npm - @credo-ts/core - Versions diffs - 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534 - Mend

@credo-ts/core 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (985) hide show

package/build/modules/sd-jwt-vc/SdJwtVcService.js CHANGED Viewed

@@ -6,32 +6,32 @@ require('../../error/index.js');
 const require_decorateMetadata = require('../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.js');
 const require_decorate = require('../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
 require('../../agent/index.js');
-const require_Hasher = require('../../crypto/hashes/Hasher.js');
 const require_TypedArrayEncoder = require('../../utils/TypedArrayEncoder.js');
+const require_Hasher = require('../../crypto/hashes/Hasher.js');
 const require_timestamp = require('../../utils/timestamp.js');
 require('../../utils/index.js');
 const require_KeyManagementApi = require('../kms/KeyManagementApi.js');
 require('../kms/index.js');
 const require_X509Certificate = require('../x509/X509Certificate.js');
-const require_X509Service = require('../x509/X509Service.js');
 const require_X509ModuleConfig = require('../x509/X509ModuleConfig.js');
+const require_X509Service = require('../x509/X509Service.js');
 require('../x509/index.js');
 const require_JwtPayload = require('../../crypto/jose/jwt/JwtPayload.js');
-const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 const require_parse = require('../dids/domain/parse.js');
+const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 require('../dids/index.js');
 const require_ClaimFormat = require('../vc/models/ClaimFormat.js');
 require('../../crypto/index.js');
 const require_utils = require('./utils.js');
 require('../vc/index.js');
-const require_domain = require('../../utils/domain.js');
-const require_fetch = require('../../utils/fetch.js');
-const require_SdJwtVcError = require('./SdJwtVcError.js');
 const require_decodeSdJwtVc = require('./decodeSdJwtVc.js');
-const require_disclosureFrame = require('./disclosureFrame.js');
 const require_SdJwtVcRecord = require('./repository/SdJwtVcRecord.js');
 const require_SdJwtVcRepository = require('./repository/SdJwtVcRepository.js');
 require('./repository/index.js');
+const require_domain = require('../../utils/domain.js');
+const require_fetch = require('../../utils/fetch.js');
+const require_disclosureFrame = require('./disclosureFrame.js');
+const require_SdJwtVcError = require('./SdJwtVcError.js');
 let tsyringe = require("tsyringe");
 tsyringe = require_rolldown_runtime.__toESM(tsyringe);
 let __sd_jwt_decode = require("@sd-jwt/decode");
@@ -102,7 +102,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
 			value: d.value
 		})), presentationFrame);
 		const [jwt] = compactSdJwtVc.split("~");
-		return require_decodeSdJwtVc.decodeSdJwtVc(`${jwt}~${requiredDisclosures.map((d) => d.encoded).join("~")}~`);
+		return require_decodeSdJwtVc.decodeSdJwtVc(`${jwt}~${requiredDisclosures.length > 0 ? `${requiredDisclosures.map((d) => d.encoded).join("~")}~` : ""}`);
 	}
 	async present(agentContext, { compactSdJwtVc, presentationFrame, verifierMetadata, additionalPayload }) {
 		const sdjwt = new __sd_jwt_sd_jwt_vc.SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext));
@@ -124,18 +124,15 @@ let SdJwtVcService = class SdJwtVcService$1 {
 		if (!iss.startsWith("https://") && !(iss.startsWith("http://") && agentContext.config.allowInsecureHttpUrls)) throw new require_SdJwtVcError.SdJwtVcError("The X509 certificate issuer must be a HTTPS URI.");
 		if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(require_domain.getDomainFromUrl(iss))) throw new require_SdJwtVcError.SdJwtVcError(`The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`);
 	}
-	async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates }) {
+	async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }) {
 		const sdjwt = new __sd_jwt_sd_jwt_vc.SDJwtVcInstance({ ...this.getBaseSdJwtConfig(agentContext) });
-		const verificationResult = { isValid: false };
 		let sdJwtVc;
-		let _error = void 0;
 		try {
 			sdJwtVc = await sdjwt.decode(compactSdJwtVc);
 			if (!sdJwtVc.jwt) throw new require_CredoError.CredoError("Invalid sd-jwt-vc");
 		} catch (error) {
 			return {
 				isValid: false,
-				verification: verificationResult,
 				error
 			};
 		}
@@ -160,43 +157,49 @@ let SdJwtVcService = class SdJwtVcService$1 {
 				verifier: require_utils.getSdJwtVerifier(agentContext, issuer.publicJwk),
 				kbVerifier: holder ? require_utils.getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
-			const requiredKeys = requiredClaimKeys ? [...requiredClaimKeys, "vct"] : ["vct"];
 			try {
-				await sdjwt.verify(compactSdJwtVc, requiredKeys, keyBinding !== void 0);
-				verificationResult.isSignatureValid = true;
-				verificationResult.areRequiredClaimsIncluded = true;
-				verificationResult.isStatusValid = true;
+				await sdjwt.verify(compactSdJwtVc, {
+					requiredClaimKeys: requiredClaimKeys ? [...requiredClaimKeys, "vct"] : ["vct"],
+					keyBindingNonce: keyBinding?.nonce,
+					currentDate: require_timestamp.dateToSeconds(now ?? /* @__PURE__ */ new Date()),
+					skewSeconds: 0
+				});
 			} catch (error) {
-				_error = error;
-				verificationResult.isSignatureValid = false;
-				verificationResult.areRequiredClaimsIncluded = false;
-				verificationResult.isStatusValid = false;
-			}
-			if (sdJwtVc.jwt.header?.typ !== "vc+sd-jwt" && sdJwtVc.jwt.header?.typ !== "dc+sd-jwt") {
-				verificationResult.areRequiredClaimsIncluded = false;
-				_error = new require_SdJwtVcError.SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`);
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
+			if (sdJwtVc.jwt.header?.typ !== "vc+sd-jwt" && sdJwtVc.jwt.header?.typ !== "dc+sd-jwt") return {
+				error: new require_SdJwtVcError.SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`),
+				isValid: false,
+				sdJwtVc: returnSdJwtVc
+			};
 			try {
-				require_JwtPayload.JwtPayload.fromJson(returnSdJwtVc.payload).validate();
-				verificationResult.isValidJwtPayload = true;
+				require_JwtPayload.JwtPayload.fromJson(returnSdJwtVc.payload).validate({
+					now: require_timestamp.dateToSeconds(now ?? /* @__PURE__ */ new Date()),
+					skewTime: 0
+				});
 			} catch (error) {
-				_error = error;
-				verificationResult.isValidJwtPayload = false;
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
 			try {
 				if (keyBinding) {
 					if (!sdJwtVc.kbJwt || !sdJwtVc.kbJwt.payload) throw new require_SdJwtVcError.SdJwtVcError("Keybinding is required for verification of the sd-jwt-vc");
 					if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) throw new require_SdJwtVcError.SdJwtVcError("The key binding JWT does not contain the expected audience");
 					if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) throw new require_SdJwtVcError.SdJwtVcError("The key binding JWT does not contain the expected nonce");
-					verificationResult.isKeyBindingValid = true;
-					verificationResult.containsExpectedKeyBinding = true;
-					verificationResult.containsRequiredVcProperties = true;
 				}
 			} catch (error) {
-				_error = error;
-				verificationResult.isKeyBindingValid = false;
-				verificationResult.containsExpectedKeyBinding = false;
-				verificationResult.containsRequiredVcProperties = false;
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
 			try {
 				const vct = returnSdJwtVc.payload?.vct;
@@ -207,27 +210,16 @@ let SdJwtVcService = class SdJwtVcService$1 {
 					const response = await agentContext.config.agentDependencies.fetch(vctUrl);
 					if (response.ok) returnSdJwtVc.typeMetadata = await response.json();
 				}
-			} catch (_error$1) {}
+			} catch (_error) {}
 		} catch (error) {
-			verificationResult.isValid = false;
 			return {
 				isValid: false,
 				error,
-				verification: verificationResult,
 				sdJwtVc: returnSdJwtVc
 			};
 		}
-		const { isValid: _,...allVerifications } = verificationResult;
-		verificationResult.isValid = Object.values(allVerifications).every((verification) => verification === true);
-		if (_error) return {
-			isValid: false,
-			error: _error,
-			sdJwtVc: returnSdJwtVc,
-			verification: verificationResult
-		};
 		return {
 			isValid: true,
-			verification: verificationResult,
 			sdJwtVc: returnSdJwtVc
 		};
 	}

package/build/modules/sd-jwt-vc/SdJwtVcService.mjs CHANGED Viewed

@@ -5,32 +5,32 @@ import "../../error/index.mjs";
 import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
 import "../../agent/index.mjs";
-import { Hasher } from "../../crypto/hashes/Hasher.mjs";
 import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
-import { nowInSeconds } from "../../utils/timestamp.mjs";
+import { Hasher } from "../../crypto/hashes/Hasher.mjs";
+import { dateToSeconds, nowInSeconds } from "../../utils/timestamp.mjs";
 import "../../utils/index.mjs";
 import { KeyManagementApi } from "../kms/KeyManagementApi.mjs";
 import "../kms/index.mjs";
 import { X509Certificate } from "../x509/X509Certificate.mjs";
-import { X509Service } from "../x509/X509Service.mjs";
 import { X509ModuleConfig } from "../x509/X509ModuleConfig.mjs";
+import { X509Service } from "../x509/X509Service.mjs";
 import "../x509/index.mjs";
 import { JwtPayload } from "../../crypto/jose/jwt/JwtPayload.mjs";
-import { getPublicJwkFromVerificationMethod } from "../dids/domain/key-type/keyDidMapping.mjs";
 import { parseDid } from "../dids/domain/parse.mjs";
+import { getPublicJwkFromVerificationMethod } from "../dids/domain/key-type/keyDidMapping.mjs";
 import "../dids/index.mjs";
 import { ClaimFormat } from "../vc/models/ClaimFormat.mjs";
 import "../../crypto/index.mjs";
 import { extractKeyFromHolderBinding, getSdJwtSigner, getSdJwtVerifier, parseHolderBindingFromCredential, resolveDidUrl, resolveSigningPublicJwkFromDidUrl } from "./utils.mjs";
 import "../vc/index.mjs";
-import { getDomainFromUrl } from "../../utils/domain.mjs";
-import { fetchWithTimeout } from "../../utils/fetch.mjs";
-import { SdJwtVcError } from "./SdJwtVcError.mjs";
 import { decodeSdJwtVc, sdJwtVcHasher } from "./decodeSdJwtVc.mjs";
-import { buildDisclosureFrameForPayload } from "./disclosureFrame.mjs";
 import { SdJwtVcRecord } from "./repository/SdJwtVcRecord.mjs";
 import { SdJwtVcRepository } from "./repository/SdJwtVcRepository.mjs";
 import "./repository/index.mjs";
+import { getDomainFromUrl } from "../../utils/domain.mjs";
+import { fetchWithTimeout } from "../../utils/fetch.mjs";
+import { buildDisclosureFrameForPayload } from "./disclosureFrame.mjs";
+import { SdJwtVcError } from "./SdJwtVcError.mjs";
 import { injectable } from "tsyringe";
 import { decodeSdJwtSync } from "@sd-jwt/decode";
 import { selectDisclosures } from "@sd-jwt/present";
@@ -97,7 +97,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
 			value: d.value
 		})), presentationFrame);
 		const [jwt] = compactSdJwtVc.split("~");
-		return decodeSdJwtVc(`${jwt}~${requiredDisclosures.map((d) => d.encoded).join("~")}~`);
+		return decodeSdJwtVc(`${jwt}~${requiredDisclosures.length > 0 ? `${requiredDisclosures.map((d) => d.encoded).join("~")}~` : ""}`);
 	}
 	async present(agentContext, { compactSdJwtVc, presentationFrame, verifierMetadata, additionalPayload }) {
 		const sdjwt = new SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext));
@@ -119,18 +119,15 @@ let SdJwtVcService = class SdJwtVcService$1 {
 		if (!iss.startsWith("https://") && !(iss.startsWith("http://") && agentContext.config.allowInsecureHttpUrls)) throw new SdJwtVcError("The X509 certificate issuer must be a HTTPS URI.");
 		if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) throw new SdJwtVcError(`The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`);
 	}
-	async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates }) {
+	async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }) {
 		const sdjwt = new SDJwtVcInstance({ ...this.getBaseSdJwtConfig(agentContext) });
-		const verificationResult = { isValid: false };
 		let sdJwtVc;
-		let _error = void 0;
 		try {
 			sdJwtVc = await sdjwt.decode(compactSdJwtVc);
 			if (!sdJwtVc.jwt) throw new CredoError("Invalid sd-jwt-vc");
 		} catch (error) {
 			return {
 				isValid: false,
-				verification: verificationResult,
 				error
 			};
 		}
@@ -155,43 +152,49 @@ let SdJwtVcService = class SdJwtVcService$1 {
 				verifier: getSdJwtVerifier(agentContext, issuer.publicJwk),
 				kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
-			const requiredKeys = requiredClaimKeys ? [...requiredClaimKeys, "vct"] : ["vct"];
 			try {
-				await sdjwt.verify(compactSdJwtVc, requiredKeys, keyBinding !== void 0);
-				verificationResult.isSignatureValid = true;
-				verificationResult.areRequiredClaimsIncluded = true;
-				verificationResult.isStatusValid = true;
+				await sdjwt.verify(compactSdJwtVc, {
+					requiredClaimKeys: requiredClaimKeys ? [...requiredClaimKeys, "vct"] : ["vct"],
+					keyBindingNonce: keyBinding?.nonce,
+					currentDate: dateToSeconds(now ?? /* @__PURE__ */ new Date()),
+					skewSeconds: 0
+				});
 			} catch (error) {
-				_error = error;
-				verificationResult.isSignatureValid = false;
-				verificationResult.areRequiredClaimsIncluded = false;
-				verificationResult.isStatusValid = false;
-			}
-			if (sdJwtVc.jwt.header?.typ !== "vc+sd-jwt" && sdJwtVc.jwt.header?.typ !== "dc+sd-jwt") {
-				verificationResult.areRequiredClaimsIncluded = false;
-				_error = new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`);
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
+			if (sdJwtVc.jwt.header?.typ !== "vc+sd-jwt" && sdJwtVc.jwt.header?.typ !== "dc+sd-jwt") return {
+				error: new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`),
+				isValid: false,
+				sdJwtVc: returnSdJwtVc
+			};
 			try {
-				JwtPayload.fromJson(returnSdJwtVc.payload).validate();
-				verificationResult.isValidJwtPayload = true;
+				JwtPayload.fromJson(returnSdJwtVc.payload).validate({
+					now: dateToSeconds(now ?? /* @__PURE__ */ new Date()),
+					skewTime: 0
+				});
 			} catch (error) {
-				_error = error;
-				verificationResult.isValidJwtPayload = false;
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
 			try {
 				if (keyBinding) {
 					if (!sdJwtVc.kbJwt || !sdJwtVc.kbJwt.payload) throw new SdJwtVcError("Keybinding is required for verification of the sd-jwt-vc");
 					if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) throw new SdJwtVcError("The key binding JWT does not contain the expected audience");
 					if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) throw new SdJwtVcError("The key binding JWT does not contain the expected nonce");
-					verificationResult.isKeyBindingValid = true;
-					verificationResult.containsExpectedKeyBinding = true;
-					verificationResult.containsRequiredVcProperties = true;
 				}
 			} catch (error) {
-				_error = error;
-				verificationResult.isKeyBindingValid = false;
-				verificationResult.containsExpectedKeyBinding = false;
-				verificationResult.containsRequiredVcProperties = false;
+				return {
+					error,
+					isValid: false,
+					sdJwtVc: returnSdJwtVc
+				};
 			}
 			try {
 				const vct = returnSdJwtVc.payload?.vct;
@@ -202,27 +205,16 @@ let SdJwtVcService = class SdJwtVcService$1 {
 					const response = await agentContext.config.agentDependencies.fetch(vctUrl);
 					if (response.ok) returnSdJwtVc.typeMetadata = await response.json();
 				}
-			} catch (_error$1) {}
+			} catch (_error) {}
 		} catch (error) {
-			verificationResult.isValid = false;
 			return {
 				isValid: false,
 				error,
-				verification: verificationResult,
 				sdJwtVc: returnSdJwtVc
 			};
 		}
-		const { isValid: _,...allVerifications } = verificationResult;
-		verificationResult.isValid = Object.values(allVerifications).every((verification) => verification === true);
-		if (_error) return {
-			isValid: false,
-			error: _error,
-			sdJwtVc: returnSdJwtVc,
-			verification: verificationResult
-		};
 		return {
 			isValid: true,
-			verification: verificationResult,
 			sdJwtVc: returnSdJwtVc
 		};
 	}

