web-dc-api 0.1.8 → 0.1.10

package/dist/cjs/index-DtuGISOe.js

@@ -1 +0,0 @@
-"use strict";var e=require("./babel-tools-BoLJtxtW.js");function r(e,r){return r.forEach((function(r){r&&"string"!=typeof r&&!Array.isArray(r)&&Object.keys(r).forEach((function(t){if("default"!==t&&!(t in e)){var n=Object.getOwnPropertyDescriptor(r,t);Object.defineProperty(e,t,n.get?n:{enumerable:!0,get:function(){return r[t]}})}}))})),Object.freeze(e)}var t=e.requireLib(),n=r({__proto__:null,default:e.getDefaultExportFromCjs(t)},[t]);exports.index=n;

package/dist/cjs/jwt-DW2WimlW.js

@@ -1 +0,0 @@
-"use strict";var e=require("./babel-tools-BoLJtxtW.js"),t=new TextEncoder,r=new TextDecoder;function a(){for(var e=arguments.length,t=new Array(e),r=0;r<e;r++)t[r]=arguments[r];var a=t.reduce(((e,t)=>{var{length:r}=t;return e+r}),0),i=new Uint8Array(a),n=0;for(var o of t)i.set(o,n),n+=o.length;return i}function i(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64("string"==typeof e?e:r.decode(e),{alphabet:"base64url"});var t=e;t instanceof Uint8Array&&(t=r.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return function(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);for(var t=atob(e),r=new Uint8Array(t.length),a=0;a<t.length;a++)r[a]=t.charCodeAt(a);return r}(t)}catch(e){throw new TypeError("The input to be decoded is not correctly encoded.")}}function n(e){var r=e;return"string"==typeof r&&(r=t.encode(r)),Uint8Array.prototype.toBase64?r.toBase64({alphabet:"base64url",omitPadding:!0}):function(e){if(Uint8Array.prototype.toBase64)return e.toBase64();for(var t=[],r=0;r<e.length;r+=32768)t.push(String.fromCharCode.apply(null,e.subarray(r,r+32768)));return btoa(t.join(""))}(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}class o extends Error{constructor(t,r){var a;super(t,r),e._defineProperty(this,"code","ERR_JOSE_GENERIC"),this.name=this.constructor.name,null===(a=Error.captureStackTrace)||void 0===a||a.call(Error,this,this.constructor)}}e._defineProperty(o,"code","ERR_JOSE_GENERIC");class s extends o{constructor(t,r){var a=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"unspecified",i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:"unspecified";super(t,{cause:{claim:a,reason:i,payload:r}}),e._defineProperty(this,"code","ERR_JWT_CLAIM_VALIDATION_FAILED"),e._defineProperty(this,"claim",void 0),e._defineProperty(this,"reason",void 0),e._defineProperty(this,"payload",void 0),this.claim=a,this.reason=i,this.payload=r}}e._defineProperty(s,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");class c extends o{constructor(t,r){var a=arguments.length>2&&void 0!==arguments[2]?arguments[2]:"unspecified",i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:"unspecified";super(t,{cause:{claim:a,reason:i,payload:r}}),e._defineProperty(this,"code","ERR_JWT_EXPIRED"),e._defineProperty(this,"claim",void 0),e._defineProperty(this,"reason",void 0),e._defineProperty(this,"payload",void 0),this.claim=a,this.reason=i,this.payload=r}}e._defineProperty(c,"code","ERR_JWT_EXPIRED");class d extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JOSE_ALG_NOT_ALLOWED")}}e._defineProperty(d,"code","ERR_JOSE_ALG_NOT_ALLOWED");class l extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JOSE_NOT_SUPPORTED")}}e._defineProperty(l,"code","ERR_JOSE_NOT_SUPPORTED");e._defineProperty(class extends o{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"decryption operation failed",arguments.length>1?arguments[1]:void 0),e._defineProperty(this,"code","ERR_JWE_DECRYPTION_FAILED")}},"code","ERR_JWE_DECRYPTION_FAILED");e._defineProperty(class extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JWE_INVALID")}},"code","ERR_JWE_INVALID");class p extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JWS_INVALID")}}e._defineProperty(p,"code","ERR_JWS_INVALID");class u extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JWT_INVALID")}}e._defineProperty(u,"code","ERR_JWT_INVALID");e._defineProperty(class extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JWK_INVALID")}},"code","ERR_JWK_INVALID");e._defineProperty(class extends o{constructor(){super(...arguments),e._defineProperty(this,"code","ERR_JWKS_INVALID")}},"code","ERR_JWKS_INVALID");e._defineProperty(class extends o{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"no applicable key found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),e._defineProperty(this,"code","ERR_JWKS_NO_MATCHING_KEY")}},"code","ERR_JWKS_NO_MATCHING_KEY");e._defineProperty(class extends o{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"multiple matching keys found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),e._defineProperty(this,Symbol.asyncIterator,void 0),e._defineProperty(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS")}},"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");e._defineProperty(class extends o{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"request timed out",arguments.length>1?arguments[1]:void 0),e._defineProperty(this,"code","ERR_JWKS_TIMEOUT")}},"code","ERR_JWKS_TIMEOUT");class y extends o{constructor(){super(arguments.length>0&&void 0!==arguments[0]?arguments[0]:"signature verification failed",arguments.length>1?arguments[1]:void 0),e._defineProperty(this,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED")}}function h(e){return new TypeError("CryptoKey does not support this operation, its ".concat(arguments.length>1&&void 0!==arguments[1]?arguments[1]:"algorithm.name"," must be ").concat(e))}function f(e,t){return e.name===t}function v(e){return parseInt(e.name.slice(4),10)}function w(e,t,r){switch(t){case"HS256":case"HS384":case"HS512":if(!f(e.algorithm,"HMAC"))throw h("HMAC");var a=parseInt(t.slice(2),10);if(v(e.algorithm.hash)!==a)throw h("SHA-".concat(a),"algorithm.hash");break;case"RS256":case"RS384":case"RS512":if(!f(e.algorithm,"RSASSA-PKCS1-v1_5"))throw h("RSASSA-PKCS1-v1_5");var i=parseInt(t.slice(2),10);if(v(e.algorithm.hash)!==i)throw h("SHA-".concat(i),"algorithm.hash");break;case"PS256":case"PS384":case"PS512":if(!f(e.algorithm,"RSA-PSS"))throw h("RSA-PSS");var n=parseInt(t.slice(2),10);if(v(e.algorithm.hash)!==n)throw h("SHA-".concat(n),"algorithm.hash");break;case"Ed25519":case"EdDSA":if(!f(e.algorithm,"Ed25519"))throw h("Ed25519");break;case"ES256":case"ES384":case"ES512":if(!f(e.algorithm,"ECDSA"))throw h("ECDSA");var o=function(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}(t);if(e.algorithm.namedCurve!==o)throw h(o,"algorithm.namedCurve");break;default:throw new TypeError("CryptoKey does not support this operation")}!function(e,t){if(t&&!e.usages.includes(t))throw new TypeError("CryptoKey does not support this operation, its usages must include ".concat(t,"."))}(e,r)}function S(e,t){for(var r=arguments.length,a=new Array(r>2?r-2:0),i=2;i<r;i++)a[i-2]=arguments[i];if((a=a.filter(Boolean)).length>2){var n=a.pop();e+="one of type ".concat(a.join(", "),", or ").concat(n,".")}else 2===a.length?e+="one of type ".concat(a[0]," or ").concat(a[1],"."):e+="of type ".concat(a[0],".");if(null==t)e+=" Received ".concat(t);else if("function"==typeof t&&t.name)e+=" Received function ".concat(t.name);else if("object"==typeof t&&null!=t){var o;null!==(o=t.constructor)&&void 0!==o&&o.name&&(e+=" Received an instance of ".concat(t.constructor.name))}return e}e._defineProperty(y,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED");function m(e,t){for(var r=arguments.length,a=new Array(r>2?r-2:0),i=2;i<r;i++)a[i-2]=arguments[i];return S("Key for the ".concat(e," algorithm must be "),t,...a)}function _(e){return"CryptoKey"===(null==e?void 0:e[Symbol.toStringTag])}function g(e){return"KeyObject"===(null==e?void 0:e[Symbol.toStringTag])}var b=e=>_(e)||g(e),E=function(){for(var e=arguments.length,t=new Array(e),r=0;r<e;r++)t[r]=arguments[r];var a,i=t.filter(Boolean);if(0===i.length||1===i.length)return!0;for(var n of i){var o=Object.keys(n);if(a&&0!