dbsc-toolkit 1.0.1

package/LICENSE

@@ -0,0 +1,132 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction,
+and distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by
+the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all
+other entities that control, are controlled by, or are under common
+control with that entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity
+exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications,
+including but not limited to software source code, documentation
+source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical
+transformation or translation of a Source form, including but
+not limited to compiled object code, generated documentation,
+and conversions to other media types.
+
+"Work" shall mean the work of authorship made available under
+the License, as indicated by a copyright notice that is included in
+or attached to the work.
+
+"Derivative Works" shall mean any work, whether in Source or Object
+form, that is based on (or derived from) the Work and for which the
+editorial revisions, annotations, elaborations, or other transformations
+represent, as a whole, an original work of authorship.
+
+"Contribution" shall mean any work of authorship, including
+the original version of the Work and any modifications or additions
+to that Work or Derivative Works of the Work, that is intentionally
+submitted to the Licensor for inclusion in the Work by the copyright owner
+or by an individual or Legal Entity authorized to submit on behalf of
+the copyright owner.
+
+"Contributor" shall mean Licensor and any Legal Entity
+on behalf of whom a Contribution has been received by the Licensor and
+subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the
+Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+(except as stated in this section) patent license to make, have made,
+use, offer to sell, sell, import, and otherwise transfer the Work,
+where such license applies only to those patent claims licensable
+by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by the combined work of their Contribution(s)
+with the Work to which such Contribution(s) was submitted.
+
+4. Redistribution. You may reproduce and distribute copies of the
+Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You
+meet the following conditions:
+
+(a) You must give any other recipients of the Work or Derivative Works
+a copy of this License; and
+
+(b) You must cause any modified files to carry prominent notices
+stating that You changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works
+that You distribute, all copyright, patent, trademark, and
+attribution notices from the Source form of the Work; and
+
+(d) If the Work includes a "NOTICE" text file, you must include a
+readable copy of the attribution notices contained within such NOTICE
+file, in at least one of the following places: within a NOTICE text
+file distributed as part of the Derivative Works; or, within the
+Source form or documentation, if provided along with the Derivative
+Works; or, on a display generated by the Derivative Works.
+
+The "NOTICE" file referenced above refers to a text file that may
+accompany the source form of the Work.
+
+You may add Your own attribution notices within Derivative Works
+that You distribute, alongside or as an addendum to the NOTICE text
+from the Work, provided that such additional attribution notices
+cannot be construed as modifying the License.
+
+You may add Your own license statement for Your modifications and
+may provide additional grant of rights to use, reproduce, or
+distribute Derivative Works, subject to the terms and conditions
+for the Work itself.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+any Contribution intentionally submitted for inclusion in the Work
+by You to the Licensor shall be under the terms and conditions of
+this License, without any additional terms or conditions.
+
+6. Trademarks. This License does not grant permission to use the trade
+names, trademarks, service marks, or product names of the Licensor.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+agreed to in writing, Licensor provides the Work (and each Contributor
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES
+OR CONDITIONS OF ANY KIND, either express or implied, including,
+without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+8. Limitation of Liability. In no event and under no legal theory,
+whether in tort (including negligence), contract, or otherwise,
+unless required by applicable law (such as deliberate and grossly
+negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special,
+incidental, or exemplary damages of any character arising as a
+result of this License or out of the use or inability to use the
+Work.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+the Work or Derivative Works thereof, You may choose to offer, and
+charge a fee for, acceptance of support, warranty, indemnity,
+or other liability obligations and/or rights consistent with this License.
+
+END OF TERMS AND CONDITIONS

