vortez 5.0.0-dev.17 → 5.0.0-dev.19

package/build/Vortez.d.ts

@@ -10,4 +10,5 @@ export { Utilities } from "./utilities/Utilities.js";
 export * as Beta from "./beta/Beta.js";
 export { ServerError } from "./server/ServerError.js";
 export { Router } from "./server/router/Router.js";
+export { Config } from "./server/config/Config.js";
 export { Server as default, Server as Vortez } from "./server/Server.js";

package/build/Vortez.js

@@ -10,5 +10,6 @@ export { Utilities } from "./utilities/Utilities.js";
 export * as Beta from "./beta/Beta.js";
 export { ServerError } from "./server/ServerError.js";
 export { Router } from "./server/router/Router.js";
+export { Config } from "./server/config/Config.js";
 export { Server as default, Server as Vortez } from "./server/Server.js";
 //# sourceMappingURL=Vortez.js.map

package/build/Vortez.js.map

@@ -1 +1 @@
-{"version":3,"file":"Vortez.js","sourceRoot":"","sources":["../src/Vortez.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,MAAM,IAAI,OAAO,EAAE,MAAM,IAAI,MAAM,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"Vortez.js","sourceRoot":"","sources":["../src/Vortez.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,MAAM,IAAI,OAAO,EAAE,MAAM,IAAI,MAAM,EAAE,MAAM,oBAAoB,CAAC"}

package/build/beta/JwtManager/HeaderValidator.d.ts

@@ -0,0 +1,25 @@
+import type Jwt from "./Jwt.js";
+export declare class HeaderValidator {
+    static ALLOWED_ALGO_PREFIXES: string[];
+    static ALLOWED_ALGO_LENGTHS: number[];
+    /**
+     * Static method to validate the JWT header. It checks if the header is a non-null object and then calls specific validation methods for the algorithm, type, and expiration claims. If any of the validations fail, it throws an error indicating the issue with the header.
+     * @param header The JWT header object to validate.
+     * @throws Will throw an error if the header is not a non-null object or if any of the specific validations fail.
+     */
+    static validate(header: any): asserts header is Jwt.Header;
+    /**
+     * Static method to validate the `alg` (algorithm) property in the JWT header. It checks if the `alg` property is present, ensures that it follows the expected format (a prefix followed by a length), and verifies that the prefix and length are among the allowed values. If any of these conditions are not met, it throws an error indicating the issue with the `alg` property.
+     * @param header The JWT header object to validate, which should contain the `alg` property.
+     * @throws Will throw an error if the `alg` property is missing, does not follow the expected format, or has an unsupported prefix or length.
+     */
+    static validateAlgorithm(header: any): void;
+    /**
+     * Static method to validate the `typ` (type) property in the JWT header. It checks if the `typ` property is present, ensures that it is a string, and verifies that its value is "jwt" (case-insensitive). If any of these conditions are not met, it throws an error indicating the issue with the `typ` property.
+     * @param header The JWT header object to validate, which should contain the `typ` property.
+     * @throws Will throw an error if the `typ` property is missing, is not a string, or does not equal "jwt" (case-insensitive).
+     */
+    static validateType(header: any): void;
+}
+export declare namespace HeaderValidator { }
+export default HeaderValidator;

package/build/beta/JwtManager/HeaderValidator.js

@@ -0,0 +1,47 @@
+export class HeaderValidator {
+    static ALLOWED_ALGO_PREFIXES = ['HS', 'RS', 'PS', 'ES'];
+    static ALLOWED_ALGO_LENGTHS = [256, 384, 512];
+    /**
+     * Static method to validate the JWT header. It checks if the header is a non-null object and then calls specific validation methods for the algorithm, type, and expiration claims. If any of the validations fail, it throws an error indicating the issue with the header.
+     * @param header The JWT header object to validate.
+     * @throws Will throw an error if the header is not a non-null object or if any of the specific validations fail.
+     */
+    static validate(header) {
+        if (typeof header !== 'object' || header === null)
+            throw new Error('Header must be a non-null object');
+        this.validateAlgorithm(header);
+        this.validateType(header);
+    }
+    /**
+     * Static method to validate the `alg` (algorithm) property in the JWT header. It checks if the `alg` property is present, ensures that it follows the expected format (a prefix followed by a length), and verifies that the prefix and length are among the allowed values. If any of these conditions are not met, it throws an error indicating the issue with the `alg` property.
+     * @param header The JWT header object to validate, which should contain the `alg` property.
+     * @throws Will throw an error if the `alg` property is missing, does not follow the expected format, or has an unsupported prefix or length.
+     */
+    static validateAlgorithm(header) {
+        if (!('alg' in header))
+            throw new Error('Header must contain "alg" property');
+        const [prefix, lengthStr] = header.alg.match(/([A-Z]+)(\d+)/)?.slice(1) || [];
+        if (!prefix || !lengthStr)
+            throw new Error('Invalid "alg" format in header');
+        const length = parseInt(lengthStr, 10);
+        if (!HeaderValidator.ALLOWED_ALGO_PREFIXES.includes(prefix))
+            throw new Error(`Unsupported algorithm prefix: ${prefix}`);
+        if (!HeaderValidator.ALLOWED_ALGO_LENGTHS.includes(length))
+            throw new Error(`Unsupported algorithm length: ${length}`);
+    }
+    /**
+     * Static method to validate the `typ` (type) property in the JWT header. It checks if the `typ` property is present, ensures that it is a string, and verifies that its value is "jwt" (case-insensitive). If any of these conditions are not met, it throws an error indicating the issue with the `typ` property.
+     * @param header The JWT header object to validate, which should contain the `typ` property.
+     * @throws Will throw an error if the `typ` property is missing, is not a string, or does not equal "jwt" (case-insensitive).
+     */
+    static validateType(header) {
+        if (!('typ' in header))
+            throw new Error('Header must contain "typ" property');
+        if (typeof header.typ !== 'string')
+            throw new Error('The "typ" property must be a string');
+        if (header.typ.toLowerCase() !== 'jwt')
+            throw new Error('The "typ" property must be "jwt"');
+    }
+}
+export default HeaderValidator;
+//# sourceMappingURL=HeaderValidator.js.map

