ns-auth-sdk 1.14.2 → 1.14.3

package/dist/browser-index.cjs

@@ -4,7 +4,6 @@ var __commonJSMin = (cb, mod) => () => (mod || cb((mod = { exports: {} }).export
 //#endregion
 const require_prf_handler = require('./prf-handler-BNd7gmXJ.cjs');
 const require_group_coordination = require('./group-coordination-DL39hJ3R.cjs');
-const require_zkm_service = require('./zkm.service-DX06sSfB.cjs');
 let applesauce_core_helpers = require("applesauce-core/helpers");
 let _noble_curves_secp256k1_js = require("@noble/curves/secp256k1.js");
 let _noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
@@ -214,7 +213,7 @@ async function checkPRFSupport() {
 	}
 }
 async function generatePasswordProtectedKey(password) {
-	const privateKey = _noble_curves_secp256k1_js.secp256k1.utils.randomPrivateKey();
+	const privateKey = _noble_curves_secp256k1_js.secp256k1.utils.randomSecretKey();
 	const publicKeySpkiBase64 = toBase64(_noble_curves_secp256k1_js.secp256k1.getPublicKey(privateKey));
 	const salt = (0, _noble_hashes_utils_js.randomBytes)(16);
 	const derivedKey = (0, _noble_hashes_pbkdf2_js.pbkdf2)(_noble_hashes_sha2_js.sha256, new TextEncoder().encode(password), salt, {
@@ -260,11 +259,11 @@ let createAndConnectNodeFn = null;
 let cleanupBifrostNodeFn = null;
 let extractPeersFromCredentialsFn = null;
 let checkPeerStatusFn = null;
-let loadPromise$2 = null;
+let loadPromise$1 = null;
 async function loadFrostrModules() {
 	if (IglooCoreClass) return;
-	if (loadPromise$2) return loadPromise$2;
-	loadPromise$2 = (async () => {
+	if (loadPromise$1) return loadPromise$1;
+	loadPromise$1 = (async () => {
 		try {
 			const [iglooCore] = await Promise.all([import("@frostr/igloo-core"), import("@frostr/bifrost")]);
 			IglooCoreClass = iglooCore.IglooCore;
@@ -276,7 +275,7 @@ async function loadFrostrModules() {
 			throw new Error("FROSTR multisig requires @frostr/bifrost and @frostr/igloo-core as peer dependencies. Install them with: npm install @frostr/bifrost @frostr/igloo-core");
 		}
 	})();
-	return loadPromise$2;
+	return loadPromise$1;
 }
 var MultisigManager = class {
 	#relays;
@@ -10245,11 +10244,11 @@ let InviteReaderClass = null;
 let deserializeApplicationRumorFn = null;
 let KEY_PACKAGE_KIND = 443;
 let GIFT_WRAP_KIND = 1059;
-let loadPromise$1 = null;
+let loadPromise = null;
 async function loadMarmotModules() {
 	if (MarmotClientClass) return;
-	if (loadPromise$1) return loadPromise$1;
-	loadPromise$1 = (async () => {
+	if (loadPromise) return loadPromise;
+	loadPromise = (async () => {
 		try {
 			const marmot = await import("@internet-privacy/marmot-ts");
 			MarmotClientClass = marmot.MarmotClient;
@@ -10261,7 +10260,7 @@ async function loadMarmotModules() {
 			throw new Error("Group messaging requires @internet-privacy/marmot-ts as a peer dependency. Install it with: npm install @internet-privacy/marmot-ts");
 		}
 	})();
-	return loadPromise$1;
+	return loadPromise;
 }
 var GroupManager = class {
 	#client = null;
@@ -10666,14 +10665,6 @@ var GroupManager = class {
 
 //#endregion
 //#region src/types/vlei.ts
-/**
-* vLEI Root of Trust Types
-* @packageDocumentation
-*/
-const VLEI_SCHEMAS = {
-	legalEntity: "E46jrVPTzlSkUPqGGeIZ8a8FWS7a6s4reAXRZOkogZ2A",
-	officialRole: "EDg-Ji3kmi_G97Jctxeajpmp1-A8gSpeyElm-XCzTxiE"
-};
 function parseVLEITag(tag) {
