@tideorg/js 0.0.1

package/dist/Models/BaseTideRequest.js

@@ -0,0 +1,299 @@
+import { Doken as ContractDoken } from "../Contracts/BaseContract";
+import { TideMemory } from "../Tools/TideMemory";
+import { Policy } from "./Policy";
+import { SHA512_Digest } from "../Cryptide/Hashing/Hash";
+import { bytesToBase64, StringToUint8Array } from "../Cryptide/Serialization";
+import { PolicyAuthorizedTideRequestSignatureFormat } from "../Cryptide/Signing/TideSignature";
+import { Serialization } from "../Cryptide";
+export default class BaseTideRequest {
+    constructor(name, version, authFlow, draft = new Uint8Array(), dyanmicData = new Uint8Array()) {
+        this.name = name;
+        this.version = version;
+        this.authFlow = authFlow;
+        this.draft = new TideMemory(draft.length);
+        this.draft.set(draft);
+        this.dyanmicData = new TideMemory(dyanmicData.length);
+        this.dyanmicData.set(dyanmicData);
+        this.authorization = new TideMemory();
+        this.authorizerCert = new TideMemory();
+        ;
+        this.authorizer = new TideMemory();
+        this.expiry = Math.floor(Date.now() / 1000) + 30; // default is 30s
+        this.policy = new TideMemory();
+    }
+    id() {
+        return this.name + ":" + this.version;
+    }
+    /**
+     * This isn't copying. Just created another BaseTideRequest object that allows you to point each individual field to OTHER sections of memory.
+     * If you modify an existing 'replicated' field, you'll also modify the other object you originally replicated.
+     */
+    replicate() {
+        const r = new BaseTideRequest(this.name, this.version, this.authFlow, this.draft, this.dyanmicData);
+        r.authorization = this.authorization;
+        r.authorizerCert = this.authorizerCert;
+        r.authorizer = this.authorizer;
+        r.expiry = this.expiry;
+        r.policy = this.policy;
+        return r;
+    }
+    setNewDynamicData(d) {
+        this.dyanmicData = new TideMemory(d.length);
+        this.dyanmicData.set(d);
+        return this;
+    }
+    setCustomExpiry(timeFromNowInSeconds) {
+        this.expiry = Math.floor(Date.now() / 1000) + timeFromNowInSeconds;
+        return this;
+    }
+    addAuthorizer(authorizer) {
+        this.authorizer = new TideMemory(authorizer.length);
+        this.authorizer.set(authorizer);
+    }
+    addAuthorizerCertificate(authorizerCertificate) {
+        this.authorizerCert = new TideMemory(authorizerCertificate.length);
+        this.authorizerCert.set(authorizerCertificate);
+    }
+    addAuthorization(authorization) {
+        this.authorization = new TideMemory(authorization.length);
+        this.authorization.set(authorization);
+        return this;
+    }
+    addPolicy(policy) {
+        this.policy = new TideMemory(policy.length);
+        this.policy.set(policy);
+        return this;
+    }
+    hasPolicy() {
+        return this.policy.length != 0;
+    }
+    // Additional method from tide-js version
+    async dataToAuthorize() {
+        return StringToUint8Array("<datatoauthorize-" + this.name + ":" + this.version + bytesToBase64(await SHA512_Digest(this.draft)) + this.expiry.toString() + "-datatoauthorize>");
+    }
+    // Additional method from tide-js version
+    async dataToApprove() {
+        const creationTime = this.authorization.GetValue(0).GetValue(0);
+        const creationSig = this.authorization.GetValue(0).GetValue(1);
+        const creationMessage = new PolicyAuthorizedTideRequestSignatureFormat(creationTime, this.expiry, this.id(), await SHA512_Digest(this.draft));
+        return Serialization.ConcatUint8Arrays([creationMessage.format(), creationSig]);
+    }
+    async getRequestInitDetails() {
+        const te = new TextEncoder();
+        return {
+            "creationTime": BaseTideRequest.uint32ToUint8ArrayLE(Math.floor(Date.now() / 1000)), // now
+            "expireTime": BaseTideRequest.uint32ToUint8ArrayLE(this.expiry),
+            "modelId": te.encode(this.id()),
+            "draftHash": new TideMemory(await crypto.subtle.digest("SHA-512", this.draft))
+        };
+    }
+    addCreationSignature(creationTime, sig) {
+        this.authorization = TideMemory.CreateFromArray([
+            TideMemory.CreateFromArray([