package/build/beta/JwtManager/HeaderValidator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HeaderValidator.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/HeaderValidator.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,eAAe;IACjB,MAAM,CAAC,qBAAqB,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,oBAAoB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACrD;;;;OAIG;IACI,MAAM,CAAC,QAAQ,CAAC,MAAW;QAC9B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACvG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAC,MAAW;QACvC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC9E,MAAM,CAAE,MAAM,EAAE,SAAS,CAAE,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChF,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAC7E,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,eAAe,CAAC,qBAAqB,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;QACxH,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;IAC3H,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,YAAY,CAAC,MAAW;QAClC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAC9E,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3F,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAChG,CAAC;;AAGL,eAAe,eAAe,CAAC"}

package/build/beta/JwtManager/Jwt.d.ts

@@ -1,17 +1,24 @@
-import type JwtManager from './JwtManager.js';
+import type Algorithm from './algorithm/Algorithm.js';
+import type KeyEntry from './KeyEntry.js';
 export declare class Jwt implements Jwt.Jwt {
     readonly header: Jwt.Header;
     readonly payload: Jwt.Payload;
     readonly signature: string;
-    protected readonly manager: JwtManager;
-    constructor(header: Jwt.Header, payload: Jwt.Payload, signature: string, manager: JwtManager);
+    protected readonly signer: Algorithm;
+    constructor(header: Jwt.Header, payload: Jwt.Payload, signature: string, signer: Algorithm);
     /**
      * Checks if the JWT has expired based on the `exp` claim in the payload. If the `exp` claim is not present, it returns `false`, indicating that the token is not considered expired. If the `exp` claim is present, it compares the current time (in seconds since the Unix epoch) with the expiration time specified in the `exp` claim and returns `true` if the token has expired, or `false` otherwise.
      * @returns `true` if the JWT has expired; otherwise, `false`.
      */
-    expired(): boolean;
+    get expired(): boolean;
     toJSON(): Jwt.Jwt;
     toString(): string;
+    /**
+     * Static method to check if a given expiration time (in seconds since the Unix epoch) has passed. It compares the current time with the provided expiration time and returns `true` if the current time is greater than or equal to the expiration time, indicating that the token has expired, or `false` otherwise.
+     * @param exp The expiration time to check, represented as a number of seconds since the Unix epoch.
+     * @returns `true` if the current time is greater than or equal to the expiration time; otherwise, `false`.
+     */
+    static isExpired(exp: number): boolean;
 }
 export declare namespace Jwt {
     interface Jwt {
@@ -20,12 +27,13 @@ export declare namespace Jwt {
         signature: string;
     }
     interface Header {
-        alg: JwtManager.AlgorithmName;
+        alg: KeyEntry.AlgorithmName;
         typ: 'jwt';
-        exp?: number;
+        kid?: string;
         [key: string]: any;
     }
     interface Payload {
+        exp?: number;
         [key: string]: any;
     }
 }

package/build/beta/JwtManager/Jwt.js

@@ -3,22 +3,21 @@ export class Jwt {
     header;
     payload;
     signature;
-    manager;
-    constructor(header, payload, signature, manager) {
+    signer;
+    constructor(header, payload, signature, signer) {
         this.header = header;
         this.payload = payload;
         this.signature = signature;
-        this.manager = manager;
+        this.signer = signer;
     }
     /**
      * Checks if the JWT has expired based on the `exp` claim in the payload. If the `exp` claim is not present, it returns `false`, indicating that the token is not considered expired. If the `exp` claim is present, it compares the current time (in seconds since the Unix epoch) with the expiration time specified in the `exp` claim and returns `true` if the token has expired, or `false` otherwise.
      * @returns `true` if the JWT has expired; otherwise, `false`.
      */
-    expired() {
-        if (!this.header.exp)
+    get expired() {
+        if (this.payload.exp == null)
             return false;
-        const now = Math.floor(Date.now() / 1000);
-        return now >= this.header.exp;
+        return Jwt.isExpired(this.payload.exp);
     }
     toJSON() {
         return { header: this.header, payload: this.payload, signature: this.signature };
@@ -28,6 +27,15 @@ export class Jwt {
         const encodedPayload = JwtUtils.objectToBase64Url(this.payload);
         return `${encodedHeader}.${encodedPayload}.${this.signature}`;
     }
+    /**
+     * Static method to check if a given expiration time (in seconds since the Unix epoch) has passed. It compares the current time with the provided expiration time and returns `true` if the current time is greater than or equal to the expiration time, indicating that the token has expired, or `false` otherwise.
+     * @param exp The expiration time to check, represented as a number of seconds since the Unix epoch.
+     * @returns `true` if the current time is greater than or equal to the expiration time; otherwise, `false`.
+     */
+    static isExpired(exp) {
+        const now = JwtUtils.nowInSeconds();
+        return now >= exp;
+    }
 }
 export default Jwt;
 //# sourceMappingURL=Jwt.js.map