 	if (tag[0] !== "vlei" || tag.length < 8) return null;
 	return {
@@ -11258,7 +11249,7 @@ async function generateSiopIdToken(config) {
 	};
 	const signingInput = `${base64urlEncode$1(new TextEncoder().encode(JSON.stringify(header)))}.${base64urlEncode$1(new TextEncoder().encode(JSON.stringify(payload)))}`;
 	const messageHash = (0, _noble_hashes_sha2_js.sha256)(new TextEncoder().encode(signingInput));
-	return `${signingInput}.${base64urlEncode$1(_noble_curves_secp256k1_js.secp256k1.sign(messageHash, secretKey).toCompactRawBytes())}`;
+	return `${signingInput}.${base64urlEncode$1(_noble_curves_secp256k1_js.secp256k1.sign(messageHash, secretKey).toBytes())}`;
 }
 /**
 * Verify a SIOP v2 Self-Issued ID Token
@@ -12087,7 +12078,7 @@ var AuthService = class {
 					console.error("No key info available for ZK membership");
 					return;
 				}
-				const _zkmService = new (await (Promise.resolve().then(() => require("./zkm.service-D2BZ_aqA.cjs")))).ZKMService();
+				const _zkmService = new (await (Promise.resolve().then(() => require("./zkm.service-B1MBvBEu.cjs")))).ZKMService();
 				await _zkmService.generateIdentity();
 				const _group = await _zkmService.createGroup(`group-${Date.now()}`);
 				const proof = await _zkmService.generateProof();
@@ -13335,614 +13326,6 @@ function isEUDIAvailable() {
 	return Promise.resolve(true);
 }
 
-//#endregion
-//#region src/services/zkp.service.ts
-let ZKPPackage = null;
-async function loadZKPassport() {
-	if (!ZKPPackage) ZKPPackage = await import("@zkpassport/sdk");
-	return ZKPPackage;
-}
-var ZKPService = class {
-	#config = null;
-	#connected = false;
-	#zkPassport = null;
-	#currentSession = null;
-	async connect(config) {
-		if (this.#connected && this.#config?.appId === config.appId) return;
-		this.#zkPassport = new (await (loadZKPassport())).ZKPassport(window.location.hostname);
-		this.#config = config;
-		this.#connected = true;
-	}
-	async disconnect() {
-		this.#config = null;
-		this.#connected = false;
-		this.#zkPassport = null;
-		this.#currentSession = null;
-	}
-	isConnected() {
-		return this.#connected && this.#zkPassport !== null;
-	}
-	getConfig() {
-		return this.#config;
-	}
-	async verifyZKP(options = {}) {
-		if (!this.#zkPassport) throw new Error("Not connected to ZKP verifier. Call connect() first.");
-		return new Promise((resolve, reject) => {
-			const requestOptions = {
-				name: options.name || "ZKPassport Verification",
-				logo: options.logo || "https://zkpassport.id/favicon.png",
-				purpose: options.purpose || "Proof of identity",
-				scope: options.scope || "eu-adult",
-				mode: options.mode || "fast",
-				devMode: options.devMode ?? true
-			};
-			const query = this.#zkPassport.request(requestOptions).in("nationality", [...getAllCountryCodes(), "Zero Knowledge Republic"]).disclose("firstname").gte("age", 18).disclose("document_type").facematch("strict").sanctions().gte("age", 18).done();
-			const { url } = query;
-			this.#currentSession = {
-				queryUrl: url,
-				resolve,
-				reject
-			};
-			query.onRequestReceived(() => {
-				console.log("ZKPassport: Request received");
-			}).onGeneratingProof(() => {
-				console.log("ZKPassport: Generating proof");
-			}).onProofGenerated((result) => {
-				console.log("ZKPassport: Proof generated", result);
-			}).onResult(async (result) => {
