npm - @sphereon/ssi-sdk-ext.did-utils - Versions diffs - 0.28.1-feature.oyd.cmsm.improv.21 → 0.28.1-next.54 - Mend

@sphereon/ssi-sdk-ext.did-utils 0.28.1-feature.oyd.cmsm.improv.21 → 0.28.1-next.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/index.cjs +766 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +272 -0
package/dist/index.d.ts +272 -3
package/dist/index.js +733 -17
package/dist/index.js.map +1 -1
package/package.json +27 -15
package/src/did-functions.ts +781 -764
package/src/types.ts +4 -4
package/dist/did-functions.d.ts +0 -190
package/dist/did-functions.d.ts.map +0 -1
package/dist/did-functions.js +0 -817
package/dist/did-functions.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/types.d.ts +0 -85
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -19
package/dist/types.js.map +0 -1

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,766 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AgentDIDResolver: () => AgentDIDResolver,
+  DID_PREFIX: () => DID_PREFIX,
+  IdentifierAliasEnum: () => IdentifierAliasEnum,
+  SupportedDidMethodEnum: () => SupportedDidMethodEnum,
+  asDidWeb: () => asDidWeb,
+  createIdentifier: () => createIdentifier,
+  dereferenceDidKeysWithJwkSupport: () => dereferenceDidKeysWithJwkSupport,
+  determineKid: () => determineKid,
+  didDocumentToJwks: () => didDocumentToJwks,
+  extractPublicKeyHex: () => extractPublicKeyHex,
+  extractPublicKeyHexWithJwkSupport: () => extractPublicKeyHexWithJwkSupport,
+  getAgentDIDMethods: () => getAgentDIDMethods,
+  getAgentResolver: () => getAgentResolver,
+  getAuthenticationKey: () => getAuthenticationKey,
+  getControllerKey: () => getControllerKey,
+  getDID: () => getDID,
+  getDidSigner: () => getDidSigner,
+  getEthereumAddressFromKey: () => getEthereumAddressFromKey,
+  getFirstKeyWithRelation: () => getFirstKeyWithRelation,
+  getFirstKeyWithRelationFromDIDDoc: () => getFirstKeyWithRelationFromDIDDoc,
+  getKey: () => getKey,
+  getKeys: () => getKeys,
+  getOrCreatePrimaryIdentifier: () => getOrCreatePrimaryIdentifier,
+  getPrimaryIdentifier: () => getPrimaryIdentifier,
+  getSupportedDIDMethods: () => getSupportedDIDMethods,
+  isEvenHexString: () => isEvenHexString,
+  jwkTtoPublicKeyHex: () => jwkTtoPublicKeyHex,
+  mapIdentifierKeysToDocWithJwkSupport: () => mapIdentifierKeysToDocWithJwkSupport,
+  signDidJWT: () => signDidJWT,
+  toDID: () => toDID,
+  toDIDs: () => toDIDs,
+  toDidDocument: () => toDidDocument,
+  toDidResolutionResult: () => toDidResolutionResult,
+  verificationMethodToJwk: () => verificationMethodToJwk
+});
+module.exports = __toCommonJS(index_exports);
+// src/did-functions.ts
+var import_transactions = require("@ethersproject/transactions");
+var import_did_uni_client = require("@sphereon/did-uni-client");
+var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.key-utils");
+var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.x509-utils");
+var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
+var import_ed25519 = require("@stablelib/ed25519");
+var import_utils = require("@veramo/utils");
+var import_did_jwt = require("did-jwt");
+var import_elliptic = __toESM(require("elliptic"), 1);
+var u8a = __toESM(require("uint8arrays"), 1);
+// src/types.ts
+var SupportedDidMethodEnum = /* @__PURE__ */ function(SupportedDidMethodEnum2) {
+  SupportedDidMethodEnum2["DID_ETHR"] = "ethr";
+  SupportedDidMethodEnum2["DID_KEY"] = "key";
+  SupportedDidMethodEnum2["DID_LTO"] = "lto";
+  SupportedDidMethodEnum2["DID_ION"] = "ion";
+  SupportedDidMethodEnum2["DID_EBSI"] = "ebsi";
+  SupportedDidMethodEnum2["DID_JWK"] = "jwk";
+  SupportedDidMethodEnum2["DID_OYD"] = "oyd";
+  return SupportedDidMethodEnum2;
+}({});
+var IdentifierAliasEnum = /* @__PURE__ */ function(IdentifierAliasEnum2) {