package/build/beta/JwtManager/Jwt.js.map

@@ -1 +1 @@
-{"version":3,"file":"Jwt.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/Jwt.ts"],"names":[],"mappings":"AAEA,OAAO,QAAQ,MAAM,eAAe,CAAC;AAErC,MAAM,OAAO,GAAG;IAEQ;IACA;IACA;IACG;IAJvB,YACoB,MAAkB,EAClB,OAAoB,EACpB,SAAiB,EACd,OAAmB;QAHtB,WAAM,GAAN,MAAM,CAAY;QAClB,YAAO,GAAP,OAAO,CAAa;QACpB,cAAS,GAAT,SAAS,CAAQ;QACd,YAAO,GAAP,OAAO,CAAY;IACvC,CAAC;IACJ;;;OAGG;IACI,OAAO;QACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IAClC,CAAC;IAEM,MAAM;QACT,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IACrF,CAAC;IACM,QAAQ;QACX,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,GAAG,aAAa,IAAI,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;IAClE,CAAC;CACJ;AAiBD,eAAe,GAAG,CAAC"}
+{"version":3,"file":"Jwt.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/Jwt.ts"],"names":[],"mappings":"AAGA,OAAO,QAAQ,MAAM,eAAe,CAAC;AAErC,MAAM,OAAO,GAAG;IAEQ;IACA;IACA;IACG;IAJvB,YACoB,MAAkB,EAClB,OAAoB,EACpB,SAAiB,EACd,MAAiB;QAHpB,WAAM,GAAN,MAAM,CAAY;QAClB,YAAO,GAAP,OAAO,CAAa;QACpB,cAAS,GAAT,SAAS,CAAQ;QACd,WAAM,GAAN,MAAM,CAAW;IACrC,CAAC;IACJ;;;OAGG;IACH,IAAW,OAAO;QACd,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI;YAAE,OAAO,KAAK,CAAC;QAC3C,OAAO,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;IAEM,MAAM;QACT,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IACrF,CAAC;IACM,QAAQ;QACX,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,GAAG,aAAa,IAAI,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;IAClE,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,SAAS,CAAC,GAAW;QAC/B,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,EAAE,CAAC;QACpC,OAAO,GAAG,IAAI,GAAG,CAAC;IACtB,CAAC;CACJ;AAkBD,eAAe,GAAG,CAAC"}