==a.size)for(var s of o){if(a.has(s))return!1;a.add(s)}else a=new Set(o)}return!0};var P=e=>{if("object"!=typeof(t=e)||null===t||"[object Object]"!==Object.prototype.toString.call(e))return!1;var t;if(null===Object.getPrototypeOf(e))return!0;for(var r=e;null!==Object.getPrototypeOf(r);)r=Object.getPrototypeOf(r);return Object.getPrototypeOf(e)===r},A=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){var{modulusLength:r}=t.algorithm;if("number"!=typeof r||r<2048)throw new TypeError("".concat(e," requires key modulusLength to be 2048 bits or larger"))}};var T,R=function(){var t=e._asyncToGenerator((function*(t){var r,a;if(!t.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');var{algorithm:i,keyUsages:n}=function(e){var t,r;switch(e.kty){case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:"SHA-".concat(e.alg.slice(-3))},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(e.alg.slice(-3))},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(e.alg.slice(-3),10)||1)},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new l('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new l('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"OKP":switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new l('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;default:throw new l('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}(t),o=e._objectSpread2({},t);return delete o.alg,delete o.use,crypto.subtle.importKey("jwk",o,i,null!==(r=t.ext)&&void 0!==r?r:!t.d,null!==(a=t.key_ops)&&void 0!==a?a:n)}));return function(e){return t.apply(this,arguments)}}(),W=(e,t,r,a,i)=>{if(void 0!==i.crit&&void 0===(null==a?void 0:a.crit))throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!a||void 0===a.crit)return new Set;if(!Array.isArray(a.crit)||0===a.crit.length||a.crit.some((e=>"string"!=typeof e||0===e.length)))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');var n;for(var o of(n=void 0!==r?new Map([...Object.entries(r),...t.entries()]):t,a.crit)){if(!n.has(o))throw new l('Extension Header Parameter "'.concat(o,'" is not recognized'));if(void 0===i[o])throw new e('Extension Header Parameter "'.concat(o,'" is missing'));if(n.get(o)&&void 0===a[o])throw new e('Extension Header Parameter "'.concat(o,'" MUST be integrity protected'))}return new Set(a.crit)};function k(e){return P(e)&&"string"==typeof e.kty}var C=function(){var t=e._asyncToGenerator((function*(t,r,a){var i=arguments.length>3&&void 0!==arguments[3]&&arguments[3];T||(T=new WeakMap);var n=T.get(t);if(null!=n&&n[a])return n[a];var o=yield R(e._objectSpread2(e._objectSpread2({},r),{},{alg:a}));return i&&Object.freeze(t),n?n[a]=o:T.set(t,{[a]:o}),o}));return function(e,r,a){return t.apply(this,arguments)}}(),K=function(){var t=e._asyncToGenerator((function*(e,t){if(e instanceof Uint8Array)return e;if(_(e))return e;if(g(e)){if("secret"===e.type)return e.export();if("toCryptoKey"in e&&"function"==typeof e.toCryptoKey)try{return((e,t)=>{T||(T=new WeakMap);var r=T.get(e);if(null!=r&&r[t])return r[t];var a,i="public"===e.type,n=!!i;if("x25519"===e.asymmetricKeyType){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,n,i?[]:["deriveBits"])}if("ed25519"===e.asymmetricKeyType){if("EdDSA"!==t&&"Ed25519"!==t)throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,n,[i?"verify":"sign"])}if("rsa"===e.asymmetricKeyType){var o;switch(t){case"RSA-OAEP":o="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":o="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":o="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":o="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:o},n,i?