@peac/protocol 0.12.0-preview.1 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +25 -13
  2. package/dist/index.cjs +15 -95
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.mjs +15 -96
  5. package/dist/index.mjs.map +1 -1
  6. package/dist/issue.d.ts +38 -11
  7. package/dist/issue.d.ts.map +1 -1
  8. package/dist/verify-local-wire01.d.ts +45 -0
  9. package/dist/verify-local-wire01.d.ts.map +1 -0
  10. package/dist/verify-local.cjs +8 -92
  11. package/dist/verify-local.cjs.map +1 -1
  12. package/dist/verify-local.d.ts +30 -78
  13. package/dist/verify-local.d.ts.map +1 -1
  14. package/dist/verify-local.mjs +8 -92
  15. package/dist/verify-local.mjs.map +1 -1
  16. package/dist/verify.d.ts +11 -4
  17. package/dist/verify.d.ts.map +1 -1
  18. package/package.json +4 -4
package/dist/index.mjs CHANGED
@@ -34,7 +34,7 @@ var IssueError = class extends Error {
34
34
  this.peacError = peacError;
35
35
  }
36
36
  };
37
- async function issue(options) {
37
+ async function issueWire01(options) {
38
38
  if (!options.iss.startsWith("https://")) {
39
39
  throw new Error("Issuer URL must start with https://");
40
40
  }
@@ -175,9 +175,12 @@ async function issue(options) {
175
175
  };
176
176
  }
177
177
  async function issueJws(options) {
178
- const result = await issue(options);
178
+ const result = await issueWire01(options);
179
179
  return result.jws;
180
180
  }
181
+ async function issue(options) {
182
+ return issueWire02(options);
183
+ }
181
184
  async function issueWire02(options) {
182
185
  if (!isCanonicalIss(options.iss)) {
183
186
  throw new IssueError({
@@ -187,7 +190,7 @@ async function issueWire02(options) {
187
190
  retryable: false,
188
191
  http_status: 400,
189
192
  details: {
190
- message: `iss is not in canonical form: "${options.iss}". Use https:// origin or did: identifier.`
193
+ message: `iss is not in canonical form: "${options.iss}". Use an https://<origin> or did:<method> identifier.`
191
194
  }
192
195
  });
193
196
  }
@@ -1414,16 +1417,7 @@ function sanitizeParseIssues(issues) {
1414
1417
  }));
1415
1418
  }
1416
1419
  async function verifyLocal(jws, publicKey, options = {}) {
1417
- const {
1418
- issuer,
1419
- audience,
1420
- subjectUri,
1421
- rid,
1422
- requireExp = false,
1423
- maxClockSkew = 300,
1424
- strictness = "strict",
1425
- policyDigest
1426
- } = options;
1420
+ const { issuer, subjectUri, maxClockSkew = 300, strictness = "strict", policyDigest } = options;
1427
1421
  const now = options.now ?? Math.floor(Date.now() / 1e3);
1428
1422
  try {
1429
1423
  const result = await verify(jws, publicKey);
@@ -1555,86 +1549,11 @@ async function verifyLocal(jws, publicKey, options = {}) {
1555
1549
  policy_binding: bindingStatus
1556
1550
  };
1557
1551
  }
1558
- const w01 = pr.claims;
1559
- if (issuer !== void 0 && w01.iss !== issuer) {
1560
- return {
1561
- valid: false,
1562
- code: "E_INVALID_ISSUER",
1563
- message: `Issuer mismatch: expected "${issuer}", got "${w01.iss}"`
1564
- };
1565
- }
1566
- if (audience !== void 0 && w01.aud !== audience) {
1567
- return {
1568
- valid: false,
1569
- code: "E_INVALID_AUDIENCE",
1570
- message: `Audience mismatch: expected "${audience}", got "${w01.aud}"`
1571
- };
1572
- }
1573
- if (rid !== void 0 && w01.rid !== rid) {
1574
- return {
1575
- valid: false,
1576
- code: "E_INVALID_RECEIPT_ID",
1577
- message: `Receipt ID mismatch: expected "${rid}", got "${w01.rid}"`
1578
- };
1579
- }
1580
- if (requireExp && w01.exp === void 0) {
1581
- return {
1582
- valid: false,
1583
- code: "E_MISSING_EXP",
1584
- message: "Receipt missing required exp claim"
1585
- };
1586
- }
1587
- if (w01.iat > now + maxClockSkew) {
1588
- return {
1589
- valid: false,
1590
- code: "E_NOT_YET_VALID",
1591
- message: `Receipt not yet valid: issued at ${new Date(w01.iat * 1e3).toISOString()}, now is ${new Date(now * 1e3).toISOString()}`
1592
- };
1593
- }
1594
- if (w01.exp !== void 0 && w01.exp < now - maxClockSkew) {
1595
- return {
1596
- valid: false,
1597
- code: "E_EXPIRED",
1598
- message: `Receipt expired at ${new Date(w01.exp * 1e3).toISOString()}`
1599
- };
1600
- }
1601
- if (pr.variant === "commerce") {
1602
- const claims = pr.claims;
1603
- if (subjectUri !== void 0 && claims.subject?.uri !== subjectUri) {
1604
- return {
1605
- valid: false,
1606
- code: "E_INVALID_SUBJECT",
1607
- message: `Subject mismatch: expected "${subjectUri}", got "${claims.subject?.uri ?? "undefined"}"`
1608
- };
1609
- }
1610
- return {
1611
- valid: true,
1612
- variant: "commerce",
1613
- claims,
1614
- kid: result.header.kid,
1615
- wireVersion: "0.1",
1616
- warnings: [],
1617
- policy_binding: "unavailable"
1618
- };
1619
- } else {
1620
- const claims = pr.claims;
1621
- if (subjectUri !== void 0 && claims.sub !== subjectUri) {
1622
- return {
1623
- valid: false,
1624
- code: "E_INVALID_SUBJECT",
1625
- message: `Subject mismatch: expected "${subjectUri}", got "${claims.sub ?? "undefined"}"`
1626
- };
1627
- }
1628
- return {
1629
- valid: true,
1630
- variant: "attestation",
1631
- claims,
1632
- kid: result.header.kid,
1633
- wireVersion: "0.1",
1634
- warnings: [],
1635
- policy_binding: "unavailable"
1636
- };
1637
- }
1552
+ return {
1553
+ valid: false,
1554
+ code: "E_UNSUPPORTED_WIRE_VERSION",
1555
+ message: "Wire 0.1 receipts are not supported. Re-issue as Wire 0.2 using issue()."
