@sphereon/ssi-sdk-ext.identifier-resolution 0.28.1-feature.jose.vcdm.52 → 0.28.1-feature.oyd.cmsm.improv.20

package/dist/index.d.ts

@@ -1,439 +1,12 @@
-import { JWK, ICoseKeyJson, IParsedDID } from '@sphereon/ssi-types';
-import { DIDDocumentSection, DIDDocument, DIDResolutionResult, IIdentifier, IKey, TKeyType, IPluginMethodMap, IAgentContext, IKeyManager, IDIDManager, IAgentPlugin, IResolver } from '@veramo/core';
-import { DidDocumentJwks } from '@sphereon/ssi-sdk-ext.did-utils';
-import { X509CertificateChainValidationOpts, X509ValidationResult, ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils';
-import { webcrypto } from 'node:crypto';
-import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client';
-
-// Copy of jwt-service typings since we cannot include that as devDependency due to cyclic dep
-/*
-import {
-  ExternalIdentifierDidOpts,
-  ExternalIdentifierResult,
-  ExternalIdentifierX5cOpts,
-  IIdentifierResolution,
-  ManagedIdentifierOptsOrResult,
-  ManagedIdentifierResult,
-} from '../types'*/
-
-interface BaseJwtPayload {
-  iss?: string
-  sub?: string
-  aud?: string[] | string
-  exp?: number
-  nbf?: number
-  iat?: number
-  jti?: string
-}
-interface JwsPayload extends BaseJwtPayload {
-  [key: string]: unknown
-}
-
 /**
- * Use whenever we need to resolve an external identifier. We can pass in kids, DIDs, and x5chains
- *
- * The functions below can be used to check the type, and they also provide the proper runtime types
- */
-type ExternalIdentifierType = string | string[] | JWK;
-type ExternalIdentifierOptsBase = {
-    method?: ExternalIdentifierMethod;
-    identifier: ExternalIdentifierType;
-};
-type ExternalIdentifierDidOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'did';
-    identifier: string;
-    noVerificationMethodFallback?: boolean;
-    vmRelationship?: DIDDocumentSection;
-    localResolution?: boolean;
-    uniresolverResolution?: boolean;
-    resolverResolution?: boolean;
-};
-declare function isExternalIdentifierDidOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierDidOpts;
-type ExternalIdentifierOpts = (ExternalIdentifierJwkOpts | ExternalIdentifierX5cOpts | ExternalIdentifierDidOpts | ExternalIdentifierKidOpts | ExternalIdentifierCoseKeyOpts | ExternalIdentifierOIDFEntityIdOpts) & ExternalIdentifierOptsBase;
-type ExternalIdentifierKidOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'kid';
-    identifier: string;
-};
-declare function isExternalIdentifierKidOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierKidOpts;
-type ExternalIdentifierJwkOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'jwk';
-    identifier: JWK;
-    x5c?: ExternalIdentifierX5cOpts;
-};
-declare function isExternalIdentifierJwkOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierJwkOpts;
-type ExternalIdentifierCoseKeyOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'cose_key';
-    identifier: ICoseKeyJson;
-};
-declare function isExternalIdentifierCoseKeyOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierCoseKeyOpts;
-type ExternalIdentifierOidcDiscoveryOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'oidc-discovery';
-    identifier: string;
-};
-declare function isExternalIdentifierOidcDiscoveryOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierJwkOpts;
-type ExternalIdentifierJwksUrlOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'jwks-url';
-    identifier: string;
-};
-declare function isExternalIdentifierJwksUrlOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierJwksUrlOpts;
-type ExternalIdentifierOIDFEntityIdOpts = Omit<ExternalIdentifierOptsBase, 'method'> & {
-    method?: 'entity_id';
-    identifier: string;
-    trustAnchors?: Array<string>;
-};
-declare function isExternalIdentifierOIDFEntityIdOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierOIDFEntityIdOpts;
-type ExternalIdentifierX5cOpts = Omit<ExternalIdentifierOptsBase, 'method'> & X509CertificateChainValidationOpts & {
-    method?: 'x5c';
-    identifier: string[];
-    verify?: boolean;
-    verificationTime?: Date;
-    trustAnchors?: string[];
-};
-declare function isExternalIdentifierX5cOpts(opts: ExternalIdentifierOptsBase): opts is ExternalIdentifierX5cOpts;
-type ExternalIdentifierMethod = 'did' | 'jwk' | 'x5c' | 'kid' | 'cose_key' | 'oidc-discovery' | 'jwks-url' | 'oid4vci-issuer' | 'entity_id';
-type ExternalIdentifierResult = IExternalIdentifierResultBase & (ExternalIdentifierDidResult | ExternalIdentifierX5cResult | ExternalIdentifierJwkResult | ExternalIdentifierOIDFEntityIdResult | ExternalIdentifierCoseKeyResult);