package/README.md

@@ -0,0 +1,205 @@
+# DBSC Toolkit
+
+[![npm](https://img.shields.io/npm/v/dbsc-toolkit.svg)](https://www.npmjs.com/package/dbsc-toolkit)
+[![CI](https://github.com/SulimanAbdulrazzaq/dbsc-toolkit/actions/workflows/ci.yml/badge.svg)](https://github.com/SulimanAbdulrazzaq/dbsc-toolkit/actions/workflows/ci.yml)
+[![License](https://img.shields.io/npm/l/dbsc-toolkit.svg)](./LICENSE)
+[![Node](https://img.shields.io/node/v/dbsc-toolkit.svg)](https://nodejs.org)
+
+Server-side implementation of [Device Bound Session Credentials](https://w3c.github.io/webappsec-dbsc/) (DBSC) for Node.js.
+
+DBSC is a W3C draft that binds session cookies to a hardware-resident private key inside the browser. A stolen cookie is useless without that key — which never leaves the user's device.
+
+Chrome 147+ supports DBSC natively. This library handles the server side. Verified end-to-end against Chrome 147 on Windows.
+
+## Live demo
+
+Try it: <https://dbsctest-production.up.railway.app/>
+
+Open in Chrome 147+, click **Login**, then **Check session** — `tier` reads `"dbsc"` once the TPM key is bound. Use **Clear cookies** to reset and replay the flow. Source in [examples/express/](./examples/express/).
+
+## Install
+
+```sh
+npm install dbsc-toolkit
+```
+
+Then install whichever framework and storage you actually use. Each is an optional peer dependency — install only what you need.
+
+```sh
+# Express + in-memory storage (dev)
+npm install express cookie-parser
+
+# Or with Redis storage
+npm install express cookie-parser ioredis
+
+# Or with Postgres storage
+npm install express cookie-parser pg
+```
+
+## Quick start — Express
+
+```ts
+import express from "express";
+import cookieParser from "cookie-parser";
+import { dbsc } from "dbsc-toolkit/express";
+import { MemoryStorage } from "dbsc-toolkit/storage/memory";
+
+const app = express();
+app.use(cookieParser());
+app.use(dbsc({ storage: new MemoryStorage() }));
+
+app.get("/me", (req, res) => {
+  res.json(res.locals.dbsc);
+});
+
+app.listen(3000);
+```
+
+That single `app.use(dbsc(...))` mounts `POST /dbsc/registration` and `POST /dbsc/refresh` automatically. Chrome drives both — your application code never sees those requests.
+
+A full `/login` flow with cookie issuance is in [examples/express/src/server.js](./examples/express/src/server.js).
+
+## Subpath imports
+
+| Import | What it is |
+|--------|------------|
+| `dbsc-toolkit` | Core types, crypto, protocol functions |
+| `dbsc-toolkit/express` | Express middleware |
+| `dbsc-toolkit/fastify` | Fastify plugin |
+| `dbsc-toolkit/hono` | Hono middleware |
+| `dbsc-toolkit/nextjs` | Next.js App Router middleware + handlers |
+| `dbsc-toolkit/client` | Browser SDK for fallback paths |
+| `dbsc-toolkit/storage/memory` | In-memory storage (dev/test) |
+| `dbsc-toolkit/storage/redis` | Redis storage |
+| `dbsc-toolkit/storage/postgres` | Postgres storage |
+
+Tree-shaking eliminates anything you don't import.
+
+## How a verified flow looks
+
+1. User hits `POST /login`. Server creates a session, issues a challenge, sets `Secure-Session-Registration` response header and two short-lived cookies (`__Host-dbsc-reg`, `__Host-dbsc-challenge`).
+2. Chrome immediately POSTs to `/dbsc/registration` with `Secure-Session-Response: <jws>`. The JWS carries the device public key signed by the matching private key (TPM).
+3. Middleware verifies the JWS, stores the public key bound to the session, sets `__Host-dbsc-session` cookie, returns DBSC session config JSON.
+4. From now on, every refresh cycle (default 10 min) Chrome signs a fresh challenge with the TPM key. A copied cookie cannot pass refresh — the attacker has no key.
+
+`tier` on `res.locals.dbsc` reads `"dbsc"` once registration completes.
+
+## Local testing
+
+You need HTTPS — `__Host-` cookies require it and Chrome rejects DBSC on plain HTTP. Two options:
+