package/build/beta/JwtManager/JwtManager.d.ts

@@ -1,49 +1,56 @@
-import RSA from "./algorithm/RSA.js";
-import HMAC from "./algorithm/HMAC.js";
-import ECDSA from "./algorithm/ECDSA.js";
-import RSAPSS from "./algorithm/RSAPSS.js";
 import _KeyGenerator from "./KeyGenerator.js";
-import _JwtUtils from "./JwtUtils.js";
 import _Algorithm from "./algorithm/Algorithm.js";
+import _JwtUtils from "./JwtUtils.js";
+import _KeyEntry from "./KeyEntry.js";
 import _Jwt from "./Jwt.js";
 export { KeyGenerator } from "./KeyGenerator.js";
 export { Algorithm } from "./algorithm/Algorithm.js";
 export { JwtUtils } from "./JwtUtils.js";
+export { KeyEntry as KIDEntry } from "./KeyEntry.js";
 export { Jwt } from "./Jwt.js";
-export declare const AlgorithmMap: {
-    HS: typeof HMAC;
-    RS: typeof RSA;
-    PS: typeof RSAPSS;
-    ES: typeof ECDSA;
-};
 export declare class JwtManager {
-    readonly algorithmName: JwtManager.AlgorithmName;
-    protected readonly algorithm: JwtManager.Algorithm;
-    constructor(algorithmName: JwtManager.AlgorithmName, key: JwtManager.Algorithm.Key | JwtManager.Algorithm.KeyOptions);
+    protected KIDMap: JwtManager.KIDMap;
+    protected defaultEntry: JwtManager.KeyEntry;
+    constructor(entry: JwtManager.KeyOption, ...entries: JwtManager.KeyOption[]);
+    /**
+     * Adds a new key entry to the manager's KID map.
+     * The provided entry can be either an instance of `KIDEntry` or an object containing the necessary properties to create a new `KIDEntry`.
+     * The method normalizes the entry using the `normalizeEntry` static method and then adds it to the KID map using the entry's `kid` property as the key.
+     * @param entry The key entry to be added, which can be either an instance of `KIDEntry` or an object containing the properties needed to create a new `KIDEntry`.
+     */
+    addKey(entry: JwtManager.KeyOption): void;
+    /**
+     * Removes the key associated with the specified key ID (kid) from the manager's KID map.
+     * If the specified kid does not exist in the map, this method does nothing.
+     * @param kid The key ID of the key to be removed from the manager's KID map.
+     */
+    delKey(kid: string): void;
     /**
      * Signs the given payload with the specified header using the configured algorithm and key.
      * @param payload The payload to be signed, represented as a JavaScript object.
-     * @param header The header to be included in the JWT, represented as a JavaScript object. The `alg` property will be automatically set based on the manager's algorithm.
+     * @param header The header to be included in the JWT, represented as a JavaScript object.
+     *   - The `alg` property will be automatically set based on the manager's algorithm.
      * @returns The complete JWT as a string, consisting of the base64url-encoded header, payload, and signature.
      */
     sign(payload: JwtManager.Jwt.Payload, header?: Partial<JwtManager.Jwt.Header>): string;
     parse(token: string): JwtManager.Jwt;
-    toJSON(): object;
-    toString(): string;
     /**
-     * Determines the appropriate algorithm class based on the provided options and creates an instance of it.
-     * @param algorithm The name of the algorithm to be used for signing and verifying JWTs (e.g., "HS256", "RS384", "ES512").
-     * @param key The secret key or private key to be used for signing and verifying JWTs.
-     * @returns An instance of the corresponding Algorithm subclass.
+     * Normalizes a given key entry option into a `KIDEntry` instance. If the provided entry is already an instance of `KIDEntry`, it is returned as-is.
+     * If the entry is provided as an object containing the necessary properties to create a new `KIDEntry`.
+     * @param entry The key entry option to be normalized, which can be either an instance of `KIDEntry` or an object containing the properties needed to create a new `KIDEntry`.
+     * @returns A `KIDEntry` instance corresponding to the provided entry option.
      */
-    protected static getAlgorithm(algorithm: JwtManager.AlgorithmName, key: JwtManager.Algorithm.Key | JwtManager.Algorithm.KeyOptions): JwtManager.Algorithm;
+    static normalizeEntry(entry: JwtManager.KeyOption): JwtManager.KeyEntry;
 }
 export declare namespace JwtManager {
     export import Algorithm = _Algorithm;
     export import KeyGenerator = _KeyGenerator;
     export import JwtUtils = _JwtUtils;
+    export import KeyEntry = _KeyEntry;
     export import Jwt = _Jwt;
-    type AlgPrefix = 'HS' | 'RS' | 'ES' | 'PS';
-    type AlgorithmName = `${AlgPrefix}${JwtManager.Algorithm.HashLength}`;
+    type KeyOption = KeyEntry | KeyEntry.KeyEntryOptions;
+    interface KIDMap {
+        [kid: string]: KeyEntry;
+    }
 }
 export default JwtManager;