-interface IExternalIdentifierResultBase {
-    method: ExternalIdentifierMethod;
-    jwks: Array<ExternalJwkInfo>;
-}
-interface ExternalIdentifierJwkResult extends IExternalIdentifierResultBase {
-    method: 'jwk';
-    jwk: JWK;
-    x5c?: ExternalIdentifierX5cResult;
-}
-interface ExternalIdentifierCoseKeyResult extends IExternalIdentifierResultBase {
-    method: 'cose_key';
-    coseKey: ICoseKeyJson;
-    x5c?: ExternalIdentifierX5cResult;
-}
-interface ExternalIdentifierX5cResult extends IExternalIdentifierResultBase {
-    method: 'x5c';
-    x5c: string[];
-    issuerJWK: JWK;
-    verificationResult?: X509ValidationResult;
-    certificates: any[];
-}
-type TrustedAnchor = string;
-type PublicKeyHex = string;
-type ErrorMessage = string;
-interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifierResultBase {
-    method: 'entity_id';
-    trustedAnchors: Array<TrustedAnchor>;
-    errorList?: Record<TrustedAnchor, ErrorMessage>;
-    jwtPayload?: JwsPayload;
-    trustEstablished: boolean;
-}
-interface ExternalJwkInfo extends JwkInfo {
-    kid?: string;
-    publicKeyHex: string;
-}
-interface ExternalIdentifierDidResult extends IExternalIdentifierResultBase {
-    method: 'did';
-    did: string;
-    didDocument?: DIDDocument;
-    didJwks?: DidDocumentJwks;
-    didResolutionResult: Omit<DIDResolutionResult, 'didDocument'>;
-    didParsed: IParsedDID;
-}
-
-/**
- * Use whenever we need to pass in an identifier. We can pass in kids, DIDs, IIdentifier objects and x5chains
- *
- * The functions below can be used to check the type, and they also provide the proper 'runtime' types
- */
-type ManagedIdentifierType = IIdentifier | string | string[] | JWK | IKey | ICoseKeyJson;
-type ManagedIdentifierOpts = (ManagedIdentifierJwkOpts | ManagedIdentifierX5cOpts | ManagedIdentifierDidOpts | ManagedIdentifierKidOpts | ManagedIdentifierKeyOpts | ManagedIdentifierCoseKeyOpts | ManagedIdentifierOID4VCIssuerOpts) & ManagedIdentifierOptsBase;
-type ManagedIdentifierOptsBase = {
-    method?: ManagedIdentifierMethod;
-    identifier: ManagedIdentifierType;
-    kmsKeyRef?: string;
-    issuer?: string;
-    kid?: string;
-    clientId?: string;
-    clientIdScheme?: ClientIdScheme | 'did' | string;
-};
-type ManagedIdentifierDidOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'did';
-    identifier: IIdentifier | string;
-    keyType?: TKeyType;
-    offlineWhenNoDIDRegistered?: boolean;
-    noVerificationMethodFallback?: boolean;
-    controllerKey?: boolean;
-    vmRelationship?: DIDDocumentSection;
-};
-declare function isManagedIdentifierDidOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierDidOpts;
-type ManagedIdentifierKidOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'kid';
-    identifier: string;
-};
-declare function isManagedIdentifierKidOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierKidOpts;
-type ManagedIdentifierKeyOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'key';
-    identifier: IKey;
-};
-declare function isManagedIdentifierKeyOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierKeyOpts;
-type ManagedIdentifierCoseKeyOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'cose_key';
-    identifier: ICoseKeyJson;
-};
-declare function isManagedIdentifierCoseKeyOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierCoseKeyOpts;
-type ManagedIdentifierOID4VCIssuerOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'oid4vci-issuer';
-    identifier: string;
-};
-declare function isManagedIdentifierOID4VCIssuerOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierCoseKeyOpts;
-type ManagedIdentifierJwkOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'jwk';
-    identifier: JWK;
-};
-declare function isManagedIdentifierJwkOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierJwkOpts;
-type ManagedIdentifierX5cOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
-    method?: 'x5c';
-    identifier: string[];
-};
-declare function isManagedIdentifierX5cOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierX5cOpts;
-interface ManagedJwkInfo extends JwkInfo {
-    kmsKeyRef: string;
-}
-interface IManagedIdentifierResultBase extends ManagedJwkInfo {
-    method: ManagedIdentifierMethod;
-    opts: ManagedIdentifierOpts;
-    key: IKey;
-    kid?: string;
-    issuer?: string;
-    clientId?: string;
-    clientIdScheme?: ClientIdScheme | 'did' | string;
