npm - @originator-profile/verify - Versions diffs - 0.5.3 → 0.6.0-beta.1 - Mend

@originator-profile/verify 0.5.3 → 0.6.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/{index.d.mts → index.d.ts} +3 -2
package/dist/{index.mjs → index.js} +85 -27
package/package.json +24 -30
package/dist/index-D-j8gXz_.cjs +0 -772
package/dist/index.cjs +0 -1245
package/dist/index.d.cts +0 -471
/package/dist/{index-CQxI_8IG.mjs → index-CQxI_8IG.js} +0 -0

package/dist/index.d.cts DELETED Viewed

@@ -1,471 +0,0 @@
-import { ContentAttestation, Image, Target, ContentAttestationSet, OpVc, Jwk, ArticleCA, Certificate as Certificate$1, CoreProfile, WebMediaProfile, WebsiteProfile, JapaneseExistenceCertificate, OriginatorProfileSet, Jwks, SiteProfile, AllowedOrigin } from '@originator-profile/model';
-import { JwtVcDecodingResult, UnverifiedJwtVc, JwtVcVerificationResult, VerifiedJwtVc, VcValidator } from '@originator-profile/securing-mechanism';
-import { Keys } from '@originator-profile/cryptography';
-import { DigestSriResult, ContentFetcher, ElementSelector } from '@originator-profile/sign';
-/** Content Attestation 復号失敗 */
-type CaDecodingFailure = JwtVcDecodingResult<ContentAttestation>;
-/** 復号済み Content Attestation */
-type DecodedCa = UnverifiedJwtVc<ContentAttestation>;
-/** Content Attestation 復号結果 */
-type CaDecodingResult = DecodedCa | CaInvalid;
-/** Content Attestation 検証失敗 */
-type CaVerificationFailure = JwtVcVerificationResult<ContentAttestation>;
-/** 検証済み Content Attestation */
-type VerifiedCa<T extends ContentAttestation = ContentAttestation> = VerifiedJwtVc<T>;
-/** Content Attestation 検証結果 */
-type CaVerificationResult<T extends ContentAttestation = ContentAttestation> = VerifiedCa<T> | CaInvalid | CaVerifyFailed;
-/**
- * Content Attestation 無効
- *
- * Content Attestation が無効な形式です。詳細は result プロパティに格納される CaInvalid クラスインスタンスのメッセージを確認してください。
- */
-declare class CaInvalid extends Error {
-    result: CaDecodingFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: CaDecodingFailure);
-}
-/**
- * Content Attestation 検証失敗
- *
- * Content Attestation の検証に失敗しました。詳細は result プロパティに格納される CaVerifyFailed クラスインスタンスのメッセージを確認してください。
- **/
-declare class CaVerifyFailed extends Error {
-    result: CaVerificationFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: CaVerificationFailure);
-}
-/**
- * `digestSRI` の検証
- * @see {@link https://www.w3.org/TR/SRI/#the-integrity-attribute}
- * @example
- * ```ts
- * const content = {
- *   id: "<URL>",
- *   digestSRI: "sha256-...",
- * };
- *
- * await verifyDigestSri(content); // true or false
- * ```
- */
-declare function verifyDigestSri(content: DigestSriResult, fetcher?: typeof fetch): Promise<boolean>;
-/**
- * Image の digestSRI を検証する。
- * 後方互換性の観点で、2027年までは検証失敗時に console.warn のみで処理を中断しない。
- */
-declare function verifyImageDigestSri(value: Image | undefined, fetcher?: typeof fetch): Promise<void>;
-declare class IntegrityFetchFailed extends Error {
-    static get code(): "ERR_INTEGRITY_FETCH_FAILED";
-    readonly code: "ERR_INTEGRITY_FETCH_FAILED";
-    readonly ok = false;
-    /** 取得結果 */
-    result?: Error;
-    constructor(message: string, result: IntegrityFetchFailed["result"]);
-}
-declare class IntegrityVerificationFailed extends Error {
-    static get code(): "ERR_INTEGRITY_VERIFICATION_FAILED";
-    readonly code: "ERR_INTEGRITY_VERIFICATION_FAILED";
-    readonly ok = false;
-    /** 取得結果 */
-    result?: unknown;
-    constructor(message: string, result: IntegrityVerificationFailed["result"]);
