@sphereon/ssi-sdk-ext.did-utils 0.27.1-next.6 → 0.28.1-feature.esm.cjs.8

package/dist/index.js

@@ -1,19 +1,721 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+
+// src/did-functions.ts
+import { computeAddress } from "@ethersproject/transactions";
+import { UniResolver } from "@sphereon/did-uni-client";
+import { ENC_KEY_ALGS, getKms, JwkKeyUse, keyTypeFromCryptographicSuite, sanitizedJwk, signatureAlgorithmFromKey, toJwk } from "@sphereon/ssi-sdk-ext.key-utils";
+import { base64ToHex, hexKeyFromPEMBasedJwk } from "@sphereon/ssi-sdk-ext.x509-utils";
+import { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from "@sphereon/ssi-sdk.core";
+import { convertPublicKeyToX25519 } from "@stablelib/ed25519";
+import { compressIdentifierSecp256k1Keys, convertIdentifierEncryptionKeys, getEthereumAddress, isDefined, mapIdentifierKeysToDoc } from "@veramo/utils";
+import { createJWT } from "did-jwt";
+import elliptic from "elliptic";
+import { fromString } from "uint8arrays/from-string";
+import { toString } from "uint8arrays/to-string";
+
+// src/types.ts
+var SupportedDidMethodEnum = /* @__PURE__ */ function(SupportedDidMethodEnum2) {
+  SupportedDidMethodEnum2["DID_ETHR"] = "ethr";
+  SupportedDidMethodEnum2["DID_KEY"] = "key";
+  SupportedDidMethodEnum2["DID_LTO"] = "lto";
+  SupportedDidMethodEnum2["DID_ION"] = "ion";
+  SupportedDidMethodEnum2["DID_EBSI"] = "ebsi";
+  SupportedDidMethodEnum2["DID_JWK"] = "jwk";
+  SupportedDidMethodEnum2["DID_OYD"] = "oyd";
+  return SupportedDidMethodEnum2;
+}({});
+var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
+  IdentifierAliasEnum2["PRIMARY"] = "primary";
+  return IdentifierAliasEnum2;
+}({});
+var DID_PREFIX = "did:";
+
+// src/did-functions.ts
+var getAuthenticationKey = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey }, context) => {
+  return await getFirstKeyWithRelation({
+    identifier,
+    offlineWhenNoDIDRegistered,
+    noVerificationMethodFallback,
+    keyType,
+    controllerKey,
+    vmRelationship: "authentication"
+  }, context);
+}, "getAuthenticationKey");
+var getFirstKeyWithRelation = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey, vmRelationship }, context) => {
+  let key = void 0;
+  try {
+    key = await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship,
+      errorOnNotFound: false,
+      keyType,
+      controllerKey
+    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship: "verificationMethod",
+      errorOnNotFound: false,
+      keyType,
+      controllerKey
+    }, context));
+  } catch (e) {
+    if (e instanceof Error) {
+      if (!e.message.includes("404") || !offlineWhenNoDIDRegistered) {
+        throw e;
+      }
+    } else {
+      throw e;
+    }
+  }
+  if (!key && offlineWhenNoDIDRegistered) {
+    const offlineDID = toDidDocument(identifier);
+    key = await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship,
+      errorOnNotFound: false,
+      didDocument: offlineDID,
+      keyType,
+      controllerKey
+    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship: "verificationMethod",
+      errorOnNotFound: false,
+      didDocument: offlineDID,
+      keyType,
+      controllerKey
+    }, context));
+    if (!key) {
+      key = identifier.keys.map((key2) => key2).filter((key2) => keyType === void 0 || key2.type === keyType || controllerKey && key2.kid === identifier.controllerKeyId).find((key2) => key2.meta.verificationMethod?.type.includes("authentication") || key2.meta.purposes?.includes("authentication"));
+    }
+  }
+  if (!key) {
+    throw Error(`Could not find authentication key for DID ${identifier.did}`);
+  }
+  return key;
+}, "getFirstKeyWithRelation");
+var getOrCreatePrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  const primaryIdentifier = await getPrimaryIdentifier(context, {
+    ...opts?.createOpts?.options,
+    ...opts?.method && {
+      method: opts.method
+    }
+  });
+  if (primaryIdentifier !== void 0) {
+    return {
+      created: false,
+      result: primaryIdentifier
+    };
+  }
+  if (opts?.method === SupportedDidMethodEnum.DID_KEY) {
+    const createOpts = opts?.createOpts ?? {};
+    createOpts.options = {
+      codecName: "EBSI",
+      type: "Secp256r1",
+      ...createOpts
+    };
+    opts.createOpts = createOpts;
+  }