-    identifier: ManagedIdentifierType;
-}
-declare function isManagedIdentifierCoseKeyResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierCoseKeyResult;
-declare function isManagedIdentifierDidResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierDidResult;
-declare function isManagedIdentifierX5cResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierX5cResult;
-declare function isManagedIdentifierJwkResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierJwkResult;
-declare function isManagedIdentifierKidResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierKidResult;
-declare function isManagedIdentifierKeyResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierKeyResult;
-interface ManagedIdentifierDidResult extends IManagedIdentifierResultBase {
-    method: 'did';
-    identifier: IIdentifier;
-    did: string;
-    keys: Array<IKey>;
-    verificationMethodSection?: DIDDocumentSection;
-    controllerKeyId?: string;
-    issuer: string;
-    kid: string;
-}
-interface ManagedIdentifierJwkResult extends IManagedIdentifierResultBase {
-    identifier: JWK;
-    method: 'jwk';
-}
-interface ManagedIdentifierKidResult extends IManagedIdentifierResultBase {
-    method: 'kid';
-    identifier: string;
-    kid: string;
-}
-interface ManagedIdentifierKeyResult extends IManagedIdentifierResultBase {
-    method: 'key';
-    identifier: IKey;
-}
-interface ManagedIdentifierCoseKeyResult extends IManagedIdentifierResultBase {
-    method: 'cose_key';
-    identifier: ICoseKeyJson;
-}
-interface ManagedIdentifierOID4VCIssuerResult extends IManagedIdentifierResultBase {
-    method: 'oid4vci-issuer';
-    identifier: string;
-}
-interface ManagedIdentifierX5cResult extends IManagedIdentifierResultBase {
-    method: 'x5c';
-    identifier: string[];
-    x5c: string[];
-    certificate: any;
-}
-type ManagedIdentifierMethod = 'did' | 'jwk' | 'x5c' | 'kid' | 'key' | 'cose_key' | 'oid4vci-issuer';
-type ManagedIdentifierResult = IManagedIdentifierResultBase & (ManagedIdentifierX5cResult | ManagedIdentifierDidResult | ManagedIdentifierJwkResult | ManagedIdentifierKidResult | ManagedIdentifierKeyResult | ManagedIdentifierCoseKeyResult | ManagedIdentifierOID4VCIssuerResult);
-type ManagedIdentifierOptsOrResult = (ManagedIdentifierResult | ManagedIdentifierOpts) & {
-    lazyDisabled?: boolean;
-};
-
-interface JwkInfo {
-    jwk: JWK;
-    jwkThumbprint: string;
-}
-declare function isDidIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is IIdentifier | string;
-declare function isIIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is IIdentifier;
-declare function isJwkIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is JWK;
-declare function isOidcDiscoveryIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string;
-declare function isJwksUrlIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string;
-declare function isKidIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string;
-declare function isOID4VCIssuerIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string;
-declare function isKeyIdentifier(identifier: ManagedIdentifierType): identifier is IKey;
-declare function isCoseKeyIdentifier(identifier: ManagedIdentifierType): identifier is ICoseKeyJson;
-declare function isOIDFEntityIdIdentifier(identifier: ManagedIdentifierType): identifier is string;
-declare function isX5cIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string[];
-
-declare const identifierResolutionContextMethods: Array<string>;
-/**
- * @public
+ * @internal
  */
-interface IIdentifierResolution extends IPluginMethodMap {
-    /**
-     * Main method for managed identifiers. We always go through this method (also the others) as we want to integrate a plugin for anomaly detection. Having a single method helps
-     *
-     * The end result of all these methods is a common baseline response that allows to use a key from the registered KMS systems. It also provides kid and iss(uer) values that can be used in a JWT/JWS for instance
-     * Allows to get a managed identifier result in case identifier options are passed in, but returns the identifier directly in case results are passed in. This means resolution can have happened before, or happens in this method
-     *
-     * We use the opts or result type almost everywhere, as it allows for just in time resolution whenever this method is called and afterwards we have the result, so resolution doesn't have to hit the DB, or external endpoints.