-				console.log("ZKPassport: Result", result);
-				const verified = result.verified;
-				const uniqueIdentifier = result.uniqueIdentifier;
-				const data = result.result;
-				const proofSaid = result.proofId || result.proofSaid || uniqueIdentifier;
-				const expiresAt = result.expiresAt ? new Date(result.expiresAt).toISOString() : void 0;
-				if (!verified || !uniqueIdentifier) {
-					this.#currentSession?.reject(/* @__PURE__ */ new Error("ZKPassport verification failed"));
-					this.#currentSession = null;
-					return;
-				}
-				const claims = {
-					uniqueIdentifier,
-					proofSaid,
-					firstName: data?.firstname?.disclose?.result,
-					nationality: data?.nationality?.in?.result,
-					isOver18: data?.age?.gte?.result,
-					isEUCitizen: data?.nationality?.in?.result !== void 0,
-					documentType: data?.document_type?.disclose?.result,
-					verifiedAt: (/* @__PURE__ */ new Date()).toISOString(),
-					expiresAt
-				};
-				this.#currentSession?.resolve(claims);
-				this.#currentSession = null;
-			}).onReject(() => {
-				this.#currentSession?.reject(/* @__PURE__ */ new Error("User rejected ZKPassport request"));
-				this.#currentSession = null;
-			}).onError((error) => {
-				this.#currentSession?.reject(error);
-				this.#currentSession = null;
-			});
-		});
-	}
-	getCurrentQueryUrl() {
-		return this.#currentSession?.queryUrl || null;
-	}
-	cancelVerification() {
-		if (this.#currentSession) {
-			this.#currentSession.reject(/* @__PURE__ */ new Error("Verification cancelled"));
-			this.#currentSession = null;
-		}
-	}
-};
-function getAllCountryCodes() {
-	return [
-		"AD",
-		"AE",
-		"AF",
-		"AG",
-		"AI",
-		"AL",
-		"AM",
-		"AO",
-		"AQ",
-		"AR",
-		"AS",
-		"AT",
-		"AU",
-		"AW",
-		"AX",
-		"AZ",
-		"BA",
-		"BB",
-		"BD",
-		"BE",
-		"BF",
-		"BG",
-		"BH",
-		"BI",
-		"BJ",
-		"BL",
-		"BM",
-		"BN",
-		"BO",
-		"BQ",
-		"BR",
-		"BS",
-		"BT",
-		"BV",
-		"BW",
-		"BY",
-		"BZ",
-		"CA",
-		"CC",
-		"CD",
-		"CF",
-		"CG",
-		"CH",
-		"CI",
-		"CK",
-		"CL",
-		"CM",
-		"CN",
-		"CO",
-		"CR",
-		"CU",
-		"CV",
-		"CW",
-		"CX",
-		"CY",
-		"CZ",
-		"DE",
-		"DJ",
-		"DK",
-		"DM",
-		"DO",
-		"DZ",
-		"EC",
-		"EE",
-		"EG",
-		"EH",
-		"ER",
-		"ES",
-		"ET",
-		"FI",
-		"FJ",
-		"FK",
-		"FM",
-		"FO",
-		"FR",
-		"GA",
-		"GB",
-		"GD",
-		"GE",
-		"GF",
-		"GG",
-		"GH",
-		"GI",
-		"GL",
-		"GM",
-		"GN",
-		"GP",
-		"GQ",
-		"GR",
-		"GS",
-		"GT",
-		"GU",
-		"GW",
-		"GY",
-		"HK",
-		"HM",
-		"HN",
-		"HR",
-		"HT",
-		"HU",
-		"ID",
-		"IE",
-		"IL",
-		"IM",
-		"IN",
-		"IO",
-		"IQ",
-		"IR",
-		"IS",
-		"IT",
-		"JE",
-		"JM",
-		"JO",
-		"JP",
-		"KE",
-		"KG",
-		"KH",
-		"KI",
-		"KM",
-		"KN",
-		"KP",
-		"KR",
-		"KW",
-		"KY",
-		"KZ",
-		"LA",
-		"LB",
-		"LC",
-		"LI",
-		"LK",
-		"LR",
-		"LS",
-		"LT",
-		"LU",
-		"LV",
-		"LY",
-		"MA",
-		"MC",
-		"MD",
-		"ME",
-		"MF",
-		"MG",
-		"MH",
-		"MK",
-		"ML",
-		"MM",
-		"MN",
-		"MO",
-		"MP",
-		"MQ",
-		"MR",
-		"MS",
-		"MT",
-		"MU",
-		"MV",
-		"MW",
-		"MX",
-		"MY",
-		"MZ",
-		"NA",
-		"NC",
-		"NE",
-		"NF",
-		"NG",
-		"NI",
-		"NL",
-		"NO",
-		"NP",
-		"NR",
-		"NU",
-		"NZ",
-		"OM",
-		"PA",
-		"PE",
-		"PF",
-		"PG",
-		"PH",
-		"PK",
-		"PL",
-		"PM",
-		"PN",
-		"PR",
-		"PS",
-		"PT",
-		"PW",
-		"PY",
-		"QA",