+- Deploy somewhere that gives you HTTPS (Railway, Fly, Render, Cloudflare Tunnel). Easiest path. We tested against Railway successfully.
+- Run `local-ssl-proxy --source 3001 --target 3000` in front of your local server.
+
+A working demo is in [examples/express/](./examples/express/).
+
+## Framework support
+
+The library has two layers:
+
+**Core (`dbsc-toolkit`)** — pure protocol. No framework deps. Functions in, plain data out. Works anywhere Node.js runs.
+
+**Adapters** — thin wrappers for specific frameworks. Four shipped: Express, Fastify, Hono, Next.js.
+
+If you use Koa, Hapi, raw `http`, Bun, or Deno — call core directly:
+
+```ts
+import {
+  handleRefresh,
+  handleRegistration,
+  issueChallenge,
+  readSessionResponseHeader,
+} from "dbsc-toolkit";
+
+const result = await handleRefresh({
+  sessionId: getCookie(req, "__Host-dbsc-session"),
+  secSessionResponseHeader: readSessionResponseHeader(req.headers),
+  expectedJti: getCookie(req, "__Host-dbsc-challenge"),
+}, storage);
+```
+
+`readSessionResponseHeader` reads `Secure-Session-Response` (the current spec name) with fallback to `Sec-Session-Response` (the legacy name) for older Chrome builds.
+
+## Protection tiers
+
+The library negotiates the strongest available binding per session:
+
+| Tier | Mechanism | Protection |
+|------|-----------|------------|
+| `dbsc` | Hardware-backed key, Chrome 147+ | Hardware binding — exfiltrated cookie is useless |
+| `webauthn` | Platform authenticator | Hardware binding via platform authenticator |
+| `hmac` | HMAC + browser signals | Best-effort context binding, not hardware |
+| `none` | Standard cookie | No additional binding |
+
+The tier is available at `res.locals.dbsc.tier` (Express), `c.get("dbscTier")` (Hono), `req.dbsc.tier` (Fastify), and via `getDbscSession()` (Next.js). Use it to apply different authorization policies per tier — for example, block payment flows when `tier !== "dbsc"`.
+
+## Storage
+
+### Redis
+
+```ts
+import Redis from "ioredis";
+import { RedisStorage } from "dbsc-toolkit/storage/redis";
+
+const redis = new Redis(process.env.REDIS_URL);
+const storage = new RedisStorage(redis);
+```
+
+### PostgreSQL
+
+```ts
+import { Pool } from "pg";
+import { PostgresStorage } from "dbsc-toolkit/storage/postgres";
+
+const pool = new Pool({ connectionString: process.env.DATABASE_URL });
+const storage = new PostgresStorage(pool);
+```
+
+Run the migration before first use:
+
+```sh
+psql $DATABASE_URL < node_modules/dbsc-toolkit/migrations/001_initial.sql
+```
+
+## Telemetry hooks
+
+```ts
+app.use(dbsc({
+  storage,
+  onEvent: (event) => {
+    if (event.type === "session_stolen") {
+      alerting.trigger("dbsc.session_stolen", { sessionId: event.sessionId });
+    }
+    metrics.increment(`dbsc.${event.type}`, { tier: event.tier });
+  },
+}));
+```
+
+Event types: `registration`, `refresh`, `verification_failure`, `session_stolen`, `fallback_tier`.
+
+## Header naming
+
+The W3C draft renamed the headers from `Sec-Session-*` to `Secure-Session-*`. Chrome 147 acts on the new names. The middleware reads both and writes both for compatibility. If you build response headers manually, send both:
+
+```ts
+res.setHeader("Secure-Session-Registration", header);
+res.setHeader("Sec-Session-Registration", header);
+```
+
+## Security
+
+Defense-in-depth layer. Does not replace TLS, secure cookie flags, MFA, or server hardening.
+
+HMAC tier is not hardware binding. It provides better-than-nothing context binding for browsers without DBSC or WebAuthn. Operators should communicate the protection tier to users and restrict sensitive operations when `tier === "hmac"` or `tier === "none"`.
+
+See [SECURITY.md](./SECURITY.md) for reporting vulnerabilities.
+
+## Project status
+
+- Single package on npm: `dbsc-toolkit`
+- Verified end-to-end on Chrome 147 / Windows / TPM 2.0
+- No third-party security audit yet
+
+## License
+
+Apache 2.0

