@sgnl-ai/secevent
Version:
A comprehensive JavaScript/TypeScript library for Security Event Tokens (SET) implementing RFC 8417, CAEP, and SSF standards
1 lines • 46.6 kB
Source Map (JSON)
{"version":3,"sources":["../src/types/subject.ts","../src/types/events.ts","../src/id/generator.ts","../src/builder/builder.ts","../src/parser/parser.ts","../src/signing/signer.ts"],"names":["uuidv4","Algorithm"],"mappings":";;;;AAmGO,SAAS,oBAAoB,OAAA,EAA0D;AAC5F,EAAA,OAAO,QAAQ,MAAA,KAAW,SAAA;AAC5B;AAEO,SAAS,kBAAkB,OAAA,EAAwD;AACxF,EAAA,OAAO,QAAQ,MAAA,KAAW,OAAA;AAC5B;AAEO,SAAS,0BACd,OAAA,EACoC;AACpC,EAAA,OAAO,QAAQ,MAAA,KAAW,SAAA;AAC5B;AAEO,SAAS,mBAAmB,OAAA,EAAyD;AAC1F,EAAA,OAAO,QAAQ,MAAA,KAAW,QAAA;AAC5B;AAEO,SAAS,wBACd,OAAA,EACkC;AAClC,EAAA,OAAO,QAAQ,MAAA,KAAW,cAAA;AAC5B;AAEO,SAAS,gBAAgB,OAAA,EAAsD;AACpF,EAAA,OAAO,QAAQ,MAAA,KAAW,KAAA;AAC5B;AAEO,SAAS,gBAAgB,OAAA,EAAsD;AACpF,EAAA,OAAO,QAAQ,MAAA,KAAW,KAAA;AAC5B;AAEO,SAAS,oBAAoB,OAAA,EAA0D;AAC5F,EAAA,OAAO,QAAQ,MAAA,KAAW,SAAA;AAC5B;AAKO,IAAM,qBAAN,MAAyB;AAAA,EAC9B,OAAO,QAAQ,GAAA,EAAgC;AAC7C,IAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,EAAW,GAAA,EAAI;AAAA,EAClC;AAAA,EAEA,OAAO,MAAM,KAAA,EAAgC;AAC3C,IAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAM;AAAA,EAClC;AAAA,EAEA,OAAO,aAAA,CAAc,GAAA,EAAa,GAAA,EAAsC;AACtE,IAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,EAAW,GAAA,EAAK,GAAA,EAAI;AAAA,EACvC;AAAA,EAEA,OAAO,OAAO,EAAA,EAA8B;AAC1C,IAAA,OAAO,EAAE,MAAA,EAAQ,QAAA,EAAU,EAAA,EAAG;AAAA,EAChC;AAAA,EAEA,OAAO,YAAY,YAAA,EAA6C;AAC9D,IAAA,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,YAAA,EAAa;AAAA,EAChD;AAAA,EAEA,OAAO,IAAI,GAAA,EAA4B;AACrC,IAAA,OAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAA,EAAI;AAAA,EAC9B;AAAA,EAEA,OAAO,IAAI,GAAA,EAA4B;AACrC,IAAA,OAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,GAAA,EAAI;AAAA,EAC9B;AAAA,EAEA,OAAO,WAAW,WAAA,EAAqD;AACrE,IAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,EAAW,WAAA,EAAY;AAAA,EAC1C;AACF;;;ACpEO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,eAAA,EAAiB,qEAAA;AAAA,EACjB,mBAAA,EAAqB,yEAAA;AAAA,EACrB,iBAAA,EAAmB,uEAAA;AAAA,EACnB,sBAAA,EACE,4EAAA;AAAA,EACF,wBAAA,EACE;AACJ;AAKO,IAAM,eAAA,GAAkB;AAAA,EAC7B,cAAA,EAAgB,mEAAA;AAAA,EAChB,YAAA,EAAc;AAChB;AAKO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,kCAAA,EACE,wFAAA;AAAA,EACF,cAAA,EAAgB,oEAAA;AAAA,EAChB,gBAAA,EAAkB,sEAAA;AAAA,EAClB,eAAA,EAAiB,qEAAA;AAAA,EACjB,kBAAA,EAAoB,wEAAA;AAAA,EACpB,mBAAA,EAAqB,yEAAA;AAAA,EACrB,MAAA,EAAQ,4DAAA;AAAA,EACR,iBAAA,EAAmB,uEAAA;AAAA,EACnB,iBAAA,EAAmB,uEAAA;AAAA,EACnB,iBAAA,EAAmB,uEAAA;AAAA,EACnB,kBAAA,EAAoB,wEAAA;AAAA,EACpB,4BAAA,EACE,kFAAA;AAAA,EACF,gBAAA,EAAkB;AACpB;AAKO,IAAM,WAAA,GAAc;AAAA,EACzB,GAAG,gBAAA;AAAA,EACH,GAAG,eAAA;AAAA,EACH,GAAG;AACL;AAOO,IAAM,SAAN,MAAa;AAAA,EAClB,OAAO,cAAA,CACL,OAAA,EACA,SAAA,EACA,MAAA,EACe;AACf,IAAA,OAAO;AAAA,MACL,CAAC,gBAAA,CAAiB,eAAe,GAAG;AAAA,QAClC,OAAA;AAAA,QACA,eAAA,EAAiB,SAAA;AAAA,QACjB;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,iBAAA,CACL,OAAA,EACA,SAAA,EACA,MAAA,EACe;AACf,IAAA,OAAO;AAAA,MACL,CAAC,gBAAA,CAAiB,mBAAmB,GAAG;AAAA,QACtC,OAAA;AAAA,QACA,eAAA,EAAiB,SAAA;AAAA,QACjB;AAAA;AACF,KACF;AAAA,EACF;AAAA,EAEA,OAAO,gBAAA,CACL,OAAA,EACA,SAAA,EACA,OAAA,EACe;AACf,IAAA,OAAO;AAAA,MACL,CAAC,gBAAA,CAAiB,iBAAiB,GAAG;AAAA,QACpC,OAAA;AAAA,QACA,eAAA,EAAiB,SAAA;AAAA,QACjB,GAAG;AAAA;AACL,KACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAA,CACL,OAAA,EACA,SAAA,EACA,OAAA,EACe;AACf,IAAA,OAAO;AAAA,MACL,CAAC,gBAAA,CAAiB,sBAAsB,GAAG;AAAA,QACzC,OAAA;AAAA,QACA,eAAA,EAAiB,SAAA;AAAA,QACjB,GAAG;AAAA;AACL,KACF;AAAA,EACF;AAAA,EAEA,OAAO,sBAAA,CACL,OAAA,EACA,SAAA,EACA,OAAA,EACe;AACf,IAAA,OAAO;AAAA,MACL,CAAC,gBAAA,CAAiB,wBAAwB,GAAG;AAAA,QAC3C,OAAA;AAAA,QACA,eAAA,EAAiB,SAAA;AAAA,QACjB,GAAG;AAAA;AACL,KACF;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,aAAA,EAAuC;AAC1D,IAAA,OAAO;AAAA,MACL,CAAC,eAAA,CAAgB,cAAc,GAAG;AAAA,QAChC,cAAA,EAAgB;AAAA;AAClB,KACF;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,KAAA,EAA+B;AACjD,IAAA,OAAO;AAAA,MACL,CAAC,eAAA,CAAgB,YAAY,GAAG;AAAA,QAC9B;AAAA;AACF,KACF;AAAA,EACF;AACF;ACvOO,IAAM,gBAAN,MAA2C;AAAA,EAChD,QAAA,GAAmB;AACjB,IAAA,OAAOA,EAAA,EAAO;AAAA,EAChB;AACF;AAKO,IAAM,qBAAN,MAAgD;AAAA,EAAhD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,OAAA,GAAU,CAAA;AAAA,EAAA;AAAA,EAElB,QAAA,GAAmB;AACjB,IAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,IAAA,MAAM,QAAQ,IAAA,CAAK,OAAA,EAAA;AACnB,IAAA,OAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAAA,EAC9B;AACF;AAKO,IAAM,oBAAN,MAA+C;AAAA,EACpD,WAAA,CACU,MAAA,EACA,aAAA,GAA6B,IAAI,eAAc,EACvD;AAFQ,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAAA,EACP;AAAA,EAEH,QAAA,GAAmB;AACjB,IAAA,OAAO,GAAG,IAAA,CAAK,MAAM,IAAI,IAAA,CAAK,aAAA,CAAc,UAAU,CAAA,CAAA;AAAA,EACxD;AACF;AAKO,IAAM,kBAAN,MAA6C;AAAA,EAClD,YAAoB,WAAA,EAA2B;AAA3B,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA,EAA4B;AAAA,EAEhD,QAAA,GAAmB;AACjB,IAAA,OAAO,KAAK,WAAA,EAAY;AAAA,EAC1B;AACF;AAKO,IAAM,kBAAA,GAAqB,IAAI,aAAA;;;ACnB/B,IAAM,eAAA,GAAN,MAAM,gBAAA,CAAgB;AAAA,EAU3B,WAAA,CAAoB,OAAA,GAA0B,EAAC,EAAG;AAA9B,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAJpB,IAAA,IAAA,CAAQ,SAAwB,EAAC;AACjC,IAAA,IAAA,CAAQ,mBAA4C,EAAC;AAInD,IAAA,IAAI,OAAA,CAAQ,kBAAkB,MAAA,EAAW;AACvC,MAAA,IAAA,CAAK,SAAS,OAAA,CAAQ,aAAA;AAAA,IACxB;AACA,IAAA,IAAI,OAAA,CAAQ,oBAAoB,MAAA,EAAW;AACzC,MAAA,IAAA,CAAK,WAAW,OAAA,CAAQ,eAAA;AAAA,IAC1B;AACA,IAAA,IAAI,OAAA,CAAQ,eAAe,MAAA,EAAW;AACpC,MAAA,IAAA,CAAK,aAAa,OAAA,CAAQ,UAAA;AAAA,IAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,MAAA,EAAsB;AAC/B,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,QAAA,EAAmC;AAC9C,IAAA,IAAA,CAAK,QAAA,GAAW,QAAA;AAChB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,GAAA,EAAmB;AACzB,IAAA,IAAA,CAAK,GAAA,GAAM,GAAA;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,GAAA,EAAmB;AACzB,IAAA,IAAA,CAAK,GAAA,GAAM,GAAA;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,GAAA,EAAmB;AACzB,IAAA,IAAA,CAAK,GAAA,GAAM,GAAA;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,KAAA,EAA4B;AACpC,IAAA,IAAA,CAAK,SAAS,EAAE,GAAG,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAA,EAAM;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,MAAA,EAA+B;AAC3C,IAAA,MAAA,CAAO,OAAA,CAAQ,CAAC,KAAA,KAAU;AACxB,MAAA,IAAA,CAAK,SAAS,EAAE,GAAG,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAA,EAAM;AAAA,IAC3C,CAAC,CAAA;AACD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,CAAU,KAAa,KAAA,EAAsB;AAC3C,IAAA,IAAA,CAAK,gBAAA,CAAiB,GAAG,CAAA,GAAI,KAAA;AAC7B,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,MAAA,EAAuC;AAChD,IAAA,IAAA,CAAK,mBAAmB,EAAE,GAAG,IAAA,CAAK,gBAAA,EAAkB,GAAG,MAAA,EAAO;AAC9D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,GAAA,EAAuB;AACpC,IAAA,IAAA,CAAK,UAAA,GAAa,GAAA;AAClB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,IACtC;AAEA,IAAA,IAAI,OAAO,IAAA,CAAK,IAAA,CAAK,MAAM,CAAA,CAAE,WAAW,CAAA,EAAG;AACzC,MAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,IAClD;AAEA,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,OAAA,CAAQ,WAAA,IAAe,kBAAA;AAEhD,IAAA,MAAM,OAAA,GAA2B;AAAA,MAC/B,KAAK,IAAA,CAAK,MAAA;AAAA,MACV,GAAA,EAAK,IAAA,CAAK,GAAA,IAAO,WAAA,CAAY,QAAA,EAAS;AAAA,MACtC,GAAA,EAAK,KAAK,GAAA,IAAO,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAAA,MAC7C,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,GAAG,IAAA,CAAK;AAAA,KACV;AAEA,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAA,CAAQ,MAAM,IAAA,CAAK,QAAA;AAAA,IACrB;AAEA,IAAA,IAAI,KAAK,GAAA,EAAK;AACZ,MAAA,OAAA,CAAQ,MAAM,IAAA,CAAK,GAAA;AAAA,IACrB;AAEA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,UAAA,EAAkD;AAC3D,IAAA,MAAM,GAAA,GAAM,cAAc,IAAA,CAAK,UAAA;AAC/B,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AAEA,IAAA,MAAM,OAAA,GAAU,KAAK,YAAA,EAAa;AAElC,IAAA,IAAI,GAAA,GAAM,IAAI,OAAA,CAAQ,OAA6C,EAChE,kBAAA,CAAmB;AAAA,MAClB,KAAK,GAAA,CAAI,GAAA;AAAA,MACT,GAAA,EAAK,cAAA;AAAA,MACL,GAAI,GAAA,CAAI,GAAA,IAAO,EAAE,GAAA,EAAK,IAAI,GAAA;AAAI,KAC/B,CAAA,CACA,WAAA,CAAY,OAAA,CAAQ,GAAG,CAAA,CACvB,SAAA,CAAU,OAAA,CAAQ,GAAG,CAAA,CACrB,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA;AAErB,IAAA,IAAI,QAAQ,GAAA,EAAK;AACf,MAAA,GAAA,GAAM,GAAA,CAAI,WAAA,CAAY,OAAA,CAAQ,GAAG,CAAA;AAAA,IACnC;AAEA,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,CAAK,IAAI,GAAqC,CAAA;AAEtE,IAAA,OAAO;AAAA,MACL,GAAA,EAAK,KAAA;AAAA,MACL;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,aAAA,KAAkB,MAAA,EAAW;AAC5C,MAAA,IAAA,CAAK,MAAA,GAAS,KAAK,OAAA,CAAQ,aAAA;AAAA,IAC7B,CAAA,MAAO;AACL,MAAA,OAAO,IAAA,CAAK,MAAA;AAAA,IACd;AACA,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,eAAA,KAAoB,MAAA,EAAW;AAC9C,MAAA,IAAA,CAAK,QAAA,GAAW,KAAK,OAAA,CAAQ,eAAA;AAAA,IAC/B,CAAA,MAAO;AACL,MAAA,OAAO,IAAA,CAAK,QAAA;AAAA,IACd;AACA,IAAA,OAAO,IAAA,CAAK,GAAA;AACZ,IAAA,OAAO,IAAA,CAAK,GAAA;AACZ,IAAA,OAAO,IAAA,CAAK,GAAA;AACZ,IAAA,IAAA,CAAK,SAAS,EAAC;AACf,IAAA,IAAA,CAAK,mBAAmB,EAAC;AACzB,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,UAAA,KAAe,MAAA,EAAW;AACzC,MAAA,IAAA,CAAK,UAAA,GAAa,KAAK,OAAA,CAAQ,UAAA;AAAA,IACjC,CAAA,MAAO;AACL,MAAA,OAAO,IAAA,CAAK,UAAA;AAAA,IACd;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAyB;AACvB,IAAA,MAAM,OAAA,GAAU,IAAI,gBAAA,CAAgB,IAAA,CAAK,OAAO,CAAA;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,MAAA,EAAW;AAC7B,MAAA,OAAA,CAAQ,SAAS,IAAA,CAAK,MAAA;AAAA,IACxB;AACA,IAAA,IAAI,IAAA,CAAK,aAAa,MAAA,EAAW;AAC/B,MAAA,OAAA,CAAQ,WAAW,IAAA,CAAK,QAAA;AAAA,IAC1B;AACA,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAW;AAC1B,MAAA,OAAA,CAAQ,MAAM,IAAA,CAAK,GAAA;AAAA,IACrB;AACA,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAW;AAC1B,MAAA,OAAA,CAAQ,MAAM,IAAA,CAAK,GAAA;AAAA,IACrB;AACA,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAW;AAC1B,MAAA,OAAA,CAAQ,MAAM,IAAA,CAAK,GAAA;AAAA,IACrB;AACA,IAAA,OAAA,CAAQ,MAAA,GAAS,EAAE,GAAG,IAAA,CAAK,MAAA,EAAO;AAClC,IAAA,OAAA,CAAQ,gBAAA,GAAmB,EAAE,GAAG,IAAA,CAAK,gBAAA,EAAiB;AACtD,IAAA,IAAI,IAAA,CAAK,eAAe,MAAA,EAAW;AACjC,MAAA,OAAA,CAAQ,aAAa,IAAA,CAAK,UAAA;AAAA,IAC5B;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AACF;AAKO,SAAS,cAAc,OAAA,EAA2C;AACvE,EAAA,OAAO,IAAI,gBAAgB,OAAO,CAAA;AACpC;ACxOO,IAAM,iBAAN,MAAqB;AAAA,EAG1B,WAAA,CAAoB,OAAA,GAAyB,EAAC,EAAG;AAA7B,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAClB,IAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,MAAA,IAAA,CAAK,OAAO,kBAAA,CAAmB,IAAI,GAAA,CAAI,OAAA,CAAQ,OAAO,CAAC,CAAA;AAAA,IACzD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,GAAA,EAA8B;AACnC,IAAA,MAAM,OAAA,GAAU,UAAU,GAAG,CAAA;AAC7B,IAAA,IAAA,CAAK,yBAAyB,OAAO,CAAA;AACrC,IAAA,OAAO,OAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,CACJ,GAAA,EACA,eAAA,EACA,OAAA,EAC2B;AAC3B,IAAA,IAAI;AACF,MAAA,MAAM,aAAA,GAAgB;AAAA,QACpB,GAAG,KAAK,OAAA,CAAQ,wBAAA;AAAA,QAChB,GAAG;AAAA,OACL;AAGA,MAAA,MAAM,IAAA,GAAO,eAAA,GACT,KAAA,CAAM,OAAA,CAAQ,eAAe,CAAA,GAC3B,eAAA,GACA,CAAC,eAAe,CAAA,GAClB,IAAA,CAAK,OAAA,CAAQ,gBAAA;AAEjB,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,IAAA,CAAK,IAAA,EAAM;AACvB,QAAA,MAAM,IAAI,MAAM,0CAA0C,CAAA;AAAA,MAC5D;AAGA,MAAA,IAAI,OAAA;AACJ,MAAA,MAAM,aAA+B,EAAC;AAEtC,MAAA,IAAI,cAAc,MAAA,EAAQ;AACxB,QAAA,UAAA,CAAW,SAAS,aAAA,CAAc,MAAA;AAAA,MACpC;AACA,MAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,QAAA,UAAA,CAAW,WAAW,aAAA,CAAc,QAAA;AAAA,MACtC;AACA,MAAA,IAAI,cAAc,cAAA,EAAgB;AAChC,QAAA,UAAA,CAAW,iBAAiB,aAAA,CAAc,cAAA;AAAA,MAC5C;AACA,MAAA,IAAI,cAAc,WAAA,EAAa;AAC7B,QAAA,UAAA,CAAW,cAAc,aAAA,CAAc,WAAA;AAAA,MACzC;AACA,MAAA,IAAI,cAAc,WAAA,EAAa;AAC7B,QAAA,UAAA,CAAW,WAAA,GAAc,CAAA,EAAG,aAAA,CAAc,WAAW,CAAA,CAAA,CAAA