+  const createdIdentifier = await createIdentifier(context, opts);
+  return {
+    created: true,
+    result: createdIdentifier
+  };
+}, "getOrCreatePrimaryIdentifier");
+var getPrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  const identifiers = (await context.agent.didManagerFind(opts?.method ? {
+    provider: `${DID_PREFIX}${opts?.method}`
+  } : {})).filter((identifier) => opts?.type === void 0 || identifier.keys.some((key) => key.type === opts?.type));
+  return identifiers && identifiers.length > 0 ? identifiers[0] : void 0;
+}, "getPrimaryIdentifier");
+var createIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  return await context.agent.didManagerCreate({
+    kms: await getKms(context, opts?.createOpts?.kms),
+    ...opts?.method && {
+      provider: `${DID_PREFIX}${opts?.method}`
+    },
+    alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${(/* @__PURE__ */ new Date()).getTime()}`,
+    options: opts?.createOpts?.options
+  });
+}, "createIdentifier");
+var getFirstKeyWithRelationFromDIDDoc = /* @__PURE__ */ __name(async ({ identifier, vmRelationship = "verificationMethod", keyType, errorOnNotFound = false, didDocument, controllerKey }, context) => {
+  const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({
+    identifier,
+    vmRelationship,
+    didDocument
+  }, context);
+  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
+    const result = matchedKeys.find((key) => keyType === void 0 || key.type === keyType || controllerKey && key.kid === identifier.controllerKeyId);
+    if (result) {
+      return result;
+    }
+  }
+  if (errorOnNotFound) {
+    throw new Error(`Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? " and key type: " + keyType : ""}`);
+  }
+  return void 0;
+}, "getFirstKeyWithRelationFromDIDDoc");
+var getEthereumAddressFromKey = /* @__PURE__ */ __name(({ key }) => {
+  if (key.type !== "Secp256k1") {
+    throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`);
+  }
+  const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase();
+  if (!ethereumAddress) {
+    throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`);
+  }
+  return ethereumAddress;
+}, "getEthereumAddressFromKey");
+var getControllerKey = /* @__PURE__ */ __name(({ identifier }) => {
+  const key = identifier.keys.find((key2) => key2.kid === identifier.controllerKeyId);
+  if (!key) {
+    throw Error(`Could not get controller key for identifier ${identifier}`);
+  }
+  return key;
+}, "getControllerKey");
+var getKeys = /* @__PURE__ */ __name(({ jwkThumbprint, kms, identifier, kmsKeyRef, keyType, controllerKey }) => {
+  return identifier.keys.filter((key) => !keyType || key.type === keyType).filter((key) => !kms || key.kms === kms).filter((key) => !kmsKeyRef || key.kid === kmsKeyRef).filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint).filter((key) => !controllerKey || identifier.controllerKeyId === key.kid);
+}, "getKeys");
+async function dereferenceDidKeysWithJwkSupport(didDocument, section = "keyAgreement", context) {
+  const convert = section === "keyAgreement";
+  if (section === "service") {
+    return [];
+  }
+  return (await Promise.all((didDocument[section] || []).map(async (key) => {
+    if (typeof key === "string") {
+      try {
+        return await context.agent.getDIDComponentById({
+          didDocument,
+          didUrl: key,
+          section
+        });
+      } catch (e) {
+        return null;
+      }
+    } else {
+      return key;
+    }
+  }))).filter(isDefined).map((key) => {
+    const hexKey = extractPublicKeyHexWithJwkSupport(key, convert);
+    const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key;
+    const newKey = {
+      ...keyProps,
+      publicKeyHex: hexKey
+    };
+    if (convert && "Ed25519VerificationKey2018" === newKey.type) {
+      newKey.type = "X25519KeyAgreementKey2019";
+    }
+    return newKey;
+  });
+}
+__name(dereferenceDidKeysWithJwkSupport, "dereferenceDidKeysWithJwkSupport");
+function jwkTtoPublicKeyHex(jwk) {
+  const vm = {
+    publicKeyJwk: sanitizedJwk(jwk)
+  };
+  return extractPublicKeyHexWithJwkSupport(vm);
+}
+__name(jwkTtoPublicKeyHex, "jwkTtoPublicKeyHex");
+function extractPublicKeyHexWithJwkSupport(pk, convert = false) {
+  if (pk.publicKeyJwk) {
+    const jwk = sanitizedJwk(pk.publicKeyJwk);
+    if (jwk.kty === "EC") {