package/dist/client/detect.d.ts

@@ -0,0 +1,3 @@
+export type ClientTier = "dbsc" | "webauthn" | "hmac" | "none";
+export declare function detectClientTier(): Promise<ClientTier>;
+//# sourceMappingURL=detect.d.ts.map

package/dist/client/detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/client/detect.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAE/D,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,UAAU,CAAC,CAoB5D"}

package/dist/client/detect.js

@@ -0,0 +1,20 @@
+export async function detectClientTier() {
+    // DBSC is browser-native; Chrome 146+ handles it automatically via HTTP headers.
+    // No JS detection is needed for the DBSC path — the browser drives it.
+    // This SDK only handles the fallback paths.
+    if (typeof window === "undefined")
+        return "none";
+    if (window.PublicKeyCredential &&
+        typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable === "function") {
+        try {
+            const available = await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+            if (available)
+                return "webauthn";
+        }
+        catch {
+            // platform check failed, fall through to hmac
+        }
+    }
+    return "hmac";
+}
+//# sourceMappingURL=detect.js.map

package/dist/client/detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/client/detect.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,iFAAiF;IACjF,uEAAuE;IACvE,4CAA4C;IAE5C,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO,MAAM,CAAC;IAEjD,IACE,MAAM,CAAC,mBAAmB;QAC1B,OAAO,mBAAmB,CAAC,6CAA6C,KAAK,UAAU,EACvF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,6CAA6C,EAAE,CAAC;YAC5F,IAAI,SAAS;gBAAE,OAAO,UAAU,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/client/index.d.ts

@@ -0,0 +1,4 @@
+export { detectClientTier, type ClientTier } from "./detect.js";
+export { registerWebAuthn, authenticateWebAuthn } from "./webauthn.js";
+export { collectClientSignals, type ClientSignals } from "./signals.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC"}

package/dist/client/index.js

@@ -0,0 +1,4 @@
+export { detectClientTier } from "./detect.js";
+export { registerWebAuthn, authenticateWebAuthn } from "./webauthn.js";
+export { collectClientSignals } from "./signals.js";
+//# sourceMappingURL=index.js.map

package/dist/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAmB,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAsB,MAAM,cAAc,CAAC"}

package/dist/client/signals.d.ts

@@ -0,0 +1,9 @@
+export interface ClientSignals {
+    userAgent: string;
+    acceptLanguage: string;
+    secureContext: boolean;
+    screenDepth: number;
+    timezone: string;
+}
+export declare function collectClientSignals(): ClientSignals;
+//# sourceMappingURL=signals.d.ts.map

package/dist/client/signals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signals.d.ts","sourceRoot":"","sources":["../../src/client/signals.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,oBAAoB,IAAI,aAAa,CAQpD"}

package/dist/client/signals.js

@@ -0,0 +1,13 @@
+// Signal collection for the HMAC fallback tier.
+// This is NOT hardware binding. It is best-effort context binding.
+// Operators using this tier must review GDPR obligations for signal collection.
+export function collectClientSignals() {
+    return {
+        userAgent: navigator.userAgent,
+        acceptLanguage: navigator.language,
+        secureContext: window.isSecureContext,
+        screenDepth: screen.colorDepth,
+        timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    };
+}
+//# sourceMappingURL=signals.js.map

package/dist/client/signals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signals.js","sourceRoot":"","sources":["../../src/client/signals.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,mEAAmE;AACnE,gFAAgF;AAUhF,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,cAAc,EAAE,SAAS,CAAC,QAAQ;QAClC,aAAa,EAAE,MAAM,CAAC,eAAe;QACrC,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,QAAQ,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC,eAAe,EAAE,CAAC,QAAQ;KAC3D,CAAC;AACJ,CAAC"}

package/dist/client/webauthn.d.ts

@@ -0,0 +1,3 @@
+export declare function registerWebAuthn(options: unknown): Promise<unknown>;
+export declare function authenticateWebAuthn(options: unknown): Promise<unknown>;
+//# sourceMappingURL=webauthn.d.ts.map

package/dist/client/webauthn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn.d.ts","sourceRoot":"","sources":["../../src/client/webauthn.ts"],"names":[],"mappings":"AAEA,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAEzE;AAED,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAE7E"}

package/dist/client/webauthn.js

@@ -0,0 +1,8 @@
+import { startRegistration, startAuthentication } from "@simplewebauthn/browser";
+export async function registerWebAuthn(options) {
+    return startRegistration(options);
+}
+export async function authenticateWebAuthn(options) {
+    return startAuthentication(options);
+}
+//# sourceMappingURL=webauthn.js.map