-     * Also use this method in the local agent, not using REST. If case the identifier needs to be resolved, you can always have the above methods using REST
-     * @param args
-     * @param context
-     * @public
-     */
-    identifierManagedGet(args: ManagedIdentifierOptsOrResult, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierResult>;
-    identifierManagedGetByDid(args: ManagedIdentifierDidOpts, context: IAgentContext<IKeyManager & IDIDManager>): Promise<ManagedIdentifierDidResult>;
-    identifierManagedGetByKid(args: ManagedIdentifierKidOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierKidResult>;
-    identifierManagedGetByJwk(args: ManagedIdentifierJwkOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierJwkResult>;
-    identifierManagedGetByX5c(args: ManagedIdentifierX5cOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierX5cResult>;
-    identifierManagedGetByKey(args: ManagedIdentifierKeyOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierKeyResult>;
-    identifierManagedGetByCoseKey(args: ManagedIdentifierCoseKeyOpts, context: IAgentContext<IKeyManager & IIdentifierResolution>): Promise<ManagedIdentifierCoseKeyResult>;
-    identifierManagedGetByOID4VCIssuer(args: ManagedIdentifierOID4VCIssuerOpts, context: IAgentContext<any>): Promise<ManagedIdentifierOID4VCIssuerResult>;
-    /**
-     * Main method for external identifiers. We always go through this method (also the others) as we want to integrate a plugin for anomaly detection. Having a single method helps
-     * @param args
-     * @param context
-     * @public
-     */
-    identifierExternalResolve(args: ExternalIdentifierOpts, context: IAgentContext<any>): Promise<ExternalIdentifierResult>;
-    identifierExternalResolveByDid(args: ExternalIdentifierDidOpts, context: IAgentContext<any>): Promise<ExternalIdentifierDidResult>;
-    identifierExternalResolveByJwk(args: ExternalIdentifierJwkOpts, context: IAgentContext<any>): Promise<ExternalIdentifierJwkResult>;
-    identifierExternalResolveByCoseKey(args: ExternalIdentifierCoseKeyOpts, context: IAgentContext<any>): Promise<ExternalIdentifierCoseKeyResult>;
-    identifierExternalResolveByX5c(args: ExternalIdentifierX5cOpts, context: IAgentContext<any>): Promise<ExternalIdentifierX5cResult>;
-    identifierExternalResolveByOIDFEntityId(args: ExternalIdentifierOIDFEntityIdOpts, context: IAgentContext<any>): Promise<ExternalIdentifierOIDFEntityIdResult>;
-}
-
+declare const schema: any;
+export { schema };
 /**
  * @public
  */
-declare class IdentifierResolution implements IAgentPlugin {
-    readonly _crypto: webcrypto.Crypto;
-    readonly schema: any;
-    readonly methods: IIdentifierResolution;
-    /**
-     * TODO: Add a cache, as we are retrieving the same keys/info quite often
-     */
-    constructor(opts?: {
-        crypto?: webcrypto.Crypto;
-    });
-    /**
-     * Main method for managed identifiers. We always go through this method (also the other methods below) as we want to
-     * integrate a plugin for anomaly detection. Having a single method helps
-     * @param args
-     * @param context
-     */
-    private identifierManagedGet;
-    private identifierManagedGetByDid;
-    private identifierManagedGetByKid;
-    private identifierManagedGetByKey;
-    private identifierManagedGetByCoseKey;
-    private identifierManagedGetByOID4VCIssuer;
-    private identifierManagedGetByJwk;
-    private identifierManagedGetByX5c;
-    private identifierExternalResolve;
-    private identifierExternalResolveByDid;
-    private identifierExternalResolveByX5c;
-    private identifierExternalResolveByCoseKey;
-    private identifierExternalResolveByJwk;
-    private identifierExternalResolveByOIDFEntityId;
-}
-
-declare function getManagedKidIdentifier(opts: ManagedIdentifierKidOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierKidResult>;
-declare function isManagedIdentifierResult(identifier: ManagedIdentifierOptsOrResult & {
-    crypto?: webcrypto.Crypto;
-}): identifier is ManagedIdentifierResult;
-/**