+  IdentifierAliasEnum2["PRIMARY"] = "primary";
+  return IdentifierAliasEnum2;
+}({});
+var DID_PREFIX = "did:";
+// src/did-functions.ts
+var { fromString, toString } = u8a;
+var getAuthenticationKey = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey }, context) => {
+  return await getFirstKeyWithRelation({
+    identifier,
+    offlineWhenNoDIDRegistered,
+    noVerificationMethodFallback,
+    keyType,
+    controllerKey,
+    vmRelationship: "authentication"
+  }, context);
+}, "getAuthenticationKey");
+var getFirstKeyWithRelation = /* @__PURE__ */ __name(async ({ identifier, offlineWhenNoDIDRegistered, noVerificationMethodFallback, keyType, controllerKey, vmRelationship }, context) => {
+  let key = void 0;
+  try {
+    key = await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship,
+      errorOnNotFound: false,
+      keyType,
+      controllerKey
+    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship: "verificationMethod",
+      errorOnNotFound: false,
+      keyType,
+      controllerKey
+    }, context));
+  } catch (e) {
+    if (e instanceof Error) {
+      if (!e.message.includes("404") || !offlineWhenNoDIDRegistered) {
+        throw e;
+      }
+    } else {
+      throw e;
+    }
+  }
+  if (!key && offlineWhenNoDIDRegistered) {
+    const offlineDID = toDidDocument(identifier);
+    key = await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship,
+      errorOnNotFound: false,
+      didDocument: offlineDID,
+      keyType,
+      controllerKey
+    }, context) ?? (noVerificationMethodFallback || vmRelationship === "verificationMethod" ? void 0 : await getFirstKeyWithRelationFromDIDDoc({
+      identifier,
+      vmRelationship: "verificationMethod",
+      errorOnNotFound: false,
+      didDocument: offlineDID,
+      keyType,
+      controllerKey
+    }, context));
+    if (!key) {
+      key = identifier.keys.map((key2) => key2).filter((key2) => keyType === void 0 || key2.type === keyType || controllerKey && key2.kid === identifier.controllerKeyId).find((key2) => key2.meta.verificationMethod?.type.includes("authentication") || key2.meta.purposes?.includes("authentication"));
+    }
+  }
+  if (!key) {
+    throw Error(`Could not find authentication key for DID ${identifier.did}`);
+  }
+  return key;
+}, "getFirstKeyWithRelation");
+var getOrCreatePrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  const primaryIdentifier = await getPrimaryIdentifier(context, {
+    ...opts?.createOpts?.options,
+    ...opts?.method && {
+      method: opts.method
+    }
+  });
+  if (primaryIdentifier !== void 0) {
+    return {
+      created: false,
+      result: primaryIdentifier
+    };
+  }
+  if (opts?.method === SupportedDidMethodEnum.DID_KEY) {
+    const createOpts = opts?.createOpts ?? {};
+    createOpts.options = {
+      codecName: "EBSI",
+      type: "Secp256r1",
+      ...createOpts
+    };
+    opts.createOpts = createOpts;
+  }
+  const createdIdentifier = await createIdentifier(context, opts);
+  return {
+    created: true,
+    result: createdIdentifier
+  };
+}, "getOrCreatePrimaryIdentifier");
+var getPrimaryIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  const identifiers = (await context.agent.didManagerFind(opts?.method ? {
+    provider: `${DID_PREFIX}${opts?.method}`
+  } : {})).filter((identifier) => opts?.type === void 0 || identifier.keys.some((key) => key.type === opts?.type));
+  return identifiers && identifiers.length > 0 ? identifiers[0] : void 0;
+}, "getPrimaryIdentifier");
+var createIdentifier = /* @__PURE__ */ __name(async (context, opts) => {
+  return await context.agent.didManagerCreate({
+    kms: await (0, import_ssi_sdk_ext.getKms)(context, opts?.createOpts?.kms),
+    ...opts?.method && {
+      provider: `${DID_PREFIX}${opts?.method}`
+    },