+                creationTime,
+                sig
+            ]),
+            new TideMemory() // empty as no approvals have been added yet
+        ]);
+        return this;
+    }
+    isInitialized() {
+        try {
+            // check that creation time and sig fields are present
+            if (this.authorization.GetValue(0).GetValue(0).length > 0 && this.authorization.GetValue(0).GetValue(1).length == 64)
+                return true;
+            else
+                return false;
+        }
+        catch {
+            return false;
+        }
+    }
+    getUniqueId() {
+        if (!this.isInitialized())
+            throw 'Must initialize request to generate unique id';
+        const bytes = this.authorization.GetValue(0).GetValue(1);
+        return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join(''); // hex
+    }
+    getInitializedTime() {
+        if (!this.isInitialized())
+            throw 'Must initialize request to get creation time';
+        const time_bytes = this.authorization.GetValue(0).GetValue(0);
+        return BaseTideRequest.uint8ArrayToUint32LE(time_bytes);
+    }
+    getCurrentApprovalCount() {
+        if (!this.isInitialized())
+            throw 'Must initialize request to get approval count';
+        let i = 0;
+        let res = { result: undefined };
+        while (this.authorizer.TryGetValue(i, res)) {
+            i++;
+        }
+        return i;
+    }
+    getPolicy() {
+        return Policy.from(this.policy);
+    }
+    /**
+     * Add an approval for this request. To be used for policy auth flow
+     */
+    addApproval(doken, sig) {
+        // Ensure creation authorization has been added
+        let res = {};
+        if (!Serialization.TryGetValue(this.authorization, 0, res))
+            throw Error("Creation authorization hasn't been added yet");
+        // Deconstruct existing authorization
+        let existingSessKeySigs = [];
+        let currentSig = { result: undefined };
+        for (let i = 0; Serialization.TryGetValue(Serialization.GetValue(this.authorization, 1), i, currentSig); i++) {
+            if (currentSig.result.length == 0)
+                continue;
+            existingSessKeySigs.push(currentSig.result);
+        }
+        // Now deconstruct exsiting authorizers (dokens)
+        let existingDokens = [];
+        let currentDoken = { result: undefined };
+        for (let i = 0; Serialization.TryGetValue(this.authorizer, i, currentDoken); i++) {
+            if (currentDoken.result.length == 0)
+                continue;
+            existingDokens.push(currentDoken.result);
+        }
+        // Now add the new doken and sig to the deconstructed data then reserialize it into the request
+        existingDokens.push(StringToUint8Array(doken.serialize()));
+        existingSessKeySigs.push(sig);
+        this.authorization = TideMemory.CreateFromArray([
+            Serialization.GetValue(this.authorization, 0),
+            Serialization.CreateTideMemoryFromArray(existingSessKeySigs)
+        ]);
+        this.authorizer = TideMemory.CreateFromArray(existingDokens);
+    }
+    removeApproval(approvalVuid) {
+        // find if there are any dokens with this approvalVuid
+        if (!this.isInitialized())
+            return false;
+        if (this.getCurrentApprovalCount() == 0)
+            return false;
+        try {
+            // find doken and it's index
+            let i = 0;
+            let res = { result: new TideMemory() };
+            let dokenWithVuidFound = {};
+            let keepTheseDokensList = [];
+            let keepTheseApprovalSigs = [];
+            while (this.authorizer.TryGetValue(i, res)) {
+                const d = new ContractDoken(res.result);
+                if (d.hasVuid(approvalVuid)) {
+                    dokenWithVuidFound = {
+                        index: i,
+                        value: d
+                    };
+                }
+                else {
+                    keepTheseDokensList.push(res.result);
+                    keepTheseApprovalSigs.push(this.authorization.GetValue(1).GetValue(i));
+                }
+                i++;
+            }
+            // reconstruct authorizers and authorizer sigs of request
+            if (dokenWithVuidFound) {
