@peac/adapter-did 0.12.6

package/dist/extract-key.js

@@ -0,0 +1,131 @@
+"use strict";
+/**
+ * Verification key extraction from DID Documents.
+ *
+ * Implements DD-202 (DID Verification Method Selection Policy):
+ * 1. Prefer methods referenced in authentication/assertionMethod
+ * 2. If multiple eligible Ed25519 methods remain, require caller keyId
+ *    or fail with E_DID_KEY_AMBIGUOUS
+ * 3. Only Ed25519 keys extracted; other types silently skipped
+ * 4. Iterates ALL methods regardless of match (no early-return oracle)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractVerificationKey = extractVerificationKey;
+const multicodec_js_1 = require("./multicodec.js");
+const errors_js_1 = require("./errors.js");
+// ---------------------------------------------------------------------------
+// Implementation
+// ---------------------------------------------------------------------------
+/**
+ * Extract an Ed25519 public key from a DID Document.
+ *
+ * Selection policy (DD-202):
+ * 1. Collect all verification methods from the document
+ * 2. Filter by keyId if provided
+ * 3. Filter by relationship references (authentication/assertionMethod)
+ * 4. Try to extract Ed25519 key from each eligible method
+ * 5. If exactly one Ed25519 key found: return it
+ * 6. If zero found: return null
+ * 7. If multiple found without keyId: throw E_DID_KEY_AMBIGUOUS
+ *
+ * All methods are iterated regardless of match to prevent key-type oracle.
+ *
+ * @param document - The resolved DID Document
+ * @param options - Key selection options
+ * @returns 32-byte Ed25519 public key, or null if no suitable key found
+ * @throws DIDError with E_DID_KEY_AMBIGUOUS if multiple eligible keys
+ */
+function extractVerificationKey(document, options) {
+    const methods = document.verificationMethod ?? [];
+    const relationship = options?.relationship ?? 'authentication';
+    const keyId = options?.keyId;
+    // Get relationship-referenced method IDs
+    const relationshipRefs = getRelationshipRefs(document, relationship);
+    // Collect all eligible Ed25519 keys (iterate ALL methods, no early return)
+    const candidates = [];
+    for (const method of methods) {
+        // Filter by keyId if specified
+        if (keyId && method.id !== keyId) {
+            continue;
+        }
+        // Prefer relationship-referenced methods if refs exist
+        if (relationshipRefs.length > 0 && !relationshipRefs.includes(method.id)) {
+            continue;
+        }
+        // Try to extract Ed25519 key (silently skip non-Ed25519)
+        const key = tryExtractEd25519(method);
+        if (key) {
+            candidates.push(key);
+        }
+    }
+    // If no relationship-referenced methods found, fall back to all methods
+    if (candidates.length === 0 && relationshipRefs.length > 0) {
+        for (const method of methods) {
+            if (keyId && method.id !== keyId)
+                continue;
+            const key = tryExtractEd25519(method);
+            if (key)
+                candidates.push(key);
+        }
+    }
+    if (candidates.length === 0) {
+        return null;
+    }
+    if (candidates.length === 1) {
+        return candidates[0];
+    }
+    // Multiple Ed25519 keys without explicit keyId selection
+    throw new errors_js_1.DIDError('E_DID_KEY_AMBIGUOUS', `Found ${candidates.length} eligible Ed25519 keys. Provide keyId to select.`);
+}
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Get verification method IDs referenced by a relationship.
+ */
+function getRelationshipRefs(document, relationship) {
+    const refs = document[relationship];
+    if (!refs)
+        return [];
+    return refs
+        .map((ref) => (typeof ref === 'string' ? ref : ref.id))
+        .filter((id) => typeof id === 'string');
+}
+/**
+ * Try to extract an Ed25519 key from a verification method.
+ * Returns null for non-Ed25519 methods (no oracle).
