@sphereon/ssi-sdk-ext.did-utils 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.oyd.cmsm.improv.16

package/dist/index.js

@@ -1,721 +1,19 @@
-var __defProp = Object.defineProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-
-// src/did-functions.ts
-import { computeAddress } from "@ethersproject/transactions";
-import { UniResolver } from "@sphereon/did-uni-client";
-import { ENC_KEY_ALGS, getKms, JwkKeyUse, keyTypeFromCryptographicSuite, sanitizedJwk, signatureAlgorithmFromKey, toJwk } from "@sphereon/ssi-sdk-ext.key-utils";
-import { base64ToHex, hexKeyFromPEMBasedJwk } from "@sphereon/ssi-sdk-ext.x509-utils";
-import { base58ToBytes, base64ToBytes, bytesToHex, hexToBytes, multibaseKeyToBytes } from "@sphereon/ssi-sdk.core";
-import { convertPublicKeyToX25519 } from "@stablelib/ed25519";
-import { compressIdentifierSecp256k1Keys, convertIdentifierEncryptionKeys, getEthereumAddress, isDefined, mapIdentifierKeysToDoc } from "@veramo/utils";
-import { createJWT } from "did-jwt";
-import elliptic from "elliptic";
-import { fromString } from "uint8arrays/from-string";
-import { toString } from "uint8arrays/to-string";
-
-// src/types.ts
-var SupportedDidMethodEnum = /* @__PURE__ */ function(SupportedDidMethodEnum2) {
-  SupportedDidMethodEnum2["DID_ETHR"] = "ethr";
-  SupportedDidMethodEnum2["DID_KEY"] = "key";
-  SupportedDidMethodEnum2["DID_LTO"] = "lto";
-  SupportedDidMethodEnum2["DID_ION"] = "ion";
-  SupportedDidMethodEnum2["DID_EBSI"] = "ebsi";
-  SupportedDidMethodEnum2["DID_JWK"] = "jwk";
-  SupportedDidMethodEnum2["DID_OYD"] = "oyd";
-  return SupportedDidMethodEnum2;
-}({});
-var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
-  IdentifierAliasEnum2["PRIMARY"] = "primary";
-  return IdentifierAliasEnum2;
-}({});
-var DID_PREFIX = "did:";
-
-// src/did-functions.ts
-var getAuthenticationKey = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey }, context) => {
-  return await getFirstKeyWithRelation({
-    identifier,
-    offlineWhenNoDIDRegistered,
-    noVerificationMethodFallback,
-    keyType,
-    controllerKey,
-    vmRelationship: "authentication"
-  }, context);
-}, "getAuthenticationKey");
-var getFirstKeyWithRelation = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey, vmRelationship }, context) => {
-  let key = void 0;
-  try {
-    key = await getFirstKeyWithRelationFromDIDDoc({
-      identifier,
-      vmRelationship,
-      errorOnNotFound: false,
-      keyType,
-      controllerKey
-    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
-      identifier,
-      vmRelationship: "verificationMethod",
-      errorOnNotFound: false,
-      keyType,
-      controllerKey
-    }, context));
-  } catch (e) {
-    if (e instanceof Error) {
-      if (!e.message.includes("404") || !offlineWhenNoDIDRegistered) {
-        throw e;
-      }
-    } else {
-      throw e;
-    }
-  }
-  if (!key && offlineWhenNoDIDRegistered) {
-    const offlineDID = toDidDocument(identifier);
-    key = await getFirstKeyWithRelationFromDIDDoc({
-      identifier,
-      vmRelationship,
-      errorOnNotFound: false,
-      didDocument: offlineDID,
-      keyType,
-      controllerKey
-    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
-      identifier,
-      vmRelationship: "verificationMethod",
-      errorOnNotFound: false,
-      didDocument: offlineDID,
-      keyType,
-      controllerKey
-    }, context));
-    if (!key) {
-      key = identifier.keys.map((key2) => key2).filter((key2) => keyType === void 0 || key2.type === keyType || controllerKey && key2.kid === identifier.controllerKeyId).find((key2) => key2.meta.verificationMethod?.type.includes("authentication") || key2.meta.purposes?.includes("authentication"));
-    }
-  }
-  if (!key) {
-    throw Error(`Could not find authentication key for DID ${identifier.did}`);
-  }
-  return key;
-}, "getFirstKeyWithRelation");