-}
-type IntegrityVerifyResult = {
-    valid: boolean;
-    failedIntegrities: ReadonlyArray<string>;
-};
-type FetchIntegrityResult = IntegrityVerifyResult | IntegrityFetchFailed | IntegrityVerificationFailed;
-/** Target Integrity のコンテンツ取得・要素位置特定アルゴリズム */
-declare const TargetIntegrityAlgorithm: {
-    HtmlTargetIntegrity: {
-        contentFetcher: ContentFetcher;
-        elementSelector: ElementSelector;
-    };
-    TextTargetIntegrity: {
-        contentFetcher: ContentFetcher;
-        elementSelector: ElementSelector;
-    };
-    VisibleTextTargetIntegrity: {
-        contentFetcher: ContentFetcher;
-        elementSelector: ElementSelector;
-    };
-    ExternalResourceTargetIntegrity: {
-        contentFetcher: ContentFetcher;
-        elementSelector: ElementSelector;
-    };
-};
-/**
- * Target Integrity の検証
- * @see {@link https://docs.originator-profile.org/opb/content-integrity-descriptor/}
- * @example
- * ```ts
- * const content = {
- *   type: "HtmlTargetIntegrity", // or ***TargetIntegrity
- *   cssSelector: "<CSS セレクター>",
- *   integrity: "sha256-...",
- * };
- *
- * await verifyIntegrity(content); // true or false
- * ```
- */
-declare function verifyIntegrity(content: Target, doc?: Document, fetcher?: typeof fetch): Promise<FetchIntegrityResult>;
-type VerifyIntegrity = typeof verifyIntegrity;
-/**
- * Content Attestation 検証機の作成
- * @param ca Content Attestation
- * @param keys Content Attestation の発行者の検証鍵
- * @param issuer Content Attestation の発行者
- * @param url 検証対象のURL
- * @param verifyIntegrity Target Integrity の検証器
- * @param validator バリデーター
- * @returns 検証機
- */
-declare function CaVerifier<T extends ContentAttestation>(ca: string, keys: Keys, issuer: string, url: URL, verifyIntegrity?: VerifyIntegrity, validator?: VcValidator<VerifiedCa<T>>): () => Promise<CaVerificationResult<T>>;
-/** COntent Attestation Set 要素 */
-type CasItem<Ca> = {
-    main: boolean;
-    attestation: Ca;
-};
-/** 検証済み Content Attestation Set */
-type VerifiedCas<Ca extends ContentAttestation = ContentAttestation> = Array<CasItem<VerifiedCa<Ca>>>;
-/** Content Attestation Set 検証失敗 */
-type CasVerificationFailure = Exclude<CasItem<CaVerificationResult>, CaVerificationResult>[];
-/** Content Attestation Set 検証結果 */
-type CasVerificationResult<T extends ContentAttestation = ContentAttestation> = VerifiedCas<T> | CasVerifyFailed;
-/**
- * Content Attestation Set 検証失敗
- *
- * Content Attestation Set の検証に失敗しました。詳細は result プロパティに格納される CaVerifyFailed クラスインスタンスのメッセージを確認してください。
- **/
-declare class CasVerifyFailed extends Error {
-    result: CasVerificationFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: CasVerificationFailure);
-}
-/**
- * Content Attestation Set 要素の正規化
- *
- * @example
- * ```ts
- * const cas = ["eyJ...", { main: true, attestation: "eyJ..." }];
- * const normalized = normalizeCasItem(cas);
- * normalized; // [{ main: false, attestation: "eyJ..." }, { main: true, attestation: "eyJ..." }]
- * ```
- * */
-declare function normalizeCasItem<Ca>(ca: Ca | CasItem<Ca>): CasItem<Ca>;
-/**
- * Content Attestation Set の検証
- * @param cas Content Attestation Set
- * @param verifiedOps 検証済み Originator Profile Set
- * @param url 検証対象のURL
- * @param verifyIntegrity Target Integrity の検証器
- * @param validator バリデーター
- * @returns CAS 検証結果
- *
- * @example
- * ```ts
- * import { verifyIntegirty } from "@originator-profile/verify";
- *
- * const cas = ["eyJ...", { main: true, attestation: "eyJ..." }];