+ */
+function tryExtractEd25519(method) {
+    // Try publicKeyMultibase (Multikey / Ed25519VerificationKey2020)
+    if (method.publicKeyMultibase) {
+        try {
+            return (0, multicodec_js_1.extractEd25519FromMultibase)(method.publicKeyMultibase);
+        }
+        catch {
+            return null;
+        }
+    }
+    // Try publicKeyJwk (JsonWebKey2020, OKP/Ed25519)
+    if (method.publicKeyJwk) {
+        const jwk = method.publicKeyJwk;
+        if (jwk.kty === 'OKP' && jwk.crv === 'Ed25519' && typeof jwk.x === 'string') {
+            try {
+                // JWK x value is base64url-encoded raw key
+                const padded = jwk.x + '='.repeat((4 - (jwk.x.length % 4)) % 4);
+                const binary = atob(padded.replace(/-/g, '+').replace(/_/g, '/'));
+                const bytes = new Uint8Array(binary.length);
+                for (let i = 0; i < binary.length; i++) {
+                    bytes[i] = binary.charCodeAt(i);
+                }
+                if (bytes.length === 32)
+                    return bytes;
+            }
+            catch {
+                return null;
+            }
+        }
+        return null;
+    }
+    return null;
+}
+//# sourceMappingURL=extract-key.js.map

package/dist/extract-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-key.js","sourceRoot":"","sources":["../src/extract-key.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AA8CH,wDAsDC;AAjGD,mDAA8D;AAC9D,2CAAuC;AAmBvC,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,sBAAsB,CACpC,QAAqB,EACrB,OAA2B;IAE3B,MAAM,OAAO,GAAG,QAAQ,CAAC,kBAAkB,IAAI,EAAE,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,gBAAgB,CAAC;IAC/D,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAE7B,yCAAyC;IACzC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAErE,2EAA2E;IAC3E,MAAM,UAAU,GAAiB,EAAE,CAAC;IAEpC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,+BAA+B;QAC/B,IAAI,KAAK,IAAI,MAAM,CAAC,EAAE,KAAK,KAAK,EAAE,CAAC;YACjC,SAAS;QACX,CAAC;QAED,uDAAuD;QACvD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YACzE,SAAS;QACX,CAAC;QAED,yDAAyD;QACzD,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,GAAG,EAAE,CAAC;YACR,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,KAAK,IAAI,MAAM,CAAC,EAAE,KAAK,KAAK;gBAAE,SAAS;YAC3C,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACtC,IAAI,GAAG;gBAAE,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,yDAAyD;IACzD,MAAM,IAAI,oBAAQ,CAChB,qBAAqB,EACrB,SAAS,UAAU,CAAC,MAAM,kDAAkD,CAC7E,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;GAEG;AACH,SAAS,mBAAmB,CAC1B,QAAqB,EACrB,YAAkD;IAElD,MAAM,IAAI,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IAErB,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;SACtD,MAAM,CAAC,CAAC,EAAE,EAAgB,EAAE,CAAC,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,MAA0B;IACnD,iEAAiE;IACjE,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,IAAA,2CAA2B,EAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC;QAChC,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC5E,IAAI,CAAC;gBACH,2CAA2C;gBAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAClC,CAAC;gBACD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;oBAAE,OAAO,KAAK,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/index.cjs

@@ -0,0 +1,461 @@
+'use strict';
+
+// src/resolver.ts
+function createCompositeResolver(resolvers) {
+  return {
+    methods: resolvers.flatMap((r) => [...r.methods]),
+    async resolve(did) {
+      const method = extractMethod(did);
+      if (!method) {
+        return {
+          didDocument: null,
+          didResolutionMetadata: { error: "invalidDid" },
+          didDocumentMetadata: {}
+        };
+      }
+      for (const resolver of resolvers) {
+        if (resolver.methods.includes(method)) {
+          return resolver.resolve(did);
+        }
+      }
+      return {
+        didDocument: null,
+        didResolutionMetadata: { error: "methodNotSupported" },
+        didDocumentMetadata: {}
+      };
+    }
+  };
+}
+function extractMethod(did) {
+  if (!did.startsWith("did:")) return null;
+  const parts = did.split(":");
+  if (parts.length < 3) return null;