-		"RE",
-		"RO",
-		"RS",
-		"RU",
-		"RW",
-		"SA",
-		"SB",
-		"SC",
-		"SD",
-		"SE",
-		"SG",
-		"SH",
-		"SI",
-		"SJ",
-		"SK",
-		"SL",
-		"SM",
-		"SN",
-		"SO",
-		"SR",
-		"SS",
-		"ST",
-		"SV",
-		"SX",
-		"SY",
-		"SZ",
-		"TC",
-		"TD",
-		"TF",
-		"TG",
-		"TH",
-		"TJ",
-		"TK",
-		"TL",
-		"TM",
-		"TN",
-		"TO",
-		"TR",
-		"TT",
-		"TV",
-		"TW",
-		"TZ",
-		"UA",
-		"UG",
-		"UM",
-		"US",
-		"UY",
-		"UZ",
-		"VA",
-		"VC",
-		"VE",
-		"VG",
-		"VI",
-		"VN",
-		"VU",
-		"WF",
-		"WS",
-		"YE",
-		"YT",
-		"ZA",
-		"ZM",
-		"ZW"
-	];
-}
-function isZKPAvailable() {
-	return import("@zkpassport/sdk").then(() => true).catch(() => false);
-}
-
-//#endregion
-//#region src/services/individual-trust.service.ts
-var IndividualTrustService = class {
-	#eudiService;
-	#zkpService;
-	constructor() {
-		this.#eudiService = new EUDIService();
-		this.#zkpService = new ZKPService();
-	}
-	get eudi() {
-		return this.#eudiService;
-	}
-	get zkp() {
-		return this.#zkpService;
-	}
-	async connectEUDI(config) {
-		await this.#eudiService.connect(config);
-	}
-	async connectZKP(config) {
-		await this.#zkpService.connect(config);
-	}
-	async disconnect() {
-		await this.#eudiService.disconnect();
-		await this.#zkpService.disconnect();
-	}
-	isConnected() {
-		return this.#eudiService.isConnected() || this.#zkpService.isConnected();
-	}
-	async verifyEUDI() {
-		return this.#eudiService.verifyEUDI();
-	}
-	async verifyZKP(options) {
-		return this.#zkpService.verifyZKP(options);
-	}
-	getVerificationStatus() {
-		return {
-			eudi: this.#eudiService.isConnected(),
-			zkp: this.#zkpService.isConnected()
-		};
-	}
-};
-
-//#endregion
-//#region src/services/keria.service.ts
-let SignifyClientClass = null;
-let loadPromise = null;
-async function loadSignify() {
-	if (loadPromise) return loadPromise;
-	loadPromise = import("@global-vlei/signify-ts");
-	const signify = await loadPromise;
-	SignifyClientClass = signify.SignifyClient;
-	return signify;
-}
-var KERIAService = class {
-	#client = null;
-	#aidName = null;
-	#aidPrefix = null;
-	#url = null;
-	#connected = false;
-	#cachedCredentials = null;
-	async connect(url, bran) {
-		if (this.#connected && this.#url === url) return {
-			url: this.#url,
-			aidName: this.#aidName,
-			aidPrefix: this.#aidPrefix
-		};
-		const { ready, Tier } = await loadSignify();
-		await ready();
-		const bootUrl = url.replace(/:\d+$/, ":3903");
-		const client = new SignifyClientClass(url, bran, Tier.low, bootUrl);
-		try {
-			await client.connect();
-		} catch (e) {
-			const error = e;
-			if (error.message?.includes("404") || error.message?.includes("boot")) try {
-				await client.boot();
-				await client.approveDelegation();
-				await client.connect();
-			} catch (bootError) {
-				throw new Error(`Failed to boot KERIA agent: ${bootError.message}`);
-			}
-			else throw new Error(`Failed to connect to KERIA: ${error.message}`);
-		}
-		const identifiers = await client.identifiers().list();
-		if (!identifiers || identifiers.length === 0) throw new Error("No identifiers found in KERIA agent. Create an AID first.");
-		const aid = identifiers[0];
-		this.#client = client;
-		this.#aidName = aid.name;
-		this.#aidPrefix = aid.prefix;
-		this.#url = url;
-		this.#connected = true;
-		this.#cachedCredentials = null;