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:o},n,[i?"verify":"sign"])}if("ec"===e.asymmetricKeyType){var s,c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(null===(s=e.asymmetricKeyDetails)||void 0===s?void 0:s.namedCurve);if(!c)throw new TypeError("given KeyObject instance cannot be used for this algorithm");"ES256"===t&&"P-256"===c&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},n,[i?"verify":"sign"])),"ES384"===t&&"P-384"===c&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},n,[i?"verify":"sign"])),"ES512"===t&&"P-521"===c&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},n,[i?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:c},n,i?[]:["deriveBits"]))}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:T.set(e,{[t]:a}),a})(e,t)}catch(e){if(e instanceof TypeError)throw e}var r=e.export({format:"jwk"});return C(e,r,t)}if(k(e))return e.k?i(e.k):C(e,e,t,!0);throw new Error("unreachable")}));return function(e,r){return t.apply(this,arguments)}}(),I=e=>null==e?void 0:e[Symbol.toStringTag],H=(e,t,r)=>{if(void 0!==t.use){var a;switch(r){case"sign":case"verify":a="sig";break;case"encrypt":case"decrypt":a="enc"}if(t.use!==a)throw new TypeError('Invalid key for this operation, its "use" must be "'.concat(a,'" when present'))}if(void 0!==t.alg&&t.alg!==e)throw new TypeError('Invalid key for this operation, its "alg" must be "'.concat(e,'" when present'));if(Array.isArray(t.key_ops)){var i,n,o;switch(!0){case"sign"===r||"verify"===r:case"dir"===e:case e.includes("CBC-HS"):o=r;break;case e.startsWith("PBES2"):o="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):o=!e.includes("GCM")&&e.endsWith("KW")?"encrypt"===r?"wrapKey":"unwrapKey":r;break;case"encrypt"===r&&e.startsWith("RSA"):o="wrapKey";break;case"decrypt"===r:o=e.startsWith("RSA")?"unwrapKey":"deriveBits"}if(o&&!1===(null===(i=t.key_ops)||void 0===i||null===(n=i.includes)||void 0===n?void 0:n.call(i,o)))throw new TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(o,'" when present'))}return!0},J=(e,t,r)=>{e.startsWith("HS")||"dir"===e||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?((e,t,r)=>{if(!(t instanceof Uint8Array)){if(k(t)){if(function(e){return"oct"===e.kty&&"string"==typeof e.k}(t)&&H(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!b(t))throw new TypeError(m(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if("secret"!==t.type)throw new TypeError("".concat(I(t),' instances for symmetric algorithms must be of type "secret"'))}})(e,t,r):((e,t,r)=>{if(k(t))switch(r){case"decrypt":case"sign":if(function(e){return"oct"!==e.kty&&"string"==typeof e.d}(t)&&H(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"encrypt":case"verify":if(function(e){return"oct"!==e.kty&&void 0===e.d}(t)&&H(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!b(t))throw new TypeError(m(e,t,"CryptoKey","KeyObject","JSON Web Key"));if("secret"===t.type)throw new TypeError("".concat(I(t),' instances for asymmetric algorithms must not be of type "secret"'));if("public"===t.type)switch(r){case"sign":throw new TypeError("".concat(I(t),' instances for asymmetric algorithm signing must be of type "private"'));case"decrypt":throw new TypeError("".concat(I(t),' instances for asymmetric algorithm decryption must be of type "private"'))}if("private"===t.type)switch(r){case"verify":throw new TypeError("".concat(I(t),' instances for asymmetric algorithm verifying must be of type "public"'));case"encrypt":throw new TypeError("".concat(I(t),' instances for asymmetric algorithm encryption must be of type "public"'))}})(e,t,r)},F=(e,t)=>{var r="SHA-".concat(e.slice(-3));switch(e){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:t.