+  return parts[1];
+}
+
+// src/errors.ts
+var DIDError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "DIDError";
+    this.code = code;
+  }
+};
+
+// src/multicodec.ts
+var ED25519_MULTICODEC_PREFIX = new Uint8Array([237, 1]);
+var ED25519_KEY_LENGTH = 32;
+var ED25519_MULTICODEC_LENGTH = ED25519_MULTICODEC_PREFIX.length + ED25519_KEY_LENGTH;
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+var BASE58_MAP = /* @__PURE__ */ new Map();
+for (let i = 0; i < BASE58_ALPHABET.length; i++) {
+  BASE58_MAP.set(BASE58_ALPHABET[i], i);
+}
+function base58btcDecode(input) {
+  if (input.length === 0) return new Uint8Array(0);
+  let zeros = 0;
+  while (zeros < input.length && input[zeros] === "1") {
+    zeros++;
+  }
+  const size = Math.ceil(input.length * 733 / 1e3) + 1;
+  const b256 = new Uint8Array(size);
+  let length = 0;
+  for (let i = zeros; i < input.length; i++) {
+    const value = BASE58_MAP.get(input[i]);
+    if (value === void 0) {
+      throw new DIDError("E_DID_DOCUMENT_INVALID", `Invalid base58btc character: ${input[i]}`);
+    }
+    let carry = value;
+    for (let j = 0; j < length || carry > 0; j++) {
+      carry += 58 * (b256[j] || 0);
+      b256[j] = carry % 256;
+      carry = Math.floor(carry / 256);
+      if (j >= length) length = j + 1;
+    }
+  }
+  const result = new Uint8Array(zeros + length);
+  for (let i = 0; i < length; i++) {
+    result[zeros + length - 1 - i] = b256[i];
+  }
+  return result;
+}
+function base64urlDecode(input) {
+  return new Uint8Array(Buffer.from(input, "base64url"));
+}
+function extractEd25519FromMultibase(multibaseValue) {
+  if (multibaseValue.length < 2) {
+    throw new DIDError("E_DID_DOCUMENT_INVALID", "Multibase value too short");
+  }
+  const prefix = multibaseValue[0];
+  const encoded = multibaseValue.slice(1);
+  let decoded;
+  if (prefix === "z") {
+    decoded = base58btcDecode(encoded);
+  } else if (prefix === "u") {
+    decoded = base64urlDecode(encoded);
+  } else {
+    throw new DIDError(
+      "E_DID_DOCUMENT_INVALID",
+      `Unsupported multibase prefix: '${prefix}'. Expected 'z' (base58btc) or 'u' (base64url).`
+    );
+  }
+  if (decoded.length !== ED25519_MULTICODEC_LENGTH) {
+    throw new DIDError(
+      "E_DID_KEY_NOT_FOUND",
+      `Expected ${ED25519_MULTICODEC_LENGTH} bytes (2 prefix + 32 key), got ${decoded.length}`
+    );
+  }
+  if (decoded[0] !== ED25519_MULTICODEC_PREFIX[0] || decoded[1] !== ED25519_MULTICODEC_PREFIX[1]) {
+    throw new DIDError("E_DID_KEY_NOT_FOUND", "Multicodec prefix does not indicate Ed25519");
+  }
+  return decoded.slice(2);
+}
+
+// src/did-key.ts
+var DidKeyResolver = class {
+  methods = ["key"];
+  async resolve(did) {
+    if (!did.startsWith("did:key:")) {
+      return {
+        didDocument: null,
+        didResolutionMetadata: { error: "invalidDid" },
+        didDocumentMetadata: {}
+      };
+    }
+    const multibaseValue = did.slice("did:key:".length);
+    if (!multibaseValue) {
+      return {
+        didDocument: null,
+        didResolutionMetadata: { error: "invalidDid" },
+        didDocumentMetadata: {}
+      };
+    }
+    try {
+      extractEd25519FromMultibase(multibaseValue);
+    } catch (e) {
+      if (e instanceof DIDError) {
+        return {
+          didDocument: null,
+          didResolutionMetadata: { error: e.code },
+          didDocumentMetadata: {}
+        };
+      }
+      return {
+        didDocument: null,
+        didResolutionMetadata: { error: "invalidDid" },
+        didDocumentMetadata: {}
+      };
+    }
+    const keyId = `${did}#${multibaseValue}`;
+    const verificationMethod = {
+      id: keyId,
+      type: "Ed25519VerificationKey2020",
+      controller: did,
+      publicKeyMultibase: multibaseValue
+    };
+    const document = {
+      "@context": [
+        "https://www.w3.org/ns/did/v1",
+        "https://w3id.org/security/suites/ed25519-2020/v1"
+      ],
+      id: did,
+      verificationMethod: [verificationMethod],
+      authentication: [keyId],
+      assertionMethod: [keyId]
+    };
+    return {
+      didDocument: document,