-var getOrCreatePrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
-  const primaryIdentifier = await getPrimaryIdentifier(context, {
-    ...opts?.createOpts?.options,
-    ...opts?.method && {
-      method: opts.method
-    }
-  });
-  if (primaryIdentifier !== void 0) {
-    return {
-      created: false,
-      result: primaryIdentifier
-    };
-  }
-  if (opts?.method === SupportedDidMethodEnum.DID_KEY) {
-    const createOpts = opts?.createOpts ?? {};
-    createOpts.options = {
-      codecName: "EBSI",
-      type: "Secp256r1",
-      ...createOpts
-    };
-    opts.createOpts = createOpts;
-  }
-  const createdIdentifier = await createIdentifier(context, opts);
-  return {
-    created: true,
-    result: createdIdentifier
-  };
-}, "getOrCreatePrimaryIdentifier");
-var getPrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
-  const identifiers = (await context.agent.didManagerFind(opts?.method ? {
-    provider: `${DID_PREFIX}${opts?.method}`
-  } : {})).filter((identifier) => opts?.type === void 0 || identifier.keys.some((key) => key.type === opts?.type));
-  return identifiers && identifiers.length > 0 ? identifiers[0] : void 0;
-}, "getPrimaryIdentifier");
-var createIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
-  return await context.agent.didManagerCreate({
-    kms: await getKms(context, opts?.createOpts?.kms),
-    ...opts?.method && {
-      provider: `${DID_PREFIX}${opts?.method}`
-    },
-    alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${(/* @__PURE__ */ new Date()).getTime()}`,
-    options: opts?.createOpts?.options
-  });
-}, "createIdentifier");
-var getFirstKeyWithRelationFromDIDDoc = /* @__PURE__ */ __name(async ({ identifier, vmRelationship = "verificationMethod", keyType, errorOnNotFound = false, didDocument, controllerKey }, context) => {
-  const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({
-    identifier,
-    vmRelationship,
-    didDocument
-  }, context);
-  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
-    const result = matchedKeys.find((key) => keyType === void 0 || key.type === keyType || controllerKey && key.kid === identifier.controllerKeyId);
-    if (result) {
-      return result;
-    }
-  }
-  if (errorOnNotFound) {
-    throw new Error(`Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? " and key type: " + keyType : ""}`);
-  }
-  return void 0;
-}, "getFirstKeyWithRelationFromDIDDoc");
-var getEthereumAddressFromKey = /* @__PURE__ */ __name(({ key }) => {
-  if (key.type !== "Secp256k1") {
-    throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`);
-  }
-  const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? computeAddress(`0x${key.publicKeyHex}`).toLowerCase();
-  if (!ethereumAddress) {
-    throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`);
-  }
-  return ethereumAddress;
-}, "getEthereumAddressFromKey");
-var getControllerKey = /* @__PURE__ */ __name(({ identifier }) => {
-  const key = identifier.keys.find((key2) => key2.kid === identifier.controllerKeyId);
-  if (!key) {
-    throw Error(`Could not get controller key for identifier ${identifier}`);
-  }
-  return key;
-}, "getControllerKey");
-var getKeys = /* @__PURE__ */ __name(({ jwkThumbprint, kms, identifier, kmsKeyRef, keyType, controllerKey }) => {
-  return identifier.keys.filter((key) => !keyType || key.type === keyType).filter((key) => !kms || key.kms === kms).filter((key) => !kmsKeyRef || key.kid === kmsKeyRef).filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint).filter((key) => !controllerKey || identifier.controllerKeyId === key.kid);
-}, "getKeys");
-async function dereferenceDidKeysWithJwkSupport(didDocument, section = "keyAgreement", context) {
-  const convert = section === "keyAgreement";
-  if (section === "service") {
-    return [];
-  }
-  return (await Promise.all((didDocument[section] || []).map(async (key) => {
-    if (typeof key === "string") {