+                const creationAuth = this.authorization.GetValue(0);
+                this.authorization = TideMemory.CreateFromArray([
+                    creationAuth,
+                    TideMemory.CreateFromArray(keepTheseApprovalSigs)
+                ]);
+                this.authorizer = TideMemory.CreateFromArray(keepTheseDokensList);
+                return true;
+            }
+            else
+                return false;
+        }
+        catch (ex) {
+            console.error(ex);
+            return false;
+        }
+    }
+    encode() {
+        if (this.authorizer == null)
+            throw Error("Authorizer not added to request");
+        if (this.authorizerCert == null)
+            throw Error("Authorizer cert not provided");
+        if (this.authorization == null)
+            throw Error("Authorize this request first with an authorizer");
+        const te = new TextEncoder();
+        const name_b = te.encode(this.name);
+        const version_b = te.encode(this.version);
+        const authFlow_b = te.encode(this.authFlow);
+        const expiry = BaseTideRequest.uint32ToUint8ArrayLE(this.expiry);
+        const req = TideMemory.CreateFromArray([
+            name_b,
+            version_b,
+            expiry,
+            this.draft,
+            authFlow_b,
+            this.dyanmicData,
+            this.authorizer,
+            this.authorization,
+            this.authorizerCert,
+            this.policy
+        ]);
+        return req;
+    }
+    static decode(data) {
+        const d = new TideMemory(data.length);
+        d.set(data);
+        // Read field 0 (name) - this is part of the TideMemory structure
+        const name = new TextDecoder().decode(d.GetValue(0));
+        // Read all other fields
+        const version = new TextDecoder().decode(d.GetValue(1));
+        // Check name and version in static members if set
+        if (this._name != undefined && this._version != undefined) {
+            if (name != this._name || version != this._version)
+                throw Error("Name and Version in decoded data don't match this object's set name and version.");
+        }
+        const expiry = BaseTideRequest.uint8ArrayToUint32LE(d.GetValue(2));
+        const draft = d.GetValue(3);
+        const authFlow = new TextDecoder().decode(d.GetValue(4));
+        const dynamicData = d.GetValue(5);
+        const authorizer = d.GetValue(6);
+        const authorization = d.GetValue(7);
+        const authorizerCert = d.GetValue(8);
+        const policy = d.GetValue(9);
+        // Create a new instance using 'this' constructor to support subclasses
+        const request = new this(name, version, authFlow, draft, dynamicData);
+        // Set the remaining fields
+        request.expiry = expiry;
+        request.authorizer = authorizer;
+        request.authorization = authorization;
+        request.authorizerCert = authorizerCert;
+        request.policy = policy;
+        return request;
+    }
+    static uint32ToUint8ArrayLE(num) {
+        // We want 8 bytes to match .NET Int64 (long) layout: low 32 bits in first 4 bytes, rest zero.
+        const arr = new Uint8Array(8);
+        // low 32 bits, little-endian
+        arr[0] = num & 0xff;
+        arr[1] = (num >>> 8) & 0xff;
+        arr[2] = (num >>> 16) & 0xff;
+        arr[3] = (num >>> 24) & 0xff;
+        // arr[4..7] are already 0 from Uint8Array init, matching a .NET long with high 32 bits = 0.
+        return arr;
+    }
+    static uint8ArrayToUint32LE(bytes) {
+        if (bytes.length !== 8) {
+            throw new Error("Expected 8 bytes for a 64-bit value");
+        }
+        // Optional safety check: ensure high 32 bits are zero (no real 64-bit longs passed).
+        // If you *really* want to enforce the "no longs" assumption, uncomment:
+        //
+        // if (bytes[4] | bytes[5] | bytes[6] | bytes[7]) {
+        //     throw new Error("High 32 bits are not zero; expected a 32-bit value stored in 64-bit field.");
+        // }
+        // Reconstruct from the low 4 bytes (little-endian)
+        return (bytes[0] +
+            (bytes[1] << 8) +
+            (bytes[2] << 16) +
+            (bytes[3] * 0x1000000) // avoids sign issues of << 24
+        );
+    }
+}