+    alias: opts?.createOpts?.alias ?? `${IdentifierAliasEnum.PRIMARY}-${opts?.method}-${opts?.createOpts?.options?.type}-${(/* @__PURE__ */ new Date()).getTime()}`,
+    options: opts?.createOpts?.options
+  });
+}, "createIdentifier");
+var getFirstKeyWithRelationFromDIDDoc = /* @__PURE__ */ __name(async ({ identifier, vmRelationship = "verificationMethod", keyType, errorOnNotFound = false, didDocument, controllerKey }, context) => {
+  const matchedKeys = await mapIdentifierKeysToDocWithJwkSupport({
+    identifier,
+    vmRelationship,
+    didDocument
+  }, context);
+  if (Array.isArray(matchedKeys) && matchedKeys.length > 0) {
+    const result = matchedKeys.find((key) => keyType === void 0 || key.type === keyType || controllerKey && key.kid === identifier.controllerKeyId);
+    if (result) {
+      return result;
+    }
+  }
+  if (errorOnNotFound) {
+    throw new Error(`Could not find key with relationship ${vmRelationship} in DID document for ${identifier.did}${keyType ? " and key type: " + keyType : ""}`);
+  }
+  return void 0;
+}, "getFirstKeyWithRelationFromDIDDoc");
+var getEthereumAddressFromKey = /* @__PURE__ */ __name(({ key }) => {
+  if (key.type !== "Secp256k1") {
+    throw Error(`Can only get ethereum address from a Secp256k1 key. Type is ${key.type} for keyRef: ${key.kid}`);
+  }
+  const ethereumAddress = key.meta?.ethereumAddress ?? key.meta?.account?.toLowerCase() ?? (0, import_transactions.computeAddress)(`0x${key.publicKeyHex}`).toLowerCase();
+  if (!ethereumAddress) {
+    throw Error(`Could not get or generate ethereum address from key with keyRef ${key.kid}`);
+  }
+  return ethereumAddress;
+}, "getEthereumAddressFromKey");
+var getControllerKey = /* @__PURE__ */ __name(({ identifier }) => {
+  const key = identifier.keys.find((key2) => key2.kid === identifier.controllerKeyId);
+  if (!key) {
+    throw Error(`Could not get controller key for identifier ${identifier}`);
+  }
+  return key;
+}, "getControllerKey");
+var getKeys = /* @__PURE__ */ __name(({ jwkThumbprint, kms, identifier, kmsKeyRef, keyType, controllerKey }) => {
+  return identifier.keys.filter((key) => !keyType || key.type === keyType).filter((key) => !kms || key.kms === kms).filter((key) => !kmsKeyRef || key.kid === kmsKeyRef).filter((key) => !jwkThumbprint || key.meta?.jwkThumbprint === jwkThumbprint).filter((key) => !controllerKey || identifier.controllerKeyId === key.kid);
+}, "getKeys");
+async function dereferenceDidKeysWithJwkSupport(didDocument, section = "keyAgreement", context) {
+  const convert = section === "keyAgreement";
+  if (section === "service") {
+    return [];
+  }
+  return (await Promise.all((didDocument[section] || []).map(async (key) => {
+    if (typeof key === "string") {
+      try {
+        return await context.agent.getDIDComponentById({
+          didDocument,
+          didUrl: key,
+          section
+        });
+      } catch (e) {
+        return null;
+      }
+    } else {
+      return key;
+    }
+  }))).filter(import_utils.isDefined).map((key) => {
+    const hexKey = extractPublicKeyHexWithJwkSupport(key, convert);
+    const { publicKeyHex, publicKeyBase58, publicKeyBase64, publicKeyJwk, ...keyProps } = key;
+    const newKey = {
+      ...keyProps,
+      publicKeyHex: hexKey
+    };
+    if (convert && "Ed25519VerificationKey2018" === newKey.type) {
+      newKey.type = "X25519KeyAgreementKey2019";
+    }
+    return newKey;
+  });
+}
+__name(dereferenceDidKeysWithJwkSupport, "dereferenceDidKeysWithJwkSupport");
+function jwkTtoPublicKeyHex(jwk) {
+  const vm = {
+    publicKeyJwk: (0, import_ssi_sdk_ext.sanitizedJwk)(jwk)
+  };
+  return extractPublicKeyHexWithJwkSupport(vm);
+}
+__name(jwkTtoPublicKeyHex, "jwkTtoPublicKeyHex");
+function extractPublicKeyHexWithJwkSupport(pk, convert = false) {