-      try {
-        return await context.agent.getDIDComponentById({
-          didDocument,
-          didUrl: key,
-          section
-        });
-      } catch (e) {
-        return null;
-      }
-    } else {
-      return key;
-    }
-  }))).filter(isDefined).map((key) => {
-    const hexKey = extractPublicKeyHexWithJwkSupport(key, convert);
-    const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key;
-    const newKey = {
-      ...keyProps,
-      publicKeyHex: hexKey
-    };
-    if (convert && "Ed25519VerificationKey2018" === newKey.type) {
-      newKey.type = "X25519KeyAgreementKey2019";
-    }
-    return newKey;
-  });
-}
-__name(dereferenceDidKeysWithJwkSupport, "dereferenceDidKeysWithJwkSupport");
-function jwkTtoPublicKeyHex(jwk) {
-  const vm = {
-    publicKeyJwk: sanitizedJwk(jwk)
-  };
-  return extractPublicKeyHexWithJwkSupport(vm);
-}
-__name(jwkTtoPublicKeyHex, "jwkTtoPublicKeyHex");
-function extractPublicKeyHexWithJwkSupport(pk, convert = false) {
-  if (pk.publicKeyJwk) {
-    const jwk = sanitizedJwk(pk.publicKeyJwk);
-    if (jwk.kty === "EC") {
-      const curve = jwk.crv ? toEcLibCurve(jwk.crv) : "p256";
-      const xHex = base64ToHex(jwk.x, "base64url");
-      const yHex = base64ToHex(jwk.y, "base64url");
-      const prefix = "04";
-      const hex = `${prefix}${xHex}${yHex}`;
-      try {
-        const ec = new elliptic.ec(curve);
-        const publicKeyHex = ec.keyFromPublic(hex, "hex").getPublic(true, "hex");
-        return publicKeyHex;
-      } catch (error) {
-        console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error);
-      }
-    } else if (jwk.crv === "Ed25519") {
-      return toString(fromString(jwk.x, "base64url"), "base16");
-    } else if (jwk.kty === "RSA") {
-      return hexKeyFromPEMBasedJwk(jwk, "public");
-    }
-  }
-  return extractPublicKeyHex(pk, convert);
-}
-__name(extractPublicKeyHexWithJwkSupport, "extractPublicKeyHexWithJwkSupport");
-function isEvenHexString(hex) {
-  const lastChar = hex[hex.length - 1].toLowerCase();
-  return [
-    "0",
-    "2",
-    "4",
-    "6",
-    "8",
-    "a",
-    "c",
-    "e"
-  ].includes(lastChar);
-}
-__name(isEvenHexString, "isEvenHexString");
-function extractPublicKeyHex(pk, convert = false) {
-  let keyBytes = extractPublicKeyBytes(pk);
-  const jwk = pk.publicKeyJwk ? sanitizedJwk(pk.publicKeyJwk) : void 0;
-  if (convert) {
-    if ([
-      "Ed25519",
-      "Ed25519VerificationKey2018",
-      "Ed25519VerificationKey2020"
-    ].includes(pk.type) || pk.type === "JsonWebKey2020" && jwk?.crv === "Ed25519") {
-      keyBytes = convertPublicKeyToX25519(keyBytes);
-    } else if (![
-      "X25519",
-      "X25519KeyAgreementKey2019",
-      "X25519KeyAgreementKey2020"
-    ].includes(pk.type) && !(pk.type === "JsonWebKey2020" && jwk?.crv === "X25519")) {
-      return "";
-    }
-  }
-  return bytesToHex(keyBytes);
-}
-__name(extractPublicKeyHex, "extractPublicKeyHex");
-function toEcLibCurve(input) {
-  return input.toLowerCase().replace("-", "").replace("_", "");
-}
-__name(toEcLibCurve, "toEcLibCurve");
-function extractPublicKeyBytes(pk) {
-  if (pk.publicKeyBase58) {
-    return base58ToBytes(pk.publicKeyBase58);
-  } else if (pk.publicKeyMultibase) {
-    return multibaseKeyToBytes(pk.publicKeyMultibase);
-  } else if (pk.publicKeyBase64) {
-    return base64ToBytes(pk.publicKeyBase64);
-  } else if (pk.publicKeyHex) {
-    return hexToBytes(pk.publicKeyHex);
-  } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {
-    return hexToBytes(extractPublicKeyHexWithJwkSupport(pk));
-  } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === "Ed25519" || pk.publicKeyJwk.crv === "X25519") && pk.publicKeyJwk.x) {
-    return base64ToBytes(pk.publicKeyJwk.x);
-  }
-  return new Uint8Array();
-}
-__name(extractPublicKeyBytes, "extractPublicKeyBytes");
-function verificationMethodToJwk(vm) {