package/build/modules/sd-jwt-vc/SdJwtVcService.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SdJwtVcService.mjs","names":["SdJwtVcService","verificationResult: VerificationResult","sdJwtVc: SDJwt","_error: Error \| undefined","returnSdJwtVc: SdJwtVc<Header, Payload>","_error","publicJwk: PublicJwk","didUrl: string"],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":["import type { SDJwt } from '@sd-jwt/core'\nimport type { DisclosureFrame, PresentationFrame } from '@sd-jwt/types'\nimport type { Query, QueryOptions } from '../../storage/StorageService'\nimport type {\n SdJwtVcHeader,\n SdJwtVcIssuer,\n SdJwtVcPayload,\n SdJwtVcPresentOptions,\n SdJwtVcSignOptions,\n SdJwtVcVerifyOptions,\n} from './SdJwtVcOptions'\n\nimport { decodeSdJwtSync } from '@sd-jwt/decode'\nimport { selectDisclosures } from '@sd-jwt/present'\nimport { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc'\nimport { injectable } from 'tsyringe'\n\nimport { AgentContext } from '../../agent'\nimport { Hasher, JwtPayload } from '../../crypto'\nimport { CredoError } from '../../error'\nimport { X509Service } from '../../modules/x509/X509Service'\nimport type { JsonObject } from '../../types'\nimport { TypedArrayEncoder, nowInSeconds } from '../../utils'\nimport { getDomainFromUrl } from '../../utils/domain'\nimport { fetchWithTimeout } from '../../utils/fetch'\nimport { getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { ClaimFormat } from '../vc/index'\nimport { type EncodedX509Certificate, X509Certificate, X509ModuleConfig } from '../x509'\n\nimport { KeyManagementApi, PublicJwk } from '../kms'\nimport { SdJwtVcError } from './SdJwtVcError'\nimport { decodeSdJwtVc, sdJwtVcHasher } from './decodeSdJwtVc'\nimport { buildDisclosureFrameForPayload } from './disclosureFrame'\nimport { SdJwtVcRecord, SdJwtVcRepository } from './repository'\nimport type { SdJwtVcTypeMetadata } from './typeMetadata'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n resolveDidUrl,\n resolveSigningPublicJwkFromDidUrl,\n} from './utils'\n\ntype SdJwtVcConfig = SDJwtVcInstance['userConfig']\n\nexport interface SdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n> {\n /*\n claim format is convenience method added to all credential instances\n /\n claimFormat: ClaimFormat.SdJwtDc\n /\n encoded is convenience method added to all credential instances\n /\n encoded: string\n compact: string\n header: Header\n\n // TODO: payload type here is a lie, as it is the signed payload (so fields replaced with _sd)\n payload: Payload\n prettyClaims: Payload\n\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport interface VerificationResult {\n isValid: boolean\n isValidJwtPayload?: boolean\n isSignatureValid?: boolean\n isStatusValid?: boolean\n isNotBeforeValid?: boolean\n isExpiryTimeValid?: boolean\n areRequiredClaimsIncluded?: boolean\n isKeyBindingValid?: boolean\n containsExpectedKeyBinding?: boolean\n containsRequiredVcProperties?: boolean\n}\n\n/\n @internal\n */\n@injectable()\nexport class SdJwtVcService {\n private sdJwtVcRepository: SdJwtVcRepository\n\n public constructor(sdJwtVcRepository: SdJwtVcRepository) {\n this.sdJwtVcRepository = sdJwtVcRepository\n }\n\n public async sign<Payload extends SdJwtVcPayload>(agentContext: AgentContext, options: SdJwtVcSignOptions<Payload>) {\n const { payload, disclosureFrame, hashingAlgorithm } = options\n\n // default is sha-256\n if (hashingAlgorithm && hashingAlgorithm !== 'sha-256') {\n throw new SdJwtVcError(`Unsupported hashing algorithm used: ${hashingAlgorithm}`)\n }\n\n const issuer = await this.extractKeyFromIssuer(agentContext, options.issuer, true)\n\n // holer binding is optional\n const holderBinding = options.holder ? await extractKeyFromHolderBinding(agentContext, options.holder) : undefined\n\n const header = {\n alg: issuer.alg,\n typ: options.headerType ?? 'dc+sd-jwt',\n kid: issuer.kid,\n x5c: issuer.x5c?.map((cert) => cert.toString('base64')),\n } as const\n\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, issuer.publicJwk),\n hashAlg: 'sha-256',\n signAlg: issuer.alg,\n })\n\n if (!payload.vct \|\| typeof payload.vct !== 'string') {\n throw new SdJwtVcError(\"Missing required parameter 'vct'\")\n }\n\n const compact = await sdjwt.issue(\n {\n ...payload,\n cnf: holderBinding?.cnf,\n iss: issuer.iss,\n iat: nowInSeconds(),\n vct: payload.vct,\n },\n disclosureFrame as DisclosureFrame<Payload>,\n { header }\n )\n\n const prettyClaims = (await sdjwt.getClaims(compact)) as Payload\n const a = await sdjwt.decode(compact)\n const sdjwtPayload = a.jwt?.payload as Payload \| undefined\n if (!sdjwtPayload) {\n throw new SdJwtVcError('Invalid sd-jwt-vc state.')\n }\n\n return {\n compact,\n prettyClaims,\n header: header,\n payload: sdjwtPayload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compact,\n } satisfies SdJwtVc<typeof header, Payload>\n }\n\n public fromCompact<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n compactSdJwtVc: string,\n typeMetadata?: SdJwtVcTypeMetadata\n ): SdJwtVc<Header, Payload> {\n return decodeSdJwtVc(compactSdJwtVc, typeMetadata)\n }\n\n public applyDisclosuresForPayload(compactSdJwtVc: string, requestedPayload: JsonObject): SdJwtVc {\n const decoded = decodeSdJwtSync(compactSdJwtVc, Hasher.hash)\n const presentationFrame = buildDisclosureFrameForPayload(requestedPayload) ?? {}\n\n if (decoded.kbJwt) {\n throw new SdJwtVcError('Cannot apply limit disclosure on an sd-jwt with key binding jwt')\n }\n\n const requiredDisclosures = selectDisclosures(\n decoded.jwt.payload,\n // Map to sd-jwt disclosure format\n decoded.disclosures.map((d) => ({\n digest: d.digestSync({ alg: 'sha-256', hasher: Hasher.hash }),\n encoded: d.encode(),\n key: d.key,\n salt: d.salt,\n value: d.value,\n })),\n presentationFrame as { [key: string]: boolean }\n )\n const [jwt] = compactSdJwtVc.split('~')\n const sdJwt = `${jwt}~${requiredDisclosures.map((d) => d.encoded).join('~')}~`\n const disclosedDecoded = decodeSdJwtVc(sdJwt)\n return disclosedDecoded\n }\n\n public async present<Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, presentationFrame, verifierMetadata, additionalPayload }: SdJwtVcPresentOptions<Payload>\n ): Promise<string> {\n const sdjwt = new SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext))\n\n const sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt?.payload)\n if (!holderBinding && verifierMetadata) {\n throw new SdJwtVcError(\"Verifier metadata provided, but credential has no 'cnf' claim to create a KB-JWT from\")\n }\n\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding, true) : undefined\n sdjwt.config({\n kbSigner: holder ? getSdJwtSigner(agentContext, holder.publicJwk) : undefined,\n kbSignAlg: holder?.alg,\n })\n\n const compactDerivedSdJwtVc = await sdjwt.present(compactSdJwtVc, presentationFrame as PresentationFrame<Payload>, {\n kb: verifierMetadata\n ? {\n payload: {\n iat: verifierMetadata.issuedAt,\n nonce: verifierMetadata.nonce,\n aud: verifierMetadata.audience,\n ...additionalPayload,\n },\n }\n : undefined,\n })\n\n return compactDerivedSdJwtVc\n }\n\n private assertValidX5cJwtIssuer(agentContext: AgentContext, iss: string, leafCertificate: X509Certificate) {\n if (!iss.startsWith('https://') && !(iss.startsWith('http://') && agentContext.config.allowInsecureHttpUrls)) {\n throw new SdJwtVcError('The X509 certificate issuer must be a HTTPS URI.')\n }\n\n if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) {\n throw new SdJwtVcError(\n `The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`\n )\n }\n }\n\n public async verify<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates }: SdJwtVcVerifyOptions\n ): Promise<\n \| { isValid: true; verification: VerificationResult; sdJwtVc: SdJwtVc<Header, Payload> }\n \| { isValid: false; verification: VerificationResult; sdJwtVc?: SdJwtVc<Header, Payload>; error: Error }\n > {\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n // FIXME: will break if using url but no type metadata\n // https://github.com/openwallet-foundation/sd-jwt-js/issues/258\n // loadTypeMetadataFormat: false,\n })\n\n const verificationResult: VerificationResult = {\n isValid: false,\n }\n\n let sdJwtVc: SDJwt\n let _error: Error \| undefined = undefined\n\n try {\n sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n if (!sdJwtVc.jwt) throw new CredoError('Invalid sd-jwt-vc')\n } catch (error) {\n return {\n isValid: false,\n verification: verificationResult,\n error,\n }\n }\n\n const returnSdJwtVc: SdJwtVc<Header, Payload> = {\n payload: sdJwtVc.jwt.payload as Payload,\n header: sdJwtVc.jwt.header as Header,\n compact: compactSdJwtVc,\n prettyClaims: await sdJwtVc.getClaims(sdJwtVcHasher),\n\n kbJwt: sdJwtVc.kbJwt\n ? {\n payload: sdJwtVc.kbJwt.payload as Record<string, unknown>,\n header: sdJwtVc.kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n } satisfies SdJwtVc<Header, Payload>\n\n try {\n const credentialIssuer = await this.parseIssuerFromCredential(\n agentContext,\n sdJwtVc,\n returnSdJwtVc,\n trustedCertificates\n )\n const issuer = await this.extractKeyFromIssuer(agentContext, credentialIssuer)\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt.payload)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, issuer.publicJwk),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n const requiredKeys = requiredClaimKeys ? [...requiredClaimKeys, 'vct'] : ['vct']\n\n try {\n await sdjwt.verify(compactSdJwtVc, requiredKeys, keyBinding !== undefined)\n\n verificationResult.isSignatureValid = true\n verificationResult.areRequiredClaimsIncluded = true\n verificationResult.isStatusValid = true\n } catch (error) {\n _error = error\n verificationResult.isSignatureValid = false\n verificationResult.areRequiredClaimsIncluded = false\n verificationResult.isStatusValid = false\n }\n\n if (sdJwtVc.jwt.header?.typ !== 'vc+sd-jwt' && sdJwtVc.jwt.header?.typ !== 'dc+sd-jwt') {\n verificationResult.areRequiredClaimsIncluded = false\n _error = new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`)\n }\n\n try {\n JwtPayload.fromJson(returnSdJwtVc.payload).validate()\n\n verificationResult.isValidJwtPayload = true\n } catch (error) {\n _error = error\n verificationResult.isValidJwtPayload = false\n }\n\n // If keyBinding is present, verify the key binding\n try {\n if (keyBinding) {\n if (!sdJwtVc.kbJwt \|\| !sdJwtVc.kbJwt.payload) {\n throw new SdJwtVcError('Keybinding is required for verification of the sd-jwt-vc')\n }\n\n // Assert `aud` and `nonce` claims\n if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected audience')\n }\n\n if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected nonce')\n }\n\n verificationResult.isKeyBindingValid = true\n verificationResult.containsExpectedKeyBinding = true\n verificationResult.containsRequiredVcProperties = true\n }\n } catch (error) {\n _error = error\n verificationResult.isKeyBindingValid = false\n verificationResult.containsExpectedKeyBinding = false\n verificationResult.containsRequiredVcProperties = false\n }\n\n try {\n const vct = returnSdJwtVc.payload?.vct\n if (fetchTypeMetadata && typeof vct === 'string' && vct.startsWith('https://')) {\n // modify the uri based on https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#section-6.3.1\n const vctElements = vct.split('/')\n vctElements.splice(3, 0, '.well-known/vct')\n const vctUrl = vctElements.join('/')\n\n const response = await agentContext.config.agentDependencies.fetch(vctUrl)\n if (response.ok) {\n const typeMetadata = await response.json()\n returnSdJwtVc.typeMetadata = typeMetadata as SdJwtVcTypeMetadata\n }\n }\n } catch (_error) {\n // we allow vct without type metadata for now\n }\n } catch (error) {\n verificationResult.isValid = false\n return {\n isValid: false,\n error,\n verification: verificationResult,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n const { isValid: _, ...allVerifications } = verificationResult\n verificationResult.isValid = Object.values(allVerifications).every((verification) => verification === true)\n\n if (_error) {\n return {\n isValid: false,\n error: _error,\n sdJwtVc: returnSdJwtVc,\n verification: verificationResult,\n }\n }\n\n return {\n isValid: true,\n verification: verificationResult,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n public async store(agentContext: AgentContext, compactSdJwtVc: string) {\n const sdJwtVcRecord = new SdJwtVcRecord({\n compactSdJwtVc,\n })\n await this.sdJwtVcRepository.save(agentContext, sdJwtVcRecord)\n\n return sdJwtVcRecord\n }\n\n public async getById(agentContext: AgentContext, id: string): Promise<SdJwtVcRecord> {\n return await this.sdJwtVcRepository.getById(agentContext, id)\n }\n\n public async getAll(agentContext: AgentContext): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.getAll(agentContext)\n }\n\n public async findByQuery(\n agentContext: AgentContext,\n query: Query<SdJwtVcRecord>,\n queryOptions?: QueryOptions\n ): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.findByQuery(agentContext, query, queryOptions)\n }\n\n public async deleteById(agentContext: AgentContext, id: string) {\n await this.sdJwtVcRepository.deleteById(agentContext, id)\n }\n\n public async update(agentContext: AgentContext, sdJwtVcRecord: SdJwtVcRecord) {\n await this.sdJwtVcRepository.update(agentContext, sdJwtVcRecord)\n }\n\n private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {\n if (issuer.method === 'did') {\n const parsedDid = parseDid(issuer.didUrl)\n if (!parsedDid.fragment) {\n throw new SdJwtVcError(\n `didUrl '${issuer.didUrl}' does not contain a '#'. Unable to derive key from did document`\n )\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, issuer.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, issuer.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n iss: parsedDid.did,\n kid: `#${parsedDid.fragment}`,\n }\n }\n\n // FIXME: probably need to make the input an x509 certificate so we can attach a key id\n if (issuer.method === 'x5c') {\n const leafCertificate = issuer.x5c[0]\n if (!leafCertificate) {\n throw new SdJwtVcError(\"Empty 'x5c' array provided\")\n }\n\n // TODO: We don't have an x509 certificate record so we expect the key id to already be set\n if (forSigning && !leafCertificate.publicJwk.hasKeyId) {\n throw new SdJwtVcError(\"Expected leaf certificate in 'x5c' array to have a key id configured.\")\n }\n\n const publicJwk = leafCertificate.publicJwk\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n this.assertValidX5cJwtIssuer(agentContext, issuer.issuer, leafCertificate)\n\n return {\n publicJwk,\n iss: issuer.issuer,\n x5c: issuer.x5c,\n alg,\n }\n }\n\n throw new SdJwtVcError(\"Unsupported credential issuer. Only 'did' and 'x5c' is supported at the moment.\")\n }\n\n private async parseIssuerFromCredential<Header extends SdJwtVcHeader, Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n sdJwtVc: SDJwt<Header, Payload>,\n credoSdJwtVc: SdJwtVc<Header, Payload>,\n _trustedCertificates?: EncodedX509Certificate[]\n ): Promise<SdJwtVcIssuer> {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n if (!sdJwtVc.jwt?.payload) {\n throw new SdJwtVcError('Credential not exist')\n }\n\n if (!sdJwtVc.jwt?.payload.iss) {\n throw new SdJwtVcError('Credential does not contain an issuer')\n }\n\n const iss = sdJwtVc.jwt.payload.iss as string\n\n if (sdJwtVc.jwt.header?.x5c) {\n if (!Array.isArray(sdJwtVc.jwt.header.x5c)) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array.')\n }\n if (sdJwtVc.jwt.header.x5c.length === 0) {\n throw new SdJwtVcError('Invalid x5c header in credential. Empty array.')\n }\n if (sdJwtVc.jwt.header.x5c.some((x5c) => typeof x5c !== 'string')) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array of strings.')\n }\n\n let trustedCertificates = _trustedCertificates\n const certificateChain = sdJwtVc.jwt.header.x5c.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: credoSdJwtVc,\n },\n })) ?? x509Config.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new SdJwtVcError(\n 'No trusted certificates configured for X509 certificate chain validation. Issuer cannot be verified.'\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: sdJwtVc.jwt.header.x5c,\n trustedCertificates,\n })\n\n return {\n method: 'x5c',\n x5c: certificateChain,\n issuer: iss,\n }\n }\n\n if (iss.startsWith('did:')) {\n // If `did` is used, we require a relative KID to be present to identify\n // the key used by issuer to sign the sd-jwt-vc\n\n if (!sdJwtVc.jwt?.header) {\n throw new SdJwtVcError('Credential does not contain a header')\n }\n\n if (!sdJwtVc.jwt.header.kid) {\n throw new SdJwtVcError('Credential does not contain a kid in the header')\n }\n\n const issuerKid = sdJwtVc.jwt.header.kid as string\n\n let didUrl: string\n if (issuerKid.startsWith('#')) {\n didUrl = `${iss}${issuerKid}`\n } else if (issuerKid.startsWith('did:')) {\n const didFromKid = parseDid(issuerKid)\n if (didFromKid.did !