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};default:throw new l("alg ".concat(e," is not supported either by JOSE or your javascript runtime"))}},O=function(){var t=e._asyncToGenerator((function*(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(function(e){for(var t=arguments.length,r=new Array(t>1?t-1:0),a=1;a<t;a++)r[a-1]=arguments[a];return S("Key must be ",e,...r)}(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:"SHA-".concat(e.slice(-3)),name:"HMAC"},!1,[r])}return w(t,e,r),t}));return function(e,r,a){return t.apply(this,arguments)}}(),G=function(){var t=e._asyncToGenerator((function*(e,t,r,a){var i=yield O(e,t,"verify");A(e,i);var n=F(e,i.algorithm);try{return yield crypto.subtle.verify(n,i,r,a)}catch(e){return!1}}));return function(e,r,a,i){return t.apply(this,arguments)}}();function D(){return(D=e._asyncToGenerator((function*(n,o,s){var c;if(!P(n))throw new p("Flattened JWS must be an object");if(void 0===n.protected&&void 0===n.header)throw new p('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==n.protected&&"string"!=typeof n.protected)throw new p("JWS Protected Header incorrect type");if(void 0===n.payload)throw new p("JWS Payload missing");if("string"!=typeof n.signature)throw new p("JWS Signature missing or incorrect type");if(void 0!==n.header&&!P(n.header))throw new p("JWS Unprotected Header incorrect type");var l={};if(n.protected)try{var u=i(n.protected);l=JSON.parse(r.decode(u))}catch(e){throw new p("JWS Protected Header is invalid")}if(!E(l,n.header))throw new p("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");var h=e._objectSpread2(e._objectSpread2({},l),n.header),f=!0;if(W(p,new Map([["b64",!0]]),null==s?void 0:s.crit,l,h).has("b64")&&"boolean"!=typeof(f=l.b64))throw new p('The "b64" (base64url-encode payload) Header Parameter must be a boolean');var{alg:v}=h;if("string"!=typeof v||!v)throw new p('JWS "alg" (Algorithm) Header Parameter missing or invalid');var w=s&&((e,t)=>{if(void 0!==t&&(!Array.isArray(t)||t.some((e=>"string"!=typeof e))))throw new TypeError('"'.concat(e,'" option must be an array of strings'));if(t)return new Set(t)})("algorithms",s.algorithms);if(w&&!w.has(v))throw new d('"alg" (Algorithm) Header Parameter value not allowed');if(f){if("string"!=typeof n.payload)throw new p("JWS Payload must be a string")}else if("string"!=typeof n.payload&&!(n.payload instanceof Uint8Array))throw new p("JWS Payload must be a string or an Uint8Array instance");var S=!1;"function"==typeof o&&(o=yield o(l,n),S=!0),J(v,o,"verify");var m,_=a(t.encode(null!==(c=n.protected)&&void 0!==c?c:""),t.encode("."),"string"==typeof n.payload?t.encode(n.payload):n.payload);try{m=i(n.signature)}catch(e){throw new p("Failed to base64url decode the signature")}var g,b=yield K(o,v);if(!(yield G(v,b,m,_)))throw new y;if(f)try{g=i(n.payload)}catch(e){throw new p("Failed to base64url decode the payload")}else g="string"==typeof n.payload?t.encode(n.payload):n.payload;var A={payload:g};return void 0!==n.protected&&(A.protectedHeader=l),void 0!==n.header&&(A.unprotectedHeader=n.header),S?e._objectSpread2(e._objectSpread2({},A),{},{key:b}):A}))).apply(this,arguments)}function j(){return j=e._asyncToGenerator((function*(t,a,i){if(t instanceof Uint8Array&&(t=r.decode(t)),"string"!=typeof t)throw new p("Compact JWS must be a string or Uint8Array");var{0:n,1:o,2:s,length:c}=t.split(".");if(3!==c)throw new p("Invalid Compact JWS");var d=yield function(e,t,r){return D.apply(this,arguments)}({payload:o,protected:n,signature:s},a,i),l={payload:d.payload,protectedHeader:d.protectedHeader};return"function"==typeof a?e._objectSpread2(e._objectSpread2({},l),{},{key:d.key}):l})),j.apply(this,arguments)}var N=e=>Math.floor(e.getTime()/1e3),x=86400,M=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,U=e=>{var t=M.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");var r,a=parseFloat(t[2]);switch(t[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":r=Math.round(a);break;case"minute":case"minutes":case"min":case"mins":case"m":r=Math.round(60*a);break;case"hour":case"hours":case"hr":case"hrs":case"h":r=Math.round(3600*a);break;case"day":case"days":case"d":r=Math.round(a*x);break;case"week":case"weeks":case"w":r=Math.round(604800*a);break;default:r=Math.round(31557600*a)}return"-"===t[1]||"ago"===t[4]?