-  let jwk = vm.publicKeyJwk;
-  if (!jwk) {
-    let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), "hex");
-    jwk = toJwk(publicKeyHex, keyTypeFromCryptographicSuite({
-      crv: vm.type
-    }));
-  }
-  if (!jwk) {
-    throw Error(`Could not convert verification method to jwk`);
-  }
-  jwk.kid = vm.id;
-  return sanitizedJwk(jwk);
-}
-__name(verificationMethodToJwk, "verificationMethodToJwk");
-function didDocumentSectionToJwks(didDocumentSection, searchForVerificationMethods, verificationMethods) {
-  const jwks = new Set((searchForVerificationMethods ?? []).map((vmOrId) => typeof vmOrId === "object" ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)).filter(isDefined).map((vm) => verificationMethodToJwk(vm)));
-  return {
-    didDocumentSection,
-    jwks: Array.from(jwks)
-  };
-}
-__name(didDocumentSectionToJwks, "didDocumentSectionToJwks");
-function didDocumentToJwks(didDocument) {
-  return {
-    verificationMethod: [
-      ...didDocumentSectionToJwks("publicKey", didDocument.publicKey, didDocument.verificationMethod).jwks,
-      ...didDocumentSectionToJwks("verificationMethod", didDocument.verificationMethod, didDocument.verificationMethod).jwks
-    ],
-    assertionMethod: didDocumentSectionToJwks("assertionMethod", didDocument.assertionMethod, didDocument.verificationMethod).jwks,
-    authentication: didDocumentSectionToJwks("authentication", didDocument.authentication, didDocument.verificationMethod).jwks,
-    keyAgreement: didDocumentSectionToJwks("keyAgreement", didDocument.keyAgreement, didDocument.verificationMethod).jwks,
-    capabilityInvocation: didDocumentSectionToJwks("capabilityInvocation", didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,
-    capabilityDelegation: didDocumentSectionToJwks("capabilityDelegation", didDocument.capabilityDelegation, didDocument.verificationMethod).jwks
-  };
-}
-__name(didDocumentToJwks, "didDocumentToJwks");
-async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument }, context) {
-  const didDoc = didDocument ?? await getAgentResolver(context).resolve(identifier.did).then((result) => result.didDocument);
-  if (!didDoc) {
-    throw Error(`Could not resolve DID ${identifier.did}`);
-  }
-  const keys = didDoc ? [] : await mapIdentifierKeysToDoc(identifier, vmRelationship, context);
-  const documentKeys = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context);
-  const localKeys = vmRelationship === "keyAgreement" ? convertIdentifierEncryptionKeys(identifier) : compressIdentifierSecp256k1Keys(identifier);
-  const extendedKeys = documentKeys.map((verificationMethod) => {
-    const localKey = localKeys.find((localKey2) => localKey2.publicKeyHex === verificationMethod.publicKeyHex || verificationMethod.publicKeyHex?.startsWith(localKey2.publicKeyHex) || compareBlockchainAccountId(localKey2, verificationMethod));
-    if (localKey) {
-      const { meta, ...localProps } = localKey;
-      return {
-        ...localProps,
-        meta: {
-          ...meta,
-          verificationMethod
-        }
-      };
-    } else {
-      return null;
-    }
-  }).filter(isDefined);
-  return keys.concat(extendedKeys);
-}
-__name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
-function compareBlockchainAccountId(localKey, verificationMethod) {
-  if (verificationMethod.type !== "EcdsaSecp256k1RecoveryMethod2020" && verificationMethod.type !== "EcdsaSecp256k1VerificationKey2019" || localKey.type !== "Secp256k1") {
-    return false;
-  }
-  let vmEthAddr = getEthereumAddress(verificationMethod);
-  if (localKey.meta?.account) {
-    return vmEthAddr === localKey.meta?.account.toLowerCase();
-  }
-  const computedAddr = computeAddress("0x" + localKey.publicKeyHex).toLowerCase();
-  return computedAddr === vmEthAddr;
-}
-__name(compareBlockchainAccountId, "compareBlockchainAccountId");
-async function getAgentDIDMethods(context) {