+      didResolutionMetadata: { contentType: "application/did+json" },
+      didDocumentMetadata: {}
+    };
+  }
+};
+
+// src/did-web.ts
+var MAX_DOCUMENT_BYTES = 256 * 1024;
+var DEFAULT_TIMEOUT_MS = 5e3;
+var ACCEPTABLE_CONTENT_TYPES = /* @__PURE__ */ new Set(["application/did+json", "application/json"]);
+var DidWebResolver = class {
+  methods = ["web"];
+  timeoutMs;
+  allowedDomains;
+  fetchFn;
+  constructor(options) {
+    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.allowedDomains = options.allowedDomains?.map(normalizeHostname);
+    this.fetchFn = options.fetchFn;
+  }
+  async resolve(did) {
+    if (!did.startsWith("did:web:")) {
+      return errorResult("invalidDid");
+    }
+    const methodSpecificId = did.slice("did:web:".length);
+    if (!methodSpecificId) {
+      return errorResult("invalidDid");
+    }
+    const urlResult = validateAndTransform(methodSpecificId);
+    if (!urlResult.ok) {
+      return errorResult("invalidDid");
+    }
+    const url = urlResult.url;
+    const hostname = normalizeHostname(urlResult.hostname);
+    if (this.allowedDomains && !this.allowedDomains.includes(hostname)) {
+      return errorResult("invalidDid");
+    }
+    let fetchResult;
+    try {
+      fetchResult = await this.fetchFn(url, {
+        timeoutMs: this.timeoutMs,
+        maxResponseBytes: MAX_DOCUMENT_BYTES,
+        maxRedirects: 0
+      });
+    } catch {
+      return errorResult("notFound");
+    }
+    if (!fetchResult.ok || !fetchResult.data) {
+      return errorResult("notFound");
+    }
+    if (fetchResult.finalUrl && fetchResult.finalUrl !== url) {
+      return errorResult("invalidDid");
+    }
+    if (fetchResult.contentType) {
+      const baseType = fetchResult.contentType.split(";")[0].trim().toLowerCase();
+      if (!ACCEPTABLE_CONTENT_TYPES.has(baseType)) {
+        return errorResult("invalidDid");
+      }
+    }
+    const raw = fetchResult.data;
+    if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
+      return errorResult("invalidDid");
+    }
+    const doc = raw;
+    if (typeof doc.id !== "string") {
+      return errorResult("invalidDid");
+    }
+    if (doc.id !== did) {
+      return errorResult("invalidDid");
+    }
+    return {
+      didDocument: doc,
+      didResolutionMetadata: { contentType: "application/did+json" },
+      didDocumentMetadata: {}
+    };
+  }
+};
+function validateAndTransform(methodSpecificId) {
+  const fail = { ok: false, url: "", hostname: "" };
+  const parts = methodSpecificId.split(":");
+  if (parts.length === 0 || !parts[0]) {
+    return fail;
+  }
+  let authority;
+  try {
+    authority = decodeURIComponent(parts[0]);
+  } catch {
+    return fail;
+  }
+  if (!authority) {
+    return fail;
+  }
+  if (authority.includes("@")) {
+    return fail;
+  }
+  if (authority.includes("?") || authority.includes("#")) {
+    return fail;
+  }
+  if (authority.includes("/")) {
+    return fail;
+  }
+  let hostname;
+  try {
+    const testUrl = new URL(`https://${authority}`);
+    hostname = testUrl.hostname;
+    if (testUrl.username || testUrl.password) {
+      return fail;
+    }
+  } catch {
+    return fail;
+  }
+  if (isIPLiteral(hostname)) {
+    return fail;
+  }
+  if (!hostname) {
+    return fail;
+  }
+  if (parts.length > 1) {
+    const pathParts = parts.slice(1);
+    for (const segment of pathParts) {
+      if (!segment) {
+        return fail;
+      }
+      let decoded;
+      try {
+        decoded = decodeURIComponent(segment);
+      } catch {
+        return fail;
+      }
+      if (decoded.includes("/") || decoded.includes("?") || decoded.includes("#")) {
+        return fail;
+      }
+    }
+    const decodedSegments = pathParts.map(decodeURIComponent);
+    return {
+      ok: true,
+      url: `https://${authority}/${decodedSegments.join("/")}/did.json`,
+      hostname
+    };
+  }
+  return {
+    ok: true,
+    url: `https://${authority}/.well-known/did.json`,
+    hostname
+  };
+}
+function isIPLiteral(hostname) {
+  if (hostname.startsWith("[")) return true;
+  const parts = hostname.split(".");