package/dist/Models/CustomTideRequest.d.ts

@@ -0,0 +1,19 @@
+import BaseTideRequest from "./BaseTideRequest";
+export declare class BasicCustomRequest extends BaseTideRequest {
+    id(): string;
+}
+export declare class DynamicPayloadCustomRequest extends BaseTideRequest {
+    id(): string;
+}
+export declare class DynamicPayloadApprovedCustomRequest extends BaseTideRequest {
+    customInfo: CustomInfo | undefined;
+    constructor(name: string, version: string, authFlow: string, humanReadableName: string, additionalInfo: any, dyanmicData: Uint8Array);
+    id(): string;
+    getAdditionalInfoSupplied(): any;
+}
+interface CustomInfo {
+    humanReadableName: string;
+    additionalInfo: any;
+}
+export {};
+//# sourceMappingURL=CustomTideRequest.d.ts.map

package/dist/Models/CustomTideRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CustomTideRequest.d.ts","sourceRoot":"","sources":["../../Models/CustomTideRequest.ts"],"names":[],"mappings":"AAEA,OAAO,eAAe,MAAM,mBAAmB,CAAC;AAEhD,qBAAa,kBAAmB,SAAQ,eAAe;IACnD,EAAE,IAAI,MAAM;CAGf;AAED,qBAAa,2BAA4B,SAAQ,eAAe;IAC5D,EAAE,IAAI,MAAM;CAGf;AAED,qBAAa,mCAAoC,SAAQ,eAAe;IACpE,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;gBAEvB,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,WAAW,EAAE,UAAU;IAQpI,EAAE,IAAI,MAAM;IAIZ,yBAAyB,IAAI,GAAG;CAInC;AACD,UAAU,UAAU;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,GAAG,CAAC;CACvB"}

package/dist/Models/CustomTideRequest.js

@@ -0,0 +1,30 @@
+import { StringFromUint8Array, StringToUint8Array } from "../Cryptide/Serialization";
+import BaseTideRequest from "./BaseTideRequest";
+export class BasicCustomRequest extends BaseTideRequest {
+    id() {
+        return `BasicCustom<${this.name}>:BasicCustom<${this.version}>`;
+    }
+}
+export class DynamicPayloadCustomRequest extends BaseTideRequest {
+    id() {
+        return `DynamicCustom<${this.name}>:DynamicCustom<${this.version}>`;
+    }
+}
+export class DynamicPayloadApprovedCustomRequest extends BaseTideRequest {
+    constructor(name, version, authFlow, humanReadableName, additionalInfo, dyanmicData) {
+        const customInfo = {
+            humanReadableName: humanReadableName,
+            additionalInfo: additionalInfo
+        };
+        super(name, version, authFlow, StringToUint8Array(JSON.stringify(customInfo)), dyanmicData);
+    }
+    id() {
+        return `DynamicApprovedCustom<${this.name}>:DynamicApprovedCustom<${this.version}>`;
+    }
+    getAdditionalInfoSupplied() {
+        if (this.draft.length > 0)
+            return JSON.parse(StringFromUint8Array(this.draft))["additionalInfo"];
+        else
+            return null;
+    }
+}