package/dist/client/webauthn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webauthn.js","sourceRoot":"","sources":["../../src/client/webauthn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAEjF,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,OAAO,iBAAiB,CAAC,OAAkD,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAgB;IACzD,OAAO,mBAAmB,CAAC,OAAoD,CAAC,CAAC;AACnF,CAAC"}

package/dist/core/crypto/jwk.d.ts

@@ -0,0 +1,3 @@
+export declare function validateJwk(jwk: JsonWebKey): void;
+export declare function detectAlgorithm(jwk: JsonWebKey): "ES256" | "RS256";
+//# sourceMappingURL=jwk.d.ts.map

package/dist/core/crypto/jwk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/jwk.ts"],"names":[],"mappings":"AAKA,wBAAgB,WAAW,CAAC,GAAG,EAAE,UAAU,GAAG,IAAI,CAsCjD;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO,GAAG,OAAO,CAOlE"}

package/dist/core/crypto/jwk.js

@@ -0,0 +1,36 @@
+import { DbscVerificationError, ErrorCodes } from "../errors.js";
+const SUPPORTED_CURVES = new Set(["P-256"]);
+const MIN_RSA_BITS = 2048;
+export function validateJwk(jwk) {
+    if (jwk.kty === "EC") {
+        if (!SUPPORTED_CURVES.has(jwk.crv ?? "")) {
+            throw new DbscVerificationError(ErrorCodes.INVALID_JWK, `unsupported curve: ${jwk.crv}`);
+        }
+        if (!jwk.x || !jwk.y) {
+            throw new DbscVerificationError(ErrorCodes.INVALID_JWK, "EC key missing x or y coordinate");
+        }
+        return;
+    }
+    if (jwk.kty === "RSA") {
+        if (!jwk.n) {
+            throw new DbscVerificationError(ErrorCodes.INVALID_JWK, "RSA key missing modulus");
+        }
+        const bits = base64urlBits(jwk.n);
+        if (bits < MIN_RSA_BITS) {
+            throw new DbscVerificationError(ErrorCodes.INVALID_JWK, `RSA key too short: ${bits} bits, minimum ${MIN_RSA_BITS}`);
+        }
+        return;
+    }
+    throw new DbscVerificationError(ErrorCodes.INVALID_JWK, `unsupported key type: ${jwk.kty}`);
+}
+export function detectAlgorithm(jwk) {
+    if (jwk.kty === "EC" && jwk.crv === "P-256")
+        return "ES256";
+    if (jwk.kty === "RSA")
+        return "RS256";
+    throw new DbscVerificationError(ErrorCodes.UNKNOWN_ALGORITHM, `cannot determine algorithm for kty=${jwk.kty} crv=${jwk.crv}`);
+}
+function base64urlBits(b64) {
+    return (b64.length * 6) / 8 * 8;
+}
+//# sourceMappingURL=jwk.js.map

package/dist/core/crypto/jwk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwk.js","sourceRoot":"","sources":["../../../src/core/crypto/jwk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAEjE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAC5C,MAAM,YAAY,GAAG,IAAI,CAAC;AAE1B,MAAM,UAAU,WAAW,CAAC,GAAe;IACzC,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,WAAW,EACtB,sBAAsB,GAAG,CAAC,GAAG,EAAE,CAChC,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,WAAW,EACtB,kCAAkC,CACnC,CAAC;QACJ,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,WAAW,EACtB,yBAAyB,CAC1B,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,IAAI,GAAG,YAAY,EAAE,CAAC;YACxB,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,WAAW,EACtB,sBAAsB,IAAI,kBAAkB,YAAY,EAAE,CAC3D,CAAC;QACJ,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,WAAW,EACtB,yBAAyB,GAAG,CAAC,GAAG,EAAE,CACnC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAe;IAC7C,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5D,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IACtC,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,iBAAiB,EAC5B,sCAAsC,GAAG,CAAC,GAAG,QAAQ,GAAG,CAAC,GAAG,EAAE,CAC/D,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC"}

