@sphereon/ssi-sdk-ext.jwt-service 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.esm.cjs.9

package/dist/index.cjs

@@ -1,40 +1,14 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { newObj[key] = obj[key]; } } } newObj.default = obj; return newObj; } } function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class;var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
 var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // plugin.schema.json
 var require_plugin_schema = __commonJS({
-  "plugin.schema.json"(exports, module2) {
-    module2.exports = {
+  "plugin.schema.json"(exports, module) {
+    module.exports = {
       IJwtService: {
         components: {
           schemas: {
@@ -14131,50 +14105,20 @@ var require_plugin_schema = __commonJS({
 });
 
 // src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  COMPACT_JWE_REGEX: () => COMPACT_JWE_REGEX,
-  COMPACT_JWS_REGEX: () => COMPACT_JWS_REGEX,
-  JweAlgs: () => JweAlgs,
-  JweEncs: () => JweEncs,
-  JwtLogger: () => JwtLogger,
-  JwtService: () => JwtService,
-  checkAndUpdateJwsHeader: () => checkAndUpdateJwsHeader,
-  createJwsCompact: () => createJwsCompact,
-  createJwsJsonFlattened: () => createJwsJsonFlattened,
-  createJwsJsonGeneral: () => createJwsJsonGeneral,
-  isJweCompact: () => isJweCompact,
-  isJweHeader: () => isJweHeader,
-  isJweJsonFlattened: () => isJweJsonFlattened,
-  isJweJsonGeneral: () => isJweJsonGeneral,
-  isJwsCompact: () => isJwsCompact,
-  isJwsHeader: () => isJwsHeader,
-  isJwsJsonFlattened: () => isJwsJsonFlattened,
-  isJwsJsonGeneral: () => isJwsJsonGeneral,
-  jweAlg: () => jweAlg,
-  jweEnc: () => jweEnc,
-  jwtServiceContextMethods: () => jwtServiceContextMethods,
-  prepareJwsObject: () => prepareJwsObject,
-  schema: () => schema,
-  toJwsJsonGeneral: () => toJwsJsonGeneral,
-  toJwsJsonGeneralWithIdentifiers: () => toJwsJsonGeneralWithIdentifiers,
-  verifyJws: () => verifyJws
-});
-module.exports = __toCommonJS(index_exports);
-var import_ssi_types = require("@sphereon/ssi-types");
+var _ssitypes = require('@sphereon/ssi-types');
 
 // src/agent/JwtService.ts
-var import_debug = __toESM(require("debug"), 1);
-var import_jose = require("jose");
-var import_from_string2 = require("uint8arrays/from-string");
+var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
+var _jose = require('jose'); var jose = _interopRequireWildcard(_jose);
+var _fromstring = require('uint8arrays/from-string');
 
 // src/functions/JWE.ts
-var import_random = require("@stablelib/random");
-var import_utils = require("@veramo/utils");
-var jose = __toESM(require("jose"), 1);
-var import_from_string = require("uint8arrays/from-string");
-var import_to_string = require("uint8arrays/to-string");
-var import_concat = require("uint8arrays/concat");
+var _random = require('@stablelib/random');
+var _utils = require('@veramo/utils');
+
+
+var _tostring = require('uint8arrays/to-string');
+var _concat = require('uint8arrays/concat');
 