package/dist/Models/Datum.d.ts

@@ -0,0 +1,11 @@
+export default class Datum {
+    data: Uint8Array;
+    tag: number;
+    constructor(Data: string | Uint8Array, Tag: number);
+    static fromJSON(json: any): Datum;
+    toObject(): {
+        Data: string;
+        Tag: number;
+    };
+}
+//# sourceMappingURL=Datum.d.ts.map

package/dist/Models/Datum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Datum.d.ts","sourceRoot":"","sources":["../../Models/Datum.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,OAAO,OAAO,KAAK;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;gBAEA,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM;IAIlD,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,GAAG;IAGzB,QAAQ;;;;CAMX"}

package/dist/Models/Datum.js

@@ -0,0 +1,33 @@
+// 
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+// 
+// This program is free software and is subject to the terms of 
+// the Tide Community Open Code License as published by the 
+// Tide Foundation Limited. You may modify it and redistribute 
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind, 
+// including without any implied warranty of MERCHANTABILITY or 
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open 
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { base64ToBytes, bytesToBase64 } from "../Cryptide/Serialization";
+// FieldData on Heimdall turns into Datum on enclave
+export default class Datum {
+    constructor(Data, Tag) {
+        this.data = typeof (Data) == "string" ? base64ToBytes(Data) : Data;
+        this.tag = Tag;
+    }
+    static fromJSON(json) {
+        return new Datum(json.Data, json.Tag);
+    }
+    toObject() {
+        return {
+            Data: bytesToBase64(this.data),
+            Tag: this.tag
+        };
+    }
+}

package/dist/Models/Doken.d.ts

@@ -0,0 +1,33 @@
+import { Ed25519PublicComponent } from "../Cryptide/Components/Schemes/Ed25519/Ed25519Components";
+import TideKey from "../Cryptide/TideKey";
+declare class DokenPayload {
+    sessionKey: any;
+    tideuserkey: any;
+    vuid: any;
+    homeOrk: any;
+    exp: any;
+    aud: any;
+    realm_access: any;
+    resource_access: any;
+    constructor(json: any);
+    serialize(): string;
+}
+export declare class Doken {
+    dataRef: string;
+    header: any;
+    payload: DokenPayload;
+    signature: Uint8Array;
+    private parts;
+    constructor(data: string);
+    isExpired(): boolean;
+    setNewSessionKey(sessionKey: string): void;
+    setNewSignature(sig: Uint8Array): void;
+    validate(sessionKeyToCheck?: TideKey): {
+        success: boolean;
+        reason?: string;
+    };
+    verify(vendorPublic: Ed25519PublicComponent): Promise<any>;
+    serialize(): string;
+}
+export {};
+//# sourceMappingURL=Doken.d.ts.map

package/dist/Models/Doken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Doken.d.ts","sourceRoot":"","sources":["../../Models/Doken.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAE,sBAAsB,EAAE,MAAM,0DAA0D,CAAC;AAElG,OAAO,OAAO,MAAM,qBAAqB,CAAC;AAI1C,cAAM,YAAY;IACd,UAAU,EAAE,GAAG,CAAC;IAChB,WAAW,EAAE,GAAG,CAAC;IACjB,IAAI,EAAE,GAAG,CAAC;IACV,OAAO,EAAE,GAAG,CAAC;IACb,GAAG,EAAE,GAAG,CAAC;IACT,GAAG,EAAE,GAAG,CAAC;IACT,YAAY,EAAE,GAAG,CAAC;IAClB,eAAe,EAAE,GAAG,CAAC;gBAET,IAAI,EAAE,GAAG;IAiCrB,SAAS;CAYZ;AAED,qBAAa,KAAK;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,GAAG,CAAC;IACZ,OAAO,EAAE,YAAY,CAAC;IACtB,SAAS,EAAE,UAAU,CAAC;IACtB,OAAO,CAAC,KAAK,CAAW;gBAEZ,IAAI,EAAE,MAAM;IAWxB,SAAS,IAAI,OAAO;IAIpB,gBAAgB,CAAC,UAAU,EAAE,MAAM;IAgBnC,eAAe,CAAC,GAAG,EAAE,UAAU;IAQ/B,QAAQ,CAAC,iBAAiB,GAAE,OAAc,GAAG;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC;IAkB1E,MAAM,CAAC,YAAY,EAAE,sBAAsB;IAIjD,SAAS,IAAI,MAAM;CAGtB"}