== iss) {\n throw new SdJwtVcError(\n `kid in header is an absolute DID URL, but the did (${didFromKid.did}) does not match with the 'iss' did (${iss})`\n )\n }\n\n didUrl = issuerKid\n } else {\n throw new SdJwtVcError(\n 'Invalid issuer kid for did. Only absolute or relative (starting with #) did urls are supported.'\n )\n }\n\n return {\n method: 'did',\n didUrl,\n }\n }\n throw new SdJwtVcError(\"Unsupported 'iss' value. Only did is supported at the moment.\")\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SdJwtVcConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n statusListFetcher: this.getStatusListFetcher(agentContext),\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n\n private getStatusListFetcher(agentContext: AgentContext) {\n return async (uri: string) => {\n const response = await fetchWithTimeout(agentContext.config.agentDependencies.fetch, uri, {\n headers: {\n Accept: 'application/statuslist+jwt',\n },\n })\n\n if (!response.ok) {\n throw new CredoError(\n `Received invalid response with status ${\n response.status\n } when fetching status list from ${uri}. ${await response.text()}`\n )\n }\n\n return await response.text()\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0FO,2BAAMA,iBAAe;CAG1B,AAAO,YAAY,mBAAsC;AACvD,OAAK,oBAAoB;;CAG3B,MAAa,KAAqC,cAA4B,SAAsC;EAClH,MAAM,EAAE,SAAS,iBAAiB,qBAAqB;AAGvD,MAAI,oBAAoB,qBAAqB,UAC3C,OAAM,IAAI,aAAa,uCAAuC,mBAAmB;EAGnF,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,QAAQ,QAAQ,KAAK;EAGlF,MAAM,gBAAgB,QAAQ,SAAS,MAAM,4BAA4B,cAAc,QAAQ,OAAO,GAAG;EAEzG,MAAM,SAAS;GACb,KAAK,OAAO;GACZ,KAAK,QAAQ,cAAc;GAC3B,KAAK,OAAO;GACZ,KAAK,OAAO,KAAK,KAAK,SAAS,KAAK,SAAS,SAAS,CAAC;GACxD;EAED,MAAM,QAAQ,IAAI,gBAAgB;GAChC,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS;GACT,SAAS,OAAO;GACjB,CAAC;AAEF,MAAI,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,SACzC,OAAM,IAAI,aAAa,mCAAmC;EAG5D,MAAM,UAAU,MAAM,MAAM,MAC1B;GACE,GAAG;GACH,KAAK,eAAe;GACpB,KAAK,OAAO;GACZ,KAAK,cAAc;GACnB,KAAK,QAAQ;GACd,EACD,iBACA,EAAE,QAAQ,CACX;EAED,MAAM,eAAgB,MAAM,MAAM,UAAU,QAAQ;EAEpD,MAAM,gBADI,MAAM,MAAM,OAAO,QAAQ,EACd,KAAK;AAC5B,MAAI,CAAC,aACH,OAAM,IAAI,aAAa,2BAA2B;AAGpD,SAAO;GACL;GACA;GACQ;GACR,SAAS;GACT,aAAa,YAAY;GACzB,SAAS;GACV;;CAGH,AAAO,YACL,gBACA,cAC0B;AAC1B,SAAO,cAAc,gBAAgB,aAAa;;CAGpD,AAAO,2BAA2B,gBAAwB,kBAAuC;EAC/F,MAAM,UAAU,gBAAgB,gBAAgB,OAAO,KAAK;EAC5D,MAAM,oBAAoB,+BAA+B,iBAAiB,IAAI,EAAE;AAEhF,MAAI,QAAQ,MACV,OAAM,IAAI,aAAa,kEAAkE;EAG3F,MAAM,sBAAsB,kBAC1B,QAAQ,IAAI,SAEZ,QAAQ,YAAY,KAAK,OAAO;GAC9B,QAAQ,EAAE,WAAW;IAAE,KAAK;IAAW,QAAQ,OAAO;IAAM,CAAC;GAC7D,SAAS,EAAE,QAAQ;GACnB,KAAK,EAAE;GACP,MAAM,EAAE;GACR,OAAO,EAAE;GACV,EAAE,EACH,kBACD;EACD,MAAM,CAAC,OAAO,eAAe,MAAM,IAAI;AAGvC,SADyB,cADX,GAAG,IAAI,GAAG,oBAAoB,KAAK,MAAM,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,GAC/B;;CAI/C,MAAa,QACX,cACA,EAAE,gBAAgB,mBAAmB,kBAAkB,qBACtC;EACjB,MAAM,QAAQ,IAAI,gBAAgB,KAAK,mBAAmB,aAAa,CAAC;EAIxE,MAAM,gBAAgB,kCAFN,MAAM,MAAM,OAAO,eAAe,EAEa,KAAK,QAAQ;AAC5E,MAAI,CAAC,iBAAiB,iBACpB,OAAM,IAAI,aAAa,wFAAwF;EAGjH,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,eAAe,KAAK,GAAG;AACtG,QAAM,OAAO;GACX,UAAU,SAAS,eAAe,cAAc,OAAO,UAAU,GAAG;GACpE,WAAW,QAAQ;GACpB,CAAC;AAeF,SAb8B,MAAM,MAAM,QAAQ,gBAAgB,mBAAiD,EACjH,IAAI,mBACA,EACE,SAAS;GACP,KAAK,iBAAiB;GACtB,OAAO,iBAAiB;GACxB,KAAK,iBAAiB;GACtB,GAAG;GACJ,EACF,GACD,QACL,CAAC;;CAKJ,AAAQ,wBAAwB,cAA4B,KAAa,iBAAkC;AACzG,MAAI,CAAC,IAAI,WAAW,WAAW,IAAI,EAAE,IAAI,WAAW,UAAU,IAAI,aAAa,OAAO,uBACpF,OAAM,IAAI,aAAa,mDAAmD;AAG5E,MAAI,CAAC,gBAAgB,aAAa,SAAS,IAAI,IAAI,CAAC,gBAAgB,aAAa,SAAS,iBAAiB,IAAI,CAAC,CAC9G,OAAM,IAAI,aACR,qKACD;;CAIL,MAAa,OACX,cACA,EAAE,gBAAgB,YAAY,mBAAmB,mBAAmB,uBAIpE;EACA,MAAM,QAAQ,IAAI,gBAAgB,EAChC,GAAG,KAAK,mBAAmB,aAAa,EAIzC,CAAC;EAEF,MAAMC,qBAAyC,EAC7C,SAAS,OACV;EAED,IAAIC;EACJ,IAAIC,SAA4B;AAEhC,MAAI;AACF,aAAU,MAAM,MAAM,OAAO,eAAe;AAC5C,OAAI,CAAC,QAAQ,IAAK,OAAM,IAAI,WAAW,oBAAoB;WACpD,OAAO;AACd,UAAO;IACL,SAAS;IACT,cAAc;IACd;IACD;;EAGH,MAAMC,gBAA0C;GAC9C,SAAS,QAAQ,IAAI;GACrB,QAAQ,QAAQ,IAAI;GACpB,SAAS;GACT,cAAc,MAAM,QAAQ,UAAU,cAAc;GAEpD,OAAO,QAAQ,QACX;IACE,SAAS,QAAQ,MAAM;IACvB,QAAQ,QAAQ,MAAM;IACvB,GACD;GACJ,aAAa,YAAY;GACzB,SAAS;GACV;AAED,MAAI;GACF,MAAM,mBAAmB,MAAM,KAAK,0BAClC,cACA,SACA,eACA,oBACD;GACD,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,iBAAiB;GAC9E,MAAM,gBAAgB,iCAAiC,QAAQ,IAAI,QAAQ;GAC3E,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,OAAO,UAAU;IAC1D,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;GAEF,MAAM,eAAe,oBAAoB,CAAC,GAAG,mBAAmB,MAAM,GAAG,CAAC,MAAM;AAEhF,OAAI;AACF,UAAM,MAAM,OAAO,gBAAgB,cAAc,eAAe,OAAU;AAE1E,uBAAmB,mBAAmB;AACtC,uBAAmB,4BAA4B;AAC/C,uBAAmB,gBAAgB;YAC5B,OAAO;AACd,aAAS;AACT,uBAAmB,mBAAmB;AACtC,uBAAmB,4BAA4B;AAC/C,uBAAmB,gBAAgB;;AAGrC,OAAI,QAAQ,IAAI,QAAQ,QAAQ,eAAe,QAAQ,IAAI,QAAQ,QAAQ,aAAa;AACtF,uBAAmB,4BAA4B;AAC/C,aAAS,IAAI,aAAa,4DAA4D;;AAGxF,OAAI;AACF,eAAW,SAAS,cAAc,QAAQ,CAAC,UAAU;AAErD,uBAAmB,oBAAoB;YAChC,OAAO;AACd,aAAS;AACT,uBAAmB,oBAAoB;;AAIzC,OAAI;AACF,QAAI,YAAY;AACd,SAAI,CAAC,QAAQ,SAAS,CAAC,QAAQ,MAAM,QACnC,OAAM,IAAI,aAAa,2DAA2D;AAIpF,SAAI,QAAQ,MAAM,QAAQ,QAAQ,WAAW,SAC3C,OAAM,IAAI,aAAa,6DAA6D;AAGtF,SAAI,QAAQ,MAAM,QAAQ,UAAU,WAAW,MAC7C,OAAM,IAAI,aAAa,0DAA0D;AAGnF,wBAAmB,oBAAoB;AACvC,wBAAmB,6BAA6B;AAChD,wBAAmB,+BAA+B;;YAE7C,OAAO;AACd,aAAS;AACT,uBAAmB,oBAAoB;AACvC,uBAAmB,6BAA6B;AAChD,uBAAmB,+BAA+B;;AAGpD,OAAI;IACF,MAAM,MAAM,cAAc,SAAS;AACnC,QAAI,qBAAqB,OAAO,QAAQ,YAAY,IAAI,WAAW,WAAW,EAAE;KAE9E,MAAM,cAAc,IAAI,MAAM,IAAI;AAClC,iBAAY,OAAO,GAAG,GAAG,kBAAkB;KAC3C,MAAM,SAAS,YAAY,KAAK,IAAI;KAEpC,MAAM,WAAW,MAAM,aAAa,OAAO,kBAAkB,MAAM,OAAO;AAC1E,SAAI,SAAS,GAEX,eAAc,eADO,MAAM,SAAS,MAAM;;YAIvCC,UAAQ;WAGV,OAAO;AACd,sBAAmB,UAAU;AAC7B,UAAO;IACL,SAAS;IACT;IACA,cAAc;IACd,SAAS;IACV;;EAGH,MAAM,EAAE,SAAS,EAAG,GAAG,qBAAqB;AAC5C,qBAAmB,UAAU,OAAO,OAAO,iBAAiB,CAAC,OAAO,iBAAiB,iBAAiB,KAAK;AAE3G,MAAI,OACF,QAAO;GACL,SAAS;GACT,OAAO;GACP,SAAS;GACT,cAAc;GACf;AAGH,SAAO;GACL,SAAS;GACT,cAAc;GACd,SAAS;GACV;;CAGH,MAAa,MAAM,cAA4B,gBAAwB;EACrE,MAAM,gBAAgB,IAAI,cAAc,EACtC,gBACD,CAAC;AACF,QAAM,KAAK,kBAAkB,KAAK,cAAc,cAAc;AAE9D,SAAO;;CAGT,MAAa,QAAQ,cAA4B,IAAoC;AACnF,SAAO,MAAM,KAAK,kBAAkB,QAAQ,cAAc,GAAG;;CAG/D,MAAa,OAAO,cAA2D;AAC7E,SAAO,MAAM,KAAK,kBAAkB,OAAO,aAAa;;CAG1D,MAAa,YACX,cACA,OACA,cAC+B;AAC/B,SAAO,MAAM,KAAK,kBAAkB,YAAY,cAAc,OAAO,aAAa;;CAGpF,MAAa,WAAW,cAA4B,IAAY;AAC9D,QAAM,KAAK,kBAAkB,WAAW,cAAc,GAAG;;CAG3D,MAAa,OAAO,cAA4B,eAA8B;AAC5E,QAAM,KAAK,kBAAkB,OAAO,cAAc,cAAc;;CAGlE,MAAc,qBAAqB,cAA4B,QAAuB,aAAa,OAAO;AACxG,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,YAAY,SAAS,OAAO,OAAO;AACzC,OAAI,CAAC,UAAU,SACb,OAAM,IAAI,aACR,WAAW,OAAO,OAAO,kEAC1B;GAGH,IAAIC;AACJ,OAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;QAC3E;IACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,gBAAY,mCAAmC,mBAAmB;;GAGpE,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;AAIH,UAAO;IACL,KAHU,6BAA6B;IAIvC;IACA,KAAK,UAAU;IACf,KAAK,IAAI,UAAU;IACpB;;AAIH,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,kBAAkB,OAAO,IAAI;AACnC,OAAI,CAAC,gBACH,OAAM,IAAI,aAAa,6BAA6B;AAItD,OAAI,cAAc,CAAC,gBAAgB,UAAU,SAC3C,OAAM,IAAI,aAAa,wEAAwE;GAGjG,MAAM,YAAY,gBAAgB;GAClC,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;GAEH,MAAM,MAAM,6BAA6B;AAEzC,QAAK,wBAAwB,cAAc,OAAO,QAAQ,gBAAgB;AAE1E,UAAO;IACL;IACA,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ;IACD;;AAGH,QAAM,IAAI,aAAa,kFAAkF;;CAG3G,MAAc,0BACZ,cACA,SACA,cACA,sBACwB;EACxB,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;AAC3E,MAAI,CAAC,QAAQ,KAAK,QAChB,OAAM,IAAI,aAAa,uBAAuB;AAGhD,MAAI,CAAC,QAAQ,KAAK,QAAQ,IACxB,OAAM,IAAI,aAAa,wCAAwC;EAGjE,MAAM,MAAM,QAAQ,IAAI,QAAQ;AAEhC,MAAI,QAAQ,IAAI,QAAQ,KAAK;AAC3B,OAAI,CAAC,MAAM,QAAQ,QAAQ,IAAI,OAAO,IAAI,CACxC,OAAM,IAAI,aAAa,kDAAkD;AAE3E,OAAI,QAAQ,IAAI,OAAO,IAAI,WAAW,EACpC,OAAM,IAAI,aAAa,iDAAiD;AAE1E,OAAI,QAAQ,IAAI,OAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,SAAS,CAC/D,OAAM,IAAI,aAAa,6DAA6D;GAGtF,IAAI,sBAAsB;GAC1B,MAAM,mBAAmB,QAAQ,IAAI,OAAO,IAAI,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAE3G,OAAI,CAAC,oBACH,uBACG,MAAM,WAAW,wCAAwC,cAAc;IACtE;IACA,cAAc;KACZ,MAAM;KACN,YAAY;KACb;IACF,CAAC,IAAK,WAAW;AAGtB,OAAI,CAAC,oBACH,OAAM,IAAI,aACR,uGACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,QAAQ,IAAI,OAAO;IACrC;IACD,CAAC;AAEF,UAAO;IACL,QAAQ;IACR,KAAK;IACL,QAAQ;IACT;;AAGH,MAAI,IAAI,WAAW,OAAO,EAAE;AAI1B,OAAI,CAAC,QAAQ,KAAK,OAChB,OAAM,IAAI,aAAa,uCAAuC;AAGhE,OAAI,CAAC,QAAQ,IAAI,OAAO,IACtB,OAAM,IAAI,aAAa,kDAAkD;GAG3E,MAAM,YAAY,QAAQ,IAAI,OAAO;GAErC,IAAIC;AACJ,OAAI,UAAU,WAAW,IAAI,CAC3B,UAAS,GAAG,MAAM;YACT,UAAU,WAAW,OAAO,EAAE;IACvC,MAAM,aAAa,SAAS,UAAU;AACtC,QAAI,WAAW,QAAQ,IACrB,OAAM,IAAI,aACR,sDAAsD,WAAW,IAAI,uCAAuC,IAAI,GACjH;AAGH,aAAS;SAET,OAAM,IAAI,aACR,kGACD;AAGH,UAAO;IACL,QAAQ;IACR;IACD;;AAEH,QAAM,IAAI,aAAa,gEAAgE;;CAGzF,AAAQ,mBAAmB,cAA2C;EACpE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,mBAAmB,KAAK,qBAAqB,aAAa;GAC1D,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;CAGH,AAAQ,qBAAqB,cAA4B;AACvD,SAAO,OAAO,QAAgB;GAC5B,MAAM,WAAW,MAAM,iBAAiB,aAAa,OAAO,kBAAkB,OAAO,KAAK,EACxF,SAAS,EACP,QAAQ,8BACT,EACF,CAAC;AAEF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,WACR,yCACE,SAAS,OACV,kCAAkC,IAAI,IAAI,MAAM,SAAS,MAAM,GACjE;AAGH,UAAO,MAAM,SAAS,MAAM;;;;6BA5hBjC,YAAY"}
1	+ {"version":3,"file":"SdJwtVcService.mjs","names":["SdJwtVcService","sdJwtVc: SDJwt","returnSdJwtVc: SdJwtVc<Header, Payload>","publicJwk: PublicJwk","didUrl: string"],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":["import type { SDJwt } from '@sd-jwt/core'\nimport { decodeSdJwtSync } from '@sd-jwt/decode'\nimport { selectDisclosures } from '@sd-jwt/present'\nimport { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc'\nimport type { DisclosureFrame, PresentationFrame } from '@sd-jwt/types'\nimport { injectable } from 'tsyringe'\nimport { AgentContext } from '../../agent'\nimport { Hasher, JwtPayload } from '../../crypto'\nimport { CredoError } from '../../error'\nimport { X509Service } from '../../modules/x509/X509Service'\nimport type { Query, QueryOptions } from '../../storage/StorageService'\nimport type { JsonObject } from '../../types'\nimport { dateToSeconds, nowInSeconds, TypedArrayEncoder } from '../../utils'\nimport { getDomainFromUrl } from '../../utils/domain'\nimport { fetchWithTimeout } from '../../utils/fetch'\nimport { getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { KeyManagementApi, PublicJwk } from '../kms'\nimport { ClaimFormat } from '../vc/index'\nimport { type EncodedX509Certificate, X509Certificate, X509ModuleConfig } from '../x509'\nimport { decodeSdJwtVc, sdJwtVcHasher } from './decodeSdJwtVc'\nimport { buildDisclosureFrameForPayload } from './disclosureFrame'\nimport { SdJwtVcRecord, SdJwtVcRepository } from './repository'\nimport { SdJwtVcError } from './SdJwtVcError'\nimport type {\n SdJwtVcHeader,\n SdJwtVcIssuer,\n SdJwtVcPayload,\n SdJwtVcPresentOptions,\n SdJwtVcSignOptions,\n SdJwtVcVerifyOptions,\n} from './SdJwtVcOptions'\nimport type { SdJwtVcTypeMetadata } from './typeMetadata'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n resolveDidUrl,\n resolveSigningPublicJwkFromDidUrl,\n} from './utils'\n\ntype SdJwtVcConfig = SDJwtVcInstance['userConfig']\n\nexport interface SdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n> {\n /*\n claim format is convenience method added to all credential instances\n /\n claimFormat: ClaimFormat.SdJwtDc\n /\n encoded is convenience method added to all credential instances\n /\n encoded: string\n compact: string\n header: Header\n\n // TODO: payload type here is a lie, as it is the signed payload (so fields replaced with _sd)\n payload: Payload\n prettyClaims: Payload\n\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport interface VerificationResult {\n isValid: boolean\n isValidJwtPayload?: boolean\n isSignatureValid?: boolean\n isStatusValid?: boolean\n isNotBeforeValid?: boolean\n isExpiryTimeValid?: boolean\n areRequiredClaimsIncluded?: boolean\n isKeyBindingValid?: boolean\n containsExpectedKeyBinding?: boolean\n containsRequiredVcProperties?: boolean\n}\n\n/\n @internal\n */\n@injectable()\nexport class SdJwtVcService {\n private sdJwtVcRepository: SdJwtVcRepository\n\n public constructor(sdJwtVcRepository: SdJwtVcRepository) {\n this.sdJwtVcRepository = sdJwtVcRepository\n }\n\n public async sign<Payload extends SdJwtVcPayload>(agentContext: AgentContext, options: SdJwtVcSignOptions<Payload>) {\n const { payload, disclosureFrame, hashingAlgorithm } = options\n\n // default is sha-256\n if (hashingAlgorithm && hashingAlgorithm !== 'sha-256') {\n throw new SdJwtVcError(`Unsupported hashing algorithm used: ${hashingAlgorithm}`)\n }\n\n const issuer = await this.extractKeyFromIssuer(agentContext, options.issuer, true)\n\n // holer binding is optional\n const holderBinding = options.holder ? await extractKeyFromHolderBinding(agentContext, options.holder) : undefined\n\n const header = {\n alg: issuer.alg,\n typ: options.headerType ?? 'dc+sd-jwt',\n kid: issuer.kid,\n x5c: issuer.x5c?.map((cert) => cert.toString('base64')),\n } as const\n\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, issuer.publicJwk),\n hashAlg: 'sha-256',\n signAlg: issuer.alg,\n })\n\n if (!payload.vct \|\| typeof payload.vct !== 'string') {\n throw new SdJwtVcError(\"Missing required parameter 'vct'\")\n }\n\n const compact = await sdjwt.issue(\n {\n ...payload,\n cnf: holderBinding?.cnf,\n iss: issuer.iss,\n iat: nowInSeconds(),\n vct: payload.vct,\n },\n disclosureFrame as DisclosureFrame<Payload>,\n { header }\n )\n\n const prettyClaims = (await sdjwt.getClaims(compact)) as Payload\n const a = await sdjwt.decode(compact)\n const sdjwtPayload = a.jwt?.payload as Payload \| undefined\n if (!sdjwtPayload) {\n throw new SdJwtVcError('Invalid sd-jwt-vc state.')\n }\n\n return {\n compact,\n prettyClaims,\n header: header,\n payload: sdjwtPayload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compact,\n } satisfies SdJwtVc<typeof header, Payload>\n }\n\n public fromCompact<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n compactSdJwtVc: string,\n typeMetadata?: SdJwtVcTypeMetadata\n ): SdJwtVc<Header, Payload> {\n return decodeSdJwtVc(compactSdJwtVc, typeMetadata)\n }\n\n public applyDisclosuresForPayload(compactSdJwtVc: string, requestedPayload: JsonObject): SdJwtVc {\n const decoded = decodeSdJwtSync(compactSdJwtVc, Hasher.hash)\n const presentationFrame = buildDisclosureFrameForPayload(requestedPayload) ?? {}\n\n if (decoded.kbJwt) {\n throw new SdJwtVcError('Cannot apply limit disclosure on an sd-jwt with key binding jwt')\n }\n\n const requiredDisclosures = selectDisclosures(\n decoded.jwt.payload,\n // Map to sd-jwt disclosure format\n decoded.disclosures.map((d) => ({\n digest: d.digestSync({ alg: 'sha-256', hasher: Hasher.hash }),\n encoded: d.encode(),\n key: d.key,\n salt: d.salt,\n value: d.value,\n })),\n presentationFrame as { [key: string]: boolean }\n )\n const [jwt] = compactSdJwtVc.split('~')\n const disclosuresString =\n requiredDisclosures.length > 0 ? `${requiredDisclosures.map((d) => d.encoded).join('~')}~` : ''\n const sdJwt = `${jwt}~${disclosuresString}`\n const disclosedDecoded = decodeSdJwtVc(sdJwt)\n return disclosedDecoded\n }\n\n public async present<Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, presentationFrame, verifierMetadata, additionalPayload }: SdJwtVcPresentOptions<Payload>\n ): Promise<string> {\n const sdjwt = new SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext))\n\n const sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt?.payload)\n if (!holderBinding && verifierMetadata) {\n throw new SdJwtVcError(\"Verifier metadata provided, but credential has no 'cnf' claim to create a KB-JWT from\")\n }\n\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding, true) : undefined\n sdjwt.config({\n kbSigner: holder ? getSdJwtSigner(agentContext, holder.publicJwk) : undefined,\n kbSignAlg: holder?.alg,\n })\n\n const compactDerivedSdJwtVc = await sdjwt.present(compactSdJwtVc, presentationFrame as PresentationFrame<Payload>, {\n kb: verifierMetadata\n ? {\n payload: {\n iat: verifierMetadata.issuedAt,\n nonce: verifierMetadata.nonce,\n aud: verifierMetadata.audience,\n ...additionalPayload,\n },\n }\n : undefined,\n })\n\n return compactDerivedSdJwtVc\n }\n\n private assertValidX5cJwtIssuer(agentContext: AgentContext, iss: string, leafCertificate: X509Certificate) {\n if (!iss.startsWith('https://') && !(iss.startsWith('http://') && agentContext.config.allowInsecureHttpUrls)) {\n throw new SdJwtVcError('The X509 certificate issuer must be a HTTPS URI.')