1556
+ };
1638
1557
  } catch (err) {
1639
1558
  if (isCryptoError(err)) {
1640
1559
  if (Object.prototype.hasOwnProperty.call(JOSE_CODE_MAP, err.code)) {
@@ -1683,10 +1602,10 @@ async function verifyLocal(jws, publicKey, options = {}) {
1683
1602
  }
1684
1603
  }
1685
1604
  function isCommerceResult(r) {
1686
- return r.valid === true && r.variant === "commerce";
1605
+ return false;
1687
1606
  }
1688
1607
  function isAttestationResult(r) {
1689
- return r.valid === true && r.variant === "attestation";
1608
+ return false;
1690
1609
  }
1691
1610
  function isWire02Result(r) {
1692
1611
  return r.valid === true && r.variant === "wire-02";
@@ -3017,6 +2936,6 @@ async function verifyAndFetchPointer(pointerHeader, fetchOptions) {
3017
2936
  });
3018
2937
  }
3019
2938
 
3020
- export { CHECK_IDS, DEFAULT_NETWORK_SECURITY, DEFAULT_VERIFIER_LIMITS, IssueError, NON_DETERMINISTIC_ARTIFACT_KEYS, VerificationReportBuilder, buildFailureReport, buildSuccessReport, checkPolicyBinding, clearJWKSCache, clearKidThumbprints, computePolicyDigestJcs, computeReceiptDigest, createDefaultPolicy, createDigest, createEmptyReport, createReportBuilder, fetchDiscovery, fetchIssuerConfig, fetchJWKSSafe, fetchPointerSafe, fetchPointerWithDigest, fetchPolicyManifest, getJWKSCacheSize, getKidThumbprintSize, getPurposeHeader, getReceiptHeader, getSSRFCapabilities, isAttestationResult, isBlockedIP, isCommerceResult, isWire02Result, issue, issueJws, issueWire02, parseBodyProfile, parseDiscovery, parseHeaderProfile, parseIssuerConfig, parsePointerProfile, parsePolicyManifest, parseTransportProfile, reasonCodeToErrorCode, reasonCodeToSeverity, resetSSRFCapabilitiesCache, resolveJWKS, setPurposeAppliedHeader, setPurposeReasonHeader, setReceiptHeader, setVaryHeader, setVaryPurposeHeader, ssrfErrorToReasonCode, ssrfSafeFetch, verifyAndFetchPointer, verifyLocal, verifyReceipt, verifyReceiptCore };
2939
+ export { CHECK_IDS, DEFAULT_NETWORK_SECURITY, DEFAULT_VERIFIER_LIMITS, IssueError, NON_DETERMINISTIC_ARTIFACT_KEYS, VerificationReportBuilder, buildFailureReport, buildSuccessReport, checkPolicyBinding, clearJWKSCache, clearKidThumbprints, computePolicyDigestJcs, computeReceiptDigest, createDefaultPolicy, createDigest, createEmptyReport, createReportBuilder, fetchDiscovery, fetchIssuerConfig, fetchJWKSSafe, fetchPointerSafe, fetchPointerWithDigest, fetchPolicyManifest, getJWKSCacheSize, getKidThumbprintSize, getPurposeHeader, getReceiptHeader, getSSRFCapabilities, isAttestationResult, isBlockedIP, isCommerceResult, isWire02Result, issue, issueJws, issueWire01, issueWire02, parseBodyProfile, parseDiscovery, parseHeaderProfile, parseIssuerConfig, parsePointerProfile, parsePolicyManifest, parseTransportProfile, reasonCodeToErrorCode, reasonCodeToSeverity, resetSSRFCapabilitiesCache, resolveJWKS, setPurposeAppliedHeader, setPurposeReasonHeader, setReceiptHeader, setVaryHeader, setVaryPurposeHeader, ssrfErrorToReasonCode, ssrfSafeFetch, verifyAndFetchPointer, verifyLocal, verifyReceipt, verifyReceiptCore };
3021
2940
  //# sourceMappingURL=index.mjs.map
3022
2941
  //# sourceMappingURL=index.mjs.map