- * const verifiedOps; // VerifiedOps
- * const url = location.href;
- * const verified = await verifyCas(cas, verifiedOps, url, verifyIntegrity);
- * if (verified instanceof Error) {
- *   verified; // CasVerifyFailed
- *   process.exit(1);
- * }
- * verified; // VerifiedCas
- * ```
- */
-declare function verifyCas<T extends ContentAttestation = ContentAttestation>(cas: ContentAttestationSet, verifiedOps: VerifiedOps, url: string, verifyIntegrity: VerifyIntegrity, validator?: typeof VcValidator): Promise<CasVerificationResult<T>>;
-// Definitions by: Eddie Atkinson <https://github.com/eddie-atkinson>
-type Operation = "add" | "replace" | "remove" | "move";
-type DiffOps = Array<{
-  op: Operation;
-  path: Array<string | number>;
-  value?: any;
-}>;
-type PathConverter = (path: string) => string[];
-declare function diffApply<T extends object>(
-  obj: T,
-  diff: DiffOps,
-  pathConverter?: PathConverter
-): T;
-/**
- * JSON Patch を適用する関数
- *
- * @link https://jsonpatch.com/
- */
-declare const patch: <T extends object>(...args: Parameters<typeof diffApply<T>>) => T;
-/**
- * VerifyResult ファクトリー
- *
- * @link https://reference.originator-profile.org/ts/types/_originator-profile_securing-mechanism.UnverifiedJwtVc
- * @link https://reference.originator-profile.org/ts/types/_originator-profile_securing-mechanism.VerifiedJwtVc
- */
-declare const VerifyResultFactory: (issuedAt: Date, expiredAt: Date) => {
-    create: (vc: OpVc, jwt: string, verificationKey?: Jwk, validated?: boolean) => UnverifiedJwtVc<OpVc> | VerifiedJwtVc<OpVc>;
-};
-/** OP ID Constants */
-declare const opId: {
-    /** CP 発行者 */
-    authority: "dns:cp-issuer.example.org";
-    /** PA 発行者 */
-    certifier: "dns:pa-issuer.example.org";
-    /** CA 発行者 */
-    originator: "dns:originator.example.org";
-    /** 無効な第三者 */
-    invalid: "dns:invalid.example.org";
-};
-/** Core Profile */
-declare const cp: CoreProfile;
-/** Certificate  */
-declare const certificate: Certificate$1;
-/** Web Media Profile */
-declare const wmp: WebMediaProfile;
-/** Website Profile */
-declare const wsp: WebsiteProfile;
-/** CA ID */
-declare const caId = "urn:uuid:78550fa7-f846-4e0f-ad5c-8d34461cb95b";
-/** CA URL */
-declare const caUrl: URL;
-/** Article CA */
-declare const article: ArticleCA;
-/**
- * Originator Profile Set 無効
- *
- * Originator Profile Set が無効な形式です。詳細は result プロパティに格納される OpInvalid クラスインスタンスのメッセージを確認してください。
- */
-declare class OpsInvalid extends Error {
-    result: OpsDecodingFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: OpsDecodingFailure);
-}
-/**
- * Originator Profile 無効
- *
- * Originator Profile が無効な形式です。次の原因で使用されます。
- *
- *  - Core Profile の復号に失敗した
- *  - Profile Annotation の復号に失敗した
- *  - Web Media Profile の復号に失敗した
- *  - Core Profile と Profile Annotation の `credentialSubject.id` が不一致
- *  - Core Profile と Web Media Profile の `credentialSubject.id` が不一致
- */
-declare class OpInvalid extends Error {
-    result: OpDecodingFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: OpDecodingFailure);
-}
-/**
- * Core Profile 未発見
- *
- * Core Profile が見つかりませんでした。次の原因で使用されます。
- *
- * - Core Profile が Originator Profile Set に含まれていない
- * - Core Profile の検証結果が見つからなかった
- */
-declare class CoreProfileNotFound<T extends OpVc> extends Error {
-    result: UnverifiedJwtVc<T>;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: UnverifiedJwtVc<T>);
-}
-/**
- * Originator Profile Set 検証失敗
- *