 // src/types/IJwtService.ts
 var jwtServiceContextMethods = [
@@ -14262,18 +14206,18 @@ var CompactJwtEncrypter = class {
   static {
     __name(this, "CompactJwtEncrypter");
   }
-  _alg;
-  _enc;
-  _keyManagementParams;
-  recipientKey;
-  expirationTime;
-  issuer;
-  audience;
+  
+  
+  
+  
+  
+  
+  
   constructor(args) {
-    if (args?.alg) {
+    if (_optionalChain([args, 'optionalAccess', _ => _.alg])) {
       this._alg = args.alg;
     }
-    if (args?.enc) {
+    if (_optionalChain([args, 'optionalAccess', _2 => _2.enc])) {
       this._enc = args.enc;
     }
     this._keyManagementParams = args.keyManagementParams;
@@ -14309,8 +14253,8 @@ var CompactJwtEncrypter = class {
   async encryptCompactJWT(payload, jweProtectedHeader, aad) {
     const protectedHeader = {
       ...jweProtectedHeader,
-      alg: jweProtectedHeader.alg ?? this._alg,
-      enc: jweProtectedHeader.enc ?? this._enc
+      alg: _nullishCoalesce(jweProtectedHeader.alg, () => ( this._alg)),
+      enc: _nullishCoalesce(jweProtectedHeader.enc, () => ( this._enc))
     };
     if (!protectedHeader.alg || !protectedHeader.enc) {
       return Promise.reject(Error(`no 'alg' or 'enc' value set for the protected JWE header!`));
@@ -14352,14 +14296,14 @@ var CompactJwtEncrypter = class {
     return await jose.jwtDecrypt(jwt, key, options);
   }
   async encrypt(payload, jweProtectedHeader, aad) {
-    const jwt = await this.encryptCompactJWT(JSON.parse((0, import_to_string.toString)(payload)), jweProtectedHeader, aad);
+    const jwt = await this.encryptCompactJWT(JSON.parse(_tostring.toString.call(void 0, payload)), jweProtectedHeader, aad);
     const [protectedHeader, encryptedKey, ivB64, payloadB64, tagB64] = jwt.split(".");
     console.log(`FIXME: TO EncryptionResult`);
     return {
       protectedHeader,
-      tag: (0, import_utils.base64ToBytes)(tagB64),
-      ciphertext: (0, import_utils.base64ToBytes)(payloadB64),
-      iv: (0, import_utils.base64ToBytes)(ivB64),
+      tag: _utils.base64ToBytes.call(void 0, tagB64),
+      ciphertext: _utils.base64ToBytes.call(void 0, payloadB64),
+      iv: _utils.base64ToBytes.call(void 0, ivB64),
       recipients: [
         {
           //fixme
@@ -14374,12 +14318,12 @@ var CompactJwtEncrypter = class {
 };
 