+  if (pk.publicKeyJwk) {
+    const jwk = (0, import_ssi_sdk_ext.sanitizedJwk)(pk.publicKeyJwk);
+    if (jwk.kty === "EC") {
+      const curve = jwk.crv ? toEcLibCurve(jwk.crv) : "p256";
+      const xHex = (0, import_ssi_sdk_ext2.base64ToHex)(jwk.x, "base64url");
+      const yHex = (0, import_ssi_sdk_ext2.base64ToHex)(jwk.y, "base64url");
+      const prefix = "04";
+      const hex = `${prefix}${xHex}${yHex}`;
+      try {
+        const ec = new import_elliptic.default.ec(curve);
+        const publicKeyHex = ec.keyFromPublic(hex, "hex").getPublic(true, "hex");
+        return publicKeyHex;
+      } catch (error) {
+        console.error(`Error converting EC with elliptic lib curve ${curve} from JWK to hex. x: ${jwk.x}, y: ${jwk.y}, error: ${error}`, error);
+      }
+    } else if (jwk.crv === "Ed25519") {
+      return toString(fromString(jwk.x, "base64url"), "base16");
+    } else if (jwk.kty === "RSA") {
+      return (0, import_ssi_sdk_ext.rsaJwkToRawHexKey)(jwk);
+    }
+  }
+  return extractPublicKeyHex(pk, convert);
+}
+__name(extractPublicKeyHexWithJwkSupport, "extractPublicKeyHexWithJwkSupport");
+function isEvenHexString(hex) {
+  const lastChar = hex[hex.length - 1].toLowerCase();
+  return [
+    "0",
+    "2",
+    "4",
+    "6",
+    "8",
+    "a",
+    "c",
+    "e"
+  ].includes(lastChar);
+}
+__name(isEvenHexString, "isEvenHexString");
+function extractPublicKeyHex(pk, convert = false) {
+  let keyBytes = extractPublicKeyBytes(pk);
+  const jwk = pk.publicKeyJwk ? (0, import_ssi_sdk_ext.sanitizedJwk)(pk.publicKeyJwk) : void 0;
+  if (convert) {
+    if ([
+      "Ed25519",
+      "Ed25519VerificationKey2018",
+      "Ed25519VerificationKey2020"
+    ].includes(pk.type) || pk.type === "JsonWebKey2020" && jwk?.crv === "Ed25519") {
+      keyBytes = (0, import_ed25519.convertPublicKeyToX25519)(keyBytes);
+    } else if (![
+      "X25519",
+      "X25519KeyAgreementKey2019",
+      "X25519KeyAgreementKey2020"
+    ].includes(pk.type) && !(pk.type === "JsonWebKey2020" && jwk?.crv === "X25519")) {
+      return "";
+    }
+  }
+  return (0, import_ssi_sdk.bytesToHex)(keyBytes);
+}
+__name(extractPublicKeyHex, "extractPublicKeyHex");
+function toEcLibCurve(input) {
+  return input.toLowerCase().replace("-", "").replace("_", "");
+}
+__name(toEcLibCurve, "toEcLibCurve");
+function extractPublicKeyBytes(pk) {
+  if (pk.publicKeyBase58) {
+    return (0, import_ssi_sdk.base58ToBytes)(pk.publicKeyBase58);
+  } else if (pk.publicKeyMultibase) {
+    return (0, import_ssi_sdk.multibaseKeyToBytes)(pk.publicKeyMultibase);
+  } else if (pk.publicKeyBase64) {
+    return (0, import_ssi_sdk.base64ToBytes)(pk.publicKeyBase64);
+  } else if (pk.publicKeyHex) {
+    return (0, import_ssi_sdk.hexToBytes)(pk.publicKeyHex);
+  } else if (pk.publicKeyJwk?.crv && pk.publicKeyJwk.x && pk.publicKeyJwk.y) {
+    return (0, import_ssi_sdk.hexToBytes)(extractPublicKeyHexWithJwkSupport(pk));
+  } else if (pk.publicKeyJwk && (pk.publicKeyJwk.crv === "Ed25519" || pk.publicKeyJwk.crv === "X25519") && pk.publicKeyJwk.x) {
+    return (0, import_ssi_sdk.base64ToBytes)(pk.publicKeyJwk.x);
+  }
+  return new Uint8Array();
+}
+__name(extractPublicKeyBytes, "extractPublicKeyBytes");
+function verificationMethodToJwk(vm, errorOnNotFound = true) {
+  let jwk = vm.publicKeyJwk;
+  if (!jwk) {
+    let publicKeyHex = vm.publicKeyHex ?? toString(extractPublicKeyBytes(vm), "hex");
+    if (publicKeyHex && publicKeyHex.trim() !== "") {
+      jwk = (0, import_ssi_sdk_ext.toJwk)(publicKeyHex, (0, import_ssi_sdk_ext.keyTypeFromCryptographicSuite)({
+        crv: vm.type
+      }));
+    }
+  }
+  if (!jwk) {
+    if (errorOnNotFound) {
+      throw Error(`Could not convert verification method ${vm.id} to jwk`);
+    }
+    return null;
+  }
+  jwk.kid = vm.id;
