@credo-ts/core 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

package/build/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.d.ts

@@ -1,3 +1,4 @@
+import { AnyUint8Array } from "../../../../../types.js";
 import { DocumentLoader, JsonLdDoc, Proof, VerificationMethod } from "../../jsonldUtil.js";
 import { JwsLinkedDataSignature, JwsLinkedDataSignatureOptions } from "../JwsLinkedDataSignature.js";
 
@@ -87,7 +88,7 @@ declare class Ed25519Signature2020 extends JwsLinkedDataSignature {
    * @returns The proof containing the signature value.
    */
   sign(options: {
-    verifyData: Uint8Array;
+    verifyData: AnyUint8Array;
     proof: Proof;
   }): Promise<Proof>;
   /**
@@ -99,7 +100,7 @@ declare class Ed25519Signature2020 extends JwsLinkedDataSignature {
    * @returns Resolves with the verification result.
    */
   verifySignature(options: {
-    verifyData: Uint8Array;
+    verifyData: AnyUint8Array;
     verificationMethod: VerificationMethod;
     proof: Proof;
   }): Promise<any>;

package/build/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Ed25519Signature2020.d.ts","names":[],"sources":["../../../../../../src/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.ts"],"sourcesContent":[],"mappings":";;;;KAYK,2BAAA,GAA8B,KACjC;AADG,cAKQ,oBAAA,SAA6B,sBAAA,CALV;EAAA,OAAA,WAAA,EAAA,MAAA;SAC9B,OAAA,EAAA,GAAA;;;AAIF;;;;;;;;;;;;;;;;;;;;;;;;;uBA+B8B;qCAcoB,YAAS;;WA2BJ;qBAAwB;MAAgB;;;;;;;;;;;;;cAsC9C;;;;;;;;;;;;;;;;;;;;;WA0BtC;cACG;;qBAGO;MAClB;;;;;;;;;;;gBAqBwC;WAAmB;MAAO,QAAA;;;;;;;;;;gBAqBrD;wBACQ;WACb;MACR"}
+{"version":3,"file":"Ed25519Signature2020.d.ts","names":[],"sources":["../../../../../../src/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.ts"],"sourcesContent":[],"mappings":";;;;;KAYK,2BAAA,GAA8B,KACjC;AADG,cAKQ,oBAAA,SAA6B,sBAAA,CALV;EAAA,OAAA,WAAA,EAAA,MAAA;SAC9B,OAAA,EAAA,GAAA;;;AAIF;;;;;;;;;;;;;;;;;;;;;;;;;uBA+B8B;qCAcoB,YAAS;;WA2BJ;qBAAwB;MAAgB;;;;;;;;;;;;;cAsC9C;;;;;;;;;;;;;;;;;;;;;WA0BtC;cACG;;qBAGO;MAClB;;;;;;;;;;;gBAqBwC;WAAsB;MAAO,QAAA;;;;;;;;;;gBAqBxD;wBACQ;WACb;MACR"}

package/build/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"Ed25519Signature2020.mjs","names":["jsonld"],"sources":["../../../../../../src/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.ts"],"sourcesContent":["import { MultiBaseEncoder, TypedArrayEncoder } from '../../../../../utils'\nimport { CREDENTIALS_CONTEXT_V1_URL, SECURITY_CONTEXT_URL } from '../../../constants'\nimport type { DocumentLoader, JsonLdDoc, Proof, VerificationMethod } from '../../jsonldUtil'\nimport { _includesContext } from '../../jsonldUtil'\nimport jsonld from '../../libraries/jsonld'\nimport type { JwsLinkedDataSignatureOptions } from '../JwsLinkedDataSignature'\nimport { JwsLinkedDataSignature } from '../JwsLinkedDataSignature'\n\nimport { Ed25519PublicJwk, PublicJwk } from '../../../../kms'\nimport { ED25519_SUITE_CONTEXT_URL_2020 } from './constants'\nimport { ed25519Signature2020Context } from './context2020'\n\ntype Ed25519Signature2020Options = Pick<\n  JwsLinkedDataSignatureOptions,\n  'key' | 'proof' | 'date' | 'useNativeCanonize' | 'LDKeyClass'\n>\n\nexport class Ed25519Signature2020 extends JwsLinkedDataSignature {\n  public static CONTEXT_URL = ED25519_SUITE_CONTEXT_URL_2020\n  public static CONTEXT = ed25519Signature2020Context.get(ED25519_SUITE_CONTEXT_URL_2020)\n\n  /**\n   * @param {object} options - Options hashmap.\n   *\n   * Either a `key` OR at least one of `signer`/`verifier` is required.