+      const curve = jwk.crv ? toEcLibCurve(jwk.crv) : "p256";
+      const xHex = base64ToHex(jwk.x, "base64url");
+      const yHex = base64ToHex(jwk.y, "base64url");
+      const prefix = "04";
+      const hex = `${prefix}${xHex}${yHex}`;
+      try {
+        const ec = new elliptic.ec(curve);
+        const publicKeyHex = ec.keyFromPublic(hex, "hex").getPublic(true, "hex");
+        return publicKeyHex;
+      } catch (error) {
+        console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error);
+      }
+    } else if (jwk.crv === "Ed25519") {
+      return toString(fromString(jwk.x, "base64url"), "base16");
+    } else if (jwk.kty === "RSA") {
+      return hexKeyFromPEMBasedJwk(jwk, "public");
+    }
+  }
+  return extractPublicKeyHex(pk, convert);
+}
+__name(extractPublicKeyHexWithJwkSupport, "extractPublicKeyHexWithJwkSupport");
+function isEvenHexString(hex) {
+  const lastChar = hex[hex.length - 1].toLowerCase();
+  return [
+    "0",
+    "2",
+    "4",
+    "6",
+    "8",
+    "a",
+    "c",
+    "e"
+  ].includes(lastChar);
+}
+__name(isEvenHexString, "isEvenHexString");
+function extractPublicKeyHex(pk, convert = false) {
+  let keyBytes = extractPublicKeyBytes(pk);
+  const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : void 0;
+  if (convert) {
+    if ([
+      "Ed25519",
+      "Ed25519VerificationKey2018",
+      "Ed25519VerificationKey2020"
+    ].includes(pk.type) || pk.type === "JsonWebKey2020" && jwk?.crv === "Ed25519") {
+      keyBytes = convertPublicKeyToX25519(keyBytes);
+    } else if (![
+      "X25519",
+      "X25519KeyAgreementKey2019",
+      "X25519KeyAgreementKey2020"
+    ].includes(pk.type) && !(pk.type === "JsonWebKey2020" && jwk?.crv === "X25519")) {
+      return "";
+    }
+  }
+  return bytesToHex(keyBytes);
+}
+__name(extractPublicKeyHex, "extractPublicKeyHex");
+function toEcLibCurve(input) {
+  return input.toLowerCase().replace("-", "").replace("_", "");
+}
+__name(toEcLibCurve, "toEcLibCurve");
+function extractPublicKeyBytes(pk) {
+  if (pk.publicKeyBase58) {
+    return base58ToBytes(pk.publicKeyBase58);
+  } else if (pk.publicKeyMultibase) {
+    return multibaseKeyToBytes(pk.publicKeyMultibase);
+  } else if (pk.publicKeyBase64) {
+    return base64ToBytes(pk.publicKeyBase64);
+  } else if (pk.publicKeyHex) {
+    return hexToBytes(pk.publicKeyHex);
+  } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {
+    return hexToBytes(extractPublicKeyHexWithJwkSupport(pk));
+  } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === "Ed25519" || pk.publicKeyJwk.crv === "X25519") && pk.publicKeyJwk.x) {
+    return base64ToBytes(pk.publicKeyJwk.x);
+  }
+  return new Uint8Array();
+}
+__name(extractPublicKeyBytes, "extractPublicKeyBytes");
+function verificationMethodToJwk(vm) {
+  let jwk = vm.publicKeyJwk;
+  if (!jwk) {
+    let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), "hex");
+    jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({
+      crv: vm.type
+    }));
+  }
+  if (!jwk) {
+    throw Error(`Could not convert verification method to jwk`);
+  }
+  jwk.kid = vm.id;
+  return sanitizedJwk(jwk);
+}
+__name(verificationMethodToJwk, "verificationMethodToJwk");
+function didDocumentSectionToJwks(didDocumentSection, searchForVerificationMethods, verificationMethods) {
+  const jwks = new Set((searchForVerificationMethods ?? []).map((vmOrId) => typeof vmOrId === "object" ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)).filter(isDefined).map((vm) => verificationMethodToJwk(vm)));
+  return {
+    didDocumentSection,
+    jwks: Array.from(jwks)
+  };
+}
+__name(didDocumentSectionToJwks, "didDocumentSectionToJwks");
+function didDocumentToJwks(didDocument) {
+  return {
+    verificationMethod: [
+      ...didDocumentSectionToJwks("publicKey", didDocument.publicKey, didDocument.verificationMethod).jwks,
+      ...didDocumentSectionToJwks("verificationMethod", didDocument.verificationMethod, didDocument.verificationMethod).jwks
+    ],
+    assertionMethod: didDocumentSectionToJwks("assertionMethod", didDocument.assertionMethod, didDocument.verificationMethod).jwks,
+    authentication: didDocumentSectionToJwks("authentication", didDocument.authentication, didDocument.verificationMethod).jwks,
+    keyAgreement: didDocumentSectionToJwks("keyAgreement", didDocument.keyAgreement, didDocument.verificationMethod).jwks,