+  return (0, import_ssi_sdk_ext.sanitizedJwk)(jwk);
+}
+__name(verificationMethodToJwk, "verificationMethodToJwk");
+function didDocumentSectionToJwks(didDocumentSection, searchForVerificationMethods, verificationMethods) {
+  const jwks = new Set((searchForVerificationMethods ?? []).map((vmOrId) => typeof vmOrId === "object" ? vmOrId : verificationMethods?.find((vm) => vm.id === vmOrId)).filter(import_utils.isDefined).map((vm) => verificationMethodToJwk(vm, false)).filter(import_utils.isDefined));
+  return {
+    didDocumentSection,
+    jwks: Array.from(jwks)
+  };
+}
+__name(didDocumentSectionToJwks, "didDocumentSectionToJwks");
+function didDocumentToJwks(didDocument) {
+  return {
+    verificationMethod: [
+      ...didDocumentSectionToJwks("publicKey", didDocument.publicKey, didDocument.verificationMethod).jwks,
+      ...didDocumentSectionToJwks("verificationMethod", didDocument.verificationMethod, didDocument.verificationMethod).jwks
+    ],
+    assertionMethod: didDocumentSectionToJwks("assertionMethod", didDocument.assertionMethod, didDocument.verificationMethod).jwks,
+    authentication: didDocumentSectionToJwks("authentication", didDocument.authentication, didDocument.verificationMethod).jwks,
+    keyAgreement: didDocumentSectionToJwks("keyAgreement", didDocument.keyAgreement, didDocument.verificationMethod).jwks,
+    capabilityInvocation: didDocumentSectionToJwks("capabilityInvocation", didDocument.capabilityInvocation, didDocument.verificationMethod).jwks,
+    capabilityDelegation: didDocumentSectionToJwks("capabilityDelegation", didDocument.capabilityDelegation, didDocument.verificationMethod).jwks
+  };
+}
+__name(didDocumentToJwks, "didDocumentToJwks");
+async function mapIdentifierKeysToDocWithJwkSupport({ identifier, vmRelationship = "verificationMethod", didDocument, kmsKeyRef }, context) {
+  const didDoc = didDocument ?? await getAgentResolver(context).resolve(identifier.did).then((result) => result.didDocument);
+  if (!didDoc) {
+    throw Error(`Could not resolve DID ${identifier.did}`);
+  }
+  const keys = didDoc ? [] : await (0, import_utils.mapIdentifierKeysToDoc)(identifier, vmRelationship, context);
+  const documentKeys = await dereferenceDidKeysWithJwkSupport(didDoc, vmRelationship, context);
+  if (kmsKeyRef) {
+    let found = keys.filter((key) => key.kid === kmsKeyRef);
+    if (found.length > 0) {
+      return found;
+    }
+  }
+  const localKeys = vmRelationship === "keyAgreement" ? (0, import_utils.convertIdentifierEncryptionKeys)(identifier) : (0, import_utils.compressIdentifierSecp256k1Keys)(identifier);
+  const extendedKeys = documentKeys.map((verificationMethod) => {
+    let vmKey = verificationMethod.publicKeyHex;
+    if (vmKey?.startsWith("30")) {
+      vmKey = (0, import_ssi_sdk_ext.toPkcs1FromHex)(vmKey);
+    }
+    const localKey = localKeys.find((localKey2) => localKey2.publicKeyHex === vmKey || localKey2.type === "RSA" && vmKey?.startsWith("30") && (0, import_ssi_sdk_ext.toPkcs1FromHex)(localKey2.publicKeyHex) === vmKey || vmKey?.startsWith(localKey2.publicKeyHex) || compareBlockchainAccountId(localKey2, verificationMethod));
+    if (localKey) {
+      const { meta, ...localProps } = localKey;
+      return {
+        ...localProps,
+        meta: {
+          ...meta,
+          verificationMethod
+        }
+      };
+    } else {
+      return null;
+    }
+  }).filter(import_utils.isDefined);
+  return Array.from(new Set(keys.concat(extendedKeys)));
+}
+__name(mapIdentifierKeysToDocWithJwkSupport, "mapIdentifierKeysToDocWithJwkSupport");
+function compareBlockchainAccountId(localKey, verificationMethod) {
+  if (verificationMethod.type !== "EcdsaSecp256k1RecoveryMethod2020" && verificationMethod.type !== "EcdsaSecp256k1VerificationKey2019" || localKey.type !== "Secp256k1") {