\n   *\n   * @param {object} [options.key] - An optional key object (containing an\n   *   `id` property, and either `signer` or `verifier`, depending on the\n   *   intended operation. Useful for when the application is managing keys\n   *   itself (when using a KMS, you never have access to the private key,\n   *   and so should use the `signer` param instead).\n   * @param {Function} [options.signer] - Signer function that returns an\n   *   object with an async sign() method. This is useful when interfacing\n   *   with a KMS (since you don't get access to the private key and its\n   *   `signer()`, the KMS client gives you only the signer function to use).\n   * @param {Function} [options.verifier] - Verifier function that returns\n   *   an object with an async `verify()` method. Useful when working with a\n   *   KMS-provided verifier function.\n   *\n   * Advanced optional parameters and overrides.\n   *\n   * @param {object} [options.proof] - A JSON-LD document with options to use\n   *   for the `proof` node. Any other custom fields can be provided here\n   *   using a context different from security-v2).\n   * @param {string|Date} [options.date] - Signing date to use if not passed.\n   * @param {boolean} [options.useNativeCanonize] - Whether to use a native\n   *   canonize algorithm.\n   */\n  public constructor(options: Ed25519Signature2020Options) {\n    super({\n      type: 'Ed25519Signature2020',\n      algorithm: 'EdDSA',\n      LDKeyClass: options.LDKeyClass,\n      contextUrl: ED25519_SUITE_CONTEXT_URL_2020,\n      key: options.key,\n      proof: options.proof,\n      date: options.date,\n      useNativeCanonize: options.useNativeCanonize,\n    })\n    this.requiredKeyType = 'Ed25519VerificationKey2020'\n  }\n\n  public async assertVerificationMethod(document: JsonLdDoc) {\n    if (!_includesCompatibleContext({ document: document })) {\n      // For DID Documents, since keys do not have their own contexts,\n      // the suite context is usually provided by the documentLoader logic\n      throw new TypeError(\n        `The '@context' of the verification method (key) MUST contain the context url \"${this.contextUrl}\".`\n      )\n    }\n\n    if (!_isEd2020Key(document)) {\n      const verificationMethodType = jsonld.getValues(document, 'type')[0]\n      throw new Error(\n        `Unsupported verification method type '${verificationMethodType}'. Verification method type MUST be 'Ed25519VerificationKey2020'.`\n      )\n    }\n    if (_isEd2020Key(document) && !_includesEd2020Context(document)) {\n      throw new Error(\n        `For verification method type 'Ed25519VerificationKey2020' the '@context' MUST contain the context url \"${ED25519_SUITE_CONTEXT_URL_2020}\".`\n      )\n    }\n\n    // ensure verification method has not been revoked\n    if (document.revoked !== undefined) {\n      throw new Error('The verification method has been revoked.')\n    }\n  }\n\n  public async getVerificationMethod(options: { proof: Proof; documentLoader?: DocumentLoader }) {\n    let verificationMethod = await super.getVerificationMethod({\n      proof: options.proof,\n      documentLoader: options.documentLoader,\n    })\n\n    // convert Ed25519VerificationKey2020 to Ed25519VerificationKey2018\n    if (_isEd2020Key(verificationMethod) && _includesEd2020Context(verificationMethod)) {\n      // -- convert multibase to base58 --\n      const publicJwk = PublicJwk.fromFingerprint(verificationMethod.publicKeyMultibase)\n      if (!publicJwk.is(Ed25519PublicJwk)) {\n        throw new Error('Expected multibase key to be of type Ed25519.')