\n }\n\n if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) {\n throw new SdJwtVcError(\n `The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`\n )\n }\n }\n\n public async verify<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }: SdJwtVcVerifyOptions\n ): Promise<\n \| { isValid: true; sdJwtVc: SdJwtVc<Header, Payload> }\n \| { isValid: false; sdJwtVc?: SdJwtVc<Header, Payload>; error: Error }\n > {\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n // FIXME: will break if using url but no type metadata\n // https://github.com/openwallet-foundation/sd-jwt-js/issues/258\n // loadTypeMetadataFormat: false,\n })\n\n let sdJwtVc: SDJwt\n\n try {\n sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n if (!sdJwtVc.jwt) throw new CredoError('Invalid sd-jwt-vc')\n } catch (error) {\n return {\n isValid: false,\n error,\n }\n }\n\n const returnSdJwtVc: SdJwtVc<Header, Payload> = {\n payload: sdJwtVc.jwt.payload as Payload,\n header: sdJwtVc.jwt.header as Header,\n compact: compactSdJwtVc,\n prettyClaims: await sdJwtVc.getClaims(sdJwtVcHasher),\n\n kbJwt: sdJwtVc.kbJwt\n ? {\n payload: sdJwtVc.kbJwt.payload as Record<string, unknown>,\n header: sdJwtVc.kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n } satisfies SdJwtVc<Header, Payload>\n\n try {\n const credentialIssuer = await this.parseIssuerFromCredential(\n agentContext,\n sdJwtVc,\n returnSdJwtVc,\n trustedCertificates\n )\n const issuer = await this.extractKeyFromIssuer(agentContext, credentialIssuer)\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt.payload)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, issuer.publicJwk),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdjwt.verify(compactSdJwtVc, {\n requiredClaimKeys: requiredClaimKeys ? [...requiredClaimKeys, 'vct'] : ['vct'],\n keyBindingNonce: keyBinding?.nonce,\n currentDate: dateToSeconds(now ?? new Date()),\n skewSeconds: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n if (sdJwtVc.jwt.header?.typ !== 'vc+sd-jwt' && sdJwtVc.jwt.header?.typ !== 'dc+sd-jwt') {\n return {\n error: new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`),\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n JwtPayload.fromJson(returnSdJwtVc.payload).validate({\n now: dateToSeconds(now ?? new Date()),\n skewTime: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n // If keyBinding is present, verify the key binding\n try {\n if (keyBinding) {\n if (!sdJwtVc.kbJwt \|\| !sdJwtVc.kbJwt.payload) {\n throw new SdJwtVcError('Keybinding is required for verification of the sd-jwt-vc')\n }\n\n // Assert `aud` and `nonce` claims\n if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected audience')\n }\n\n if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected nonce')\n }\n }\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n const vct = returnSdJwtVc.payload?.vct\n if (fetchTypeMetadata && typeof vct === 'string' && vct.startsWith('https://')) {\n // modify the uri based on https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#section-6.3.1\n const vctElements = vct.split('/')\n vctElements.splice(3, 0, '.well-known/vct')\n const vctUrl = vctElements.join('/')\n\n const response = await agentContext.config.agentDependencies.fetch(vctUrl)\n if (response.ok) {\n const typeMetadata = await response.json()\n returnSdJwtVc.typeMetadata = typeMetadata as SdJwtVcTypeMetadata\n }\n }\n } catch (_error) {\n // we allow vct without type metadata for now\n }\n } catch (error) {\n return {\n isValid: false,\n error,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n return {\n isValid: true,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n public async store(agentContext: AgentContext, compactSdJwtVc: string) {\n const sdJwtVcRecord = new SdJwtVcRecord({\n compactSdJwtVc,\n })\n await this.sdJwtVcRepository.save(agentContext, sdJwtVcRecord)\n\n return sdJwtVcRecord\n }\n\n public async getById(agentContext: AgentContext, id: string): Promise<SdJwtVcRecord> {\n return await this.sdJwtVcRepository.getById(agentContext, id)\n }\n\n public async getAll(agentContext: AgentContext): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.getAll(agentContext)\n }\n\n public async findByQuery(\n agentContext: AgentContext,\n query: Query<SdJwtVcRecord>,\n queryOptions?: QueryOptions\n ): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.findByQuery(agentContext, query, queryOptions)\n }\n\n public async deleteById(agentContext: AgentContext, id: string) {\n await this.sdJwtVcRepository.deleteById(agentContext, id)\n }\n\n public async update(agentContext: AgentContext, sdJwtVcRecord: SdJwtVcRecord) {\n await this.sdJwtVcRepository.update(agentContext, sdJwtVcRecord)\n }\n\n private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {\n if (issuer.method === 'did') {\n const parsedDid = parseDid(issuer.didUrl)\n if (!parsedDid.fragment) {\n throw new SdJwtVcError(\n `didUrl '${issuer.didUrl}' does not contain a '#'. Unable to derive key from did document`\n )\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, issuer.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, issuer.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n iss: parsedDid.did,\n kid: `#${parsedDid.fragment}`,\n }\n }\n\n // FIXME: probably need to make the input an x509 certificate so we can attach a key id\n if (issuer.method === 'x5c') {\n const leafCertificate = issuer.x5c[0]\n if (!leafCertificate) {\n throw new SdJwtVcError(\"Empty 'x5c' array provided\")\n }\n\n // TODO: We don't have an x509 certificate record so we expect the key id to already be set\n if (forSigning && !leafCertificate.publicJwk.hasKeyId) {\n throw new SdJwtVcError(\"Expected leaf certificate in 'x5c' array to have a key id configured.\")\n }\n\n const publicJwk = leafCertificate.publicJwk\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n this.assertValidX5cJwtIssuer(agentContext, issuer.issuer, leafCertificate)\n\n return {\n publicJwk,\n iss: issuer.issuer,\n x5c: issuer.x5c,\n alg,\n }\n }\n\n throw new SdJwtVcError(\"Unsupported credential issuer. Only 'did' and 'x5c' is supported at the moment.\")\n }\n\n private async parseIssuerFromCredential<Header extends SdJwtVcHeader, Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n sdJwtVc: SDJwt<Header, Payload>,\n credoSdJwtVc: SdJwtVc<Header, Payload>,\n _trustedCertificates?: EncodedX509Certificate[]\n ): Promise<SdJwtVcIssuer> {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n if (!sdJwtVc.jwt?.payload) {\n throw new SdJwtVcError('Credential not exist')\n }\n\n if (!sdJwtVc.jwt?.payload.iss) {\n throw new SdJwtVcError('Credential does not contain an issuer')\n }\n\n const iss = sdJwtVc.jwt.payload.iss as string\n\n if (sdJwtVc.jwt.header?.x5c) {\n if (!Array.isArray(sdJwtVc.jwt.header.x5c)) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array.')\n }\n if (sdJwtVc.jwt.header.x5c.length === 0) {\n throw new SdJwtVcError('Invalid x5c header in credential. Empty array.')\n }\n if (sdJwtVc.jwt.header.x5c.some((x5c) => typeof x5c !== 'string')) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array of strings.')\n }\n\n let trustedCertificates = _trustedCertificates\n const certificateChain = sdJwtVc.jwt.header.x5c.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: credoSdJwtVc,\n },\n })) ?? x509Config.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new SdJwtVcError(\n 'No trusted certificates configured for X509 certificate chain validation. Issuer cannot be verified.'\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: sdJwtVc.jwt.header.x5c,\n trustedCertificates,\n })\n\n return {\n method: 'x5c',\n x5c: certificateChain,\n issuer: iss,\n }\n }\n\n if (iss.startsWith('did:')) {\n // If `did` is used, we require a relative KID to be present to identify\n // the key used by issuer to sign the sd-jwt-vc\n\n if (!sdJwtVc.jwt?.header) {\n throw new SdJwtVcError('Credential does not contain a header')\n }\n\n if (!sdJwtVc.jwt.header.kid) {\n throw new SdJwtVcError('Credential does not contain a kid in the header')\n }\n\n const issuerKid = sdJwtVc.jwt.header.kid as string\n\n let didUrl: string\n if (issuerKid.startsWith('#')) {\n didUrl = `${iss}${issuerKid}`\n } else if (issuerKid.startsWith('did:')) {\n const didFromKid = parseDid(issuerKid)\n if (didFromKid.did !== iss) {\n throw new SdJwtVcError(\n `kid in header is an absolute DID URL, but the did (${didFromKid.did}) does not match with the 'iss' did (${iss})`\n )\n }\n\n didUrl = issuerKid\n } else {\n throw new SdJwtVcError(\n 'Invalid issuer kid for did. Only absolute or relative (starting with #) did urls are supported.'\n )\n }\n\n return {\n method: 'did',\n didUrl,\n }\n }\n throw new SdJwtVcError(\"Unsupported 'iss' value. Only did is supported at the moment.\")\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SdJwtVcConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n statusListFetcher: this.getStatusListFetcher(agentContext),\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n\n private getStatusListFetcher(agentContext: AgentContext) {\n return async (uri: string) => {\n const response = await fetchWithTimeout(agentContext.config.agentDependencies.fetch, uri, {\n headers: {\n Accept: 'application/statuslist+jwt',\n },\n })\n\n if (!response.ok) {\n throw new CredoError(\n `Received invalid response with status ${\n response.status\n } when fetching status list from ${uri}. ${await response.text()}`\n )\n }\n\n return await response.text()\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuFO,2BAAMA,iBAAe;CAG1B,AAAO,YAAY,mBAAsC;AACvD,OAAK,oBAAoB;;CAG3B,MAAa,KAAqC,cAA4B,SAAsC;EAClH,MAAM,EAAE,SAAS,iBAAiB,qBAAqB;AAGvD,MAAI,oBAAoB,qBAAqB,UAC3C,OAAM,IAAI,aAAa,uCAAuC,mBAAmB;EAGnF,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,QAAQ,QAAQ,KAAK;EAGlF,MAAM,gBAAgB,QAAQ,SAAS,MAAM,4BAA4B,cAAc,QAAQ,OAAO,GAAG;EAEzG,MAAM,SAAS;GACb,KAAK,OAAO;GACZ,KAAK,QAAQ,cAAc;GAC3B,KAAK,OAAO;GACZ,KAAK,OAAO,KAAK,KAAK,SAAS,KAAK,SAAS,SAAS,CAAC;GACxD;EAED,MAAM,QAAQ,IAAI,gBAAgB;GAChC,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS;GACT,SAAS,OAAO;GACjB,CAAC;AAEF,MAAI,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,SACzC,OAAM,IAAI,aAAa,mCAAmC;EAG5D,MAAM,UAAU,MAAM,MAAM,MAC1B;GACE,GAAG;GACH,KAAK,eAAe;GACpB,KAAK,OAAO;GACZ,KAAK,cAAc;GACnB,KAAK,QAAQ;GACd,EACD,iBACA,EAAE,QAAQ,CACX;EAED,MAAM,eAAgB,MAAM,MAAM,UAAU,QAAQ;EAEpD,MAAM,gBADI,MAAM,MAAM,OAAO,QAAQ,EACd,KAAK;AAC5B,MAAI,CAAC,aACH,OAAM,IAAI,aAAa,2BAA2B;AAGpD,SAAO;GACL;GACA;GACQ;GACR,SAAS;GACT,aAAa,YAAY;GACzB,SAAS;GACV;;CAGH,AAAO,YACL,gBACA,cAC0B;AAC1B,SAAO,cAAc,gBAAgB,aAAa;;CAGpD,AAAO,2BAA2B,gBAAwB,kBAAuC;EAC/F,MAAM,UAAU,gBAAgB,gBAAgB,OAAO,KAAK;EAC5D,MAAM,oBAAoB,+BAA+B,iBAAiB,IAAI,EAAE;AAEhF,MAAI,QAAQ,MACV,OAAM,IAAI,aAAa,kEAAkE;EAG3F,MAAM,sBAAsB,kBAC1B,QAAQ,IAAI,SAEZ,QAAQ,YAAY,KAAK,OAAO;GAC9B,QAAQ,EAAE,WAAW;IAAE,KAAK;IAAW,QAAQ,OAAO;IAAM,CAAC;GAC7D,SAAS,EAAE,QAAQ;GACnB,KAAK,EAAE;GACP,MAAM,EAAE;GACR,OAAO,EAAE;GACV,EAAE,EACH,kBACD;EACD,MAAM,CAAC,OAAO,eAAe,MAAM,IAAI;AAKvC,SADyB,cADX,GAAG,IAAI,GADnB,oBAAoB,SAAS,IAAI,GAAG,oBAAoB,KAAK,MAAM,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,KAAK,KAElD;;CAI/C,MAAa,QACX,cACA,EAAE,gBAAgB,mBAAmB,kBAAkB,qBACtC;EACjB,MAAM,QAAQ,IAAI,gBAAgB,KAAK,mBAAmB,aAAa,CAAC;EAIxE,MAAM,gBAAgB,kCAFN,MAAM,MAAM,OAAO,eAAe,EAEa,KAAK,QAAQ;AAC5E,MAAI,CAAC,iBAAiB,iBACpB,OAAM,IAAI,aAAa,wFAAwF;EAGjH,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,eAAe,KAAK,GAAG;AACtG,QAAM,OAAO;GACX,UAAU,SAAS,eAAe,cAAc,OAAO,UAAU,GAAG;GACpE,WAAW,QAAQ;GACpB,CAAC;AAeF,SAb8B,MAAM,MAAM,QAAQ,gBAAgB,mBAAiD,EACjH,IAAI,mBACA,EACE,SAAS;GACP,KAAK,iBAAiB;GACtB,OAAO,iBAAiB;GACxB,KAAK,iBAAiB;GACtB,GAAG;GACJ,EACF,GACD,QACL,CAAC;;CAKJ,AAAQ,wBAAwB,cAA4B,KAAa,iBAAkC;AACzG,MAAI,CAAC,IAAI,WAAW,WAAW,IAAI,EAAE,IAAI,WAAW,UAAU,IAAI,aAAa,OAAO,uBACpF,OAAM,IAAI,aAAa,mDAAmD;AAG5E,MAAI,CAAC,gBAAgB,aAAa,SAAS,IAAI,IAAI,CAAC,gBAAgB,aAAa,SAAS,iBAAiB,IAAI,CAAC,CAC9G,OAAM,IAAI,aACR,qKACD;;CAIL,MAAa,OACX,cACA,EAAE,gBAAgB,YAAY,mBAAmB,mBAAmB,qBAAqB,OAIzF;EACA,MAAM,QAAQ,IAAI,gBAAgB,EAChC,GAAG,KAAK,mBAAmB,aAAa,EAIzC,CAAC;EAEF,IAAIC;AAEJ,MAAI;AACF,aAAU,MAAM,MAAM,OAAO,eAAe;AAC5C,OAAI,CAAC,QAAQ,IAAK,OAAM,IAAI,WAAW,oBAAoB;WACpD,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACD;;EAGH,MAAMC,gBAA0C;GAC9C,SAAS,QAAQ,IAAI;GACrB,QAAQ,QAAQ,IAAI;GACpB,SAAS;GACT,cAAc,MAAM,QAAQ,UAAU,cAAc;GAEpD,OAAO,QAAQ,QACX;IACE,SAAS,QAAQ,MAAM;IACvB,QAAQ,QAAQ,MAAM;IACvB,GACD;GACJ,aAAa,YAAY;GACzB,SAAS;GACV;AAED,MAAI;GACF,MAAM,mBAAmB,MAAM,KAAK,0BAClC,cACA,SACA,eACA,oBACD;GACD,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,iBAAiB;GAC9E,MAAM,gBAAgB,iCAAiC,QAAQ,IAAI,QAAQ;GAC3E,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,OAAO,UAAU;IAC1D,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,gBAAgB;KACjC,mBAAmB,oBAAoB,CAAC,GAAG,mBAAmB,MAAM,GAAG,CAAC,MAAM;KAC9E,iBAAiB,YAAY;KAC7B,aAAa,cAAc,uBAAO,IAAI,MAAM,CAAC;KAC7C,aAAa;KACd,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI,QAAQ,IAAI,QAAQ,QAAQ,eAAe,QAAQ,IAAI,QAAQ,QAAQ,YACzE,QAAO;IACL,OAAO,IAAI,aAAa,4DAA4D;IACpF,SAAS;IACT,SAAS;IACV;AAGH,OAAI;AACF,eAAW,SAAS,cAAc,QAAQ,CAAC,SAAS;KAClD,KAAK,cAAc,uBAAO,IAAI,MAAM,CAAC;KACrC,UAAU;KACX,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAIH,OAAI;AACF,QAAI,YAAY;AACd,SAAI,CAAC,QAAQ,SAAS,CAAC,QAAQ,MAAM,QACnC,OAAM,IAAI,aAAa,2DAA2D;AAIpF,SAAI,QAAQ,MAAM,QAAQ,QAAQ,WAAW,SAC3C,OAAM,IAAI,aAAa,6DAA6D;AAGtF,SAAI,QAAQ,MAAM,QAAQ,UAAU,WAAW,MAC7C,OAAM,IAAI,aAAa,0DAA0D;;YAG9E,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI;IACF,MAAM,MAAM,cAAc,SAAS;AACnC,QAAI,qBAAqB,OAAO,QAAQ,YAAY,IAAI,WAAW,WAAW,EAAE;KAE9E,MAAM,cAAc,IAAI,MAAM,IAAI;AAClC,iBAAY,OAAO,GAAG,GAAG,kBAAkB;KAC3C,MAAM,SAAS,YAAY,KAAK,IAAI;KAEpC,MAAM,WAAW,MAAM,aAAa,OAAO,kBAAkB,MAAM,OAAO;AAC1E,SAAI,SAAS,GAEX,eAAc,eADO,MAAM,SAAS,MAAM;;YAIvC,QAAQ;WAGV,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACA,SAAS;IACV;;AAGH,SAAO;GACL,SAAS;GACT,SAAS;GACV;;CAGH,MAAa,MAAM,cAA4B,gBAAwB;EACrE,MAAM,gBAAgB,IAAI,cAAc,EACtC,gBACD,CAAC;AACF,QAAM,KAAK,kBAAkB,KAAK,cAAc,cAAc;AAE9D,SAAO;;CAGT,MAAa,QAAQ,cAA4B,IAAoC;AACnF,SAAO,MAAM,KAAK,kBAAkB,QAAQ,cAAc,GAAG;;CAG/D,MAAa,OAAO,cAA2D;AAC7E,SAAO,MAAM,KAAK,kBAAkB,OAAO,aAAa;;CAG1D,MAAa,YACX,cACA,OACA,cAC+B;AAC/B,SAAO,MAAM,KAAK,kBAAkB,YAAY,cAAc,OAAO,aAAa;;CAGpF,MAAa,WAAW,cAA4B,IAAY;AAC9D,QAAM,KAAK,kBAAkB,WAAW,cAAc,GAAG;;CAG3D,MAAa,OAAO,cAA4B,eAA8B;AAC5E,QAAM,KAAK,kBAAkB,OAAO,cAAc,cAAc;;CAGlE,MAAc,qBAAqB,cAA4B,QAAuB,aAAa,OAAO;AACxG,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,YAAY,SAAS,OAAO,OAAO;AACzC,OAAI,CAAC,UAAU,SACb,OAAM,IAAI,aACR,WAAW,OAAO,OAAO,kEAC1B;GAGH,IAAIC;AACJ,OAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;QAC3E;IACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,gBAAY,mCAAmC,mBAAmB;;GAGpE,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;AAIH,UAAO;IACL,KAHU,6BAA6B;IAIvC;IACA,KAAK,UAAU;IACf,KAAK,IAAI,UAAU;IACpB;;AAIH,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,kBAAkB,OAAO,IAAI;AACnC,OAAI,CAAC,gBACH,OAAM,IAAI,aAAa,6BAA6B;AAItD,OAAI,cAAc,CAAC,gBAAgB,UAAU,SAC3C,OAAM,IAAI,aAAa,wEAAwE;GAGjG,MAAM,YAAY,gBAAgB;GAClC,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;GAEH,MAAM,MAAM,6BAA6B;AAEzC,QAAK,wBAAwB,cAAc,OAAO,QAAQ,gBAAgB;AAE1E,UAAO;IACL;IACA,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ;IACD;;AAGH,QAAM,IAAI,aAAa,kFAAkF;;CAG3G,MAAc,0BACZ,cACA,SACA,cACA,sBACwB;EACxB,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;AAC3E,MAAI,CAAC,QAAQ,KAAK,QAChB,OAAM,IAAI,aAAa,uBAAuB;AAGhD,MAAI,CAAC,QAAQ,KAAK,QAAQ,IACxB,OAAM,IAAI,aAAa,wCAAwC;EAGjE,MAAM,MAAM,QAAQ,IAAI,QAAQ;AAEhC,MAAI,QAAQ,IAAI,QAAQ,KAAK;AAC3B,OAAI,CAAC,MAAM,QAAQ,QAAQ,IAAI,OAAO,IAAI,CACxC,OAAM,IAAI,aAAa,kDAAkD;AAE3E,OAAI,QAAQ,IAAI,OAAO,IAAI,WAAW,EACpC,OAAM,IAAI,aAAa,iDAAiD;AAE1E,OAAI,QAAQ,IAAI,OAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,SAAS,CAC/D,OAAM,IAAI,aAAa,6DAA6D;GAGtF,IAAI,sBAAsB;GAC1B,MAAM,mBAAmB,QAAQ,IAAI,OAAO,IAAI,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAE3G,OAAI,CAAC,oBACH,uBACG,MAAM,WAAW,wCAAwC,cAAc;IACtE;IACA,cAAc;KACZ,MAAM;KACN,YAAY;KACb;IACF,CAAC,IAAK,WAAW;AAGtB,OAAI,CAAC,oBACH,OAAM,IAAI,aACR,uGACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,QAAQ,IAAI,OAAO;IACrC;IACD,CAAC;AAEF,UAAO;IACL,QAAQ;IACR,KAAK;IACL,QAAQ;IACT;;AAGH,MAAI,IAAI,WAAW,OAAO,EAAE;AAI1B,OAAI,CAAC,QAAQ,KAAK,OAChB,OAAM,IAAI,aAAa,uCAAuC;AAGhE,OAAI,CAAC,QAAQ,IAAI,OAAO,IACtB,OAAM,IAAI,aAAa,kDAAkD;GAG3E,MAAM,YAAY,QAAQ,IAAI,OAAO;GAErC,IAAIC;AACJ,OAAI,UAAU,WAAW,IAAI,CAC3B,UAAS,GAAG,MAAM;YACT,UAAU,WAAW,OAAO,EAAE;IACvC,MAAM,aAAa,SAAS,UAAU;AACtC,QAAI,WAAW,QAAQ,IACrB,OAAM,IAAI,aACR,sDAAsD,WAAW,IAAI,uCAAuC,IAAI,GACjH;AAGH,aAAS;SAET,OAAM,IAAI,aACR,kGACD;AAGH,UAAO;IACL,QAAQ;IACR;IACD;;AAEH,QAAM,IAAI,aAAa,gEAAgE;;CAGzF,AAAQ,mBAAmB,cAA2C;EACpE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,mBAAmB,KAAK,qBAAqB,aAAa;GAC1D,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;CAGH,AAAQ,qBAAqB,cAA4B;AACvD,SAAO,OAAO,QAAgB;GAC5B,MAAM,WAAW,MAAM,iBAAiB,aAAa,OAAO,kBAAkB,OAAO,KAAK,EACxF,SAAS,EACP,QAAQ,8BACT,EACF,CAAC;AAEF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,WACR,yCACE,SAAS,OACV,kCAAkC,IAAI,IAAI,MAAM,SAAS,MAAM,GACjE;AAGH,UAAO,MAAM,SAAS,MAAM;;;;6BA7gBjC,YAAY"}