- * Originator Profile Set の検証に失敗しました。詳細は result プロパティに格納される OpVerifyFailed クラスインスタンスのメッセージを確認してください。
- **/
-declare class OpsVerifyFailed extends Error {
-    result: OpsVerificationFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: OpsVerificationFailure);
-}
-/**
- * Originator Profile 検証失敗
- *
- * Originator Profile の検証に失敗しました。次の原因で使用されます。
- *
- * - Core Profile の検証に失敗した
- * - Profile Annotation の検証に失敗した
- * - Web Media Profile の検証に失敗した
- *
- * ここでの検証の失敗とは、次の原因を含みます。
- *
- * - 復号に失敗した
- * - Core Profile の検証結果が見つからなかった
- * - Profile Annotation 発行者の Core Profile が見つからなかった
- * - Web Media Profile 発行者の Core Profile が見つからなかった
- * - 署名の検証に失敗した
- **/
-declare class OpVerifyFailed extends Error {
-    result: OpVerificationFailure;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: OpVerificationFailure);
-}
-/**
- * 証明書の有効期限エラー
- *
- * 証明書の有効期限チェックに失敗しました。次の原因で使用されます。
- *
- * - 証明書の有効期限が開始していない (validFrom より前)
- * - 証明書の有効期限が切れている (validUntil より後)
- *
- * なお、validFrom と validUntil はオプショナルフィールドのため、
- * 片方のみが指定されている場合もあります。
- **/
-declare class CertificateExpired<T extends OpVc> extends Error {
-    result: VerifiedJwtVc<T>;
-    static get code(): string;
-    readonly code: string;
-    constructor(message: string, result: VerifiedJwtVc<T>);
-}
-type Certificate = Certificate$1 | JapaneseExistenceCertificate;
-/** Originator Profile 復号失敗 */
-type OpDecodingFailure = {
-    core: JwtVcDecodingResult<CoreProfile>;
-    annotations?: JwtVcDecodingResult<Certificate>[];
-    media?: JwtVcDecodingResult<WebMediaProfile>[];
-};
-/** 復号済み Originator Profile */
-type DecodedOp = {
-    core: UnverifiedJwtVc<CoreProfile>;
-    annotations?: UnverifiedJwtVc<Certificate>[];
-    media?: UnverifiedJwtVc<WebMediaProfile>[];
-};
-/** Originator Profile 復号結果 */
-type OpDecodingResult = DecodedOp | OpInvalid;
-/** Originator Profile Set 復号失敗 */
-type OpsDecodingFailure = OpDecodingResult[];
-/** 復号済み Originator Profile Set */
-type DecodedOps = DecodedOp[];
-/** Originator Profile Set 復号結果 */
-type OpsDecodingResult = DecodedOps | OpsInvalid;
-/** Originator Profile 検証失敗 */
-type OpVerificationFailure = {
-    core: JwtVcVerificationResult<CoreProfile> | CoreProfileNotFound<CoreProfile>;
-    annotations?: (JwtVcVerificationResult<Certificate> | CoreProfileNotFound<Certificate>)[];
-    media?: (JwtVcVerificationResult<WebMediaProfile> | CoreProfileNotFound<WebMediaProfile>)[];
-};
-/** 検証済み Originator Profile */
-type VerifiedOp = {
-    core: VerifiedJwtVc<CoreProfile>;
-    annotations?: VerifiedJwtVc<Certificate>[];
-    media?: VerifiedJwtVc<WebMediaProfile>[];
-};
-/** Originator Profile 検証結果 */
-type OpVerificationResult = VerifiedOp | OpVerifyFailed;
-/** Originator Profile Set 検証失敗 */
-type OpsVerificationFailure = OpVerificationResult[];
-/** 検証済み Originator Profile Set */
-type VerifiedOps = VerifiedOp[];
-/** Originator Profile Set 検証結果 */
-type OpsVerificationResult = VerifiedOps | OpsInvalid | OpsVerifyFailed;
-/**
- * Originator Profile Set の復号
- * @param ops Originator Profile Set
- * @returns 復号結果
- */
-declare function decodeOps(ops: OriginatorProfileSet): OpsDecodingResult;
-/**
- * Originator Profile Set の検証者の作成
- * @param ops Originator Profile Set
- * @param keys Core Profile の発行者の検証鍵
- * @param issuer Core Profile の発行者
- * @param validator バリデーター
- * @returns 検証者
- */
-declare function OpsVerifier(ops: OriginatorProfileSet, keys: Keys, issuer: string | string[], validator?: typeof VcValidator): () => Promise<OpsVerificationResult>;
-type OpId = string;