-r:r};function L(e,t){if(!Number.isFinite(t))throw new TypeError("Invalid ".concat(e," input"));return t}var B=e=>e.includes("/")?e.toLowerCase():"application/".concat(e.toLowerCase());function V(e,t){var a,i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};try{a=JSON.parse(r.decode(t))}catch(e){}if(!P(a))throw new u("JWT Claims Set must be a top-level JSON object");var{typ:n}=i;if(n&&("string"!=typeof e.typ||B(e.typ)!==B(n)))throw new s('unexpected "typ" JWT header value',a,"typ","check_failed");var o,d,l,{requiredClaims:p=[],issuer:y,subject:h,audience:f,maxTokenAge:v}=i,w=[...p];for(var S of(void 0!==v&&w.push("iat"),void 0!==f&&w.push("aud"),void 0!==h&&w.push("sub"),void 0!==y&&w.push("iss"),new Set(w.reverse())))if(!(S in a))throw new s('missing required "'.concat(S,'" claim'),a,S,"missing");if(y&&!(Array.isArray(y)?y:[y]).includes(a.iss))throw new s('unexpected "iss" claim value',a,"iss","check_failed");if(h&&a.sub!==h)throw new s('unexpected "sub" claim value',a,"sub","check_failed");if(f&&(o=a.aud,d="string"==typeof f?[f]:f,!("string"==typeof o?d.includes(o):Array.isArray(o)&&d.some(Set.prototype.has.bind(new Set(o))))))throw new s('unexpected "aud" claim value',a,"aud","check_failed");switch(typeof i.clockTolerance){case"string":l=U(i.clockTolerance);break;case"number":l=i.clockTolerance;break;case"undefined":l=0;break;default:throw new TypeError("Invalid clockTolerance option type")}var{currentDate:m}=i,_=N(m||new Date);if((void 0!==a.iat||v)&&"number"!=typeof a.iat)throw new s('"iat" claim must be a number',a,"iat","invalid");if(void 0!==a.nbf){if("number"!=typeof a.nbf)throw new s('"nbf" claim must be a number',a,"nbf","invalid");if(a.nbf>_+l)throw new s('"nbf" claim timestamp check failed',a,"nbf","check_failed")}if(void 0!==a.exp){if("number"!=typeof a.exp)throw new s('"exp" claim must be a number',a,"exp","invalid");if(a.exp<=_-l)throw new c('"exp" claim timestamp check failed',a,"exp","check_failed")}if(v){var g=_-a.iat;if(g-l>("number"==typeof v?v:U(v)))throw new c('"iat" claim timestamp check failed (too far in the past)',a,"iat","check_failed");if(g<0-l)throw new s('"iat" claim timestamp check failed (it should be in the past)',a,"iat","check_failed")}return a}var q=new WeakMap;class Y{constructor(t){if(e._classPrivateFieldInitSpec(this,q,void 0),!P(t))throw new TypeError("JWT Claims Set MUST be an object");e._classPrivateFieldSet2(q,this,structuredClone(t))}data(){return t.encode(JSON.stringify(e._classPrivateFieldGet2(q,this)))}get iss(){return e._classPrivateFieldGet2(q,this).iss}set iss(t){e._classPrivateFieldGet2(q,this).iss=t}get sub(){return e._classPrivateFieldGet2(q,this).sub}set sub(t){e._classPrivateFieldGet2(q,this).sub=t}get aud(){return e._classPrivateFieldGet2(q,this).aud}set aud(t){e._classPrivateFieldGet2(q,this).aud=t}set jti(t){e._classPrivateFieldGet2(q,this).jti=t}set nbf(t){"number"==typeof t?e._classPrivateFieldGet2(q,this).nbf=L("setNotBefore",t):t instanceof Date?e._classPrivateFieldGet2(q,this).nbf=L("setNotBefore",N(t)):e._classPrivateFieldGet2(q,this).nbf=N(new Date)+U(t)}set exp(t){"number"==typeof t?e._classPrivateFieldGet2(q,this).exp=L("setExpirationTime",t):t instanceof Date?e._classPrivateFieldGet2(q,this).exp=L("setExpirationTime",N(t)):e._classPrivateFieldGet2(q,this).exp=N(new Date)+U(t)}set iat(t){void 0===t?e._classPrivateFieldGet2(q,this).iat=N(new Date):t instanceof Date?e._classPrivateFieldGet2(q,this).iat=L("setIssuedAt",N(t)):e._classPrivateFieldGet2(q,this).iat=L("setIssuedAt","string"==typeof t?N(new Date)+U(t):t)}}function $(){return $=e._asyncToGenerator((function*(t,r,a){var i,n=yield function(e,t,r){return j.apply(this,arguments)}(t,r,a);if(null!==(i=n.protectedHeader.crit)&&void 0!