;AAAA,MACvD;AAEA,MAAA,IAAI,KAAK,IAAA,EAAM;AACb,QAAA,MAAM,SAAS,MAAM,SAAA,CAAU,GAAA,EAAK,IAAA,CAAK,MAAM,UAAU,CAAA;AACzD,QAAA,OAAA,GAAU,MAAA,CAAO,OAAA;AAAA,MACnB,WAAW,IAAA,EAAM;AAEf,QAAA,IAAI,SAAA;AACJ,QAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,UAAA,IAAI;AACF,YAAA,MAAM,SAAS,MAAM,SAAA;AAAA,cACnB,GAAA;AAAA,cACA,GAAA,CAAI,GAAA;AAAA,cACJ;AAAA,aACF;AACA,YAAA,OAAA,GAAU,MAAA,CAAO,OAAA;AACjB,YAAA;AAAA,UACF,SAAS,KAAA,EAAO;AACd,YAAA,SAAA,GAAY,KAAA;AAAA,UACd;AAAA,QACF;AACA,QAAA,IAAI,CAAC,OAAA,EAAU;AACb,UAAA,MAAM,SAAA,IAAa,IAAI,KAAA,CAAM,4CAA4C,CAAA;AAAA,QAC3E;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAM,IAAI,MAAM,kCAAkC,CAAA;AAAA,MACpD;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA;AACxB,MAAA,MAAM,gBAAA,GAAmB,IAAA,CAAK,gBAAA,CAAiB,eAAA,EAAiB,aAAa,CAAA;AAE7E,MAAA,IAAI,gBAAA,CAAiB,SAAS,CAAA,EAAG;AAC/B,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,KAAA;AAAA,UACP,MAAA,EAAQ,gBAAA;AAAA,UACR,KAAA,EAAO,gBAAA,CAAiB,IAAA,CAAK,IAAI;AAAA,SACnC;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,IAAA;AAAA,QACP,OAAA,EAAS;AAAA,OACX;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,OAClD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,yBAAyB,OAAA,EAAgC;AAC/D,IAAA,IAAI,CAAC,OAAA,CAAQ,MAAA,IAAU,OAAO,OAAA,CAAQ,WAAW,QAAA,EAAU;AACzD,MAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,IACnD;AAEA,IAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,IAAO,OAAO,OAAA,CAAQ,QAAQ,QAAA,EAAU;AACnD,MAAA,MAAM,IAAI,MAAM,iCAAiC,CAAA;AAAA,IACnD;AAEA,IAAA,IAAI,CAAC,OAAA,CAAQ,GAAA,IAAO,OAAO,OAAA,CAAQ,QAAQ,QAAA,EAAU;AACnD,MAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,IAChD;AAEA,IAAA,IAAI,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,EAAU;AACnC,MAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,IAChD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAA,CAAiB,SAA0B,OAAA,EAAsC;AACvF,IAAA,MAAM,SAAmB,EAAC;AAG1B,IAAA,IAAI;AACF,MAAA,IAAA,CAAK,yBAAyB,OAAO,CAAA;AAAA,IACvC,SAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,2BAA2B,CAAA;AAAA,IAClF;AAGA,IAAA,IAAI,QAAQ,cAAA,EAAgB;AAC1B,MAAA,KAAA,MAAW,KAAA,IAAS,QAAQ,cAAA,EAAgB;AAC1C,QAAA,IAAI,EAAE,SAAS,OAAA,CAAA,EAAU;AACvB,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,wBAAA,EAA2B,KAAK,CAAA,CAAE,CAAA;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAGA,IAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,MAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,CAAE,MAAA;AAC/C,MAAA,IAAI,eAAe,CAAA,EAAG;AACpB,QAAA,MAAA,CAAO,KAAK,mCAAmC,CAAA;AAAA,MACjD;AAGA,MAAA,KAAA,MAAW,QAAA,IAAY,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,EAAG;AAClD,QAAA,IAAI,CAAC,IAAA,CAAK,eAAA,CAAgB,QAAQ,CAAA,EAAG;AACnC,UAAA,MAAA,CAAO,IAAA,CAAK,CAAA,0BAAA,EAA6B,QAAQ,CAAA,CAAE,CAAA;AAAA,QACrD;AAAA,MACF;AAAA,IACF;AAIA,IAAA,IAAI,QAAQ,GAAA,EAAK;AAKjB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAgB,GAAA,EAAsB;AAC5C,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAG,CAAA;AACvB,MAAA,OAAO,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,QAAA,KAAa,OAAA;AAAA,IACvD,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,OAAA,EAAyC;AACrD,IAAA,OAAO,OAAA,CAAQ,MAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKA,YAAA,CAA0B,SAA0B,SAAA,EAAkC;AACpF,IAAA,OAAO,OAAA,CAAQ,OAAO,SAAS,CAAA;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,QAAA,CAAS,SAA0B,SAAA,EAA4B;AAC7D,IAAA,OAAO,aAAa,OAAA,CAAQ,MAAA;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,OAAA,EAAoC;AAChD,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA;AAAA,EACnC;AACF;AAKO,SAAS,aAAa,OAAA,EAAyC;AACpE,EAAA,OAAO,IAAI,eAAe,OAAO,CAAA;AACnC;AC7PO,IAAK,SAAA,qBAAAC,UAAAA,KAAL;AACL,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AACR,EAAAA,WAAA,OAAA,CAAA,GAAQ,OAAA;AAZE,EAAA,OAAAA,UAAAA;AAAA,CAAA,EAAA,SAAA,IAAA,EAAA;AAkBL,IAAM,aAAN,MAAiB;AAAA,EAAjB,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,IAAA,uBAAoC,GAAA,EAAI;AAAA,EAAA;AAAA;AAAA;AAAA;AAAA,EAKhD,MAAA,CAAO,KAAa,GAAA,EAAuB;AACzC,IAAA,IAAA,CAAK,KAAK,GAAA,CAAI,GAAA,EAAK,EAAE,GAAG,GAAA,EAAK,KAAK,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,GAAA,EAAqC;AAC1C,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,UAAA,GAA2B;AACzB,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,QAAQ,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,GAAA,EAAsB;AAC9B,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,KAAK,KAAA,EAAM;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAwC;AACtC,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,IAAA,EAAK;AACzC,IAAA,OAAO,QAAA,CAAS,IAAA,GAAO,MAAA,GAAY,QAAA,CAAS,KAAA;AAAA,EAC9C;AACF;AAKO,IAAM,eAAN,MAAmB;AAAA;AAAA;AAAA;AAAA,EAIxB,aAAa,eAAA,CACX,GAAA,GAAiB,OAAA,cACjB,OAAA,EACsD;AACtD,IAAA,OAAO,eAAA,CAAgB,KAAK,OAAO,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,SAAA,CAAU,GAAA,EAA8B,GAAA,EAAkC;AACrF,IAAA,MAAM,MAAA,GAAS,MAAM,SAAA,CAAU,GAAA,EAAmD,GAAG,CAAA;AACrF,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,gBAAA,CACX,KAAA,EACA,GAAA,EACA,OAAA,EACkB;AAClB,IAAA,OAAO,WAAA,CAAY,KAAA,EAAO,GAAA,EAAK,OAAO,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,eAAA,CACX,IAAA,EACA,GAAA,EACA,OAAA,EACkB;AAClB,IAAA,OAAO,UAAA,CAAW,IAAA,EAAM,GAAA,EAAK,OAAO,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,gBAAA,CACX,GAAA,EACA,GAAA,EACA,GAAA,EACqB;AACrB,IAAA,IAAI,OAAA;AAEJ,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAE3B,MAAA,IAAI,GAAA,CAAI,QAAA,CAAS,aAAa,CAAA,EAAG;AAC/B,QAAA,OAAA,GAAU,MAAM,IAAA,CAAK,gBAAA,CAAiB,GAAA,EAAK,GAAG,CAAA;AAAA,MAChD,CAAA,MAAA,IAAW,GAAA,CAAI,QAAA,CAAS,YAAY,CAAA,EAAG;AACrC,QAAA,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,GAAA,EAAK,GAAG,CAAA;AAAA,MAC/C,CAAA,MAAO;AAEL,QAAA,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,GAAG,CAAA;AAAA,MACxC;AAAA,IACF,WAAW,OAAO,GAAA,KAAQ,QAAA,IAAY,EAAE,UAAU,GAAA,CAAA,EAAM;AAEtD,MAAA,OAAA,GAAU,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAgC,GAAG,CAAA;AAAA,IACpE,CAAA,MAAO;AACL,MAAA,OAAA,GAAU,GAAA;AAAA,IACZ;AAEA,IAAA,OAAO;AAAA,MACL,GAAA,EAAK,OAAA;AAAA,MACL,GAAA;AAAA,MACA,GAAI,GAAA,KAAQ,MAAA,IAAa,EAAE,GAAA;AAAI,KACjC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,kBAAA,CACL,MAAA,EACA,GAAA,GAAiB,qBACjB,GAAA,EACY;AACZ,IAAA,OAAO;AAAA,MACL,GAAA,EAAK,IAAI,WAAA,EAAY,CAAE,OAAO,MAAM,CAAA;AAAA,MACpC,GAAA;AAAA,MACA,GAAI,GAAA,KAAQ,MAAA,IAAa,EAAE,GAAA;AAAI,KACjC;AAAA,EACF;AACF;AAKO,IAAM,iBAAA,GAAoB,IAAI,UAAA","file":"index.mjs","sourcesContent":["/**\n * Subject Identifier Types\n * Implements various subject identifier formats as defined in RFC 8417 and related specs\n */\n\nexport interface SubjectIdentifier {\n format: string;\n [key: string]: unknown;\n}\n\n/**\n * Account Identifier\n * Identifies a subject using an account at a service provider\n */\nexport interface AccountIdentifier extends SubjectIdentifier {\n format: 'account';\n uri: string;\n}\n\n/**\n * Email Identifier\n * Identifies a subject using an email address\n */\nexport interface EmailIdentifier extends SubjectIdentifier {\n format: 'email';\n email: string;\n}\n\n/**\n * Issuer and Subject Identifier\n * Identifies a subject using an issuer and subject pair\n */\nexport interface IssuerSubjectIdentifier extends SubjectIdentifier {\n format: 'iss_sub';\n iss: string;\n sub: string;\n}\n\n/**\n * Opaque Identifier\n * Identifies a subject using an opaque identifier\n */\nexport interface OpaqueIdentifier extends SubjectIdentifier {\n format: 'opaque';\n id: string;\n}\n\n/**\n * Phone Number Identifier\n * Identifies a subject using a phone number\n */\nexport interface PhoneNumberIdentifier extends SubjectIdentifier {\n format: 'phone_number';\n phone_number: string;\n}\n\n/**\n * Decentralized Identifier (DID)\n * Identifies a subject using a W3C Decentralized Identifier\n */\nexport interface DidIdentifier extends SubjectIdentifier {\n format: 'did';\n url: string;\n}\n\n/**\n * URI Identifier\n * Identifies a subject using a URI\n */\nexport interface UriIdentifier extends SubjectIdentifier {\n format: 'uri';\n uri: string;\n}\n\n/**\n * Aliases Identifier\n * Groups multiple identifiers for the same subject\n */\nexport interface AliasesIdentifier extends SubjectIdentifier {\n format: 'aliases';\n identifiers: SubjectIdentifier[];\n}\n\n/**\n * Complex Subject with multiple identifier types\n */\nexport interface ComplexSubject {\n user?: SubjectIdentifier;\n device?: SubjectIdentifier;\n session?: SubjectIdentifier;\n application?: SubjectIdentifier;\n tenant?: SubjectIdentifier;\n org?: SubjectIdentifier;\n [key: string]: SubjectIdentifier | undefined;\n}\n\n/**\n * Type guard functions\n */\nexport function isAccountIdentifier(subject: SubjectIdentifier): subject is AccountIdentifier {\n return subject.format === 'account';\n}\n\nexport function isEmailIdentifier(subject: SubjectIdentifier): subject is EmailIdentifier {\n return subject.format === 'email';\n}\n\nexport function isIssuerSubjectIdentifier(\n subject: SubjectIdentifier,\n): subject is IssuerSubjectIdentifier {\n return subject.format === 'iss_sub';\n}\n\nexport function isOpaqueIdentifier(subject: SubjectIdentifier): subject is OpaqueIdentifier {\n return subject.format === 'opaque';\n}\n\nexport function isPhoneNumberIdentifier(\n subject: SubjectIdentifier,\n): subject is PhoneNumberIdentifier {\n return subject.format === 'phone_number';\n}\n\nexport function isDidIdentifier(subject: SubjectIdentifier): subject is DidIdentifier {\n return subject.format === 'did';\n}\n\nexport function isUriIdentifier(subject: SubjectIdentifier): subject is UriIdentifier {\n return subject.format === 'uri';\n}\n\nexport function isAliasesIdentifier(subject: SubjectIdentifier): subject is AliasesIdentifier {\n return subject.format === 'aliases';\n}\n\n/**\n * Factory functions for creating subject identifiers\n */\nexport class SubjectIdentifiers {\n static account(uri: string): AccountIdentifier {\n return { format: 'account', uri };\n }\n\n static email(email: string): EmailIdentifier {\n return { format: 'email', email };\n }\n\n static issuerSubject(iss: string, sub: string): IssuerSubjectIdentifier {\n return { format: 'iss_sub', iss, sub };\n }\n\n static opaque(id: string): OpaqueIdentifier {\n return { format: 'opaque', id };\n }\n\n static phoneNumber(phone_number: string): PhoneNumberIdentifier {\n return { format: 'phone_number', phone_number };\n }\n\n static did(url: string): DidIdentifier {\n return { format: 'did', url };\n }\n\n static uri(uri: string): UriIdentifier {\n return { format: 'uri', uri };\n }\n\n static aliases(...identifiers: SubjectIdentifier[]): AliasesIdentifier {\n return { format: 'aliases', identifiers };\n }\n}\n","/**\n * Security Event Types\n * Implements CAEP and SSF event types according to their specifications\n */\n\nimport { SubjectIdentifier, ComplexSubject } from './subject';\n\n/**\n * Base Security Event interface\n */\nexport interface SecurityEvent {\n [eventType: string]: EventData | unknown;\n}\n\nexport interface EventData {\n subject?: SubjectIdentifier | ComplexSubject;\n [key: string]: unknown;\n}\n\n/**\n * CAEP Event Types\n */\n\n/**\n * Session Revoked Event\n * Indicates that the session identified by the subject has been revoked\n */\nexport interface SessionRevokedEvent extends EventData {\n event_timestamp: number;\n reason?: string;\n}\n\n/**\n * Token Claims Change Event\n * Indicates that the claims in the token have changed\n */\nexport interface TokenClaimsChangeEvent