package/build/beta/JwtManager/JwtManager.js

@@ -1,73 +1,94 @@
-import RSA from "./algorithm/RSA.js";
-import HMAC from "./algorithm/HMAC.js";
-import ECDSA from "./algorithm/ECDSA.js";
-import RSAPSS from "./algorithm/RSAPSS.js";
 import _KeyGenerator from "./KeyGenerator.js";
-import _JwtUtils from "./JwtUtils.js";
 import _Algorithm from "./algorithm/Algorithm.js";
+import _JwtUtils from "./JwtUtils.js";
+import _KeyEntry from "./KeyEntry.js";
 import _Jwt from "./Jwt.js";
 export { KeyGenerator } from "./KeyGenerator.js";
 export { Algorithm } from "./algorithm/Algorithm.js";
 export { JwtUtils } from "./JwtUtils.js";
+export { KeyEntry as KIDEntry } from "./KeyEntry.js";
 export { Jwt } from "./Jwt.js";
-export const AlgorithmMap = {
-    HS: HMAC,
-    RS: RSA,
-    PS: RSAPSS,
-    ES: ECDSA
-};
 export class JwtManager {
-    algorithmName;
-    algorithm;
-    constructor(algorithmName, key) {
-        this.algorithmName = algorithmName;
-        this.algorithm = JwtManager.getAlgorithm(algorithmName, key);
+    KIDMap = {};
+    defaultEntry;
+    constructor(entry, ...entries) {
+        this.defaultEntry = JwtManager.normalizeEntry(entry);
+        entries = [this.defaultEntry, ...entries];
+        for (const e of entries) {
+            this.addKey(e);
+        }
+    }
+    /**
+     * Adds a new key entry to the manager's KID map.
+     * The provided entry can be either an instance of `KIDEntry` or an object containing the necessary properties to create a new `KIDEntry`.
+     * The method normalizes the entry using the `normalizeEntry` static method and then adds it to the KID map using the entry's `kid` property as the key.
+     * @param entry The key entry to be added, which can be either an instance of `KIDEntry` or an object containing the properties needed to create a new `KIDEntry`.
+     */
+    addKey(entry) {
+        const kidEntry = JwtManager.normalizeEntry(entry);
+        this.KIDMap[kidEntry.kid] = kidEntry;
     }
+    /**
+     * Removes the key associated with the specified key ID (kid) from the manager's KID map.
+     * If the specified kid does not exist in the map, this method does nothing.
+     * @param kid The key ID of the key to be removed from the manager's KID map.
+     */
+    delKey(kid) { delete this.KIDMap[kid]; }
     /**
      * Signs the given payload with the specified header using the configured algorithm and key.
      * @param payload The payload to be signed, represented as a JavaScript object.
-     * @param header The header to be included in the JWT, represented as a JavaScript object. The `alg` property will be automatically set based on the manager's algorithm.
+     * @param header The header to be included in the JWT, represented as a JavaScript object.
+     *   - The `alg` property will be automatically set based on the manager's algorithm.
      * @returns The complete JWT as a string, consisting of the base64url-encoded header, payload, and signature.
      */
     sign(payload, header = {}) {
-        header = { ...header, alg: this.algorithmName };
+        const kid = header.kid || this.defaultEntry.kid;
+        const entry = this.KIDMap[kid];
+        if (!entry)
+            throw new Error(`No key found for kid: ${kid}`);
+        const { signer, alg } = entry;
+        header = { ...header, alg, kid, typ: 'jwt' };
         const encodedHeader = JwtManager.JwtUtils.objectToBase64Url(header);
         const encodedPayload = JwtManager.JwtUtils.objectToBase64Url(payload);
         const content = `${encodedHeader}.${encodedPayload}`;
-        const signature = this.algorithm.sign(content);
+        const signature = signer.sign(content);
         return `${content}.${signature}`;
     }
     parse(token) {
-        const parts = token.split('.');
-        if (parts.length !== 3)
-            throw new Error('Invalid JWT format');
-        const [encodedHeader, encodedPayload, signature] = parts;
-        const verified = this.algorithm.verify(`${encodedHeader}.${encodedPayload}`, signature);
-        if (!verified)
-            throw new Error('Invalid JWT signature');
-        const header = JwtManager.JwtUtils.base64UrlToObject(encodedHeader);
-        const payload = JwtManager.JwtUtils.base64UrlToObject(encodedPayload);
-        return new JwtManager.Jwt(header, payload, signature, this);
+        const { header, payload, signature, encodedHeader, encodedPayload } = JwtManager.JwtUtils.getJwtParts(token);
+        const kid = header.kid || this.defaultEntry.kid;
+        const entry = this.KIDMap[kid];
+        if (!entry)
+            throw new Error(`No key found for kid: ${kid}`);
+        const signer = entry.signer;
+        const content = `${encodedHeader}.${encodedPayload}`;
+        if (!signer.verify(content, signature))
+            throw new Error('Invalid signature');
+        const jwt = new JwtManager.Jwt(header, payload, signature, signer);
+        if (jwt.expired)
+            throw new Error('Token has expired');
+        return jwt;
     }
-    toJSON() { return { algorithm: this.algorithmName }; }
-    toString() { return `Jwt manager with algorithm ${this.algorithmName}`; }
+    // toJSON(): object { return { algorithm: this.algorithmName }; }
+    // toString(): string { return `Jwt manager with algorithm ${this.algorithmName}`; }
     /**
-     * Determines the appropriate algorithm class based on the provided options and creates an instance of it.
-     * @param algorithm The name of the algorithm to be used for signing and verifying JWTs (e.g., "HS256", "RS384", "ES512").
-     * @param key The secret key or private key to be used for signing and verifying JWTs.
-     * @returns An instance of the corresponding Algorithm subclass.
+     * Normalizes a given key entry option into a `KIDEntry` instance. If the provided entry is already an instance of `KIDEntry`, it is returned as-is.
+     * If the entry is provided as an object containing the necessary properties to create a new `KIDEntry`.
+     * @param entry The key entry option to be normalized, which can be either an instance of `KIDEntry` or an object containing the properties needed to create a new `KIDEntry`.
+     * @returns A `KIDEntry` instance corresponding to the provided entry option.
      */
-    static getAlgorithm(algorithm, key) {
-        const prefix = JwtManager.JwtUtils.getAlgPrefix(algorithm);
-        const hashLength = JwtManager.JwtUtils.getHashLength(algorithm);
-        const alg = AlgorithmMap[prefix];
-        return new alg(hashLength, key);
+    static normalizeEntry(entry) {
+        if (entry instanceof JwtManager.KeyEntry)
+            return entry;
+        const { alg: algorithm, key, kid } = entry;
+        return new JwtManager.KeyEntry(algorithm, key, kid);
     }
 }
 (function (JwtManager) {
     JwtManager.Algorithm = _Algorithm;
     JwtManager.KeyGenerator = _KeyGenerator;
     JwtManager.JwtUtils = _JwtUtils;
+    JwtManager.KeyEntry = _KeyEntry;
     JwtManager.Jwt = _Jwt;
 })(JwtManager || (JwtManager = {}));
 export default JwtManager;