package/build/modules/sd-jwt-vc/decodeSdJwtVc.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"decodeSdJwtVc.mjs","names":[],"sources":["../../../src/modules/sd-jwt-vc/decodeSdJwtVc.ts"],"sourcesContent":["import ~~type~~ { ~~SdJwtVcHeader~~, ~~SdJwtVcPayload~~ } from '~~./SdJwtVcOptions~~'\nimport ~~type~~ { ~~SdJwtVc~~ } from '~~./SdJwtVcService~~'\nimport ~~type~~ { ~~SdJwtVcTypeMetadata~~ } from '~~./typeMetadata~~'\n\nimport { ~~decodeSdJwtSync~~, ~~getClaimsSync~~ } from '~~@sd-jwt/decode~~'\n\nimport { ~~Hasher~~ } from '~~../../crypto~~'\nimport { ~~ClaimFormat~~ } from '~~../vc/index~~'\n\nexport function sdJwtVcHasher(data: string \| ArrayBufferLike, alg: string) {\n return Hasher.hash(typeof data === 'string' ? data : new Uint8Array(data), alg)\n}\n\nexport function decodeSdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n>(compactSdJwtVc: string, typeMetadata?: SdJwtVcTypeMetadata): SdJwtVc<Header, Payload> {\n // NOTE: we use decodeSdJwtSync so we can make this method sync\n const { jwt, disclosures, kbJwt } = decodeSdJwtSync(compactSdJwtVc, sdJwtVcHasher)\n const prettyClaims = getClaimsSync(jwt.payload, disclosures, sdJwtVcHasher)\n\n return {\n compact: compactSdJwtVc,\n header: jwt.header as Header,\n payload: jwt.payload as Payload,\n prettyClaims: prettyClaims as Payload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n kbJwt: kbJwt\n ? {\n payload: kbJwt.payload as Record<string, unknown>,\n header: kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n ...(typeMetadata && { typeMetadata }),\n }\n}\n"],"mappings":";;;;;;;;;~~AASA~~,SAAgB,cAAc,MAAgC,KAAa;AACzE,QAAO,OAAO,KAAK,OAAO,SAAS,WAAW,OAAO,IAAI,WAAW,KAAK,EAAE,IAAI;;AAGjF,SAAgB,cAGd,gBAAwB,cAA8D;CAEtF,MAAM,EAAE,KAAK,aAAa,UAAU,gBAAgB,gBAAgB,cAAc;CAClF,MAAM,eAAe,cAAc,IAAI,SAAS,aAAa,cAAc;AAE3E,QAAO;EACL,SAAS;EACT,QAAQ,IAAI;EACZ,SAAS,IAAI;EACC;EACd,aAAa,YAAY;EACzB,SAAS;EACT,OAAO,QACH;GACE,SAAS,MAAM;GACf,QAAQ,MAAM;GACf,GACD;EACJ,GAAI,gBAAgB,EAAE,cAAc;EACrC"}
1	+ {"version":3,"file":"decodeSdJwtVc.mjs","names":[],"sources":["../../../src/modules/sd-jwt-vc/decodeSdJwtVc.ts"],"sourcesContent":["import { decodeSdJwtSync, getClaimsSync } from '@sd-jwt/decode'\nimport { Hasher } from '../../crypto'\nimport { ClaimFormat } from '../vc/index'\nimport type { SdJwtVcHeader, SdJwtVcPayload } from './SdJwtVcOptions'\nimport type { SdJwtVc } from './SdJwtVcService'\nimport type { SdJwtVcTypeMetadata } from './typeMetadata'\n\nexport function sdJwtVcHasher(data: string \| ArrayBufferLike, alg: string) {\n return Hasher.hash(typeof data === 'string' ? data : new Uint8Array(data), alg)\n}\n\nexport function decodeSdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n>(compactSdJwtVc: string, typeMetadata?: SdJwtVcTypeMetadata): SdJwtVc<Header, Payload> {\n // NOTE: we use decodeSdJwtSync so we can make this method sync\n const { jwt, disclosures, kbJwt } = decodeSdJwtSync(compactSdJwtVc, sdJwtVcHasher)\n const prettyClaims = getClaimsSync(jwt.payload, disclosures, sdJwtVcHasher)\n\n return {\n compact: compactSdJwtVc,\n header: jwt.header as Header,\n payload: jwt.payload as Payload,\n prettyClaims: prettyClaims as Payload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n kbJwt: kbJwt\n ? {\n payload: kbJwt.payload as Record<string, unknown>,\n header: kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n ...(typeMetadata && { typeMetadata }),\n }\n}\n"],"mappings":";;;;;;;;;AAOA,SAAgB,cAAc,MAAgC,KAAa;AACzE,QAAO,OAAO,KAAK,OAAO,SAAS,WAAW,OAAO,IAAI,WAAW,KAAK,EAAE,IAAI;;AAGjF,SAAgB,cAGd,gBAAwB,cAA8D;CAEtF,MAAM,EAAE,KAAK,aAAa,UAAU,gBAAgB,gBAAgB,cAAc;CAClF,MAAM,eAAe,cAAc,IAAI,SAAS,aAAa,cAAc;AAE3E,QAAO;EACL,SAAS;EACT,QAAQ,IAAI;EACZ,SAAS,IAAI;EACC;EACd,aAAa,YAAY;EACzB,SAAS;EACT,OAAO,QACH;GACE,SAAS,MAAM;GACf,QAAQ,MAAM;GACf,GACD;EACJ,GAAI,gBAAgB,EAAE,cAAc;EACrC"}