 // src/agent/JwtService.ts
-var JwtService = class {
+var JwtService = (_class = class {constructor() { _class.prototype.__init.call(this);_class.prototype.__init2.call(this); }
   static {
     __name(this, "JwtService");
   }
-  schema = schema.IJwtService;
-  methods = {
+  __init() {this.schema = exports.schema = schema.IJwtService}
+  __init2() {this.methods = {
     jwtPrepareJws: this.jwtPrepareJws.bind(this),
     jwtCreateJwsJsonGeneralSignature: this.jwtCreateJwsJsonGeneralSignature.bind(this),
     jwtCreateJwsJsonFlattenedSignature: this.jwtCreateJwsJsonFlattenedSignature.bind(this),
@@ -14387,7 +14331,7 @@ var JwtService = class {
     jwtVerifyJwsSignature: this.jwtVerifyJwsSignature.bind(this),
     jwtEncryptJweCompactJwt: this.jwtEncryptJweCompactJwt.bind(this),
     jwtDecryptJweCompactJwt: this.jwtDecryptJweCompactJwt.bind(this)
-  };
+  }}
   async jwtPrepareJws(args, context) {
     return await prepareJwsObject(args, context);
   }
@@ -14411,9 +14355,9 @@ var JwtService = class {
       enc: args.enc
     }, recipientKey, issuer, expirationTime, audience } = args;
     try {
-      (0, import_debug.default)(`JWE Encrypt: ${JSON.stringify(args, null, 2)}`);
-      const alg = jweAlg(args.alg) ?? jweAlg(protectedHeader.alg) ?? "ECDH-ES";
-      const enc = jweEnc(args.enc) ?? jweEnc(protectedHeader.enc) ?? "A256GCM";
+      _debug2.default.call(void 0, `JWE Encrypt: ${JSON.stringify(args, null, 2)}`);
+      const alg = _nullishCoalesce(_nullishCoalesce(jweAlg(args.alg), () => ( jweAlg(protectedHeader.alg))), () => ( "ECDH-ES"));
+      const enc = _nullishCoalesce(_nullishCoalesce(jweEnc(args.enc), () => ( jweEnc(protectedHeader.enc))), () => ( "A256GCM"));
       const encJwks = recipientKey.jwks.length === 1 ? [
         recipientKey.jwks[0]
       ] : recipientKey.jwks.filter((jwk) => jwk.kid && (jwk.kid === jwk.jwk.kid || jwk.kid === jwk.jwkThumbprint) || jwk.jwk.use === "enc");
@@ -14424,14 +14368,14 @@ var JwtService = class {
       if (encJwks.length > 0) {
         JwtLogger.warning(`More than one JWK with 'enc' usage found. Selected the first one as no 'kid' was provided`, encJwks);
       }
-      if (jwkInfo.jwk.kty?.startsWith("EC") !== true || !alg.startsWith("ECDH")) {
+      if (_optionalChain([jwkInfo, 'access', _3 => _3.jwk, 'access', _4 => _4.kty, 'optionalAccess', _5 => _5.startsWith, 'call', _6 => _6("EC")]) !== true || !alg.startsWith("ECDH")) {
         return Promise.reject(Error(`Currently only ECDH-ES is supported for encryption. JWK alg ${jwkInfo.jwk.kty}, header alg ${alg}`));
       }
-      const apuVal = protectedHeader.apu ?? args.apu;
-      const apu = apuVal ? (0, import_from_string2.fromString)(apuVal, "base64url") : void 0;
-      const apvVal = protectedHeader.apv ?? args.apv;
-      const apv = apvVal ? (0, import_from_string2.fromString)(apvVal, "base64url") : void 0;
-      const pubKey = await (0, import_jose.importJWK)(jwkInfo.jwk);
+      const apuVal = _nullishCoalesce(protectedHeader.apu, () => ( args.apu));
+      const apu = apuVal ? _fromstring.fromString.call(void 0, apuVal, "base64url") : void 0;
+      const apvVal = _nullishCoalesce(protectedHeader.apv, () => ( args.apv));
+      const apv = apvVal ? _fromstring.fromString.call(void 0, apvVal, "base64url") : void 0;
+      const pubKey = await _jose.importJWK.call(void 0, jwkInfo.jwk);
       const encrypter = new CompactJwtEncrypter({
         enc,
         alg,
@@ -14458,22 +14402,22 @@ var JwtService = class {
       jwt: "FIXME"
     };
   }
-};
+}, _class);
 