package/dist/core/crypto/jws.d.ts

@@ -0,0 +1,15 @@
+import { type JWTPayload } from "jose";
+export interface DbscJwsClaims extends JWTPayload {
+    jti: string;
+}
+export interface ParsedDbscJws {
+    claims: DbscJwsClaims;
+    jwk?: JsonWebKey;
+}
+export declare function verifyDbscJws(token: string, storedJwk: JsonWebKey, expectedJti: string): Promise<DbscJwsClaims>;
+export declare function parseRegistrationJws(token: string): Promise<{
+    claims: JWTPayload;
+    jwk: JsonWebKey;
+    algorithm: "ES256" | "RS256";
+}>;
+//# sourceMappingURL=jws.d.ts.map

package/dist/core/crypto/jws.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jws.d.ts","sourceRoot":"","sources":["../../../src/core/crypto/jws.ts"],"names":[],"mappings":"AAAA,OAAO,EAA+C,KAAK,UAAU,EAAY,MAAM,MAAM,CAAC;AAO9F,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC/C,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,aAAa,CAAC;IACtB,GAAG,CAAC,EAAE,UAAU,CAAC;CAClB;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,UAAU,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,aAAa,CAAC,CAoDxB;AAED,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IACjE,MAAM,EAAE,UAAU,CAAC;IACnB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B,CAAC,CAiDD"}

package/dist/core/crypto/jws.js

@@ -0,0 +1,89 @@
+import { importJWK, jwtVerify, decodeProtectedHeader } from "jose";
+import { DbscVerificationError, ErrorCodes } from "../errors.js";
+import { validateJwk } from "./jwk.js";
+const DBSC_TYPE = "dbsc+jwt";
+const SUPPORTED_ALGS = ["ES256", "RS256"];
+export async function verifyDbscJws(token, storedJwk, expectedJti) {
+    let header;
+    try {
+        header = decodeProtectedHeader(token);
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, "failed to decode JWS header");
+    }
+    if (header["typ"] !== DBSC_TYPE) {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, `expected typ=${DBSC_TYPE}, got ${header["typ"]}`);
+    }
+    const alg = header["alg"];
+    if (!SUPPORTED_ALGS.includes(alg)) {
+        throw new DbscVerificationError(ErrorCodes.UNKNOWN_ALGORITHM, `unsupported algorithm: ${alg}`);
+    }
+    let key;
+    try {
+        key = await importJWK(storedJwk, alg);
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.INVALID_JWK, "failed to import stored JWK");
+    }
+    let payload;
+    try {
+        const result = await jwtVerify(token, key, {
+            algorithms: [...SUPPORTED_ALGS],
+        });
+        payload = result.payload;
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.SIGNATURE_INVALID, "JWS signature verification failed");
+    }
+    if (typeof payload.jti !== "string") {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, "missing jti claim");
+    }
+    if (payload.jti !== expectedJti) {
+        throw new DbscVerificationError(ErrorCodes.JTI_MISMATCH, "jti does not match issued challenge");
+    }
+    return payload;
+}
+export async function parseRegistrationJws(token) {
+    let header;
+    try {
+        header = decodeProtectedHeader(token);
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, "failed to decode registration JWS header");
+    }
+    if (header["typ"] !== DBSC_TYPE) {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, `expected typ=${DBSC_TYPE}, got ${header["typ"]}`);
+    }
+    const alg = header["alg"];
+    if (!SUPPORTED_ALGS.includes(alg)) {
+        throw new DbscVerificationError(ErrorCodes.UNKNOWN_ALGORITHM, `unsupported algorithm: ${alg}`);
+    }
+    const jwk = header["jwk"];
+    if (!jwk) {
+        throw new DbscVerificationError(ErrorCodes.MALFORMED_JWS, "registration JWS missing jwk in header");
+    }
+    validateJwk(jwk);
+    let key;
+    try {
+        key = await importJWK(jwk, alg);
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.INVALID_JWK, "failed to import registration JWK");
+    }
+    let payload;
+    try {
+        const result = await jwtVerify(token, key, {
+            algorithms: [...SUPPORTED_ALGS],
+        });
+        payload = result.payload;
+    }
+    catch {
+        throw new DbscVerificationError(ErrorCodes.SIGNATURE_INVALID, "registration JWS self-signature invalid");
+    }
+    return {
+        claims: payload,
+        jwk,
+        algorithm: alg,
+    };
+}
+//# sourceMappingURL=jws.js.map