package/build/modules/sd-jwt-vc/disclosureFrame.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"disclosureFrame.mjs","names":[],"sources":["../../../src/modules/sd-jwt-vc/disclosureFrame.ts"],"sourcesContent":["import ~~type~~ { ~~JsonObject~~ } from '~~../../types~~'\n\nimport { ~~isObject~~ } from '~~class-validator~~'\n\ntype DisclosureFrame = {\n [key: string]: boolean \| DisclosureFrame\n}\n\nexport function buildDisclosureFrameForPayload(input: JsonObject): DisclosureFrame {\n return Object.fromEntries(\n Object.entries(input).map(([key, value]) => {\n // TODO: Array disclosure frames are not yet supported - treating entire array as disclosed\n if (Array.isArray(value)) {\n return [key, true]\n }\n if (isObject(value)) {\n if (Object.keys.length === 0) return [key, false]\n return [key, buildDisclosureFrameForPayload(value)]\n }\n return [key, true]\n })\n )\n}\n"],"mappings":";;;;;~~AAQA~~,SAAgB,+BAA+B,OAAoC;AACjF,QAAO,OAAO,YACZ,OAAO,QAAQ,MAAM,CAAC,KAAK,CAAC,KAAK,WAAW;AAE1C,MAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,CAAC,KAAK,KAAK;AAEpB,MAAI,SAAS,MAAM,EAAE;AACnB,OAAI,OAAO,KAAK,WAAW,EAAG,QAAO,CAAC,KAAK,MAAM;AACjD,UAAO,CAAC,KAAK,+BAA+B,MAAM,CAAC;;AAErD,SAAO,CAAC,KAAK,KAAK;GAClB,CACH"}
1	+ {"version":3,"file":"disclosureFrame.mjs","names":[],"sources":["../../../src/modules/sd-jwt-vc/disclosureFrame.ts"],"sourcesContent":["import { isObject } from 'class-validator'\nimport type { JsonObject } from '../../types'\n\ntype DisclosureFrame = {\n [key: string]: boolean \| DisclosureFrame\n}\n\nexport function buildDisclosureFrameForPayload(input: JsonObject): DisclosureFrame {\n return Object.fromEntries(\n Object.entries(input).map(([key, value]) => {\n // TODO: Array disclosure frames are not yet supported - treating entire array as disclosed\n if (Array.isArray(value)) {\n return [key, true]\n }\n if (isObject(value)) {\n if (Object.keys.length === 0) return [key, false]\n return [key, buildDisclosureFrameForPayload(value)]\n }\n return [key, true]\n })\n )\n}\n"],"mappings":";;;;;AAOA,SAAgB,+BAA+B,OAAoC;AACjF,QAAO,OAAO,YACZ,OAAO,QAAQ,MAAM,CAAC,KAAK,CAAC,KAAK,WAAW;AAE1C,MAAI,MAAM,QAAQ,MAAM,CACtB,QAAO,CAAC,KAAK,KAAK;AAEpB,MAAI,SAAS,MAAM,EAAE;AACnB,OAAI,OAAO,KAAK,WAAW,EAAG,QAAO,CAAC,KAAK,MAAM;AACjD,UAAO,CAAC,KAAK,+BAA+B,MAAM,CAAC;;AAErD,SAAO,CAAC,KAAK,KAAK;GAClB,CACH"}