+    return false;
+  }
+  let vmEthAddr = (0, import_utils.getEthereumAddress)(verificationMethod);
+  if (localKey.meta?.account) {
+    return vmEthAddr === localKey.meta?.account.toLowerCase();
+  }
+  const computedAddr = (0, import_transactions.computeAddress)("0x" + localKey.publicKeyHex).toLowerCase();
+  return computedAddr === vmEthAddr;
+}
+__name(compareBlockchainAccountId, "compareBlockchainAccountId");
+async function getAgentDIDMethods(context) {
+  return (await context.agent.didManagerGetProviders()).map((provider) => provider.toLowerCase().replace("did:", ""));
+}
+__name(getAgentDIDMethods, "getAgentDIDMethods");
+function getDID(idOpts) {
+  if (typeof idOpts.identifier === "string") {
+    return idOpts.identifier;
+  } else if (typeof idOpts.identifier === "object") {
+    return idOpts.identifier.did;
+  }
+  throw Error(`Cannot get DID from identifier value`);
+}
+__name(getDID, "getDID");
+function toDID(identifier) {
+  if (typeof identifier === "string") {
+    return identifier;
+  }
+  if (identifier.did) {
+    return identifier.did;
+  }
+  throw Error(`No DID value present in identifier`);
+}
+__name(toDID, "toDID");
+function toDIDs(identifiers) {
+  if (!identifiers) {
+    return [];
+  }
+  return identifiers.map(toDID);
+}
+__name(toDIDs, "toDIDs");
+async function getKey({ identifier, vmRelationship = "authentication", kmsKeyRef }, context) {
+  if (!identifier) {
+    return Promise.reject(new Error(`No identifier provided to getKey method!`));
+  }
+  const kmsKeyRefParts = kmsKeyRef?.split(`#`);
+  const kid = kmsKeyRefParts ? kmsKeyRefParts?.length === 2 ? kmsKeyRefParts[1] : kmsKeyRefParts[0] : void 0;
+  let identifierKey = void 0;
+  const keys = await mapIdentifierKeysToDocWithJwkSupport({
+    identifier,
+    vmRelationship,
+    kmsKeyRef
+  }, context);
+  if (!keys || keys.length === 0) {
+    throw new Error(`No keys found for verificationMethodSection: ${vmRelationship} and did ${identifier.did}`);
+  }
+  if (kmsKeyRef) {
+    identifierKey = keys.find((key) => key.meta.verificationMethod?.id === kmsKeyRef || kid && key.meta.verificationMethod?.id?.includes(kid));
+  }
+  if (!identifierKey) {
+    identifierKey = keys.find((key) => key.meta.verificationMethod?.type === vmRelationship || key.meta.purposes?.includes(vmRelationship));
+  }
+  if (!identifierKey) {
+    identifierKey = keys[0];
+  }
+  if (!identifierKey) {
+    throw new Error(`No matching verificationMethodSection key found for keyId: ${kmsKeyRef} and vmSection: ${vmRelationship} for id ${identifier.did}`);
+  }
+  return identifierKey;
+}
+__name(getKey, "getKey");
+async function legacyGetIdentifier({ identifier }, context) {
+  if (typeof identifier === "string") {
+    return await context.agent.didManagerGet({
+      did: identifier
+    });
+  }
+  return identifier;
+}
+__name(legacyGetIdentifier, "legacyGetIdentifier");
+async function determineKid({ key, idOpts }, context) {
+  if (key.meta?.verificationMethod?.id) {
+    return key.meta?.verificationMethod?.id;
+  }
+  const identifier = await legacyGetIdentifier(idOpts, context);
+  const mappedKeys = await mapIdentifierKeysToDocWithJwkSupport({
+    identifier,
+    vmRelationship: "verificationMethod"
+  }, context);
+  const vmKey = mappedKeys.find((extendedKey) => extendedKey.kid === key.kid);
+  if (vmKey) {
+    return vmKey.meta?.verificationMethod?.id ?? vmKey.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? vmKey.kid;
+  }
+  return key.meta?.jwkThumbprint ?? idOpts.kmsKeyRef ?? key.kid;
+}
+__name(determineKid, "determineKid");
+async function getSupportedDIDMethods(didOpts, context) {
+  return didOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
+}
+__name(getSupportedDIDMethods, "getSupportedDIDMethods");
+function getAgentResolver(context, opts) {