package/dist/core/crypto/jws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jws.js","sourceRoot":"","sources":["../../../src/core/crypto/jws.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAA6B,MAAM,MAAM,CAAC;AAC9F,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,MAAM,SAAS,GAAG,UAAU,CAAC;AAC7B,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,CAAU,CAAC;AAWnD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,SAAqB,EACrB,WAAmB;IAEnB,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAA4B,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,aAAa,EAAE,6BAA6B,CAAC,CAAC;IAC3F,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,aAAa,EACxB,gBAAgB,SAAS,SAAS,MAAM,CAAC,KAAK,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAsC,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,iBAAiB,EAC5B,0BAA0B,GAAG,EAAE,CAChC,CAAC;IACJ,CAAC;IAED,IAAI,GAA0C,CAAC;IAC/C,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,SAAS,CAAC,SAAgB,EAAE,GAAa,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,WAAW,EAAE,6BAA6B,CAAC,CAAC;IACzF,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE;YACzC,UAAU,EAAE,CAAC,GAAG,cAAc,CAAC;SAChC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,CAAC,CAAC;IACrG,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC;IACjF,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,YAAY,EACvB,qCAAqC,CACtC,CAAC;IACJ,CAAC;IAED,OAAO,OAAwB,CAAC;AAClC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAAa;IAKtD,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAA4B,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,aAAa,EAAE,0CAA0C,CAAC,CAAC;IACxG,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,qBAAqB,CAC7B,UAAU,CAAC,aAAa,EACxB,gBAAgB,SAAS,SAAS,MAAM,CAAC,KAAK,CAAC,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAW,CAAC;IACpC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAsC,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,iBAAiB,EAAE,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAA2B,CAAC;IACpD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,aAAa,EAAE,wCAAwC,CAAC,CAAC;IACtG,CAAC;IAED,WAAW,CAAC,GAAG,CAAC,CAAC;IAEjB,IAAI,GAA0C,CAAC;IAC/C,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,SAAS,CAAC,GAAU,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,WAAW,EAAE,mCAAmC,CAAC,CAAC;IAC/F,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE;YACzC,UAAU,EAAE,CAAC,GAAG,cAAc,CAAC;SAChC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,qBAAqB,CAAC,UAAU,CAAC,iBAAiB,EAAE,yCAAyC,CAAC,CAAC;IAC3G,CAAC;IAED,OAAO;QACL,MAAM,EAAE,OAAO;QACf,GAAG;QACH,SAAS,EAAE,GAAwB;KACpC,CAAC;AACJ,CAAC"}

package/dist/core/errors.d.ts

@@ -0,0 +1,27 @@
+export declare class DbscProtocolError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+export declare class DbscVerificationError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+export declare class DbscStorageError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+export declare const ErrorCodes: {
+    readonly MISSING_RESPONSE_HEADER: "MISSING_RESPONSE_HEADER";
+    readonly MALFORMED_JWS: "MALFORMED_JWS";
+    readonly INVALID_JWK: "INVALID_JWK";
+    readonly UNKNOWN_ALGORITHM: "UNKNOWN_ALGORITHM";
+    readonly CHALLENGE_NOT_FOUND: "CHALLENGE_NOT_FOUND";
+    readonly CHALLENGE_EXPIRED: "CHALLENGE_EXPIRED";
+    readonly CHALLENGE_CONSUMED: "CHALLENGE_CONSUMED";
+    readonly JTI_MISMATCH: "JTI_MISMATCH";
+    readonly SIGNATURE_INVALID: "SIGNATURE_INVALID";
+    readonly KEY_NOT_FOUND: "KEY_NOT_FOUND";
+    readonly SESSION_NOT_FOUND: "SESSION_NOT_FOUND";
+    readonly RATE_LIMITED: "RATE_LIMITED";
+};
+//# sourceMappingURL=errors.d.ts.map

package/dist/core/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/core/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,iBAAkB,SAAQ,KAAK;IAC1C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBAEV,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED,eAAO,MAAM,UAAU;;;;;;;;;;;;;CAab,CAAC"}