-  return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace("did:", ""));
-}
-__name(getAgentDIDMethods, "getAgentDIDMethods");
-function getDID(idOpts) {
-  if (typeof idOpts.identifier === "string") {
-    return idOpts.identifier;
-  } else if (typeof idOpts.identifier === "object") {
-    return idOpts.identifier.did;
-  }
-  throw Error(`Cannot get DID from identifier value`);
-}
-__name(getDID, "getDID");
-function toDID(identifier) {
-  if (typeof identifier === "string") {
-    return identifier;
-  }
-  if (identifier.did) {
-    return identifier.did;
-  }
-  throw Error(`No DID value present in identifier`);
-}
-__name(toDID, "toDID");
-function toDIDs(identifiers) {
-  if (!identifiers) {
-    return [];
-  }
-  return identifiers.map(toDID);
-}
-__name(toDIDs, "toDIDs");
-async function getKey({ identifier, vmRelationship = "authentication", kmsKeyRef }, context) {
-  if (!identifier) {
-    return Promise.reject(new Error(`No identifier provided to getKey method!`));
-  }
-  const kmsKeyRefParts = kmsKeyRef?.split(`#`);
-  const kid = kmsKeyRefParts ? kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0] : void 0;
-  let identifierKey = kmsKeyRef ? identifier.keys.find((key) => key.kid === kid || key?.meta?.jwkThumbprint === kid) : void 0;
-  if (!identifierKey) {
-    const keys = await mapIdentifierKeysToDocWithJwkSupport({
-      identifier,
-      vmRelationship
-    }, context);
-    if (!keys || keys.length === 0) {
-      throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
-    }
-    if (kmsKeyRef) {
-      identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
-    }
-    if (!identifierKey) {
-      identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
-    }
-    if (!identifierKey) {
-      identifierKey = keys[0];
-    }
-  }
-  if (!identifierKey) {
-    throw new Error(`No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`);
-  }
-  return identifierKey;
-}
-__name(getKey, "getKey");
-async function legacyGetIdentifier({ identifier }, context) {
-  if (typeof identifier === "string") {
-    return await context.agent.didManagerGet({
-      did: identifier
-    });
-  }
-  return identifier;
-}
-__name(legacyGetIdentifier, "legacyGetIdentifier");
-async function determineKid({ key, idOpts }, context) {
-  if (key.meta?.verificationMethod?.id) {
-    return key.meta?.verificationMethod?.id;
-  }
-  const identifier = await legacyGetIdentifier(idOpts, context);
-  const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport({
-    identifier,
-    vmRelationship: "verificationMethod"
-  }, context);
-  const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid);
-  if (vmKey) {
-    return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid;
-  }
-  return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid;
-}
-__name(determineKid, "determineKid");
-async function getSupportedDIDMethods(didOpts, context) {
-  return didOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
-}
-__name(getSupportedDIDMethods, "getSupportedDIDMethods");
-function getAgentResolver(context, opts) {
-  return new AgentDIDResolver(context, opts);
-}
-__name(getAgentResolver, "getAgentResolver");
-var AgentDIDResolver = class {
-  static {
-    __name(this, "AgentDIDResolver");
-  }
-  context;
-  resolverResolution;
-  uniresolverResolution;
-  localResolution;
-  constructor(context, opts) {
-    this.context = context;
-    this.resolverResolution = opts?.resolverResolution !== false;
-    this.uniresolverResolution = opts?.uniresolverResolution !== false;
-    this.localResolution = opts?.localResolution !== false;
-  }
-  async resolve(didUrl, options) {
-    let resolutionResult;
-    let origResolutionResult;
-    let err;
-    if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {
-      throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`);
-    }
-    if (this.resolverResolution) {