package/build/beta/JwtManager/JwtManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"JwtManager.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtManager.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,oBAAoB,CAAC;AACrC,OAAO,IAAI,MAAM,qBAAqB,CAAC;AACvC,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,MAAM,MAAM,uBAAuB,CAAC;AAE3C,OAAO,aAAa,MAAM,mBAAmB,CAAC;AAC9C,OAAO,SAAS,MAAM,eAAe,CAAC;AACtC,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAClD,OAAO,IAAI,MAAM,UAAU,CAAC;AAE5B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,CAAC,MAAM,YAAY,GAAG;IACxB,EAAE,EAAE,IAAI;IACR,EAAE,EAAE,GAAG;IACP,EAAE,EAAE,MAAM;IACV,EAAE,EAAE,KAAK;CACZ,CAAC;AAEF,MAAM,OAAO,UAAU;IAGC;IAFD,SAAS,CAAuB;IACnD,YACoB,aAAuC,EACvD,GAA+D;QAD/C,kBAAa,GAAb,aAAa,CAA0B;QAEvD,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAAC,CAAC;IACnE;;;;;OAKG;IACI,IAAI,CAAC,OAA+B,EAAE,SAAyC,EAAE;QACpF,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;QAEhD,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,GAAG,OAAO,IAAI,SAAS,EAAE,CAAC;IACrC,CAAC;IACM,KAAK,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC9D,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QAEzD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,aAAa,IAAI,cAAc,EAAE,EAAE,SAAS,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAExD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAwB,aAAa,CAAC,CAAC;QAC3F,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAyB,cAAc,CAAC,CAAC;QAC9F,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAa,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAC9D,QAAQ,KAAa,OAAO,8BAA8B,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IAEjF;;;;;OAKG;IACO,MAAM,CAAC,YAAY,CAAC,SAAmC,EAAE,GAA+D;QAC9H,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAEhE,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACjC,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;CACJ;AACD,WAAiB,UAAU;IACT,oBAAS,GAAG,UAAU,CAAC;IACvB,uBAAY,GAAG,aAAa,CAAC;IAC7B,mBAAQ,GAAG,SAAS,CAAC;IACrB,cAAG,GAAG,IAAI,CAAC;AAI7B,CAAC,EARgB,UAAU,KAAV,UAAU,QAQ1B;AACD,eAAe,UAAU,CAAC"}
+{"version":3,"file":"JwtManager.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtManager.ts"],"names":[],"mappings":"AACA,OAAO,aAAa,MAAM,mBAAmB,CAAC;AAC9C,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAClD,OAAO,SAAS,MAAM,eAAe,CAAC;AACtC,OAAO,SAAS,MAAM,eAAe,CAAC;AACtC,OAAO,IAAI,MAAM,UAAU,CAAC;AAE5B,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,QAAQ,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B,MAAM,OAAO,UAAU;IACT,MAAM,GAAsB,EAAE,CAAC;IAC/B,YAAY,CAAsB;IAE5C,YACI,KAA2B,EAC3B,GAAG,OAA+B;QAElC,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACrD,OAAO,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IAChD,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,KAA2B;QACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;IACzC,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,GAAW,IAAU,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7D;;;;;;OAMG;IACI,IAAI,CAAC,OAA+B,EAAE,SAAyC,EAAE;QACpF,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAE5D,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;QAE9B,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAE7C,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACtE,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;QAErD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEvC,OAAO,GAAG,OAAO,IAAI,SAAS,EAAE,CAAC;IACrC,CAAC;IACM,KAAK,CAAC,KAAa;QACtB,MAAM,EACF,MAAM,EAAE,OAAO,EAAE,SAAS,EAC1B,aAAa,EAAE,cAAc,EAChC,GAAG,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE3C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;QAE5D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC5B,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAC;QACrD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAE7E,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;QACnE,IAAI,GAAG,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAEtD,OAAO,GAAG,CAAC;IACf,CAAC;IAED,iEAAiE;IACjE,oFAAoF;IAEpF;;;;;OAKG;IACI,MAAM,CAAC,cAAc,CAAC,KAA2B;QACpD,IAAI,KAAK,YAAY,UAAU,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QACvD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC;QAC3C,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;CACJ;AACD,WAAiB,UAAU;IACT,oBAAS,GAAG,UAAU,CAAC;IACvB,uBAAY,GAAG,aAAa,CAAC;IAC7B,mBAAQ,GAAG,SAAS,CAAC;IACrB,mBAAQ,GAAG,SAAS,CAAC;IACrB,cAAG,GAAG,IAAI,CAAC;AAM7B,CAAC,EAXgB,UAAU,KAAV,UAAU,QAW1B;AACD,eAAe,UAAU,CAAC"}