-		return {
-			url,
-			aidName: aid.name,
-			aidPrefix: aid.prefix
-		};
-	}
-	async disconnect() {
-		this.#client = null;
-		this.#aidName = null;
-		this.#aidPrefix = null;
-		this.#url = null;
-		this.#connected = false;
-		this.#cachedCredentials = null;
-	}
-	isConnected() {
-		return this.#connected && this.#client !== null;
-	}
-	getConnection() {
-		if (!this.#connected || !this.#aidName || !this.#aidPrefix || !this.#url) return null;
-		return {
-			url: this.#url,
-			aidName: this.#aidName,
-			aidPrefix: this.#aidPrefix
-		};
-	}
-	async fetchCredentials() {
-		if (!this.#client) throw new Error("Not connected to KERIA");
-		if (this.#cachedCredentials) return this.#cachedCredentials;
-		this.#cachedCredentials = (await this.#client.credentials().list({ limit: 100 })).map((c) => {
-			const cred = c;
-			return {
-				said: cred.sad?.d || cred.said || "",
-				schema: cred.sad?.s || cred.schema || "",
-				issuer: cred.sad?.i || "",
-				subject: cred.sad?.a || cred.attributes || {},
-				issuanceDate: cred.sad?.a?.dt || "",
-				raw: c
-			};
-		});
-		return this.#cachedCredentials;
-	}
-	async findVLEICredentials() {
-		const creds = await this.fetchCredentials();
-		const entityCred = creds.find((c) => c.schema === VLEI_SCHEMAS.legalEntity);
-		const roleCred = creds.find((c) => c.schema === VLEI_SCHEMAS.officialRole);
-		if (!entityCred || !roleCred) return null;
-		return {
-			entity: entityCred,
-			role: roleCred
-		};
-	}
-	async verifyCredentials() {
-		const vlei = await this.findVLEICredentials();
-		if (!vlei) throw new Error("No vLEI credentials found");
-		const roleSubject = vlei.role.subject;
-		const entitySubject = vlei.entity.subject;
-		const now = (/* @__PURE__ */ new Date()).toISOString();
-		const expiresAt = roleSubject["e"];
-		const expiresAtISO = expiresAt ? (/* @__PURE__ */ new Date(expiresAt * 1e3)).toISOString() : void 0;
-		if (expiresAt && expiresAt < Math.floor(Date.now() / 1e3)) throw new Error("vLEI credentials have expired");
-		return {
-			aidPrefix: this.#aidPrefix,
-			lei: entitySubject["lei"] || "",
-			legalName: entitySubject["legalName"] || "",
-			role: roleSubject["role"] || "",
-			roleCredentialSaid: vlei.role.said,
-			entityCredentialSaid: vlei.entity.said,
-			verifiedAt: now,
-			expiresAt: expiresAtISO
-		};
-	}
-	async signChallenge(challenge) {
-		if (!this.#client || !this.#aidName) throw new Error("Not connected to KERIA");
-		const hab = await this.#client.identifiers().get(this.#aidName);
-		const keeper = this.#client.manager.get(hab);
-		const challengeBytes = new TextEncoder().encode(challenge);
-		return {
-			signature: (await keeper.sign(challengeBytes))[0],
-			signer: this.#aidPrefix
-		};
-	}
-	getCachedCredentials() {
-		return this.#cachedCredentials ?? [];
-	}
-	clearCache() {
-		this.#cachedCredentials = null;
-	}
-};
-function isKERIAAvailable() {
-	return import("@global-vlei/signify-ts").then(() => true).catch(() => false);
-}
-
-//#endregion
-//#region src/services/organization-trust.service.ts
-var OrganizationTrustService = class {
-	#keriaService;
-	#eudiService;
-	constructor() {
-		this.#keriaService = new KERIAService();
-		this.#eudiService = new EUDIService();
-	}
-	get keria() {
-		return this.#keriaService;
-	}
-	get eudi() {
-		return this.#eudiService;