==i&&i.includes("b64")&&!1===n.protectedHeader.b64)throw new u("JWTs MUST NOT use unencoded payload");var o={payload:V(n.protectedHeader,n.payload,a),protectedHeader:n.protectedHeader};return"function"==typeof r?e._objectSpread2(e._objectSpread2({},o),{},{key:n.key}):o})),$.apply(this,arguments)}var z=function(){var t=e._asyncToGenerator((function*(e,t,r){var a=yield O(e,t,"sign");A(e,a);var i=yield crypto.subtle.sign(F(e,a.algorithm),a,r);return new Uint8Array(i)}));return function(e,r,a){return t.apply(this,arguments)}}(),X=new WeakMap,Q=new WeakMap,Z=new WeakMap;class ee{constructor(t){if(e._classPrivateFieldInitSpec(this,X,void 0),e._classPrivateFieldInitSpec(this,Q,void 0),e._classPrivateFieldInitSpec(this,Z,void 0),!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");e._classPrivateFieldSet2(X,this,t)}setProtectedHeader(t){if(e._classPrivateFieldGet2(Q,this))throw new TypeError("setProtectedHeader can only be called once");return e._classPrivateFieldSet2(Q,this,t),this}setUnprotectedHeader(t){if(e._classPrivateFieldGet2(Z,this))throw new TypeError("setUnprotectedHeader can only be called once");return e._classPrivateFieldSet2(Z,this,t),this}sign(i,o){var s=this;return e._asyncToGenerator((function*(){if(!e._classPrivateFieldGet2(Q,s)&&!e._classPrivateFieldGet2(Z,s))throw new p("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!E(e._classPrivateFieldGet2(Q,s),e._classPrivateFieldGet2(Z,s)))throw new p("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");var c=e._objectSpread2(e._objectSpread2({},e._classPrivateFieldGet2(Q,s)),e._classPrivateFieldGet2(Z,s)),d=!0;if(W(p,new Map([["b64",!0]]),null==o?void 0:o.crit,e._classPrivateFieldGet2(Q,s),c).has("b64")&&"boolean"!=typeof(d=e._classPrivateFieldGet2(Q,s).b64))throw new p('The "b64" (base64url-encode payload) Header Parameter must be a boolean');var{alg:l}=c;if("string"!=typeof l||!l)throw new p('JWS "alg" (Algorithm) Header Parameter missing or invalid');J(l,i,"sign");var u,y=e._classPrivateFieldGet2(X,s);d&&(y=t.encode(n(y)));var h=a(u=e._classPrivateFieldGet2(Q,s)?t.encode(n(JSON.stringify(e._classPrivateFieldGet2(Q,s)))):t.encode(""),t.encode("."),y),f=yield K(i,l),v={signature:n(yield z(l,f,h)),payload:""};return d&&(v.payload=r.decode(y)),e._classPrivateFieldGet2(Z,s)&&(v.header=e._classPrivateFieldGet2(Z,s)),e._classPrivateFieldGet2(Q,s)&&(v.protected=r.decode(u)),v}))()}}var te=new WeakMap;class re{constructor(t){e._classPrivateFieldInitSpec(this,te,void 0),e._classPrivateFieldSet2(te,this,new ee(t))}setProtectedHeader(t){return e._classPrivateFieldGet2(te,this).setProtectedHeader(t),this}sign(t,r){var a=this;return e._asyncToGenerator((function*(){var i=yield e._classPrivateFieldGet2(te,a).sign(t,r);if(void 0===i.payload)throw new TypeError("use the flattened module for creating JWS with b64: false");return"".concat(i.protected,".").concat(i.payload,".").concat(i.signature)}))()}}var ae=new WeakMap,ie=new WeakMap;exports.SignJWT=class{constructor(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{};e._classPrivateFieldInitSpec(this,ae,void 0),e._classPrivateFieldInitSpec(this,ie,void 0),e._classPrivateFieldSet2(ie,this,new Y(t))}setIssuer(t){return e._classPrivateFieldGet2(ie,this).iss=t,this}setSubject(t){return e._classPrivateFieldGet2(ie,this).sub=t,this}setAudience(t){return e._classPrivateFieldGet2(ie,this).aud=t,this}setJti(t){return e._classPrivateFieldGet2(ie,this).jti=t,this}setNotBefore(t){return e._classPrivateFieldGet2(ie,this).nbf=t,this}setExpirationTime(t){return e._classPrivateFieldGet2(ie,this).exp=t,this}setIssuedAt(t){return e._classPrivateFieldGet2(ie,this).iat=t,this}setProtectedHeader(t){return e._classPrivateFieldSet2(ae,this,t),this}sign(t,r){var a=this;return e._asyncToGenerator((function*(){var i,n=new re(e._classPrivateFieldGet2(ie,a).data());if(n.setProtectedHeader(e._classPrivateFieldGet2(ae,a)),Array.isArray(null===(i=e._classPrivateFieldGet2(ae,a))||void 0===i?void 0:i.crit)&&e._classPrivateFieldGet2(ae,a).crit.includes("b64")&&!1===e._classPrivateFieldGet2(ae,a).b64)throw new u("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}))()}},exports.jwtVerify=function(e,t,r){return $.apply(this,arguments)};