package/dist/Models/Doken.js

@@ -0,0 +1,133 @@
+//
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+//
+// This program is free software and is subject to the terms of
+// the Tide Community Open Code License as published by the
+// Tide Foundation Limited. You may modify it and redistribute
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind,
+// including without any implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { Utils } from "../index";
+import { BaseComponent } from "../Cryptide/Components/BaseComponent";
+import { Ed25519PublicComponent } from "../Cryptide/Components/Schemes/Ed25519/Ed25519Components";
+import { base64ToBase64Url, base64ToBytes, base64UrlToBase64, bytesToBase64, StringFromUint8Array, StringToUint8Array } from "../Cryptide/Serialization";
+import TideKey from "../Cryptide/TideKey";
+import { CurrentTime } from "../Tools/Utils";
+// Define DokenPayload class first so it can be used in Doken constructor
+class DokenPayload {
+    constructor(json) {
+        var s = BaseComponent.DeserializeComponent(json["t.ssk"]);
+        if (s instanceof Ed25519PublicComponent) {
+            this.sessionKey = s;
+        }
+        else
+            throw Error("Unexpected session key type");
+        var u = BaseComponent.DeserializeComponent(json["tideuserkey"]);
+        if (u instanceof Ed25519PublicComponent) {
+            this.tideuserkey = u;
+        }
+        else
+            throw Error("Unexpected tide user key type");
+        if (typeof json.vuid === "string")
+            this.vuid = json.vuid;
+        else
+            throw Error("Expected vuid to be string");
+        if (typeof json["t.uho"] === "string")
+            this.homeOrk = json["t.uho"];
+        else
+            throw Error("Expected user home to be string");
+        // Will be affected by 2032 problem
+        if (typeof json.exp === "number")
+            this.exp = json.exp;
+        else
+            throw Error("Expected exp to be a number");
+        if (typeof json.aud === "string")
+            this.aud = json.aud;
+        else
+            throw Error("Expected aud to be string");
+        if (typeof json.realm_access === "object")
+            this.realm_access = json.realm_access;
+        else if (!json.realm_access)
+            this.realm_access = null;
+        else
+            throw Error("Expected realm_access to be string");
+        if (typeof json.resource_access === "object")
+            this.resource_access = json.resource_access;
+        else if (!json.resource_access)
+            this.resource_access = null;
+        else
+            throw Error("Expected resource_access to be string");
+    }
+    serialize() {
+        return JSON.stringify({
+            "tideuserkey": this.tideuserkey.Serialize().ToString(),
+            "t.ssk": this.sessionKey.Serialize().ToString(),
+            "vuid": this.vuid,
+            "t.uho": this.homeOrk,
+            "exp": this.exp,
+            "aud": this.aud,
+            "realm_access": this.realm_access,