- * Allows to get a managed identifier result in case identifier options are passed in, but returns the identifier directly in case results are passed in. This means resolution can have happened before, or happens in this method
- * @param identifier
- * @param context
- */
-declare function ensureManagedIdentifierResult(identifier: ManagedIdentifierOptsOrResult & {
-    crypto?: webcrypto.Crypto;
-}, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierResult>;
-/**
- * This function is just a convenience function to get a common result. The user already apparently had a key, so could have called the kid version as well
- * @param opts
- * @param _context
- */
-declare function getManagedKeyIdentifier(opts: ManagedIdentifierKeyOpts, _context?: IAgentContext<any>): Promise<ManagedIdentifierKeyResult>;
-/**
- * This function is just a convenience function to get a common result. The user already apparently had a key, so could have called the kid version as well
- * @param opts
- * @param context
- */
-declare function getManagedCoseKeyIdentifier(opts: ManagedIdentifierCoseKeyOpts, context: IAgentContext<any>): Promise<ManagedIdentifierCoseKeyResult>;
-declare function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, context: IAgentContext<any>): Promise<ManagedIdentifierDidResult>;
-declare function getManagedJwkIdentifier(opts: ManagedIdentifierJwkOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierJwkResult>;
-declare function getManagedX5cIdentifier(opts: ManagedIdentifierX5cOpts & {
-    crypto?: webcrypto.Crypto;
-}, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierX5cResult>;
-declare function getManagedOID4VCIssuerIdentifier(opts: ManagedIdentifierOID4VCIssuerOpts, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierOID4VCIssuerResult>;
-declare function getManagedIdentifier(opts: ManagedIdentifierOptsOrResult & {
-    crypto?: webcrypto.Crypto;
-}, context: IAgentContext<IKeyManager>): Promise<ManagedIdentifierResult>;
-declare function managedIdentifierToKeyResult(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IIdentifierResolution & IKeyManager>): Promise<ManagedIdentifierKeyResult>;
-declare function managedIdentifierToJwk(identifier: ManagedIdentifierOptsOrResult, context: IAgentContext<IIdentifierResolution & IKeyManager>): Promise<ManagedIdentifierJwkResult>;
-
-declare function resolveExternalIdentifier(opts: ExternalIdentifierOpts & {
-    crypto?: webcrypto.Crypto;
-}, context: IAgentContext<any>): Promise<ExternalIdentifierResult>;
-declare function resolveExternalX5cIdentifier(opts: ExternalIdentifierX5cOpts & {
-    crypto?: webcrypto.Crypto;
-}, context: IAgentContext<IResolver & IDIDManager>): Promise<ExternalIdentifierX5cResult>;
-/**
- * Resolves a JWK. Normally this is just returning the JWK, but in case the JWK contains a x5c the chain is validated
- * @param opts
- * @param context
- */
-declare function resolveExternalJwkIdentifier(opts: ExternalIdentifierJwkOpts & {
-    x5c?: ExternalIdentifierX5cOpts;
-}, context: IAgentContext<any>): Promise<ExternalIdentifierJwkResult>;
-/**
- * Resolves a JWK. Normally this is just returning the JWK, but in case the JWK contains a x5c the chain is validated
- * @param opts
- * @param context
- */
-declare function resolveExternalCoseKeyIdentifier(opts: ExternalIdentifierCoseKeyOpts & {
-    x5c?: ExternalIdentifierX5cOpts;
-}, context: IAgentContext<any>): Promise<ExternalIdentifierCoseKeyResult>;
-declare function resolveExternalDidIdentifier(opts: ExternalIdentifierDidOpts, context: IAgentContext<IResolver & IDIDManager>): Promise<ExternalIdentifierDidResult>;
-
-/**
- * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
- *
- * @param opts Configuration options containing the identifier to resolve and trust anchors to validate against
- * @param context Agent context that must include the OIDF client plugin and JWT verification capabilities
- *
- * @returns Promise resolving to an ExternalIdentifierOIDFEntityIdResult containing:
- *  - trustedAnchors: Record mapping trust anchors to their public key hexes
- *  - errorList: Optional record of errors encountered per trust anchor