\n      }\n\n      // -- update type\n      verificationMethod.type = 'Ed25519VerificationKey2018'\n\n      verificationMethod = {\n        ...verificationMethod,\n        publicKeyMultibase: undefined,\n        publicKeyBase58: TypedArrayEncoder.toBase58(publicJwk.publicKey.publicKey),\n      }\n    }\n\n    return verificationMethod\n  }\n\n  /**\n   * Ensures the document to be signed contains the required signature suite\n   * specific `@context`, by either adding it (if `addSuiteContext` is true),\n   * or throwing an error if it's missing.\n   *\n   * @override\n   *\n   * @param {object} options - Options hashmap.\n   * @param {object} options.document - JSON-LD document to be signed.\n   * @param {boolean} options.addSuiteContext - Add suite context?\n   */\n  public ensureSuiteContext(options: { document: JsonLdDoc; addSuiteContext: boolean }) {\n    if (_includesCompatibleContext({ document: options.document })) {\n      return\n    }\n\n    super.ensureSuiteContext({ document: options.document, addSuiteContext: options.addSuiteContext })\n  }\n\n  /**\n   * Checks whether a given proof exists in the document.\n   *\n   * @override\n   *\n   * @param {object} options - Options hashmap.\n   * @param {object} options.proof - A proof.\n   * @param {object} options.document - A JSON-LD document.\n   * @param {object} options.purpose - A jsonld-signatures ProofPurpose\n   *  instance (e.g. AssertionProofPurpose, AuthenticationProofPurpose, etc).\n   * @param {Function} options.documentLoader  - A secure document loader (it is\n   *   recommended to use one that provides static known documents, instead of\n   *   fetching from the web) for returning contexts, controller documents,\n   *   keys, and other relevant URLs needed for the proof.\n   *\n   * @returns {Promise<boolean>} Whether a match for the proof was found.\n   */\n  public async matchProof(options: {\n    proof: Proof\n    document: VerificationMethod\n    // biome-ignore lint/suspicious/noExplicitAny: <explanation>\n    purpose: any\n    documentLoader?: DocumentLoader\n  }) {\n    if (!_includesCompatibleContext({ document: options.document })) {\n      return false\n    }\n    return super.matchProof({\n      proof: options.proof,\n      document: options.document,\n      purpose: options.purpose,\n      documentLoader: options.documentLoader,\n    })\n  }\n\n  /**\n   * @param options - Options hashmap.\n   * @param options.verifyData - The data to sign.\n   * @param options.proof - A JSON-LD document with options to use\n   *   for the `proof` node. Any other custom fields can be provided here\n   *   using a context different from `security-v2`.\n   *\n   * @returns The proof containing the signature value.\n   */\n  public async sign(options: { verifyData: Uint8Array; proof: Proof }) {\n    if (!(this.signer && typeof this.signer.sign === 'function')) {\n      throw new Error('A signer API has not been specified.')\n    }\n    const signature = await this.signer.sign({ data: options.verifyData })\n    const encodedSignature = MultiBaseEncoder.encode(signature, 'base58btc')\n\n    // create detached content signature\n    options.proof.proofValue = encodedSignature\n    return options.proof\n  }\n\n  /**\n   * @param options - Options hashmap.\n   * @param options.verifyData - The data to verify.\n   * @param options.verificationMethod - A verification method.\n   * @param options.proof - The proof to be verified.\n   *\n   * @returns Resolves with the verification result.