+            "resource_access": this.resource_access
+        });
+    }
+}
+export class Doken {
+    constructor(data) {
+        const parts = data.split(".");
+        if (parts.length != 3)
+            throw Error("Doken must be a 3 part token (including signature)");
+        this.parts = parts;
+        this.dataRef = data.slice(0);
+        this.header = JSON.parse(StringFromUint8Array(base64ToBytes(base64UrlToBase64(parts[0]))));
+        this.payload = new DokenPayload(JSON.parse(StringFromUint8Array(base64ToBytes(base64UrlToBase64(parts[1])))));
+        this.signature = base64ToBytes(base64UrlToBase64(parts[2]));
+    }
+    isExpired() {
+        return this.payload.exp < CurrentTime();
+    }
+    setNewSessionKey(sessionKey) {
+        const temp = this.dataRef.split(".");
+        let payload = StringFromUint8Array(base64ToBytes(base64UrlToBase64(this.parts[1])));
+        payload = payload.replace(/("t.ssk"\s*:\s*)"[^"]*"/, `$1"${sessionKey}"`);
+        // WE DO ALL THESE MANUAL UPDATES BECAUSE JAVASCRIPT DOES NOT GUARANTEE ORDER IN JSON
+        // SINCE WE DON'T SEND THE DOKEN TO GET SIGNED, WE CONTRCUST THE MESSAGE HERE
+        // WE NEED TO ENSURE ITS THE SAME THING THE ORK SIGNS
+        this.dataRef = temp[0] + "." + base64ToBase64Url(bytesToBase64(StringToUint8Array(payload))) + (temp.length > 2 ? "." + temp[2] : ""); // update encoded string
+        this.payload.sessionKey = BaseComponent.DeserializeComponent(sessionKey); // update session key object in payload
+    }
+    setNewSignature(sig) {
+        this.signature = sig.slice(); // update sig object
+        const temp = this.dataRef.split(".");
+        this.dataRef = temp[0] + "." + temp[1] + "." + base64ToBase64Url(bytesToBase64(this.signature)); // update dataref object
+    }
+    validate(sessionKeyToCheck = null) {
+        // When an error is thrown - its a criticial error so the whole page should stop
+        // But if validation just fails, then we return false with a reason why
+        if (this.header.alg != "EdDSA")
+            throw Error("Doken header alg expected to be EdDSA but got " + this.header.alg);
+        if (this.header.typ != "doken")
+            throw Error("Doken header typ expected to be doken but got " + this.header.typ);
+        // Check expiry
+        if (Utils.CurrentTime() > this.payload.exp)
+            return { success: false, reason: "expired" };
+        // Check session key matches
+        if (sessionKeyToCheck) {
+            if (!sessionKeyToCheck.get_public_component().Equals(this.payload.sessionKey))
+                return { success: false, reason: `sessionkey mismatch. actual: ${sessionKeyToCheck.get_public_component().Serialize().ToString()}. expected: ${this.payload.sessionKey.Serialize().ToString()}` };
+        }
+        return { success: true };
+    }
+    async verify(vendorPublic) {
+        return new TideKey(vendorPublic).verify(StringToUint8Array(this.dataRef), this.signature);
+    }
+    serialize() {
+        return this.dataRef;
+    }
+}