extends EventData {\n event_timestamp: number;\n claims?: Record<string, unknown>;\n}\n\n/**\n * Credential Change Event\n * Indicates that the user's credential has been changed\n */\nexport interface CredentialChangeEvent extends EventData {\n event_timestamp: number;\n credential_type?: string;\n change_type?: 'create' | 'update' | 'delete';\n reason?: string;\n x509_issuer?: string;\n x509_serial?: string;\n fido2_aaguid?: string;\n friendly_name?: string;\n}\n\n/**\n * Assurance Level Change Event\n * Indicates that the user's assurance level has changed\n */\nexport interface AssuranceLevelChangeEvent extends EventData {\n event_timestamp: number;\n current_level?: string;\n previous_level?: string;\n change_direction?: 'increase' | 'decrease';\n initiating_entity?: 'policy' | 'user' | 'admin';\n}\n\n/**\n * Device Compliance Change Event\n * Indicates that the device's compliance status has changed\n */\nexport interface DeviceComplianceChangeEvent extends EventData {\n event_timestamp: number;\n current_status?: 'compliant' | 'not_compliant';\n previous_status?: 'compliant' | 'not_compliant';\n compliance_policies?: string[];\n}\n\n/**\n * SSF Event Types\n */\n\n/**\n * Stream Updated Event\n * Indicates that the stream configuration has been updated\n */\nexport interface StreamUpdatedEvent extends EventData {\n effective_time?: number;\n}\n\n/**\n * Verification Event\n * Used to verify the stream connection\n */\nexport interface VerificationEvent extends EventData {\n state?: string;\n}\n\n/**\n * CAEP Event URIs\n */\nexport const CAEP_EVENT_TYPES = {\n SESSION_REVOKED: 'https://schemas.openid.net/secevent/caep/event-type/session-revoked',\n TOKEN_CLAIMS_CHANGE: 'https://schemas.openid.net/secevent/caep/event-type/token-claims-change',\n CREDENTIAL_CHANGE: 'https://schemas.openid.net/secevent/caep/event-type/credential-change',\n ASSURANCE_LEVEL_CHANGE:\n 'https://schemas.openid.net/secevent/caep/event-type/assurance-level-change',\n DEVICE_COMPLIANCE_CHANGE:\n 'https://schemas.openid.net/secevent/caep/event-type/device-compliance-change',\n} as const;\n\n/**\n * SSF Event URIs\n */\nexport const SSF_EVENT_TYPES = {\n STREAM_UPDATED: 'https://schemas.openid.net/secevent/ssf/event-type/stream-updated',\n VERIFICATION: 'https://schemas.openid.net/secevent/ssf/event-type/verification',\n} as const;\n\n/**\n * RISC Event URIs\n */\nexport const RISC_EVENT_TYPES = {\n ACCOUNT_CREDENTIAL_CHANGE_REQUIRED:\n 'https://schemas.openid.net/secevent/risc/event-type/account-credential-change-required',\n ACCOUNT_PURGED: 'https://schemas.openid.net/secevent/risc/event-type/account-purged',\n ACCOUNT_DISABLED: 'https://schemas.openid.net/secevent/risc/event-type/account-disabled',\n ACCOUNT_ENABLED: 'https://schemas.openid.net/secevent/risc/event-type/account-enabled',\n IDENTIFIER_CHANGED: 'https://schemas.openid.net/secevent/risc/event-type/identifier-changed',\n IDENTIFIER_RECYCLED: 'https://schemas.openid.net/secevent/risc/event-type/identifier-recycled',\n OPT_IN: 'https://schemas.openid.net/secevent/risc/event-type/opt-in',\n OPT_OUT_INITIATED: 'https://schemas.openid.net/secevent/risc/event-type/opt-out-initiated',\n OPT_OUT_CANCELLED: 'https://schemas.openid.net/secevent/risc/event-type/opt-out-cancelled',\n OPT_OUT_EFFECTIVE: 'https://schemas.openid.net/secevent/risc/event-type/opt-out-effective',\n RECOVERY_ACTIVATED: 'https://schemas.openid.net/secevent/risc/event-type/recovery-activated',\n RECOVERY_INFORMATION_CHANGED:\n 'https://schemas.openid.net/secevent/risc/event-type/recovery-information-changed',\n SESSIONS_REVOKED: 'https://schemas.openid.net/secevent/risc/event-type/sessions-revoked',\n} as const;\n\n/**\n * All event type URIs\n */\nexport const EVENT_TYPES = {\n ...CAEP_EVENT_TYPES,\n ...SSF_EVENT_TYPES,\n ...RISC_EVENT_TYPES,\n} as const;\n\nexport type EventTypeUri = (typeof EVENT_TYPES)[keyof typeof EVENT_TYPES];\n\n/**\n * Helper class for creating events\n */\nexport class Events {\n static sessionRevoked(\n subject: SubjectIdentifier | ComplexSubject,\n timestamp: number,\n reason?: string,\n ): SecurityEvent {\n return {\n [CAEP_EVENT_TYPES.SESSION_REVOKED]: {\n subject,\n event_timestamp: timestamp,\n reason,\n } as SessionRevokedEvent,\n };\n }\n\n static tokenClaimsChange(\n subject: SubjectIdentifier | ComplexSubject,\n timestamp: number,\n claims?: Record<string, unknown>,\n ): SecurityEvent {\n return {\n [CAEP_EVENT_TYPES.TOKEN_CLAIMS_CHANGE]: {\n subject,\n event_timestamp: timestamp,\n claims,\n } as TokenClaimsChangeEvent,\n };\n }\n\n static credentialChange(\n subject: SubjectIdentifier | ComplexSubject,\n timestamp: number,\n options?: Partial<CredentialChangeEvent>,\n ): SecurityEvent {\n return {\n [CAEP_EVENT_TYPES.CREDENTIAL_CHANGE]: {\n subject,\n event_timestamp: timestamp,\n ...options,\n } as CredentialChangeEvent,\n };\n }\n\n static assuranceLevelChange(\n subject: SubjectIdentifier | ComplexSubject,\n timestamp: number,\n options?: Partial<AssuranceLevelChangeEvent>,\n ): SecurityEvent {\n return {\n [CAEP_EVENT_TYPES.ASSURANCE_LEVEL_CHANGE]: {\n subject,\n event_timestamp: timestamp,\n ...options,\n } as AssuranceLevelChangeEvent,\n };\n }\n\n static deviceComplianceChange(\n subject: SubjectIdentifier | ComplexSubject,\n timestamp: number,\n options?: Partial<DeviceComplianceChangeEvent>,\n ): SecurityEvent {\n return {\n [CAEP_EVENT_TYPES.DEVICE_COMPLIANCE_CHANGE]: {\n subject,\n event_timestamp: timestamp,\n ...options,\n } as DeviceComplianceChangeEvent,\n };\n }\n\n static streamUpdated(effectiveTime?: number): SecurityEvent {\n return {\n [SSF_EVENT_TYPES.STREAM_UPDATED]: {\n