 // src/functions/index.ts
-var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.identifier-resolution");
-var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.key-utils");
-var import_utils2 = require("@veramo/utils");
-var import_from_string3 = require("uint8arrays/from-string");
+var _ssisdkextidentifierresolution = require('@sphereon/ssi-sdk-ext.identifier-resolution');
+var _ssisdkextkeyutils = require('@sphereon/ssi-sdk-ext.key-utils');
+
+
 var payloadToBytes = /* @__PURE__ */ __name((payload) => {
   const isBytes = payload instanceof Uint8Array;
   const isString = typeof payload === "string";
-  return isBytes ? payload : isString ? (0, import_from_string3.fromString)(payload, "base64url") : (0, import_from_string3.fromString)(JSON.stringify(payload), "utf-8");
+  return isBytes ? payload : isString ? _fromstring.fromString.call(void 0, payload, "base64url") : _fromstring.fromString.call(void 0, JSON.stringify(payload), "utf-8");
 }, "payloadToBytes");
 var prepareJwsObject = /* @__PURE__ */ __name(async (args, context) => {
   const { existingSignatures, protectedHeader, unprotectedHeader, issuer, payload, mode = "auto", clientId, clientIdScheme } = args;
   const { noIdentifierInHeader = false } = issuer;
-  const identifier = await (0, import_ssi_sdk_ext.ensureManagedIdentifierResult)(issuer, context);
+  const identifier = await _ssisdkextidentifierresolution.ensureManagedIdentifierResult.call(void 0, issuer, context);
   await checkAndUpdateJwsHeader({
     mode,
     identifier,
@@ -14494,8 +14438,8 @@ var prepareJwsObject = /* @__PURE__ */ __name(async (args, context) => {
     }
   }
   const payloadBytes = payloadToBytes(payload);
-  const base64urlHeader = (0, import_utils2.encodeJoseBlob)(protectedHeader);
-  const base64urlPayload = (0, import_utils2.bytesToBase64url)(payloadBytes);
+  const base64urlHeader = _utils.encodeJoseBlob.call(void 0, protectedHeader);
+  const base64urlPayload = _utils.bytesToBase64url.call(void 0, payloadBytes);
   return {
     jws: {
       unprotectedHeader,
@@ -14547,7 +14491,7 @@ var createJwsJsonGeneral = /* @__PURE__ */ __name(async (args, context) => {
   return {
     payload: b64.payload,
     signatures: [
-      ...existingSignatures ?? [],
+      ..._nullishCoalesce(existingSignatures, () => ( [])),
       jsonSignature
     ]
   };
@@ -14591,7 +14535,7 @@ var checkAndUpdateX5cHeader = /* @__PURE__ */ __name(async ({ header, identifier
       return Promise.reject(Error(`An x5c header was present, but its issuer public key did not match the provided signing public key!`));
     }
   } else if (!noIdentifierInHeader) {
-    if (!(0, import_ssi_sdk_ext.isManagedIdentifierX5cResult)(identifier)) {
+    if (!_ssisdkextidentifierresolution.isManagedIdentifierX5cResult.call(void 0, identifier)) {
       return Promise.reject(Error("No x5c header in the JWT, but mode was x5c and also no x5x identifier was provided!"));
     } else if (header.jwk || header.kid) {
       return Promise.reject(Error("x5c mode was choosen, but jwk or kid headers were provided. These cannot be used together!"));
@@ -14609,7 +14553,7 @@ var checkAndUpdateDidHeader = /* @__PURE__ */ __name(async ({ header, identifier
       return Promise.reject(Error(`A kid header was present, but its value did not match the provided signing kid!`));
     }
   } else if (!noIdentifierInHeader) {
-    if (!(0, import_ssi_sdk_ext.isManagedIdentifierDidResult)(identifier)) {
+    if (!_ssisdkextidentifierresolution.isManagedIdentifierDidResult.call(void 0, identifier)) {
       return Promise.reject(Error("No kid header in the JWT, but mode was did and also no DID identifier was provided!"));
     } else if (header.jwk || header.x5c) {
       return Promise.reject(Error("did mode was chosen, but jwk or x5c headers were provided. These cannot be used together!"));
@@ -14668,10 +14612,10 @@ var verifyJws = /* @__PURE__ */ __name(async (args, context) => {
   await Promise.all(jws.signatures.map(async (sigWithId) => {
     index++;
     let valid;
-    const data = (0, import_from_string3.fromString)(`${sigWithId.protected}.${jws.payload}`, "utf-8");
+    const data = _fromstring.fromString.call(void 0, `${sigWithId.protected}.${jws.payload}`, "utf-8");
     const jwkInfo = sigWithId.identifier.jwks[0];
-    const signature = (0, import_utils2.base64ToBytes)(sigWithId.signature);
-    valid = await (0, import_ssi_sdk_ext2.verifyRawSignature)({
+    const signature = _utils.base64ToBytes.call(void 0, sigWithId.signature);
+    valid = await _ssisdkextkeyutils.verifyRawSignature.call(void 0, {
       data,
       signature,
       key: jwkInfo.jwk
@@ -14731,7 +14675,7 @@ async function resolveExternalIdentifierFromJwsHeader(protectedHeader, context,
   if (protectedHeader.x5c) {
     const x5c = protectedHeader.x5c;
     return await context.agent.identifierExternalResolveByX5c({
-      ...args.opts?.x5c,
+      ..._optionalChain([args, 'access', _7 => _7.opts, 'optionalAccess', _8 => _8.x5c]),
       identifier: x5c,
       verify: true
     });
@@ -14742,14 +14686,14 @@ async function resolveExternalIdentifierFromJwsHeader(protectedHeader, context,
       identifier: protectedHeader.jwk,
       ...x5c && {
         x5c: {
-          ...args?.opts?.x5c,
+          ..._optionalChain([args, 'optionalAccess', _9 => _9.opts, 'optionalAccess', _10 => _10.x5c]),
           identifier: x5c
         }
       }
     });
   } else if (protectedHeader.kid && protectedHeader.kid.startsWith("did:")) {
     return await context.agent.identifierExternalResolveByDid({
-      ...args?.opts?.did,
+      ..._optionalChain([args, 'optionalAccess', _11 => _11.opts, 'optionalAccess', _12 => _12.did]),
       identifier: protectedHeader.kid
     });
   } else if (protectedHeader.alg === "none") {
@@ -14763,9 +14707,9 @@ function loadJWK(providedJwk, protectedHeader, jws) {
   if (providedJwk) {
     return providedJwk;
   }
-  if (protectedHeader?.typ === "entity-statement+jwt") {
-    const payload = (0, import_utils2.decodeJoseBlob)(jws.payload);
-    if (!payload?.jwks?.keys?.[0]) {
+  if (_optionalChain([protectedHeader, 'optionalAccess', _13 => _13.typ]) === "entity-statement+jwt") {
+    const payload = _utils.decodeJoseBlob.call(void 0, jws.payload);
+    if (!_optionalChain([payload, 'optionalAccess', _14 => _14.jwks, 'optionalAccess', _15 => _15.keys, 'optionalAccess', _16 => _16[0]])) {
       throw new Error("Missing or invalid JWK in payload");
     }
     return payload.jwks.keys[0];
@@ -14776,9 +14720,9 @@ __name(loadJWK, "loadJWK");
 var toJwsJsonGeneralWithIdentifiers = /* @__PURE__ */ __name(async (args, context) => {
   const jws = await toJwsJsonGeneral(args, context);
   const signatures = await Promise.all(jws.signatures.map(async (signature) => {
-    const protectedHeader = (0, import_utils2.decodeJoseBlob)(signature.protected);
+    const protectedHeader = _utils.decodeJoseBlob.call(void 0, signature.protected);
     const jwk = loadJWK(args.jwk, protectedHeader, jws);
-    const identifier = jwk ? await (0, import_ssi_sdk_ext.resolveExternalJwkIdentifier)({
+    const identifier = jwk ? await _ssisdkextidentifierresolution.resolveExternalJwkIdentifier.call(void 0, {
       identifier: jwk,
       method: "jwk"
     }, context) : await resolveExternalIdentifierFromJwsHeader(protectedHeader, context, args);
@@ -14798,5 +14742,33 @@ var toJwsJsonGeneralWithIdentifiers = /* @__PURE__ */ __name(async (args, contex
 