-/**
- * OPS から鍵を取得する
- * @returns OP ID, JWKS の連想配列
- */
-declare function getMappedKeys(ops: DecodedOps): Record<OpId, Jwks>;
-type MappedKeys = ReturnType<typeof getMappedKeys>;
-/**
- * OPS から鍵を取得する
- * @returns OP ID, Keys のタプル
- * @remarks
- *
- * この実装は複数のissuerと鍵束を一つの組にするので、
- * 事前にissuerが特定できる場合にはgetMappedKeys()を優先して使用すべきです
- *
- * @see https://github.com/originator-profile/originator-profile/issues/90
- */
-declare function getTupledKeys(ops: DecodedOps): [opId: OpId | OpId[], Keys];
-type TupledKeys = ReturnType<typeof getTupledKeys>;
-declare class SiteProfileInvalid extends Error {
-    result: SpVerificationFailure;
-    static get code(): "ERR_SITE_PROFILE_INVALID";
-    readonly code: "ERR_SITE_PROFILE_INVALID";
-    constructor(message: string, result: SpVerificationFailure);
-}
-declare class SiteProfileVerifyFailed extends Error {
-    result: SpVerificationFailure;
-    static get code(): "ERR_SITE_PROFILE_VERIFY_FAILED";
-    readonly code: "ERR_SITE_PROFILE_VERIFY_FAILED";
-    constructor(message: string, result: SpVerificationFailure);
-}
-/** Site Profile 検証失敗 */
-type SpVerificationFailure = {
-    originators: OpsVerificationResult;
-    sites: (JwtVcVerificationResult<WebsiteProfile> | JwtVcDecodingResult<WebsiteProfile> | CoreProfileNotFound<WebsiteProfile>)[];
-};
-type VerifiedSp = {
-    originators: VerifiedOps;
-    sites: VerifiedJwtVc<WebsiteProfile>[];
-};
-type SpVerificationResult = VerifiedSp | SiteProfileInvalid | SiteProfileVerifyFailed;
-/**
- * Site Profile の検証者の作成
- * @param sp Site Profile
- * @param keys Core Profile の発行者の検証鍵
- * @param issuer Core Profile の発行者
- * @param origin 提示するWebサイトを識別するための RFC 6454 オリジン
- * @param verifyOrigin WSPが提示されたWebサイトのorigin引数との一致性検証の可否 (デフォルト: 有効)
- * @param validator バリデーター
- * @returns 検証者
- */
-declare function SpVerifier(sp: SiteProfile, keys: Keys, issuer: string | string[], origin: URL["origin"], verifyOrigin?: boolean, validator?: typeof VcValidator): () => Promise<SpVerificationResult>;
-/**
- * URLオリジンが対象のオリジンの中に含まれているのか検証する
- * @param origin 対象とするオリジン
- * @param allowedOrigins 情報の対象となるオリジン
- * @returns 検証結果: allowedOriginsの中にoriginが含まれていればtrue, それ以外ならfalse
- */
-declare function verifyAllowedOrigin(origin: URL["origin"], allowedOrigins: AllowedOrigin): boolean;
-export { CaInvalid, CaVerifier, CaVerifyFailed, CasVerifyFailed, CertificateExpired, CoreProfileNotFound, IntegrityFetchFailed, IntegrityVerificationFailed, OpInvalid, OpVerifyFailed, OpsInvalid, OpsVerifier, OpsVerifyFailed, SiteProfileInvalid, SiteProfileVerifyFailed, SpVerifier, TargetIntegrityAlgorithm, VerifyResultFactory, article, caId, caUrl, certificate, cp, decodeOps, getMappedKeys, getTupledKeys, normalizeCasItem, opId, patch, verifyAllowedOrigin, verifyCas, verifyDigestSri, verifyImageDigestSri, verifyIntegrity, wmp, wsp };
-export type { CaDecodingFailure, CaDecodingResult, CaVerificationFailure, CaVerificationResult, CasItem, CasVerificationFailure, CasVerificationResult, Certificate, DecodedCa, DecodedOp, DecodedOps, FetchIntegrityResult, IntegrityVerifyResult, MappedKeys, OpDecodingFailure, OpDecodingResult, OpVerificationFailure, OpVerificationResult, OpsDecodingFailure, OpsDecodingResult, OpsVerificationFailure, OpsVerificationResult, SpVerificationFailure, SpVerificationResult, TupledKeys, VerifiedCa, VerifiedCas, VerifiedOp, VerifiedOps, VerifiedSp, VerifyIntegrity };

/package/dist/{index-CQxI_8IG.mjs → index-CQxI_8IG.js} RENAMED Viewed

File without changes