package/build/modules/sd-jwt-vc/index.js CHANGED Viewed

@@ -1,9 +1,9 @@
-const require_SdJwtVcError = require('./SdJwtVcError.js');
 const require_SdJwtVcRecord = require('./repository/SdJwtVcRecord.js');
 const require_SdJwtVcRepository = require('./repository/SdJwtVcRepository.js');
 require('./repository/index.js');
+const require_SdJwtVcError = require('./SdJwtVcError.js');
 const require_SdJwtVcService = require('./SdJwtVcService.js');
 const require_SdJwtVcApi = require('./SdJwtVcApi.js');
 const require_SdJwtVcModule = require('./SdJwtVcModule.js');

package/build/modules/sd-jwt-vc/index.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
-import { SdJwtVcError } from "./SdJwtVcError.mjs";
 import { SdJwtVcRecord } from "./repository/SdJwtVcRecord.mjs";
 import { SdJwtVcRepository } from "./repository/SdJwtVcRepository.mjs";
 import "./repository/index.mjs";
+import { SdJwtVcError } from "./SdJwtVcError.mjs";
 import { SdJwtVcService } from "./SdJwtVcService.mjs";
 import { SdJwtVcApi } from "./SdJwtVcApi.mjs";
 import { SdJwtVcModule } from "./SdJwtVcModule.mjs";

package/build/modules/sd-jwt-vc/repository/SdJwtVcRecord.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { KnownJwaSignatureAlgorithm } from "../../kms/jwk/jwa.mjs";
 import { BaseRecord, TagsBase } from "../../../storage/BaseRecord.mjs";
+import { KnownJwaSignatureAlgorithm } from "../../kms/jwk/jwa.mjs";
 import { SdJwtVcTypeMetadata } from "../typeMetadata.mjs";
 import { SdJwtVc } from "../SdJwtVcService.mjs";