package/build/beta/JwtManager/JwtUtils.d.ts

@@ -1,6 +1,12 @@
 import type Algorithm from "./algorithm/Algorithm.js";
-import type JwtManager from "./JwtManager.js";
+import type KeyEntry from "./KeyEntry.js";
+import type Jwt from './Jwt.js';
 export declare class JwtUtils {
+    /**
+     * Returns the current time in seconds since the Unix epoch. This is commonly used for setting the `iat` (issued at) and `exp` (expiration) claims in JWTs.
+     * @returns The current time in seconds since January 1, 1970 (Unix epoch).
+     */
+    static nowInSeconds(): number;
     /**
      * Converts a JavaScript object to a base64url-encoded string.
      * @param obj The object to be converted.
@@ -19,14 +25,23 @@ export declare class JwtUtils {
      * @returns The algorithm prefix (e.g., "HS", "RS", "ES", "PS").
      * @throws An error if the algorithm is unsupported.
      */
-    static getAlgPrefix(alg: JwtManager.AlgorithmName): JwtManager.AlgPrefix;
+    static getAlgPrefix(alg: KeyEntry.AlgorithmName): KeyEntry.AlgPrefix;
     /**
      * Extracts the hash length from the given algorithm name and validates it.
      * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
      * @returns The hash length as a string ("256", "384", or "512").
      * @throws An error if the algorithm is unsupported or if the hash length is invalid.
      */
-    static getHashLength(alg: JwtManager.AlgorithmName): Algorithm.HashLength;
+    static getHashLength(alg: KeyEntry.AlgorithmName): Algorithm.HashLength;
+    static getJwtParts(token: string): JwtUtils.JwtParts;
+}
+export declare namespace JwtUtils {
+    interface JwtParts {
+        encodedHeader: string;
+        encodedPayload: string;
+        signature: string;
+        header: Jwt.Header;
+        payload: Jwt.Payload;
+    }
 }
-export declare namespace JwtUtils { }
 export default JwtUtils;

package/build/beta/JwtManager/JwtUtils.js

@@ -1,4 +1,12 @@
+import HeaderValidator from "./HeaderValidator.js";
 export class JwtUtils {
+    /**
+     * Returns the current time in seconds since the Unix epoch. This is commonly used for setting the `iat` (issued at) and `exp` (expiration) claims in JWTs.
+     * @returns The current time in seconds since January 1, 1970 (Unix epoch).
+     */
+    static nowInSeconds() {
+        return Math.floor(Date.now() / 1000);
+    }
     /**
      * Converts a JavaScript object to a base64url-encoded string.
      * @param obj The object to be converted.
@@ -45,6 +53,16 @@ export class JwtUtils {
         }
         return hashLength;
     }
+    static getJwtParts(token) {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            throw new Error('Invalid JWT format');
+        const [encodedHeader, encodedPayload, signature] = parts;
+        const header = this.base64UrlToObject(encodedHeader);
+        HeaderValidator.validate(header);
+        const payload = this.base64UrlToObject(encodedPayload);
+        return { encodedHeader, encodedPayload, signature, header, payload };
+    }
 }
 export default JwtUtils;
 //# sourceMappingURL=JwtUtils.js.map

package/build/beta/JwtManager/JwtUtils.js.map

@@ -1 +1 @@
-{"version":3,"file":"JwtUtils.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtUtils.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,QAAQ;IACjB;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAC,GAAW;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAI,SAAiB;QAChD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAM,CAAC;IACvC,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,YAAY,CAAC,GAA6B;QACpD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,MAA8B,CAAC;IAC1C,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,aAAa,CAAC,GAA6B;QACrD,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,UAAkC,CAAC;IAC9C,CAAC;CACJ;AAED,eAAe,QAAQ,CAAC"}
+{"version":3,"file":"JwtUtils.js","sourceRoot":"","sources":["../../../src/beta/JwtManager/JwtUtils.ts"],"names":[],"mappings":"AAGA,OAAO,eAAe,MAAM,sBAAsB,CAAC;AAEnD,MAAM,OAAO,QAAQ;IACjB;;;OAGG;IACI,MAAM,CAAC,YAAY;QACtB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACzC,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAC,GAAW;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IACD;;;;OAIG;IACI,MAAM,CAAC,iBAAiB,CAAI,SAAiB;QAChD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAM,CAAC;IACvC,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,YAAY,CAAC,GAA2B;QAClD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,MAA4B,CAAC;IACxC,CAAC;IACD;;;;;OAKG;IACI,MAAM,CAAC,aAAa,CAAC,GAA2B;QACnD,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,UAAkC,CAAC;IAC9C,CAAC;IACM,MAAM,CAAC,WAAW,CAAC,KAAa;QACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAE9D,MAAM,CAAE,aAAa,EAAE,cAAc,EAAE,SAAS,CAAE,GAAG,KAAK,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAa,aAAa,CAAC,CAAC;QACjE,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAc,cAAc,CAAC,CAAC;QAEpE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACzE,CAAC;CACJ;AAUD,eAAe,QAAQ,CAAC"}