\n   */\n  public async verifySignature(options: {\n    verifyData: Uint8Array\n    verificationMethod: VerificationMethod\n    proof: Proof\n  }) {\n    if (!(options.proof.proofValue && typeof options.proof.proofValue === 'string')) {\n      throw new TypeError('The proof does not include a valid \"proofValue\" property.')\n    }\n    const signature = MultiBaseEncoder.decode(options.proof.proofValue).data\n\n    let { verifier } = this\n    if (!verifier) {\n      const key = await this.LDKeyClass.from(options.verificationMethod)\n      verifier = key.verifier()\n    }\n    return verifier.verify({ data: options.verifyData, signature })\n  }\n}\n\nfunction _includesCompatibleContext(options: { document: JsonLdDoc }) {\n  // Handle the unfortunate Ed25519Signature2018 / credentials/v1 collision\n  const hasEd2020 = _includesContext({\n    document: options.document,\n    contextUrl: ED25519_SUITE_CONTEXT_URL_2020,\n  })\n  const hasCred = _includesContext({ document: options.document, contextUrl: CREDENTIALS_CONTEXT_V1_URL })\n  const hasSecV2 = _includesContext({ document: options.document, contextUrl: SECURITY_CONTEXT_URL })\n\n  // Either one by itself is fine, for this suite\n  return hasEd2020 || hasCred || hasSecV2\n}\n\nfunction _isEd2020Key(verificationMethod: JsonLdDoc) {\n  // @ts-ignore - .hasValue is not part of the public API\n  return jsonld.hasValue(verificationMethod, 'type', 'Ed25519VerificationKey2020')\n}\n\nfunction _includesEd2020Context(document: JsonLdDoc) {\n  return _includesContext({ document, contextUrl: ED25519_SUITE_CONTEXT_URL_2020 })\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAiBA,IAAa,uBAAb,cAA0C,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+B/D,AAAO,YAAY,SAAsC;AACvD,QAAM;GACJ,MAAM;GACN,WAAW;GACX,YAAY,QAAQ;GACpB,YAAY;GACZ,KAAK,QAAQ;GACb,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,mBAAmB,QAAQ;GAC5B,CAAC;AACF,OAAK,kBAAkB;;CAGzB,MAAa,yBAAyB,UAAqB;AACzD,MAAI,CAAC,2BAA2B,EAAY,UAAU,CAAC,CAGrD,OAAM,IAAI,UACR,iFAAiF,KAAK,WAAW,IAClG;AAGH,MAAI,CAAC,aAAa,SAAS,EAAE;GAC3B,MAAM,yBAAyBA,eAAO,UAAU,UAAU,OAAO,CAAC;AAClE,SAAM,IAAI,MACR,yCAAyC,uBAAuB,mEACjE;;AAEH,MAAI,aAAa,SAAS,IAAI,CAAC,uBAAuB,SAAS,CAC7D,OAAM,IAAI,MACR,0GAA0G,+BAA+B,IAC1I;AAIH,MAAI,SAAS,YAAY,OACvB,OAAM,IAAI,MAAM,4CAA4C;;CAIhE,MAAa,sBAAsB,SAA4D;EAC7F,IAAI,qBAAqB,MAAM,MAAM,sBAAsB;GACzD,OAAO,QAAQ;GACf,gBAAgB,QAAQ;GACzB,CAAC;AAGF,MAAI,aAAa,mBAAmB,IAAI,uBAAuB,mBAAmB,EAAE;GAElF,MAAM,YAAY,UAAU,gBAAgB,mBAAmB,mBAAmB;AAClF,OAAI,CAAC,UAAU,GAAG,iBAAiB,CACjC,OAAM,IAAI,MAAM,gDAAgD;AAIlE,sBAAmB,OAAO;AAE1B,wBAAqB;IACnB,GAAG;IACH,oBAAoB;IACpB,iBAAiB,kBAAkB,SAAS,UAAU,UAAU,UAAU;IAC3E;;AAGH,SAAO;;;;;;;;;;;;;CAcT,AAAO,mBAAmB,SAA4D;AACpF,MAAI,2BAA2B,EAAE,UAAU,QAAQ,UAAU,CAAC,CAC5D;AAGF,QAAM,mBAAmB;GAAE,UAAU,QAAQ;GAAU,iBAAiB,QAAQ;GAAiB,CAAC;;;;;;;;;;;;;;;;;;;CAoBpG,MAAa,WAAW,SAMrB;AACD,MAAI,CAAC,2BAA2B,EAAE,UAAU,QAAQ,UAAU,CAAC,CAC7D,QAAO;AAET,SAAO,MAAM,WAAW;GACtB,OAAO,QAAQ;GACf,UAAU,QAAQ;GAClB,SAAS,QAAQ;GACjB,gBAAgB,QAAQ;GACzB,CAAC;;;;;;;;;;;CAYJ,MAAa,KAAK,SAAmD;AACnE,MAAI,EAAE,KAAK,UAAU,OAAO,KAAK,OAAO,SAAS,YAC/C,OAAM,IAAI,MAAM,uCAAuC;EAEzD,MAAM,YAAY,MAAM,KAAK,OAAO,KAAK,EAAE,MAAM,QAAQ,YAAY,CAAC;EACtE,MAAM,mBAAmB,iBAAiB,OAAO,WAAW,YAAY;AAGxE,UAAQ,MAAM,aAAa;AAC3B,SAAO,QAAQ;;;;;;;;;;CAWjB,MAAa,gBAAgB,SAI1B;AACD,MAAI,EAAE,QAAQ,MAAM,cAAc,OAAO,QAAQ,MAAM,eAAe,UACpE,OAAM,IAAI,UAAU,8DAA4D;EAElF,MAAM,YAAY,iBAAiB,OAAO,QAAQ,MAAM,WAAW,CAAC;EAEpE,IAAI,EAAE,aAAa;AACnB,MAAI,CAAC,SAEH,aADY,MAAM,KAAK,WAAW,KAAK,QAAQ,mBAAmB,EACnD,UAAU;AAE3B,SAAO,SAAS,OAAO;GAAE,MAAM,QAAQ;GAAY;GAAW,CAAC;;;qBApMnD,cAAc;qBACd,UAAU,4BAA4B,IAAI,+BAA+B;AAuMzF,SAAS,2BAA2B,SAAkC;CAEpE,MAAM,YAAY,iBAAiB;EACjC,UAAU,QAAQ;EAClB,YAAY;EACb,CAAC;CACF,MAAM,UAAU,iBAAiB;EAAE,UAAU,QAAQ;EAAU,YAAY;EAA4B,CAAC;CACxG,MAAM,WAAW,iBAAiB;EAAE,UAAU,QAAQ;EAAU,YAAY;EAAsB,CAAC;AAGnG,QAAO,aAAa,WAAW;;AAGjC,SAAS,aAAa,oBAA+B;AAEnD,QAAOA,eAAO,SAAS,oBAAoB,QAAQ,6BAA6B;;AAGlF,SAAS,uBAAuB,UAAqB;AACnD,QAAO,iBAAiB;EAAE;EAAU,YAAY;EAAgC,CAAC"}