+  return new AgentDIDResolver(context, opts);
+}
+__name(getAgentResolver, "getAgentResolver");
+var AgentDIDResolver = class {
+  static {
+    __name(this, "AgentDIDResolver");
+  }
+  context;
+  resolverResolution;
+  uniresolverResolution;
+  localResolution;
+  constructor(context, opts) {
+    this.context = context;
+    this.resolverResolution = opts?.resolverResolution !== false;
+    this.uniresolverResolution = opts?.uniresolverResolution !== false;
+    this.localResolution = opts?.localResolution !== false;
+  }
+  async resolve(didUrl, options) {
+    let resolutionResult;
+    let origResolutionResult;
+    let err;
+    if (!this.resolverResolution && !this.localResolution && !this.uniresolverResolution) {
+      throw Error(`No agent hosted DID resolution, regular agent resolution nor universal resolver resolution is enabled. Cannot resolve DIDs.`);
+    }
+    if (this.resolverResolution) {
+      try {
+        resolutionResult = await this.context.agent.resolveDid({
+          didUrl,
+          options
+        });
+      } catch (error) {
+        err = error;
+      }
+    }
+    if (resolutionResult) {
+      origResolutionResult = resolutionResult;
+      if (resolutionResult.didDocument === null) {
+        resolutionResult = void 0;
+      }
+    } else {
+      console.log(`Agent resolver resolution is disabled. This typically isn't desirable!`);
+    }
+    if (!resolutionResult && this.localResolution) {
+      console.log(`Using local DID resolution, looking at DIDs hosted by the agent.`);
+      try {
+        const did = didUrl.split("#")[0];
+        const iIdentifier = await this.context.agent.didManagerGet({
+          did
+        });
+        resolutionResult = toDidResolutionResult(iIdentifier, {
+          did
+        });
+        if (resolutionResult.didDocument) {
+          err = void 0;
+        } else {
+          console.log(`Local resolution resulted in a DID Document for ${did}`);
+        }
+      } catch (error) {
+        if (!err) {
+          err = error;
+        }
+      }
+    }
+    if (resolutionResult) {
+      if (!origResolutionResult) {
+        origResolutionResult = resolutionResult;
+      }
+      if (!resolutionResult.didDocument) {
+        resolutionResult = void 0;
+      }
+    }
+    if (!resolutionResult && this.uniresolverResolution) {
+      console.log(`Using universal resolver resolution for did ${didUrl} `);
+      resolutionResult = await new import_did_uni_client.UniResolver().resolve(didUrl, options);
+      if (!origResolutionResult) {
+        origResolutionResult = resolutionResult;
+      }
+      if (resolutionResult.didDocument) {
+        err = void 0;
+      }
+    }
+    if (err) {
+      throw err;
+    }
+    if (!resolutionResult && !origResolutionResult) {
+      throw `Could not resolve ${didUrl}. Resolutions tried: online: ${this.resolverResolution}, local: ${this.localResolution}, uni resolver: ${this.uniresolverResolution}`;
+    }
+    return resolutionResult ?? origResolutionResult;
+  }
+};
+function toDidDocument(identifier, opts) {
+  let didDocument = void 0;
+  if (identifier) {
+    const did = identifier.did ?? opts?.did;
+    didDocument = {
+      "@context": "https://www.w3.org/ns/did/v1",
+      id: did,
+      verificationMethod: identifier.keys.map((key) => {
+        const vm = {
+          controller: did,
+          id: key.kid.startsWith(did) && key.kid.includes("#") ? key.kid : `${did}#${key.kid}`,
+          publicKeyJwk: (0, import_ssi_sdk_ext.toJwk)(key.publicKeyHex, key.type, {
+            use: import_ssi_sdk_ext.ENC_KEY_ALGS.includes(key.type) ? import_ssi_sdk_ext.JwkKeyUse.Encryption : import_ssi_sdk_ext.JwkKeyUse.Signature,
+            key
+          }),
+          type: "JsonWebKey2020"
+        };
