/**
 * Minified by jsDelivr using Terser v5.39.0.
 * Original file: /npm/dpop@2.1.1/build/index.js
 *
 * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files
 */
const encoder=new TextEncoder,decoder=new TextDecoder;function buf(e){return"string"==typeof e?encoder.encode(e):decoder.decode(e)}function checkRsaKeyAlgorithm(e){if("number"!=typeof e.modulusLength||e.modulusLength<2048)throw new OperationProcessingError(`${e.name} modulusLength must be at least 2048 bits`)}function subtleAlgorithm(e){switch(e.algorithm.name){case"ECDSA":return{name:e.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return checkRsaKeyAlgorithm(e.algorithm),{name:e.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return checkRsaKeyAlgorithm(e.algorithm),{name:e.algorithm.name};case"Ed25519":return{name:e.algorithm.name}}throw new UnsupportedOperationError}async function jwt(e,r,t){if(!1===t.usages.includes("sign"))throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const n=`${b64u(buf(JSON.stringify(e)))}.${b64u(buf(JSON.stringify(r)))}`;return`${n}.${b64u(await crypto.subtle.sign(subtleAlgorithm(t),t,buf(n)))}`}let encodeBase64Url;if(Uint8Array.prototype.toBase64)encodeBase64Url=e=>(e instanceof ArrayBuffer&&(e=new Uint8Array(e)),e.toBase64({alphabet:"base64url",omitPadding:!0}));else{const e=32768;encodeBase64Url=r=>{r instanceof ArrayBuffer&&(r=new Uint8Array(r));const t=[];for(let n=0;n<r.byteLength;n+=e)t.push(String.fromCharCode.apply(null,r.subarray(n,n+e)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}}function b64u(e){return encodeBase64Url(e)}class UnsupportedOperationError extends Error{constructor(e){var r;super(null!=e?e:"operation not supported"),this.name=this.constructor.name,null===(r=Error.captureStackTrace)||void 0===r||r.call(Error,this,this.constructor)}}class OperationProcessingError extends Error{constructor(e){var r;super(e),this.name=this.constructor.name,null===(r=Error.captureStackTrace)||void 0===r||r.call(Error,this,this.constructor)}}function psAlg(e){if("SHA-256"===e.algorithm.hash.name)return"PS256";throw new UnsupportedOperationError("unsupported RsaHashedKeyAlgorithm hash name")}function rsAlg(e){if("SHA-256"===e.algorithm.hash.name)return"RS256";throw new UnsupportedOperationError("unsupported RsaHashedKeyAlgorithm hash name")}function esAlg(e){if("P-256"===e.algorithm.namedCurve)return"ES256";throw new UnsupportedOperationError("unsupported EcKeyAlgorithm namedCurve")}function determineJWSAlgorithm(e){switch(e.algorithm.name){case"RSA-PSS":return psAlg(e);case"RSASSA-PKCS1-v1_5":return rsAlg(e);case"ECDSA":return esAlg(e);case"Ed25519":return"Ed25519";default:throw new UnsupportedOperationError("unsupported CryptoKey algorithm name")}}function isCryptoKey(e){return e instanceof CryptoKey}function isPrivateKey(e){return isCryptoKey(e)&&"private"===e.type}function isPublicKey(e){return isCryptoKey(e)&&"public"===e.type}function epochTime(){return Math.floor(Date.now()/1e3)}export async function generateProof(e,r,t,n,o,a){const i=null==e?void 0:e.privateKey,s=null==e?void 0:e.publicKey;if(!isPrivateKey(i))throw new TypeError('"keypair.privateKey" must be a private CryptoKey');if(!isPublicKey(s))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(!0!==s.extractable)throw new TypeError('"keypair.publicKey.extractable" must be true');if("string"!=typeof r)throw new TypeError('"htu" must be a string');if("string"!=typeof t)throw new TypeError('"htm" must be a string');if(void 0!==n&&"string"!=typeof n)throw new TypeError('"nonce" must be a string or undefined');if(void 0!==o&&"string"!=typeof o)throw new TypeError('"accessToken" must be a string or undefined');if(void 0!==a&&("object"!=typeof a||null===a||Array.isArray(a)))throw new TypeError('"additional" must be an object');return jwt({alg:determineJWSAlgorithm(i),typ:"dpop+jwt",jwk:await publicJwk(s)},Object.assign(Object.assign({},a),{iat:epochTime(),jti:crypto.randomUUID(),htm:t,nonce:n,htu:r,ath:o?b64u(await crypto.subtle.digest("SHA-256",buf(o))):void 0}),i)}async function publicJwk(e){const{kty:r,e:t,n:n,x:o,y:a,crv:i}=await crypto.subtle.exportKey("jwk",e);return{kty:r,crv:i,e:t,n:n,x:o,y:a}}export async function generateKeyPair(e,r){var t;let n;if("string"!=typeof e||0===e.length)throw new TypeError('"alg" must be a non-empty string');switch(e){case"PS256":n={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":n={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":n={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":n={name:"Ed25519"};break;default:throw new UnsupportedOperationError}return crypto.subtle.generateKey(n,null!==(t=null==r?void 0:r.extractable)&&void 0!==t&&t,["sign","verify"])}export async function calculateThumbprint(e){if(!isPublicKey(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(!0!==e.extractable)throw new TypeError('"publicKey.extractable" must be true');const r=await publicJwk(e);let t;switch(r.kty){case"EC":t={crv:r.crv,kty:r.kty,x:r.x,y:r.y};break;case"OKP":t={crv:r.crv,kty:r.kty,x:r.x};break;case"RSA":t={e:r.e,kty:r.kty,n:r.n};break;default:throw new UnsupportedOperationError("unsupported JWK kty")}return b64u(await crypto.subtle.digest({name:"SHA-256"},buf(JSON.stringify(t))))}
//# sourceMappingURL=/sm/4d640ced52f655581d113d26c0b9a998bb84f7ea2b4e3f7debc823c434855916.map