package/build/beta/JwtManager/KeyEntry.d.ts

@@ -0,0 +1,52 @@
+import type JwtManager from "./JwtManager.js";
+import Algorithm from "./algorithm/Algorithm.js";
+import RSAPSS from "./algorithm/RSAPSS.js";
+import ECDSA from "./algorithm/ECDSA.js";
+import HMAC from "./algorithm/HMAC.js";
+import RSA from "./algorithm/RSA.js";
+export declare class KeyEntry {
+    readonly alg: KeyEntry.AlgorithmName;
+    protected static AlgorithmMap: {
+        HS: typeof HMAC;
+        RS: typeof RSA;
+        ES: typeof ECDSA;
+        PS: typeof RSAPSS;
+    };
+    readonly kid: string;
+    readonly signer: Algorithm;
+    /**
+     * Creates a new KIDEntry instance with the specified algorithm, key, and optional key ID (kid).
+     * If the kid is not provided, it generates a random one based on the algorithm name and a random string.
+     * The signer is created using the `createSigner` static method, which determines the appropriate signing algorithm based on the provided algorithm name and key.
+     * @param alg The name of the signing algorithm (e.g., "HS256", "RS384", "ES512").
+     * @param key The key or key options to be used for signing, which can be an instance of `Algorithm` or an object containing key options.
+     * @param kid An optional key ID to uniquely identify the key. If not provided, a random one will be generated.
+     */
+    constructor(alg: KeyEntry.AlgorithmName, key: KeyEntry.Signer, kid?: string);
+    /**
+     * Creates an instance of the appropriate signing algorithm based on the provided algorithm name and key.
+     * It extracts the algorithm prefix and hash length from the algorithm name,
+     * looks up the corresponding algorithm class in the `AlgorithmMap`,and returns a new instance of that class initialized
+     * with the specified hash length and key.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @param key The key or key options to be used for signing, which can be an instance of `Algorithm` or an object containing key options.
+     * @returns An instance of the appropriate signing algorithm initialized with the specified hash length and key.
+     */
+    static createSigner(alg: KeyEntry.AlgorithmName, key: Algorithm.Key | Algorithm.KeyOptions): Algorithm;
+}
+export declare namespace KeyEntry {
+    type AlgPrefix = 'HS' | 'RS' | 'ES' | 'PS';
+    type AlgorithmName = `${AlgPrefix}${JwtManager.Algorithm.HashLength}`;
+    type Signer = Algorithm | Algorithm.Key | Algorithm.KeyOptions;
+    interface KeyEntryOptions {
+        key: Signer;
+        alg: AlgorithmName;
+        kid?: string;
+    }
+    interface KeyEntry extends KeyEntryOptions {
+        kid: string;
+        signer: Algorithm;
+        alg: AlgorithmName;
+    }
+}
+export default KeyEntry;

package/build/beta/JwtManager/KeyEntry.js

@@ -0,0 +1,42 @@
+import Algorithm from "./algorithm/Algorithm.js";
+import RSAPSS from "./algorithm/RSAPSS.js";
+import ECDSA from "./algorithm/ECDSA.js";
+import HMAC from "./algorithm/HMAC.js";
+import RSA from "./algorithm/RSA.js";
+import JwtUtils from "./JwtUtils.js";
+export class KeyEntry {
+    alg;
+    static AlgorithmMap = { HS: HMAC, RS: RSA, ES: ECDSA, PS: RSAPSS };
+    kid;
+    signer;
+    /**
+     * Creates a new KIDEntry instance with the specified algorithm, key, and optional key ID (kid).
+     * If the kid is not provided, it generates a random one based on the algorithm name and a random string.
+     * The signer is created using the `createSigner` static method, which determines the appropriate signing algorithm based on the provided algorithm name and key.
+     * @param alg The name of the signing algorithm (e.g., "HS256", "RS384", "ES512").
+     * @param key The key or key options to be used for signing, which can be an instance of `Algorithm` or an object containing key options.
+     * @param kid An optional key ID to uniquely identify the key. If not provided, a random one will be generated.
+     */
+    constructor(alg, key, kid) {
+        this.alg = alg;
+        this.kid = kid || `${alg}-${Math.random().toString(36).substring(2, 8)}`;
+        this.signer = key instanceof Algorithm ? key : KeyEntry.createSigner(alg, key);
+    }
+    /**
+     * Creates an instance of the appropriate signing algorithm based on the provided algorithm name and key.
+     * It extracts the algorithm prefix and hash length from the algorithm name,
+     * looks up the corresponding algorithm class in the `AlgorithmMap`,and returns a new instance of that class initialized
+     * with the specified hash length and key.
+     * @param alg The algorithm name (e.g., "HS256", "RS384", "ES512").
+     * @param key The key or key options to be used for signing, which can be an instance of `Algorithm` or an object containing key options.
+     * @returns An instance of the appropriate signing algorithm initialized with the specified hash length and key.
+     */
+    static createSigner(alg, key) {
+        const prefix = JwtUtils.getAlgPrefix(alg);
+        const hashLength = JwtUtils.getHashLength(alg);
+        const algorithm = this.AlgorithmMap[prefix];
+        return new algorithm(hashLength, key);
+    }
+}
+export default KeyEntry;
+//# sourceMappingURL=KeyEntry.js.map