-      try {
-        resolutionResult = await this.context.agent.resolveDid({
-          didUrl,
-          options
-        });
-      } catch (error) {
-        err = error;
-      }
-    }
-    if (resolutionResult) {
-      origResolutionResult = resolutionResult;
-      if (resolutionResult.didDocument === null) {
-        resolutionResult = void 0;
-      }
-    } else {
-      console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`);
-    }
-    if (!resolutionResult && this.localResolution) {
-      console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`);
-      try {
-        const did = didUrl.split("#")[0];
-        const iIdentifier = await this.context.agent.didManagerGet({
-          did
-        });
-        resolutionResult = toDidResolutionResult(iIdentifier, {
-          did
-        });
-        if (resolutionResult.didDocument) {
-          err = void 0;
-        } else {
-          console.log(`Local resolution resulted in a DID Document for ${did}`);
-        }
-      } catch (error) {
-        if (!err) {
-          err = error;
-        }
-      }
-    }
-    if (resolutionResult) {
-      if (!origResolutionResult) {
-        origResolutionResult = resolutionResult;
-      }
-      if (!resolutionResult.didDocument) {
-        resolutionResult = void 0;
-      }
-    }
-    if (!resolutionResult && this.uniresolverResolution) {
-      console.log(`Using universal resolver resolution for did ${didUrl} `);
-      resolutionResult = await new UniResolver().resolve(didUrl, options);
-      if (!origResolutionResult) {
-        origResolutionResult = resolutionResult;
-      }
-      if (resolutionResult.didDocument) {
-        err = void 0;
-      }
-    }
-    if (err) {
-      throw err;
-    }
-    if (!resolutionResult && !origResolutionResult) {
-      throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`;
-    }
-    return resolutionResult ?? origResolutionResult;
-  }
-};
-function toDidDocument(identifier, opts) {
-  let didDocument = void 0;
-  if (identifier) {
-    const did = identifier.did ?? opts?.did;
-    didDocument = {
-      "@context": "https://www.w3.org/ns/did/v1",
-      id: did,
-      verificationMethod: identifier.keys.map((key) => {
-        const vm = {
-          controller: did,
-          id: key.kid.startsWith(did) && key.kid.includes("#") ? key.kid : `${did}#${key.kid}`,
-          publicKeyJwk: toJwk(key.publicKeyHex, key.type, {
-            use: ENC_KEY_ALGS.includes(key.type) ? JwkKeyUse.Encryption : JwkKeyUse.Signature,
-            key
-          }),
-          type: "JsonWebKey2020"
-        };
-        return vm;
-      }),
-      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
-        assertionMethod: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "assertionMethod" || key?.meta?.purposes?.includes("assertionMethod")).map((key) => {
-          if (key.kid.startsWith(did) && key.kid.includes("#")) {
-            return key.kid;
-          }
-          return `${did}#${key.kid}`;
-        })
-      },
-      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Signature)) && identifier.keys && {
-        authentication: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "authentication" || key?.meta?.purposes?.includes("authentication")).map((key) => {
-          if (key.kid.startsWith(did) && key.kid.includes("#")) {
-            return key.kid;
-          }
-          return `${did}#${key.kid}`;
-        })
-      },
-      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
-        keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "keyAgreement" || key?.meta?.purposes?.includes("keyAgreement")).map((key) => {
-          if (key.kid.startsWith(did) && key.kid.includes("#")) {
-            return key.kid;
-          }
-          return `${did}#${key.kid}`;
-        })
-      },
-      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
