedOrigin(origin: URL["origin"], allowedOrigins: AllowedOrigin): boolean;
551
469
 
552
- export { type AdProfilePair, type CaDecodingFailure, type CaDecodingResult, CaInvalid, type CaVerificationFailure, type CaVerificationResult, CaVerifier, CaVerifyFailed, type CasItem, type CasVerificationFailure, type CasVerificationResult, CasVerifyFailed, type Certificate, CertificationSystemValidationFailed, CertificationSystemValidator, CoreProfileNotFound, type DecodeResult, type DecodedCa, type DecodedOp, type DecodedOps, type IntegrityVerifyResult, type MappedKeys, type OpDecodingFailure, type OpDecodingResult, OpInvalid, type OpVerificationFailure, type OpVerificationResult, OpVerifyFailed, type OpsDecodingFailure, type OpsDecodingResult, OpsInvalid, type OpsVerificationFailure, type OpsVerificationResult, OpsVerifier, OpsVerifyFailed, ProfileBodyExtractFailed, ProfileBodyVerifyFailed, ProfileClaimsValidationFailed, ProfileGenericError, type ProfilePair, ProfileTokenVerifyFailed, type Profiles, ProfilesResolveFailed, ProfilesVerifyFailed, SiteProfileInvalid, SiteProfileVerifyFailed, type SpVerificationFailure, type SpVerificationResult, SpVerifier, TargetIntegrityAlgorithm, type TupledKeys, type VerifiedCa, type VerifiedCas, type VerifiedOp, type VerifiedOps, type VerifiedSp, type VerifyIntegrity, type VerifyResult, VerifyResultFactory, type VerifyResults, type VerifyTokenResult, type WebsiteProfilePair, article, caId, caUrl, certificate, cp, decodeOps, getMappedKeys, getTupledKeys, normalizeCasItem, opId, patch, validateCertificationSystem, verifyAllowedOrigin, verifyCas, verifyDigestSri, verifyIntegrity, wmp, wsp };
470
+ export { type CaDecodingFailure, type CaDecodingResult, CaInvalid, type CaVerificationFailure, type CaVerificationResult, CaVerifier, CaVerifyFailed, type CasItem, type CasVerificationFailure, type CasVerificationResult, CasVerifyFailed, type Certificate, CertificateExpired, CoreProfileNotFound, type DecodedCa, type DecodedOp, type DecodedOps, type FetchIntegrityResult, IntegrityFetchFailed, IntegrityVerificationFailed, type IntegrityVerifyResult, type MappedKeys, type OpDecodingFailure, type OpDecodingResult, OpInvalid, type OpVerificationFailure, type OpVerificationResult, OpVerifyFailed, type OpsDecodingFailure, type OpsDecodingResult, OpsInvalid, type OpsVerificationFailure, type OpsVerificationResult, OpsVerifier, OpsVerifyFailed, SiteProfileInvalid, SiteProfileVerifyFailed, type SpVerificationFailure, type SpVerificationResult, SpVerifier, TargetIntegrityAlgorithm, type TupledKeys, type VerifiedCa, type VerifiedCas, type VerifiedOp, type VerifiedOps, type VerifiedSp, type VerifyIntegrity, VerifyResultFactory, article, caId, caUrl, certificate, cp, decodeOps, getMappedKeys, getTupledKeys, normalizeCasItem, opId, patch, verifyAllowedOrigin, verifyCas, verifyDigestSri, verifyImageDigestSri, verifyIntegrity, wmp, wsp };