effective_time: effectiveTime,\n } as StreamUpdatedEvent,\n };\n }\n\n static verification(state?: string): SecurityEvent {\n return {\n [SSF_EVENT_TYPES.VERIFICATION]: {\n state,\n } as VerificationEvent,\n };\n }\n}\n","/**\n * ID Generators for Security Event Tokens\n */\n\nimport { v4 as uuidv4 } from 'uuid';\nimport { IdGenerator } from '../types/secevent';\n\n/**\n * UUID v4 ID generator\n */\nexport class UuidGenerator implements IdGenerator {\n generate(): string {\n return uuidv4();\n }\n}\n\n/**\n * Timestamp-based ID generator\n */\nexport class TimestampGenerator implements IdGenerator {\n private counter = 0;\n\n generate(): string {\n const timestamp = Date.now();\n const count = this.counter++;\n return `${timestamp}-${count}`;\n }\n}\n\n/**\n * Prefixed ID generator\n */\nexport class PrefixedGenerator implements IdGenerator {\n constructor(\n private prefix: string,\n private baseGenerator: IdGenerator = new UuidGenerator(),\n ) {}\n\n generate(): string {\n return `${this.prefix}-${this.baseGenerator.generate()}`;\n }\n}\n\n/**\n * Custom function-based ID generator\n */\nexport class CustomGenerator implements IdGenerator {\n constructor(private generatorFn: () => string) {}\n\n generate(): string {\n return this.generatorFn();\n }\n}\n\n/**\n * Default ID generator\n */\nexport const defaultIdGenerator = new UuidGenerator();\n","/**\n * Security Event Token Builder\n * Provides a fluent API for constructing SETs\n */\n\nimport { SignJWT } from 'jose';\nimport { SecEventPayload, SignedSecEvent, IdGenerator, SigningKey } from '../types/secevent';\nimport { SecurityEvent } from '../types/events';\nimport { defaultIdGenerator } from '../id/generator';\n\n/**\n * Builder configuration options\n */\nexport interface BuilderOptions {\n /**\n * Default issuer for all tokens\n */\n defaultIssuer?: string;\n\n /**\n * Default audience for all tokens\n */\n defaultAudience?: string | string[];\n\n /**\n * ID generator for JTI values\n */\n idGenerator?: IdGenerator;\n\n /**\n * Default signing key\n */\n signingKey?: SigningKey;\n}\n\n/**\n * Security Event Token Builder\n */\nexport class SecEventBuilder {\n private issuer?: string;\n private audience?: string | string[];\n private jti?: string;\n private iat?: number;\n private txn?: string;\n private events: SecurityEvent = {};\n private additionalClaims: Record<string, unknown> = {};\n private signingKey?: SigningKey;\n\n constructor(private options: BuilderOptions = {}) {\n if (options.defaultIssuer !== undefined) {\n this.issuer = options.defaultIssuer;\n }\n if (options.defaultAudience !== undefined) {\n this.audience = options.defaultAudience;\n }\n if (options.signingKey !== undefined) {\n this.signingKey = options.signingKey;\n }\n }\n\n /**\n * Set the issuer\n */\n withIssuer(issuer: string): this {\n this.issuer = issuer;\n return this;\n }\n\n /**\n * Set the audience\n */\n withAudience(audience: string | string[]): this {\n this.audience = audience;\n return this;\n }\n\n /**\n * Set the token ID\n */\n withJti(jti: string): this {\n this.jti = jti;\n return this;\n }\n\n /**\n * Set the issued at timestamp\n */\n withIat(iat: number): this {\n this.iat = iat;\n return this;\n }\n\n /**\n * Set the transaction ID\n */\n withTxn(txn: string): this {\n this.txn = txn;\n return this;\n }\n\n /**\n * Add an event to the token\n */\n withEvent(event: SecurityEvent): this {\n this.events = { ...this.events, ...event };\n return this;\n }\n\n /**\n * Add multiple events to the token\n */\n withEvents(...events: SecurityEvent[]): this {\n events.forEach((event) => {\n this.events = { ...this.events, ...event };\n });\n return this;\n }\n\n /**\n * Add a custom claim\n */\n withClaim(key: string, value: unknown): this {\n this.additionalClaims[key] = value;\n return this;\n }\n\n /**\n * Add multiple custom claims\n */\n withClaims(claims: Record<string, unknown>): this {\n this.additionalClaims = { ...this.additionalClaims, ...claims };\n return this;\n }\n\n /**\n * Set the signing key\n */\n withSigningKey(key: SigningKey): this {\n this.signingKey = key;\n return this;\n }\n\n /**\n * Build the payload without signing\n */\n buildPayload(): SecEventPayload {\n if (!this.issuer) {\n throw new Error('Issuer is required');\n }\n\n if (Object.keys(this.events).length === 0) {\n throw new Error('At least one event is required');\n }\n\n const idGenerator = this.options.idGenerator || defaultIdGenerator;\n\n const payload: SecEventPayload = {\n iss: this.issuer,\n jti: this.jti || idGenerator.generate(),\n iat: this.iat || Math.floor(Date.now() / 1000),\n events: this.events,\n ...this.additionalClaims,\n };\n\n if (this.audience) {\n payload.aud = this.audience;\n }\n\n if (this.txn) {\n payload.txn = this.txn;\n }\n\n return payload;\n }\n\n /**\n * Build and sign the token\n */\n async sign(signingKey?: SigningKey): Promise<SignedSecEvent> {\n const key = signingKey || this.signingKey;\n if (!key) {\n throw new Error('Signing key is required');\n }\n\n const payload = this.buildPayload();\n\n let jwt = new SignJWT(payload as unknown as Record<string, unknown>)\n .setProtectedHeader({\n alg: key.alg,\n typ: 'secevent+jwt',\n ...(key.kid && { kid: key.kid }),\n })\n .setIssuedAt(payload.iat)\n .setIssuer(payload.iss)\n .setJti(payload.jti);\n\n if (payload.aud) {\n jwt = jwt.setAudience(payload.aud);\n }\n\n const token = await jwt.sign(key.key as Parameters<typeof jwt.sign>[0]);\n\n return {\n jwt: token,\n payload,\n };\n }\n\n /**\n * Reset the builder\n */\n reset(): this {\n if (this.options.defaultIssuer !