+{"version":3,"file":"Ed25519Signature2020.mjs","names":["jsonld"],"sources":["../../../../../../src/modules/vc/data-integrity/signature-suites/ed25519/Ed25519Signature2020.ts"],"sourcesContent":["import type { AnyUint8Array } from '../../../../../types'\nimport { MultiBaseEncoder, TypedArrayEncoder } from '../../../../../utils'\nimport { Ed25519PublicJwk, PublicJwk } from '../../../../kms'\nimport { CREDENTIALS_CONTEXT_V1_URL, SECURITY_CONTEXT_URL } from '../../../constants'\nimport type { DocumentLoader, JsonLdDoc, Proof, VerificationMethod } from '../../jsonldUtil'\nimport { _includesContext } from '../../jsonldUtil'\nimport jsonld from '../../libraries/jsonld'\nimport type { JwsLinkedDataSignatureOptions } from '../JwsLinkedDataSignature'\nimport { JwsLinkedDataSignature } from '../JwsLinkedDataSignature'\nimport { ED25519_SUITE_CONTEXT_URL_2020 } from './constants'\nimport { ed25519Signature2020Context } from './context2020'\n\ntype Ed25519Signature2020Options = Pick<\n  JwsLinkedDataSignatureOptions,\n  'key' | 'proof' | 'date' | 'useNativeCanonize' | 'LDKeyClass'\n>\n\nexport class Ed25519Signature2020 extends JwsLinkedDataSignature {\n  public static CONTEXT_URL = ED25519_SUITE_CONTEXT_URL_2020\n  public static CONTEXT = ed25519Signature2020Context.get(ED25519_SUITE_CONTEXT_URL_2020)\n\n  /**\n   * @param {object} options - Options hashmap.\n   *\n   * Either a `key` OR at least one of `signer`/`verifier` is required.\n   *\n   * @param {object} [options.key] - An optional key object (containing an\n   *   `id` property, and either `signer` or `verifier`, depending on the\n   *   intended operation. Useful for when the application is managing keys\n   *   itself (when using a KMS, you never have access to the private key,\n   *   and so should use the `signer` param instead).\n   * @param {Function} [options.signer] - Signer function that returns an\n   *   object with an async sign() method. This is useful when interfacing\n   *   with a KMS (since you don't get access to the private key and its\n   *   `signer()`, the KMS client gives you only the signer function to use).\n   * @param {Function} [options.verifier] - Verifier function that returns\n   *   an object with an async `verify()` method. Useful when working with a\n   *   KMS-provided verifier function.\n   *\n   * Advanced optional parameters and overrides.\n   *\n   * @param {object} [options.proof] - A JSON-LD document with options to use\n   *   for the `proof` node. Any other custom fields can be provided here\n   *   using a context different from security-v2).\n   * @param {string|Date} [options.date] - Signing date to use if not passed.\n   * @param {boolean} [options.useNativeCanonize] - Whether to use a native\n   *   canonize algorithm.\n   */\n  public constructor(options: Ed25519Signature2020Options) {\n    super({\n      type: 'Ed25519Signature2020',\n      algorithm: 'EdDSA',\n      LDKeyClass: options.LDKeyClass,\n      contextUrl: ED25519_SUITE_CONTEXT_URL_2020,\n      key: options.key,\n      proof: options.proof,\n      date: options.date,\n      useNativeCanonize: options.useNativeCanonize,\n    })\n    this.requiredKeyType = 'Ed25519VerificationKey2020'\n  }\n\n  public async assertVerificationMethod(document: JsonLdDoc) {\n    if (!