- *  - jwks: Array of JWK information from the trust chain
- *  - trustEstablished: Boolean indicating if any trust relationships were established
- *
- * @throws Error if trust anchors are missing or JWT verification plugin is not enabled
- */
-declare function resolveExternalOIDFEntityIdIdentifier(opts: ExternalIdentifierOIDFEntityIdOpts, context: IAgentContext<IOIDFClient>): Promise<ExternalIdentifierOIDFEntityIdResult>;
-
-/**
- * Converts legacy id opts key refs to the new ManagedIdentifierOpts
- * @param opts
- */
-declare function legacyKeyRefsToIdentifierOpts(opts: {
-    idOpts?: ManagedIdentifierOptsOrResult;
-    iss?: string;
-    keyRef?: string;
-    didOpts?: any;
-}): ManagedIdentifierOptsOrResult;
-
-/**
- * @internal
- */
-declare const schema: any;
-
-export { type ErrorMessage, type ExternalIdentifierCoseKeyOpts, type ExternalIdentifierCoseKeyResult, type ExternalIdentifierDidOpts, type ExternalIdentifierDidResult, type ExternalIdentifierJwkOpts, type ExternalIdentifierJwkResult, type ExternalIdentifierJwksUrlOpts, type ExternalIdentifierKidOpts, type ExternalIdentifierMethod, type ExternalIdentifierOIDFEntityIdOpts, type ExternalIdentifierOIDFEntityIdResult, type ExternalIdentifierOidcDiscoveryOpts, type ExternalIdentifierOpts, type ExternalIdentifierOptsBase, type ExternalIdentifierResult, type ExternalIdentifierType, type ExternalIdentifierX5cOpts, type ExternalIdentifierX5cResult, type ExternalJwkInfo, type IExternalIdentifierResultBase, type IIdentifierResolution, type IManagedIdentifierResultBase, IdentifierResolution, type JwkInfo, type ManagedIdentifierCoseKeyOpts, type ManagedIdentifierCoseKeyResult, type ManagedIdentifierDidOpts, type ManagedIdentifierDidResult, type ManagedIdentifierJwkOpts, type ManagedIdentifierJwkResult, type ManagedIdentifierKeyOpts, type ManagedIdentifierKeyResult, type ManagedIdentifierKidOpts, type ManagedIdentifierKidResult, type ManagedIdentifierMethod, type ManagedIdentifierOID4VCIssuerOpts, type ManagedIdentifierOID4VCIssuerResult, type ManagedIdentifierOpts, type ManagedIdentifierOptsBase, type ManagedIdentifierOptsOrResult, type ManagedIdentifierResult, type ManagedIdentifierType, type ManagedIdentifierX5cOpts, type ManagedIdentifierX5cResult, type ManagedJwkInfo, type PublicKeyHex, type TrustedAnchor, ensureManagedIdentifierResult, getManagedCoseKeyIdentifier, getManagedDidIdentifier, getManagedIdentifier, getManagedJwkIdentifier, getManagedKeyIdentifier, getManagedKidIdentifier, getManagedOID4VCIssuerIdentifier, getManagedX5cIdentifier, identifierResolutionContextMethods, isCoseKeyIdentifier, isDidIdentifier, isExternalIdentifierCoseKeyOpts, isExternalIdentifierDidOpts, isExternalIdentifierJwkOpts, isExternalIdentifierJwksUrlOpts, isExternalIdentifierKidOpts, isExternalIdentifierOIDFEntityIdOpts, isExternalIdentifierOidcDiscoveryOpts, isExternalIdentifierX5cOpts, isIIdentifier, isJwkIdentifier, isJwksUrlIdentifier, isKeyIdentifier, isKidIdentifier, isManagedIdentifierCoseKeyOpts, isManagedIdentifierCoseKeyResult, isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierJwkOpts, isManagedIdentifierJwkResult, isManagedIdentifierKeyOpts, isManagedIdentifierKeyResult, isManagedIdentifierKidOpts, isManagedIdentifierKidResult, isManagedIdentifierOID4VCIssuerOpts, isManagedIdentifierResult, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult, isOID4VCIssuerIdentifier, isOIDFEntityIdIdentifier, isOidcDiscoveryIdentifier, isX5cIdentifier, legacyKeyRefsToIdentifierOpts, managedIdentifierToJwk, managedIdentifierToKeyResult, resolveExternalCoseKeyIdentifier, resolveExternalDidIdentifier, resolveExternalIdentifier, resolveExternalJwkIdentifier, resolveExternalOIDFEntityIdIdentifier, resolveExternalX5cIdentifier, schema };
+export { IdentifierResolution } from './agent/IdentifierResolution';
+export * from './functions';
+export * from './types';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,QAAA,MAAM,MAAM,KAAmC,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,CAAA;AACjB;;GAEG;AACH,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAA;AACnE,cAAc,aAAa,CAAA;AAC3B,cAAc,SAAS,CAAA"}