+        return vm;
+      }),
+      ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Signature)) && identifier.keys && {
+        assertionMethod: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "assertionMethod" || key?.meta?.purposes?.includes("assertionMethod")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Signature)) && identifier.keys && {
+        authentication: identifier.keys.filter((key) => key?.meta?.purpose === void 0 || key?.meta?.purpose === "authentication" || key?.meta?.purposes?.includes("authentication")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
+        keyAgreement: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "keyAgreement" || key?.meta?.purposes?.includes("keyAgreement")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
+        capabilityInvocation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityInvocation" || key?.meta?.purposes?.includes("capabilityInvocation")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...(opts?.use === void 0 || opts?.use?.includes(import_ssi_sdk_ext.JwkKeyUse.Encryption)) && identifier.keys && {
+        capabilityDelegation: identifier.keys.filter((key) => key.type === "X25519" || key?.meta?.purpose === "capabilityDelegation" || key?.meta?.purposes?.includes("capabilityDelegation")).map((key) => {
+          if (key.kid.startsWith(did) && key.kid.includes("#")) {
+            return key.kid;
+          }
+          return `${did}#${key.kid}`;
+        })
+      },
+      ...identifier.services && identifier.services.length > 0 && {
+        service: identifier.services
+      }
+    };
+  }
+  return didDocument;
+}
+__name(toDidDocument, "toDidDocument");
+function toDidResolutionResult(identifier, opts) {
+  const didDocument = toDidDocument(identifier, opts) ?? null;
+  const resolutionResult = {
+    "@context": "https://w3id.org/did-resolution/v1",
+    didDocument,
+    didResolutionMetadata: {
+      ...!didDocument && {
+        error: "notFound"
+      },
+      ...Array.isArray(opts?.supportedMethods) && identifier && !opts?.supportedMethods.includes(identifier.provider.replace("did:", "")) && {
+        error: "unsupportedDidMethod"
+      }
+    },
+    didDocumentMetadata: {
+      ...identifier?.alias && {
+        equivalentId: identifier?.alias
+      }
+    }
+  };
+  return resolutionResult;
+}
+__name(toDidResolutionResult, "toDidResolutionResult");
+async function asDidWeb(hostnameOrDID) {
+  let did = hostnameOrDID;
+  if (!did) {
+    throw Error("Domain or DID expected, but received nothing.");
+  }
+  if (did.startsWith("did:web:")) {
+    return did;
+  }
+  return `did:web:${did.replace(/https?:\/\/([^/?#]+).*/i, "$1").toLowerCase()}`;
+}
+__name(asDidWeb, "asDidWeb");
+var signDidJWT = /* @__PURE__ */ __name(async (args) => {
+  const { idOpts, header, payload, context, options } = args;
+  const jwtOptions = {
+    ...options,
+    signer: await getDidSigner({
+      idOpts,
+      context
+    })
+  };
+  return (0, import_did_jwt.createJWT)(payload, jwtOptions, header);
+}, "signDidJWT");
+var getDidSigner = /* @__PURE__ */ __name(async (args) => {
+  const { idOpts, context } = args;
+  const identifier = await legacyGetIdentifier(idOpts, context);
+  const key = await getKey({
+    identifier,
+    vmRelationship: idOpts.verificationMethodSection,
+    kmsKeyRef: idOpts.kmsKeyRef
+  }, context);
+  const algorithm = await (0, import_ssi_sdk_ext.signatureAlgorithmFromKey)({
+    key
+  });
+  return async (data) => {
+    const input = data instanceof Object.getPrototypeOf(Uint8Array) ? new TextDecoder().decode(data) : data;
+    return await context.agent.keyManagerSign({
+      keyRef: key.kid,
+      algorithm,
+      data: input
+    });
+  };
+}, "getDidSigner");
+//# sourceMappingURL=index.cjs.map