_includesCompatibleContext({ document: document })) {\n      // For DID Documents, since keys do not have their own contexts,\n      // the suite context is usually provided by the documentLoader logic\n      throw new TypeError(\n        `The '@context' of the verification method (key) MUST contain the context url \"${this.contextUrl}\".`\n      )\n    }\n\n    if (!_isEd2020Key(document)) {\n      const verificationMethodType = jsonld.getValues(document, 'type')[0]\n      throw new Error(\n        `Unsupported verification method type '${verificationMethodType}'. Verification method type MUST be 'Ed25519VerificationKey2020'.`\n      )\n    }\n    if (_isEd2020Key(document) && !_includesEd2020Context(document)) {\n      throw new Error(\n        `For verification method type 'Ed25519VerificationKey2020' the '@context' MUST contain the context url \"${ED25519_SUITE_CONTEXT_URL_2020}\".`\n      )\n    }\n\n    // ensure verification method has not been revoked\n    if (document.revoked !== undefined) {\n      throw new Error('The verification method has been revoked.')\n    }\n  }\n\n  public async getVerificationMethod(options: { proof: Proof; documentLoader?: DocumentLoader }) {\n    let verificationMethod = await super.getVerificationMethod({\n      proof: options.proof,\n      documentLoader: options.documentLoader,\n    })\n\n    // convert Ed25519VerificationKey2020 to Ed25519VerificationKey2018\n    if (_isEd2020Key(verificationMethod) && _includesEd2020Context(verificationMethod)) {\n      // -- convert multibase to base58 --\n      const publicJwk = PublicJwk.fromFingerprint(verificationMethod.publicKeyMultibase)\n      if (!publicJwk.is(Ed25519PublicJwk)) {\n        throw new Error('Expected multibase key to be of type Ed25519.')\n      }\n\n      // -- update type\n      verificationMethod.type = 'Ed25519VerificationKey2018'\n\n      verificationMethod = {\n        ...verificationMethod,\n        publicKeyMultibase: undefined,\n        publicKeyBase58: TypedArrayEncoder.toBase58(publicJwk.publicKey.publicKey),\n      }\n    }\n\n    return verificationMethod\n  }\n\n  /**\n   * Ensures the document to be signed contains the required signature suite\n   * specific `@context`, by either adding it (if `addSuiteContext` is true),\n   * or throwing an error if it's missing.\n   *\n   * @override\n   *\n   * @param {object} options - Options hashmap.\n   * @param {object} options.document - JSON-LD document to be signed.\n   * @param {boolean} options.addSuiteContext - Add suite context?\n   */\n  public ensureSuiteContext(options: { document: JsonLdDoc; addSuiteContext: boolean }) {\n    if (_includesCompatibleContext({ document: options.document })) {\n      return\n    }\n\n    super.ensureSuiteContext({ document: options.document, addSuiteContext: options.addSuiteContext })\n  }\n\n  /**\n   * Checks whether a given proof exists in the document.\n   *\n   * @override\n   *\n   * @param {object} options - Options hashmap.\n   * @param {object} options.proof - A proof.\n   * @param {object} options.document - A JSON-LD document.\n   * @param {object} options.purpose - A jsonld-signatures ProofPurpose\n   *  instance (e.g. AssertionProofPurpose, AuthenticationProofPurpose, etc).