+    capabilityInvocation: didDocumentSectionToJwks("capabilityInvocation", didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,
+    capabilityDelegation: didDocumentSectionToJwks("capabilityDelegation", didDocument.capabilityDelegation, didDocument.verificationMethod).jwks
+  };
+}
+__name(didDocumentToJwks, "didDocumentToJwks");
+async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument }, context) {
+  const didDoc = didDocument ?? await getAgentResolver(context).resolve(identifier.did).then((result) => result.didDocument);
+  if (!didDoc) {
+    throw Error(`Could not resolve DID ${identifier.did}`);
+  }
+  const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context);
+  const documentKeys = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context);
+  const localKeys = vmRelationship === "keyAgreement" ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier);
+  const extendedKeys = documentKeys.map((verificationMethod) => {
+    const localKey = localKeys.find((localKey2) => localKey2.publicKeyHex === verificationMethod.publicKeyHex || verificationMethod.publicKeyHex?.startsWith(localKey2.publicKeyHex) || compareBlockchainAccountId(localKey2, verificationMethod));
+    if (localKey) {
+      const { meta, ...localProps } = localKey;
+      return {
+        ...localProps,
+        meta: {
+          ...meta,
+          verificationMethod
+        }
+      };
+    } else {
+      return null;
+    }
+  }).filter(isDefined);
+  return keys.concat(extendedKeys);
+}
+__name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
+function compareBlockchainAccountId(localKey, verificationMethod) {
+  if (verificationMethod.type !== "EcdsaSecp256k1RecoveryMethod2020" && verificationMethod.type !== "EcdsaSecp256k1VerificationKey2019" || localKey.type !== "Secp256k1") {
+    return false;
+  }
+  let vmEthAddr = getEthereumAddress(verificationMethod);
+  if (localKey.meta?.account) {
+    return vmEthAddr === localKey.meta?.account.toLowerCase();
+  }
+  const computedAddr = computeAddress("0x" + localKey.publicKeyHex).toLowerCase();
+  return computedAddr === vmEthAddr;
+}
+__name(compareBlockchainAccountId, "compareBlockchainAccountId");
+async function getAgentDIDMethods(context) {
+  return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace("did:", ""));
+}
+__name(getAgentDIDMethods, "getAgentDIDMethods");
+function getDID(idOpts) {
+  if (typeof idOpts.identifier === "string") {
+    return idOpts.identifier;
+  } else if (typeof idOpts.identifier === "object") {
+    return idOpts.identifier.did;
+  }
+  throw Error(`Cannot get DID from identifier value`);
+}
+__name(getDID, "getDID");
+function toDID(identifier) {
+  if (typeof identifier === "string") {
+    return identifier;
+  }
+  if (identifier.did) {
+    return identifier.did;
+  }
+  throw Error(`No DID value present in identifier`);
+}
+__name(toDID, "toDID");
+function toDIDs(identifiers) {
+  if (!identifiers) {
+    return [];
+  }
+  return identifiers.map(toDID);
+}
+__name(toDIDs, "toDIDs");
+async function getKey({ identifier, vmRelationship = "authentication", kmsKeyRef }, context) {
+  if (!identifier) {
+    return Promise.reject(new Error(`No identifier provided to getKey method!`));
+  }
+  const kmsKeyRefParts = kmsKeyRef?.split(`#`);
+  const kid = kmsKeyRefParts ? kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0] : void 0;
+  let identifierKey = kmsKeyRef ? identifier.keys.find((key) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : void 0;
+  if (!identifierKey) {
+    const keys = await mapIdentifierKeysToDocWithJwkSupport({
+      identifier,
+      vmRelationship
+    }, context);
+    if (!keys || keys.length === 0) {
+      throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
+    }
+    if (kmsKeyRef) {
+      identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
+    }
+    if (!identifierKey) {
+      identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
+    }
+    if (!identifierKey) {
+      identifierKey = keys[0];
+    }
+  }
+  if (!identifierKey) {
+    throw new Error(`No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`);
+  }
+  return identifierKey;
+}
+__name(getKey, "getKey");
+async function legacyGetIdentifier({ identifier }, context) {