== undefined) {\n this.issuer = this.options.defaultIssuer;\n } else {\n delete this.issuer;\n }\n if (this.options.defaultAudience !== undefined) {\n this.audience = this.options.defaultAudience;\n } else {\n delete this.audience;\n }\n delete this.jti;\n delete this.iat;\n delete this.txn;\n this.events = {};\n this.additionalClaims = {};\n if (this.options.signingKey !== undefined) {\n this.signingKey = this.options.signingKey;\n } else {\n delete this.signingKey;\n }\n return this;\n }\n\n /**\n * Create a new builder with the same configuration\n */\n clone(): SecEventBuilder {\n const builder = new SecEventBuilder(this.options);\n if (this.issuer !== undefined) {\n builder.issuer = this.issuer;\n }\n if (this.audience !== undefined) {\n builder.audience = this.audience;\n }\n if (this.jti !== undefined) {\n builder.jti = this.jti;\n }\n if (this.iat !== undefined) {\n builder.iat = this.iat;\n }\n if (this.txn !== undefined) {\n builder.txn = this.txn;\n }\n builder.events = { ...this.events };\n builder.additionalClaims = { ...this.additionalClaims };\n if (this.signingKey !== undefined) {\n builder.signingKey = this.signingKey;\n }\n return builder;\n }\n}\n\n/**\n * Factory function for creating a builder\n */\nexport function createBuilder(options?: BuilderOptions): SecEventBuilder {\n return new SecEventBuilder(options);\n}\n","/**\n * Security Event Token Parser and Validator\n * Parses and validates SETs according to RFC 8417\n */\n\nimport { jwtVerify, decodeJwt, JWTVerifyOptions, JWTPayload, createRemoteJWKSet } from 'jose';\nimport {\n SecEventPayload,\n ValidationOptions,\n ValidationResult,\n SigningKey,\n} from '../types/secevent';\nimport { SecurityEvent } from '../types/events';\n\n/**\n * Parser configuration\n */\nexport interface ParserOptions {\n /**\n * JWKS URL for key verification\n */\n jwksUrl?: string;\n\n /**\n * Static verification keys\n */\n verificationKeys?: SigningKey[];\n\n /**\n * Default validation options\n */\n defaultValidationOptions?: ValidationOptions;\n}\n\n/**\n * Security Event Token Parser\n */\nexport class SecEventParser {\n private jwks?: ReturnType<typeof createRemoteJWKSet>;\n\n constructor(private options: ParserOptions = {}) {\n if (options.jwksUrl) {\n this.jwks = createRemoteJWKSet(new URL(options.jwksUrl));\n }\n }\n\n /**\n * Parse a JWT without verification\n */\n decode(jwt: string): SecEventPayload {\n const payload = decodeJwt(jwt) as unknown as SecEventPayload;\n this.validatePayloadStructure(payload);\n return payload;\n }\n\n /**\n * Parse and verify a signed SET\n */\n async verify(\n jwt: string,\n verificationKey?: SigningKey | SigningKey[],\n options?: ValidationOptions,\n ): Promise<ValidationResult> {\n try {\n const mergedOptions = {\n ...this.options.defaultValidationOptions,\n ...options,\n };\n\n // Determine verification key(s)\n const keys = verificationKey\n ? Array.isArray(verificationKey)\n ? verificationKey\n : [verificationKey]\n : this.options.verificationKeys;\n\n if (!keys && !this.jwks) {\n throw new Error('No verification key or JWKS URL provided');\n }\n\n // Verify JWT signature\n let payload: JWTPayload;\n const jwtOptions: JWTVerifyOptions = {};\n\n if (mergedOptions.issuer) {\n jwtOptions.issuer = mergedOptions.issuer;\n }\n if (mergedOptions.audience) {\n jwtOptions.audience = mergedOptions.audience;\n }\n if (mergedOptions.clockTolerance) {\n jwtOptions.clockTolerance = mergedOptions.clockTolerance;\n }\n if (mergedOptions.currentDate) {\n jwtOptions.currentDate = mergedOptions.currentDate;\n }\n if (mergedOptions.maxTokenAge) {\n jwtOptions.maxTokenAge = `${mergedOptions.maxTokenAge}s`;\n }\n\n if (this.jwks) {\n const result = await jwtVerify(jwt, this.jwks, jwtOptions);\n payload = result.payload;\n } else if (keys) {\n // Try each key until one works\n let lastError: Error | undefined;\n for (const key of keys) {\n try {\n const result = await jwtVerify(\n jwt,\n key.key as Parameters<typeof jwtVerify>[1],\n jwtOptions,\n );\n payload = result.payload;\n break;\n } catch (error) {\n lastError = error as Error;\n }\n }\n if (!payload!) {\n throw lastError || new Error('Verification failed with all provided keys');\n }\n } else {\n throw new Error('No verification method available');\n }\n\n // Validate SET-specific requirements\n const secEventPayload = payload as unknown as SecEventPayload;\n const validationErrors = this.validateSecEvent(secEventPayload, mergedOptions);\n\n if (validationErrors.length > 0) {\n return {\n valid: false,\n errors: validationErrors,\n error: validationErrors.join('; '),\n };\n }\n\n return {\n valid: true,\n payload: secEventPayload,\n };\n } catch (error) {\n return {\n valid: false,\n error: error instanceof Error ? error.message : 'Unknown error',\n };\n }\n }\n\n /**\n * Validate SET payload structure\n */\n private validatePayloadStructure(payload: SecEventPayload): void {\n if (!payload.events || typeof payload.events !== 'object') {\n throw new Error('Missing or invalid events claim');\n }\n\n if (!payload.iss || typeof payload.iss !== 'string') {\n throw new Error('Missing or invalid issuer claim');\n }\n\n if (!payload.jti || typeof payload.jti !== 'string') {\n throw new Error('Missing or invalid jti claim');\n }\n\n if (typeof payload.iat !== 'number') {\n throw new Error('Missing or invalid iat claim');\n }\n }\n\n /**\n * Validate SET-specific requirements\n */\n private validateSecEvent(payload: SecEventPayload, options: ValidationOptions): string[] {\n const errors: string[] = [];\n\n // Basic structure validation\n try {\n this.validatePayloadStructure(payload);\n } catch (error) {\n errors.push(error instanceof Error ? error.message : 'Invalid payload structure');\n }\n\n // Check required claims\n if (options.requiredClaims) {\n for (const claim of options.requiredClaims) {\n if (!