-        capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityInvocation" || key?.meta?.purposes?.includes("capabilityInvocation")).map((key) => {
-          if (key.kid.startsWith(did) && key.kid.includes("#")) {
-            return key.kid;
-          }
-          return `${did}#${key.kid}`;
-        })
-      },
-      ...(opts?.use === void 0 || opts?.use?.includes(JwkKeyUse.Encryption)) && identifier.keys && {
-        capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityDelegation" || key?.meta?.purposes?.includes("capabilityDelegation")).map((key) => {
-          if (key.kid.startsWith(did) && key.kid.includes("#")) {
-            return key.kid;
-          }
-          return `${did}#${key.kid}`;
-        })
-      },
-      ...identifier.services && identifier.services.length > 0 && {
-        service: identifier.services
-      }
-    };
-  }
-  return didDocument;
-}
-__name(toDidDocument, "toDidDocument");
-function toDidResolutionResult(identifier, opts) {
-  const didDocument = toDidDocument(identifier, opts) ?? null;
-  const resolutionResult = {
-    "@context": "https://w3id.org/did-resolution/v1",
-    didDocument,
-    didResolutionMetadata: {
-      ...!didDocument && {
-        error: "notFound"
-      },
-      ...Array.isArray(opts?.supportedMethods) && identifier && !opts?.supportedMethods.includes(identifier.provider.replace("did:", "")) && {
-        error: "unsupportedDidMethod"
-      }
-    },
-    didDocumentMetadata: {
-      ...identifier?.alias && {
-        equivalentId: identifier?.alias
-      }
-    }
-  };
-  return resolutionResult;
-}
-__name(toDidResolutionResult, "toDidResolutionResult");
-async function asDidWeb(hostnameOrDID) {
-  let did = hostnameOrDID;
-  if (!did) {
-    throw Error("Domain or DID expected, but received nothing.");
-  }
-  if (did.startsWith("did:web:")) {
-    return did;
-  }
-  return `did:web:${did.replace(/https?:\/\/([^/?#]+).*/i, "$1").toLowerCase()}`;
-}
-__name(asDidWeb, "asDidWeb");
-var signDidJWT = /* @__PURE__ */ __name(async (args) => {
-  const { idOpts, header, payload, context, options } = args;
-  const jwtOptions = {
-    ...options,
-    signer: await getDidSigner({
-      idOpts,
-      context
-    })
-  };
-  return createJWT(payload, jwtOptions, header);
-}, "signDidJWT");
-var getDidSigner = /* @__PURE__ */ __name(async (args) => {
-  const { idOpts, context } = args;
-  const identifier = await legacyGetIdentifier(idOpts, context);
-  const key = await getKey({
-    identifier,
-    vmRelationship: idOpts.verificationMethodSection,
-    kmsKeyRef: idOpts.kmsKeyRef
-  }, context);
-  const algorithm = await signatureAlgorithmFromKey({
-    key
-  });
-  return async (data) => {
-    const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data) : data;
-    return await context.agent.keyManagerSign({
-      keyRef: key.kid,
-      algorithm,
-      data: input
-    });
-  };
-}, "getDidSigner");
-export {
-  AgentDIDResolver,
-  DID_PREFIX,
-  IdentifierAliasEnum,
-  SupportedDidMethodEnum,
-  asDidWeb,
-  createIdentifier,
-  dereferenceDidKeysWithJwkSupport,
-  determineKid,
-  didDocumentToJwks,
-  extractPublicKeyHex,
-  extractPublicKeyHexWithJwkSupport,
-  getAgentDIDMethods,
-  getAgentResolver,
-  getAuthenticationKey,
-  getControllerKey,
-  getDID,
-  getDidSigner,
-  getEthereumAddressFromKey,
-  getFirstKeyWithRelation,
-  getFirstKeyWithRelationFromDIDDoc,
-  getKey,
-  getKeys,
-  getOrCreatePrimaryIdentifier,
-  getPrimaryIdentifier,
-  getSupportedDIDMethods,
-  isEvenHexString,
-  jwkTtoPublicKeyHex,
-  mapIdentifierKeysToDocWithJwkSupport,
-  signDidJWT,
-  toDID,
-  toDIDs,
-  toDidDocument,
-  toDidResolutionResult,
-  verificationMethodToJwk
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./did-functions"), exports);
+__exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map