+  if (typeof identifier === "string") {
+    return await context.agent.didManagerGet({
+      did: identifier
+    });
+  }
+  return identifier;
+}
+__name(legacyGetIdentifier, "legacyGetIdentifier");
+async function determineKid({ key, idOpts }, context) {
+  if (key.meta?.verificationMethod?.id) {
+    return key.meta?.verificationMethod?.id;
+  }
+  const identifier = await legacyGetIdentifier(idOpts, context);
+  const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport({
+    identifier,
+    vmRelationship: "verificationMethod"
+  }, context);
+  const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid);
+  if (vmKey) {
+    return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid;
+  }
+  return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid;
+}
+__name(determineKid, "determineKid");
+async function getSupportedDIDMethods(didOpts, context) {
+  return didOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
+}
+__name(getSupportedDIDMethods, "getSupportedDIDMethods");
+function getAgentResolver(context, opts) {
+  return new AgentDIDResolver(context, opts);
+}
+__name(getAgentResolver, "getAgentResolver");
+var AgentDIDResolver = class {
+  static {
+    __name(this, "AgentDIDResolver");
+  }
+  context;
+  resolverResolution;
+  uniresolverResolution;
+  localResolution;
+  constructor(context, opts) {
+    this.context = context;
+    this.resolverResolution = opts?.resolverResolution !== false;
+    this.uniresolverResolution = opts?.uniresolverResolution !== false;
+    this.localResolution = opts?.localResolution !== false;
+  }
+  async resolve(didUrl, options) {
+    let resolutionResult;
+    let origResolutionResult;
+    let err;
+    if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {
+      throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`);
+    }
+    if (this.resolverResolution) {
+      try {
+        resolutionResult = await this.context.agent.resolveDid({
+          didUrl,
+          options
+        });
+      } catch (error) {
+        err = error;
+      }
+    }
+    if (resolutionResult) {
+      origResolutionResult = resolutionResult;
+      if (resolutionResult.didDocument === null) {
+        resolutionResult = void 0;
+      }
+    } else {
+      console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`);
+    }
+    if (!resolutionResult && this.localResolution) {
+      console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`);
+      try {
+        const did = didUrl.split("#")[0];
+        const iIdentifier = await this.context.agent.didManagerGet({
+          did
+        });
+        resolutionResult = toDidResolutionResult(iIdentifier, {
+          did
+        });
+        if (resolutionResult.didDocument) {
+          err = void 0;
+        } else {
+          console.log(`Local resolution resulted in a DID Document for ${did}`);
+        }
+      } catch (error) {
+        if (!err) {
+          err = error;
+        }
+      }
+    }
+    if (resolutionResult) {
+      if (!origResolutionResult) {
+        origResolutionResult = resolutionResult;
+      }
+      if (!resolutionResult.didDocument) {
+        resolutionResult = void 0;
+      }
+    }
+    if (!resolutionResult && this.uniresolverResolution) {
+      console.log(`Using universal resolver resolution for did ${didUrl} `);
+      resolutionResult = await new UniResolver().resolve(didUrl, options);
+      if (!origResolutionResult) {
+        origResolutionResult = resolutionResult;
+      }
+      if (resolutionResult.didDocument) {
+        err = void 0;
+      }
+    }
+    if (err) {
+      throw err;
+    }
+    if (!resolutionResult && !origResolutionResult) {
+      throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`;
+    }
+    return resolutionResult ?? origResolutionResult;
+  }
+};
+function toDidDocument(identifier, opts) {
+  let didDocument = void 0;
+  if (identifier) {
+    const did = identifier.did ?? opts?.did;
+    didDocument = {
+      "@context": "https://www.w3.org/ns/did/v1",
+      id: did,
+      verificationMethod: identifier.keys.map((key) => {
+        const vm = {
+          controller: did,
+          id: key.kid.startsWith(did) && key.kid.includes("#") ? key.kid : `${did}#${key.kid}`,
+          publicKeyJwk: toJwk(key.publicKeyHex, key.type, {