package/build/modules/sd-jwt-vc/repository/SdJwtVcRecord.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SdJwtVcRecord.d.mts","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":[],"mappings":";;;;;;~~KAcY~~,wBAAA;;;AAAZ;AAcA;EAAqC,KAAA,EAAA,MAAA;;;;EAMD,GAAA,EAT7B,0BAS6B;AAGpC,CAAA;AAA2B,KATf,yBAAA,GASe;KAAmB,EAAA,MAAA;WAOtB,CAAA,EAdV,IAcU;MAEI,CAAA,EAfnB,QAemB;gBAYJ,EAAA,MAAA;cAyBG,CAAA,EAjDV,mBAiDU;;AA9CkB,cAAhC,aAAA,SAAsB,UAAU,CAAC,wBAAD,CAAA,CAAA;;;;iBAOrB;qBAEI;iBAYJ;;;;;;;;;;oBAyBG"}
1	+ {"version":3,"file":"SdJwtVcRecord.d.mts","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":[],"mappings":";;;;;;KAYY,wBAAA;;;AAAZ;AAcA;EAAqC,KAAA,EAAA,MAAA;;;;EAMD,GAAA,EAT7B,0BAS6B;AAGpC,CAAA;AAA2B,KATf,yBAAA,GASe;KAAmB,EAAA,MAAA;WAOtB,CAAA,EAdV,IAcU;MAEI,CAAA,EAfnB,QAemB;gBAYJ,EAAA,MAAA;cAyBG,CAAA,EAjDV,mBAiDU;;AA9CkB,cAAhC,aAAA,SAAsB,UAAU,CAAC,wBAAD,CAAA,CAAA;;;;iBAOrB;qBAEI;iBAYJ;;;;;;;;;;oBAyBG"}

package/build/modules/sd-jwt-vc/repository/SdJwtVcRecord.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { KnownJwaSignatureAlgorithm } from "../../kms/jwk/jwa.js";
 import { BaseRecord, TagsBase } from "../../../storage/BaseRecord.js";
+import { KnownJwaSignatureAlgorithm } from "../../kms/jwk/jwa.js";
 import { SdJwtVcTypeMetadata } from "../typeMetadata.js";
 import { SdJwtVc } from "../SdJwtVcService.js";

package/build/modules/sd-jwt-vc/repository/SdJwtVcRecord.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SdJwtVcRecord.d.ts","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":[],"mappings":";;;;;;~~KAcY~~,wBAAA;EAAA,GAAA,EAAA,MAAA;EAcA;;;OAGH,EAAA,MAAA;;;AAMT;EAA2B,GAAA,EAZpB,0BAYoB;;AAOH,KAhBZ,yBAAA,GAgBY;KAEI,EAAA,MAAA;WAYJ,CAAA,EA5BV,IA4BU;MAyBG,CAAA,EApDlB,QAoDkB;gBA9CQ,EAAA,MAAA;EAAU,YAAA,CAAA,EAH5B,mBAG4B;;cAAhC,aAAA,SAAsB,WAAW;;;;iBAOtB;qBAEI;iBAYJ;;;;;;;;;;oBAyBG"}
1	+ {"version":3,"file":"SdJwtVcRecord.d.ts","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":[],"mappings":";;;;;;KAYY,wBAAA;EAAA,GAAA,EAAA,MAAA;EAcA;;;OAGH,EAAA,MAAA;;;AAMT;EAA2B,GAAA,EAZpB,0BAYoB;;AAOH,KAhBZ,yBAAA,GAgBY;KAEI,EAAA,MAAA;WAYJ,CAAA,EA5BV,IA4BU;MAyBG,CAAA,EApDlB,QAoDkB;gBA9CQ,EAAA,MAAA;EAAU,YAAA,CAAA,EAH5B,mBAG4B;;cAAhC,aAAA,SAAsB,WAAW;;;;iBAOtB;qBAEI;iBAYJ;;;;;;;;;;oBAyBG"}

package/build/modules/sd-jwt-vc/repository/SdJwtVcRecord.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SdJwtVcRecord.mjs","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":["import ~~type~~ { ~~TagsBase~~ } from '~~../../../storage~~/~~BaseRecord~~'\nimport ~~type~~ { ~~Constructable~~ } from '../../../~~utils/mixins~~'\nimport type { ~~SdJwtVc~~ } from '~~../SdJwtVcService~~'\nimport ~~type~~ { ~~SdJwtVcTypeMetadata~~ } from '~~../typeMetadata~~'\n\nimport { ~~decodeSdJwtSync~~ } from '~~@sd-jwt/decode~~'\n\nimport { ~~Hasher~~ } from '../../../~~crypto~~'\nimport { ~~BaseRecord~~ } from '../../../~~storage~~/~~BaseRecord~~'\nimport { ~~JsonTransformer~~ } from '~~../../../utils~~'\nimport { ~~uuid~~ } from '~~../../../utils/uuid~~'\nimport type { ~~KnownJwaSignatureAlgorithm~~ } from '~~../../kms~~'\nimport { ~~decodeSdJwtVc~~ } from '../~~decodeSdJwtVc~~'\n\nexport type DefaultSdJwtVcRecordTags = {\n vct: string\n\n /*\n The sdAlg is the alg used for creating digests for selective disclosures\n /\n sdAlg: string\n\n /\n The alg is the alg used to sign the SD-JWT\n /\n alg: KnownJwaSignatureAlgorithm\n}\n\nexport type SdJwtVcRecordStorageProps = {\n id?: string\n createdAt?: Date\n tags?: TagsBase\n compactSdJwtVc: string\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport class SdJwtVcRecord extends BaseRecord<DefaultSdJwtVcRecordTags> {\n public static readonly type = 'SdJwtVcRecord'\n public readonly type = SdJwtVcRecord.type\n\n // We store the sdJwtVc in compact format.\n public compactSdJwtVc!: string\n\n public typeMetadata?: SdJwtVcTypeMetadata\n\n public constructor(props: SdJwtVcRecordStorageProps) {\n super()\n\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this.compactSdJwtVc = props.compactSdJwtVc\n this.typeMetadata = props.typeMetadata\n this._tags = props.tags ?? {}\n }\n }\n\n public get sdJwtVc(): SdJwtVc {\n return decodeSdJwtVc(this.compactSdJwtVc, this.typeMetadata)\n }\n\n public getTags() {\n const sdjwt = decodeSdJwtSync(this.compactSdJwtVc, Hasher.hash)\n const vct = sdjwt.jwt.payload.vct as string\n const sdAlg = sdjwt.jwt.payload._sd_alg as string \| undefined\n const alg = sdjwt.jwt.header.alg as KnownJwaSignatureAlgorithm\n\n return {\n ...this._tags,\n vct,\n sdAlg: sdAlg ?? 'sha-256',\n alg,\n }\n }\n\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n credential is convenience method added to all credential records\n /\n public get credential(): SdJwtVc {\n return decodeSdJwtVc(this.compactSdJwtVc, this.typeMetadata)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded(): string {\n return this.compactSdJwtVc\n }\n}\n"],"mappings":";;;;;;;;;;;;~~AAqCA~~,IAAa,gBAAb,MAAa,sBAAsB,WAAqC;CAStE,AAAO,YAAY,OAAkC;AACnD,SAAO;OARO,OAAO,cAAc;AAUnC,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,iBAAiB,MAAM;AAC5B,QAAK,eAAe,MAAM;AAC1B,QAAK,QAAQ,MAAM,QAAQ,EAAE;;;CAIjC,IAAW,UAAmB;AAC5B,SAAO,cAAc,KAAK,gBAAgB,KAAK,aAAa;;CAG9D,AAAO,UAAU;EACf,MAAM,QAAQ,gBAAgB,KAAK,gBAAgB,OAAO,KAAK;EAC/D,MAAM,MAAM,MAAM,IAAI,QAAQ;EAC9B,MAAM,QAAQ,MAAM,IAAI,QAAQ;EAChC,MAAM,MAAM,MAAM,IAAI,OAAO;AAE7B,SAAO;GACL,GAAG,KAAK;GACR;GACA,OAAO,SAAS;GAChB;GACD;;CAGH,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,aAAsB;AAC/B,SAAO,cAAc,KAAK,gBAAgB,KAAK,aAAa;;;;;CAM9D,IAAW,UAAkB;AAC3B,SAAO,KAAK;;;cArDS,OAAO"}
1	+ {"version":3,"file":"SdJwtVcRecord.mjs","names":[],"sources":["../../../../src/modules/sd-jwt-vc/repository/SdJwtVcRecord.ts"],"sourcesContent":["import { decodeSdJwtSync } from '@sd-jwt/decode'\nimport { Hasher } from '../../../crypto'\nimport type { TagsBase } from '../../../storage/BaseRecord'\nimport { BaseRecord } from '../../../storage/BaseRecord'\nimport { JsonTransformer } from '../../../utils'\nimport type { Constructable } from '../../../utils/mixins'\nimport { uuid } from '../../../utils/uuid'\nimport type { KnownJwaSignatureAlgorithm } from '../../kms'\nimport { decodeSdJwtVc } from '../decodeSdJwtVc'\nimport type { SdJwtVc } from '../SdJwtVcService'\nimport type { SdJwtVcTypeMetadata } from '../typeMetadata'\n\nexport type DefaultSdJwtVcRecordTags = {\n vct: string\n\n /*\n The sdAlg is the alg used for creating digests for selective disclosures\n /\n sdAlg: string\n\n /\n The alg is the alg used to sign the SD-JWT\n /\n alg: KnownJwaSignatureAlgorithm\n}\n\nexport type SdJwtVcRecordStorageProps = {\n id?: string\n createdAt?: Date\n tags?: TagsBase\n compactSdJwtVc: string\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport class SdJwtVcRecord extends BaseRecord<DefaultSdJwtVcRecordTags> {\n public static readonly type = 'SdJwtVcRecord'\n public readonly type = SdJwtVcRecord.type\n\n // We store the sdJwtVc in compact format.\n public compactSdJwtVc!: string\n\n public typeMetadata?: SdJwtVcTypeMetadata\n\n public constructor(props: SdJwtVcRecordStorageProps) {\n super()\n\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this.compactSdJwtVc = props.compactSdJwtVc\n this.typeMetadata = props.typeMetadata\n this._tags = props.tags ?? {}\n }\n }\n\n public get sdJwtVc(): SdJwtVc {\n return decodeSdJwtVc(this.compactSdJwtVc, this.typeMetadata)\n }\n\n public getTags() {\n const sdjwt = decodeSdJwtSync(this.compactSdJwtVc, Hasher.hash)\n const vct = sdjwt.jwt.payload.vct as string\n const sdAlg = sdjwt.jwt.payload._sd_alg as string \| undefined\n const alg = sdjwt.jwt.header.alg as KnownJwaSignatureAlgorithm\n\n return {\n ...this._tags,\n vct,\n sdAlg: sdAlg ?? 'sha-256',\n alg,\n }\n }\n\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n credential is convenience method added to all credential records\n /\n public get credential(): SdJwtVc {\n return decodeSdJwtVc(this.compactSdJwtVc, this.typeMetadata)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded(): string {\n return this.compactSdJwtVc\n }\n}\n"],"mappings":";;;;;;;;;;;;AAmCA,IAAa,gBAAb,MAAa,sBAAsB,WAAqC;CAStE,AAAO,YAAY,OAAkC;AACnD,SAAO;OARO,OAAO,cAAc;AAUnC,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,iBAAiB,MAAM;AAC5B,QAAK,eAAe,MAAM;AAC1B,QAAK,QAAQ,MAAM,QAAQ,EAAE;;;CAIjC,IAAW,UAAmB;AAC5B,SAAO,cAAc,KAAK,gBAAgB,KAAK,aAAa;;CAG9D,AAAO,UAAU;EACf,MAAM,QAAQ,gBAAgB,KAAK,gBAAgB,OAAO,KAAK;EAC/D,MAAM,MAAM,MAAM,IAAI,QAAQ;EAC9B,MAAM,QAAQ,MAAM,IAAI,QAAQ;EAChC,MAAM,MAAM,MAAM,IAAI,OAAO;AAE7B,SAAO;GACL,GAAG,KAAK;GACR;GACA,OAAO,SAAS;GAChB;GACD;;CAGH,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,aAAsB;AAC/B,SAAO,cAAc,KAAK,gBAAgB,KAAK,aAAa;;;;;CAM9D,IAAW,UAAkB;AAC3B,SAAO,KAAK;;;cArDS,OAAO"}

package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { StorageService } from "../../../storage/StorageService.mjs";
+import { SdJwtVcRecord } from "./SdJwtVcRecord.mjs";
 import { EventEmitter } from "../../../agent/EventEmitter.mjs";
 import { Repository } from "../../../storage/Repository.mjs";
-import { SdJwtVcRecord } from "./SdJwtVcRecord.mjs";
 //#region src/modules/sd-jwt-vc/repository/SdJwtVcRepository.d.ts
 declare class SdJwtVcRepository extends Repository<SdJwtVcRecord> {

package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { StorageService } from "../../../storage/StorageService.js";
+import { SdJwtVcRecord } from "./SdJwtVcRecord.js";
 import { EventEmitter } from "../../../agent/EventEmitter.js";
 import { Repository } from "../../../storage/Repository.js";
-import { SdJwtVcRecord } from "./SdJwtVcRecord.js";
 //#region src/modules/sd-jwt-vc/repository/SdJwtVcRepository.d.ts
 declare class SdJwtVcRepository extends Repository<SdJwtVcRecord> {

package/build/modules/sd-jwt-vc/utils.js CHANGED Viewed

@@ -8,8 +8,8 @@ require('../../utils/index.js');
 const require_PublicJwk = require('../kms/jwk/PublicJwk.js');
 const require_KeyManagementApi = require('../kms/KeyManagementApi.js');
 require('../kms/index.js');
-const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 const require_parse = require('../dids/domain/parse.js');
+const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 const require_DidResolverService = require('../dids/services/DidResolverService.js');
 const require_DidsApi = require('../dids/DidsApi.js');
 require('../dids/index.js');