-	}
-	async connectKERIA(url, bran) {
-		return this.#keriaService.connect(url, bran);
-	}
-	async connectEUDI(config) {
-		await this.#eudiService.connect(config);
-	}
-	async disconnect() {
-		await this.#keriaService.disconnect();
-		await this.#eudiService.disconnect();
-	}
-	isConnected() {
-		return this.#keriaService.isConnected() || this.#eudiService.isConnected();
-	}
-	async verifyVLEI() {
-		return this.#keriaService.verifyCredentials();
-	}
-	async verifyEUDILegal() {
-		const session = await this.#eudiService.createLegalPIDVerificationSession();
-		const maxAttempts = 60;
-		const pollInterval = 2e3;
-		let attempts = 0;
-		while (attempts < maxAttempts) {
-			const result = await this.#eudiService.pollVerificationResult(session.sessionId);
-			if (result.status === "verified") {
-				const config = this.#eudiService.getConfig();
-				if (!config) throw new Error("EUDI service not configured");
-				const vpResponse = await this.#fetchVPToken(config.url, session.sessionId);
-				if (vpResponse?.vp_token) return this.#eudiService.extractLegalPIDClaims(vpResponse.vp_token, session.challenge);
-			}
-			if (result.status === "failed") throw new Error("EUDI Legal PID verification failed or was rejected");
-			await new Promise((resolve) => setTimeout(resolve, pollInterval));
-			attempts++;
-		}
-		throw new Error("EUDI Legal PID verification timed out");
-	}
-	async #fetchVPToken(baseUrl, sessionId) {
-		try {
-			const response = await fetch(`${baseUrl}/api/v1/presentations/sessions/${sessionId}`, {
-				method: "GET",
-				headers: { Accept: "application/json" }
-			});
-			return response.ok ? await response.json() : null;
-		} catch {
-			return null;
-		}
-	}
-	getVerificationStatus() {
-		return {
-			vlei: this.#keriaService.isConnected(),
-			eudiLegal: this.#eudiService.isConnected()
-		};
-	}
-};
-
 //#endregion
 //#region src/types/trust.ts
 function isTrustExpired(trust) {
@@ -13961,14 +13344,9 @@ exports.GroupManager = GroupManager;
 exports.IndexedDBGroupStateBackend = IndexedDBGroupStateBackend;
 exports.IndexedDBKeyPackageStore = IndexedDBKeyPackageStore;
 exports.IndexedDBKeyValueBackend = IndexedDBKeyValueBackend;
-exports.IndividualTrustService = IndividualTrustService;
-exports.KERIAService = KERIAService;
 exports.KeyManager = KeyManager;
 exports.MultisigManager = MultisigManager;
-exports.OrganizationTrustService = OrganizationTrustService;
 exports.RelayService = RelayService;
-exports.ZKMService = require_zkm_service.ZKMService;
-exports.ZKPService = ZKPService;
 exports.aesGcmDecrypt = aesGcmDecrypt;
 exports.aesGcmEncrypt = aesGcmEncrypt;
 exports.buildAuthEvent = buildAuthEvent;
@@ -14006,12 +13384,9 @@ exports.hexToBytes = hexToBytes;
 exports.importPublicKeyFromBundle = importPublicKeyFromBundle;
 exports.initiateOAuthFlow = initiateOAuthFlow;
 exports.isEUDIAvailable = isEUDIAvailable;
-exports.isKERIAAvailable = isKERIAAvailable;
 exports.isPrfSupported = require_prf_handler.isPrfSupported;
 exports.isTrustExpired = isTrustExpired;
 exports.isValidDidNostr = isValidDidNostr;
-exports.isZKMAvailable = require_zkm_service.isZKMAvailable;
-exports.isZKPAvailable = isZKPAvailable;
 exports.nip42Authenticate = authenticateToRelay;
 exports.normalizeRelayUrl = normalizeRelayUrl;
 exports.parseRecoveryTag = parseRecoveryTag;