 // src/index.ts
 var schema = require_plugin_schema();
-var JwtLogger = import_ssi_types.Loggers.DEFAULT.get("sphereon:sdk:jwt");
+var JwtLogger = _ssitypes.Loggers.DEFAULT.get("sphereon:sdk:jwt");
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.COMPACT_JWE_REGEX = COMPACT_JWE_REGEX; exports.COMPACT_JWS_REGEX = COMPACT_JWS_REGEX; exports.JweAlgs = JweAlgs; exports.JweEncs = JweEncs; exports.JwtLogger = JwtLogger; exports.JwtService = JwtService; exports.checkAndUpdateJwsHeader = checkAndUpdateJwsHeader; exports.createJwsCompact = createJwsCompact; exports.createJwsJsonFlattened = createJwsJsonFlattened; exports.createJwsJsonGeneral = createJwsJsonGeneral; exports.isJweCompact = isJweCompact; exports.isJweHeader = isJweHeader; exports.isJweJsonFlattened = isJweJsonFlattened; exports.isJweJsonGeneral = isJweJsonGeneral; exports.isJwsCompact = isJwsCompact; exports.isJwsHeader = isJwsHeader; exports.isJwsJsonFlattened = isJwsJsonFlattened; exports.isJwsJsonGeneral = isJwsJsonGeneral; exports.jweAlg = jweAlg; exports.jweEnc = jweEnc; exports.jwtServiceContextMethods = jwtServiceContextMethods; exports.prepareJwsObject = prepareJwsObject; exports.schema = schema; exports.toJwsJsonGeneral = toJwsJsonGeneral; exports.toJwsJsonGeneralWithIdentifiers = toJwsJsonGeneralWithIdentifiers; exports.verifyJws = verifyJws;
 //# sourceMappingURL=index.cjs.map