+            use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
+            key
+          }),
+          type: "JsonWebKey2020"
+        };
+        return vm;
+      }),
+      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
+        assertionMethod: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "assertionMethod" || key?.meta?.purposes?.includes("assertionMethod")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
+        authentication: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "authentication" || key?.meta?.purposes?.includes("authentication")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
+        keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "keyAgreement" || key?.meta?.purposes?.includes("keyAgreement")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
+        capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityInvocation" || key?.meta?.purposes?.includes("capabilityInvocation")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
+        capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityDelegation" || key?.meta?.purposes?.includes("capabilityDelegation")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...identifier.services && identifier.services.length > 0 && {
+        service: identifier.services
+      }
+    };
+  }
+  return didDocument;
+}
+__name(toDidDocument, "toDidDocument");
+function toDidResolutionResult(identifier, opts) {
+  const didDocument = toDidDocument(identifier, opts) ?? null;
+  const resolutionResult = {
+    "@context": "https://w3id.org/did-resolution/v1",
+    didDocument,
+    didResolutionMetadata: {
+      ...!didDocument && {
+        error: "notFound"
+      },
+      ...Array.isArray(opts?.supportedMethods) && identifier && !opts?.supportedMethods.includes(identifier.provider.replace("did:", "")) && {
+        error: "unsupportedDidMethod"
+      }
+    },
+    didDocumentMetadata: {
+      ...identifier?.alias && {
+        equivalentId: identifier?.alias
+      }
+    }
+  };
+  return resolutionResult;
+}
+__name(toDidResolutionResult, "toDidResolutionResult");
+async function asDidWeb(hostnameOrDID) {
+  let did = hostnameOrDID;
+  if (!did) {
+    throw Error("Domain or DID expected, but received nothing.");
+  }
+  if (did.startsWith("did:web:")) {
+    return did;
+  }
+  return `did:web:${did.replace(/https?:\/\/([^/?#]+).*/i, "$1").toLowerCase()}`;
+}
+__name(asDidWeb, "asDidWeb");
+var signDidJWT = /* @__PURE__ */ __name(async (args) => {
+  const { idOpts, header, payload, context, options } = args;
+  const jwtOptions = {
+    ...options,
+    signer: await getDidSigner({
+      idOpts,
+      context
+    })
+  };
+  return createJWT(payload, jwtOptions, header);
+}, "signDidJWT");
+var getDidSigner = /* @__PURE__ */ __name(async (args) => {
+  const { idOpts, context } = args;
+  const identifier = await legacyGetIdentifier(idOpts, context);
+  const key = await getKey({
+    identifier,
+    vmRelationship: idOpts.verificationMethodSection,
+    kmsKeyRef: idOpts.kmsKeyRef
+  }, context);
+  const algorithm = await signatureAlgorithmFromKey({
+    key
+  });
+  return async (data) => {
+    const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data) : data;
+    return await context.agent.keyManagerSign({
+      keyRef: key.kid,
+      algorithm,
+      data: input
+    });
+  };
+}, "getDidSigner");
+export {
+  AgentDIDResolver,
+  DID_PREFIX,
+  IdentifierAliasEnum,
+  SupportedDidMethodEnum,
+  asDidWeb,
+  createIdentifier,
+  dereferenceDidKeysWithJwkSupport,
+  determineKid,
+  didDocumentToJwks,
+  extractPublicKeyHex,
+  extractPublicKeyHexWithJwkSupport,
+  getAgentDIDMethods,
+  getAgentResolver,
+  getAuthenticationKey,
+  getControllerKey,
+  getDID,
+  getDidSigner,
+  getEthereumAddressFromKey,
+  getFirstKeyWithRelation,
+  getFirstKeyWithRelationFromDIDDoc,
+  getKey,
+  getKeys,
+  getOrCreatePrimaryIdentifier,
+  getPrimaryIdentifier,
+  getSupportedDIDMethods,
+  isEvenHexString,
+  jwkTtoPublicKeyHex,
+  mapIdentifierKeysToDocWithJwkSupport,
+  signDidJWT,
+  toDID,
+  toDIDs,
+  toDidDocument,
+  toDidResolutionResult,
+  verificationMethodToJwk
 };
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./did-functions"), exports);
-__exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map