(claim in payload)) {\n errors.push(`Missing required claim: ${claim}`);\n }\n }\n }\n\n // Validate events\n if (payload.events) {\n const eventCount = Object.keys(payload.events).length;\n if (eventCount === 0) {\n errors.push('No events present in events claim');\n }\n\n // Check for valid event URIs\n for (const eventUri of Object.keys(payload.events)) {\n if (!this.isValidEventUri(eventUri)) {\n errors.push(`Invalid event URI format: ${eventUri}`);\n }\n }\n }\n\n // RFC 8417 states that the \"sub\" claim should not be used in the JWT itself\n // The subject should be in the events\n if (payload.sub) {\n // This is a warning, not necessarily an error\n // Some implementations might still use it\n }\n\n return errors;\n }\n\n /**\n * Check if an event URI is valid\n */\n private isValidEventUri(uri: string): boolean {\n try {\n const url = new URL(uri);\n return url.protocol === 'https:' || url.protocol === 'http:';\n } catch {\n return false;\n }\n }\n\n /**\n * Extract events from a decoded payload\n */\n extractEvents(payload: SecEventPayload): SecurityEvent {\n return payload.events;\n }\n\n /**\n * Extract a specific event type from a payload\n */\n extractEvent<T = unknown>(payload: SecEventPayload, eventType: string): T | undefined {\n return payload.events[eventType] as T | undefined;\n }\n\n /**\n * Check if a payload contains a specific event type\n */\n hasEvent(payload: SecEventPayload, eventType: string): boolean {\n return eventType in payload.events;\n }\n\n /**\n * Get all event types in a payload\n */\n getEventTypes(payload: SecEventPayload): string[] {\n return Object.keys(payload.events);\n }\n}\n\n/**\n * Factory function for creating a parser\n */\nexport function createParser(options?: ParserOptions): SecEventParser {\n return new SecEventParser(options);\n}\n","/**\n * Security Event Token Signing utilities\n * Provides various signing strategies and key management\n */\n\nimport { generateKeyPair, importJWK, importPKCS8, importSPKI, KeyLike } from 'jose';\nimport { SigningKey } from '../types/secevent';\n\n/**\n * Supported algorithms\n */\nexport enum Algorithm {\n RS256 = 'RS256',\n RS384 = 'RS384',\n RS512 = 'RS512',\n PS256 = 'PS256',\n PS384 = 'PS384',\n PS512 = 'PS512',\n ES256 = 'ES256',\n ES384 = 'ES384',\n ES512 = 'ES512',\n HS256 = 'HS256',\n HS384 = 'HS384',\n HS512 = 'HS512',\n}\n\n/**\n * Key manager for handling signing keys\n */\nexport class KeyManager {\n private keys: Map<string, SigningKey> = new Map();\n\n /**\n * Add a key to the manager\n */\n addKey(kid: string, key: SigningKey): void {\n this.keys.set(kid, { ...key, kid });\n }\n\n /**\n * Get a key by ID\n */\n getKey(kid: string): SigningKey | undefined {\n return this.keys.get(kid);\n }\n\n /**\n * Get all keys\n */\n getAllKeys(): SigningKey[] {\n return Array.from(this.keys.values());\n }\n\n /**\n * Remove a key\n */\n removeKey(kid: string): boolean {\n return this.keys.delete(kid);\n }\n\n /**\n * Clear all keys\n */\n clear(): void {\n this.keys.clear();\n }\n\n /**\n * Get the default key (first key added)\n */\n getDefaultKey(): SigningKey | undefined {\n const firstKey = this.keys.values().next();\n return firstKey.done ? undefined : firstKey.value;\n }\n}\n\n/**\n * Signing utilities\n */\nexport class SigningUtils {\n /**\n * Generate a new key pair\n */\n static async generateKeyPair(\n alg: Algorithm = Algorithm.RS256,\n options?: { modulusLength?: number; extractable?: boolean },\n ): Promise<{ publicKey: KeyLike; privateKey: KeyLike }> {\n return generateKeyPair(alg, options);\n }\n\n /**\n * Import a JWK\n */\n static async importJWK(jwk: Record<string, unknown>, alg: Algorithm): Promise<KeyLike> {\n const result = await importJWK(jwk as unknown as Parameters<typeof importJWK>[0], alg);\n return result as KeyLike;\n }\n\n /**\n * Import a PKCS8 private key\n */\n static async importPrivateKey(\n pkcs8: string,\n alg: Algorithm,\n options?: { extractable?: boolean },\n ): Promise<KeyLike> {\n return importPKCS8(pkcs8, alg, options);\n }\n\n /**\n * Import a SPKI public key\n */\n static async importPublicKey(\n spki: string,\n alg: Algorithm,\n options?: { extractable?: boolean },\n ): Promise<KeyLike> {\n return importSPKI(spki, alg, options);\n }\n\n /**\n * Create a signing key from various formats\n */\n static async createSigningKey(\n key: string | KeyLike | Record<string, unknown>,\n alg: Algorithm,\n kid?: string,\n ): Promise<SigningKey> {\n let keyLike: KeyLike;\n\n if (typeof key === 'string') {\n // Assume it's a PEM-encoded key\n if (key.includes('PRIVATE KEY')) {\n keyLike = await this.importPrivateKey(key, alg);\n } else if (key.includes('PUBLIC KEY')) {\n keyLike = await this.importPublicKey(key, alg);\n } else {\n // Assume it's a symmetric key\n keyLike = new TextEncoder().encode(key) as unknown as KeyLike;\n }\n } else if (typeof key === 'object' && !('type' in key)) {\n // Assume it's a JWK\n keyLike = await this.importJWK(key as Record<string, unknown>, alg);\n } else {\n keyLike = key as KeyLike;\n }\n\n return {\n key: keyLike,\n alg,\n ...(kid !== undefined && { kid }),\n };\n }\n\n /**\n * Create a symmetric signing key\n */\n static createSymmetricKey(\n secret: string,\n alg: Algorithm = Algorithm.HS256,\n kid?: string,\n ): SigningKey {\n return {\n key: new TextEncoder().encode(secret) as unknown as KeyLike,\n alg,\n ...(kid !== undefined && { kid }),\n };\n }\n}\n\n/**\n * Default key manager instance\n */\nexport const defaultKeyManager = new KeyManager();\n"]}