package/dist/Models/EnclaveEntry.d.ts

@@ -0,0 +1,14 @@
+import KeyInfo from "./Infos/KeyInfo";
+export default class EnclaveEntry {
+    username: string;
+    persona: string;
+    expired: bigint;
+    userInfo: KeyInfo;
+    orksBitwise: (0 | 1)[];
+    selfRequesti: string[];
+    sessKey: Uint8Array;
+    constructor(username: string, persona: string, expired: bigint, userInfo: KeyInfo, orksBitwise: (0 | 1)[], selfRequesti: string[], sessKey: Uint8Array);
+    toString(): string;
+    static from(data: string): EnclaveEntry;
+}
+//# sourceMappingURL=EnclaveEntry.d.ts.map

package/dist/Models/EnclaveEntry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnclaveEntry.d.ts","sourceRoot":"","sources":["../../Models/EnclaveEntry.ts"],"names":[],"mappings":"AAkBA,OAAO,OAAO,MAAM,iBAAiB,CAAC;AACtC,MAAM,CAAC,OAAO,OAAO,YAAY;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,EAAE,UAAU,CAAC;gBAER,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU;IAStJ,QAAQ;IAWR,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM;CAS3B"}

package/dist/Models/EnclaveEntry.js

@@ -0,0 +1,49 @@
+// 
+// Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm
+// Copyright (C) 2022 Tide Foundation Ltd
+// 
+// This program is free software and is subject to the terms of 
+// the Tide Community Open Code License as published by the 
+// Tide Foundation Limited. You may modify it and redistribute 
+// it in accordance with and subject to the terms of that License.
+// This program is distributed WITHOUT WARRANTY of any kind, 
+// including without any implied warranty of MERCHANTABILITY or 
+// FITNESS FOR A PARTICULAR PURPOSE.
+// See the Tide Community Open Code License for more details.
+// You should have received a copy of the Tide Community Open 
+// Code License along with this program.
+// If not, see https://tide.org/licenses_tcoc2-0-0-en
+//
+import { base64ToBytes, bytesToBase64 } from "../Cryptide/Serialization";
+import KeyInfo from "./Infos/KeyInfo";
+export default class EnclaveEntry {
+    constructor(username, persona, expired, userInfo, orksBitwise, selfRequesti, sessKey) {
+        this.username = username;
+        this.persona = persona;
+        this.expired = expired;
+        this.userInfo = userInfo;
+        this.orksBitwise = orksBitwise;
+        this.selfRequesti = selfRequesti;
+        this.sessKey = sessKey;
+    }
+    toString() {
+        return JSON.stringify({
+            username: this.username,
+            persona: this.persona,
+            expired: this.expired.toString(),
+            userInfo: this.userInfo.toNativeTypeObject(),
+            orksBitwise: JSON.stringify(this.orksBitwise),
+            selfRequesti: this.selfRequesti,
+            sessKey: bytesToBase64(this.sessKey)
+        });
+    }
+    static from(data) {
+        const json = JSON.parse(data);
+        const expired = BigInt(json.expired);
+        const userInfo = KeyInfo.fromNativeTypeObject(json.userInfo); // includes uid + gCMK, ork URL + id + pubs 
+        const orksBitwise = JSON.parse(json.orksBitwise);
+        const selfRequesti = json.selfRequesti;
+        const sessKey = base64ToBytes(json.sessKey);
+        return new EnclaveEntry(json.username, json.persona, expired, userInfo, orksBitwise, selfRequesti, sessKey);
+    }
+}

package/dist/Models/Infos/KeyInfo.d.ts

@@ -0,0 +1,24 @@
+import { Point } from "../../Cryptide/Ed25519";
+import OrkInfo from "./OrkInfo";
+export default class KeyInfo {
+    UserId: string;
+    UserPublic: Point;
+    UserM: string;
+    OrkInfo: OrkInfo[];
+    constructor(userId: string, userPublic: Point, userM: string, orkInfo: OrkInfo[]);
+    toString(): string;
+    toNativeTypeObject(): {
+        UserId: string;
+        UserPublic: string;
+        UserM: string;
+        OrkInfos: {
+            Id: string;
+            PublicKey: string;
+            URL: string;
+            PaymentPublicKey: string;
+        }[];
+    };
+    static from(data: string): KeyInfo;
+    static fromNativeTypeObject(json: any): KeyInfo;
+}
+//# sourceMappingURL=KeyInfo.d.ts.map

package/dist/Models/Infos/KeyInfo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyInfo.d.ts","sourceRoot":"","sources":["../../../Models/Infos/KeyInfo.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;AAC/C,OAAO,OAAO,MAAM,WAAW,CAAC;AAEhC,MAAM,CAAC,OAAO,OAAO,OAAO;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,KAAK,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,EAAE,CAAC;gBAEP,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE;IAOhF,QAAQ;IASR,kBAAkB;;;;;;;;;;;IASlB,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM;IAOxB,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,GAAG;CAGxC"}