+  if (parts.length === 4 && parts.every((p) => /^\d+$/.test(p))) return true;
+  return false;
+}
+function normalizeHostname(host) {
+  return host.toLowerCase().replace(/\.$/, "");
+}
+function errorResult(error) {
+  return {
+    didDocument: null,
+    didResolutionMetadata: { error },
+    didDocumentMetadata: {}
+  };
+}
+
+// src/extract-key.ts
+function extractVerificationKey(document, options) {
+  const methods = document.verificationMethod ?? [];
+  const relationship = options?.relationship ?? "authentication";
+  const keyId = options?.keyId;
+  const relationshipRefs = getRelationshipRefs(document, relationship);
+  const candidates = [];
+  for (const method of methods) {
+    if (keyId && method.id !== keyId) {
+      continue;
+    }
+    if (relationshipRefs.length > 0 && !relationshipRefs.includes(method.id)) {
+      continue;
+    }
+    const key = tryExtractEd25519(method);
+    if (key) {
+      candidates.push(key);
+    }
+  }
+  if (candidates.length === 0 && relationshipRefs.length > 0) {
+    for (const method of methods) {
+      if (keyId && method.id !== keyId) continue;
+      const key = tryExtractEd25519(method);
+      if (key) candidates.push(key);
+    }
+  }
+  if (candidates.length === 0) {
+    return null;
+  }
+  if (candidates.length === 1) {
+    return candidates[0];
+  }
+  throw new DIDError(
+    "E_DID_KEY_AMBIGUOUS",
+    `Found ${candidates.length} eligible Ed25519 keys. Provide keyId to select.`
+  );
+}
+function getRelationshipRefs(document, relationship) {
+  const refs = document[relationship];
+  if (!refs) return [];
+  return refs.map((ref) => typeof ref === "string" ? ref : ref.id).filter((id) => typeof id === "string");
+}
+function tryExtractEd25519(method) {
+  if (method.publicKeyMultibase) {
+    try {
+      return extractEd25519FromMultibase(method.publicKeyMultibase);
+    } catch {
+      return null;
+    }
+  }
+  if (method.publicKeyJwk) {
+    const jwk = method.publicKeyJwk;
+    if (jwk.kty === "OKP" && jwk.crv === "Ed25519" && typeof jwk.x === "string") {
+      try {
+        const bytes = new Uint8Array(Buffer.from(jwk.x, "base64url"));
+        if (bytes.length === 32) return bytes;
+      } catch {
+        return null;
+      }
+    }
+    return null;
+  }
+  return null;
+}
+
+// src/cache.ts
+var DEFAULT_TTL_MS = 5 * 60 * 1e3;
+var DEFAULT_MAX_ENTRIES = 1e3;
+var CachingResolver = class {
+  methods;
+  inner;
+  ttlMs;
+  maxEntries;
+  cache = /* @__PURE__ */ new Map();
+  constructor(inner, options) {
+    this.inner = inner;
+    this.methods = inner.methods;
+    this.ttlMs = options?.ttlMs ?? DEFAULT_TTL_MS;
+    this.maxEntries = options?.maxEntries ?? DEFAULT_MAX_ENTRIES;
+  }
+  async resolve(did) {
+    const now = Date.now();
+    const cached = this.cache.get(did);
+    if (cached && cached.expiresAt > now) {
+      return deepCloneResult(cached.result);
+    }
+    if (cached) {
+      this.cache.delete(did);
+    }
+    const result = await this.inner.resolve(did);
+    if (result.didDocument !== null) {
+      if (this.cache.size >= this.maxEntries) {
+        const oldestKey = this.cache.keys().next().value;
+        if (oldestKey !== void 0) {
+          this.cache.delete(oldestKey);
+        }
+      }
+      this.cache.set(did, {
+        result: deepCloneResult(result),
+        expiresAt: now + this.ttlMs
+      });
+    }
+    return result;
+  }
+  /** Invalidate a specific cached entry */
+  invalidate(did) {
+    this.cache.delete(did);
+  }
+  /** Clear the entire cache */
+  clear() {
+    this.cache.clear();
+  }
+  /** Current number of cached entries */
+  get size() {
+    return this.cache.size;
+  }
+};
+function deepCloneResult(result) {
+  return structuredClone(result);
+}
+
+exports.CachingResolver = CachingResolver;
+exports.DIDError = DIDError;
+exports.DidKeyResolver = DidKeyResolver;
+exports.DidWebResolver = DidWebResolver;
+exports.createCompositeResolver = createCompositeResolver;
+exports.extractEd25519FromMultibase = extractEd25519FromMultibase;
+exports.extractVerificationKey = extractVerificationKey;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map