\n   * @param {Function} options.documentLoader  - A secure document loader (it is\n   *   recommended to use one that provides static known documents, instead of\n   *   fetching from the web) for returning contexts, controller documents,\n   *   keys, and other relevant URLs needed for the proof.\n   *\n   * @returns {Promise<boolean>} Whether a match for the proof was found.\n   */\n  public async matchProof(options: {\n    proof: Proof\n    document: VerificationMethod\n    // biome-ignore lint/suspicious/noExplicitAny: no explanation\n    purpose: any\n    documentLoader?: DocumentLoader\n  }) {\n    if (!_includesCompatibleContext({ document: options.document })) {\n      return false\n    }\n    return super.matchProof({\n      proof: options.proof,\n      document: options.document,\n      purpose: options.purpose,\n      documentLoader: options.documentLoader,\n    })\n  }\n\n  /**\n   * @param options - Options hashmap.\n   * @param options.verifyData - The data to sign.\n   * @param options.proof - A JSON-LD document with options to use\n   *   for the `proof` node. Any other custom fields can be provided here\n   *   using a context different from `security-v2`.\n   *\n   * @returns The proof containing the signature value.\n   */\n  public async sign(options: { verifyData: AnyUint8Array; proof: Proof }) {\n    if (!(this.signer && typeof this.signer.sign === 'function')) {\n      throw new Error('A signer API has not been specified.')\n    }\n    const signature = await this.signer.sign({ data: options.verifyData })\n    const encodedSignature = MultiBaseEncoder.encode(signature, 'base58btc')\n\n    // create detached content signature\n    options.proof.proofValue = encodedSignature\n    return options.proof\n  }\n\n  /**\n   * @param options - Options hashmap.\n   * @param options.verifyData - The data to verify.\n   * @param options.verificationMethod - A verification method.\n   * @param options.proof - The proof to be verified.\n   *\n   * @returns Resolves with the verification result.\n   */\n  public async verifySignature(options: {\n    verifyData: AnyUint8Array\n    verificationMethod: VerificationMethod\n    proof: Proof\n  }) {\n    if (!(options.proof.proofValue && typeof options.proof.proofValue === 'string')) {\n      throw new TypeError('The proof does not include a valid \"proofValue\" property.')\n    }\n    const signature = MultiBaseEncoder.decode(options.proof.proofValue).data\n\n    let { verifier } = this\n    if (!verifier) {\n      const key = await this.LDKeyClass.from(options.verificationMethod)\n      verifier = key.verifier()\n    }\n    return verifier.verify({ data: options.verifyData, signature })\n  }\n}\n\nfunction _includesCompatibleContext(options: { document: JsonLdDoc }) {\n  // Handle the unfortunate Ed25519Signature2018 / credentials/v1 collision\n  const hasEd2020 = _includesContext({\n    document: options.document,\n    contextUrl: ED25519_SUITE_CONTEXT_URL_2020,\n  })\n  const hasCred = _includesContext({ document: options.document, contextUrl: CREDENTIALS_CONTEXT_V1_URL })\n  const hasSecV2 = _includesContext({ document: options.document, contextUrl: SECURITY_CONTEXT_URL })\n\n  // Either one by itself is fine, for this suite\n  return hasEd2020 || hasCred || hasSecV2\n}\n\nfunction _isEd2020Key(verificationMethod: JsonLdDoc) {\n  // @ts-expect-error - .hasValue is not part of the public API\n  return jsonld.hasValue(verificationMethod, 'type', 'Ed25519VerificationKey2020')\n}\n\nfunction _includesEd2020Context(document: JsonLdDoc) {\n  return _includesContext({ document, contextUrl: ED25519_SUITE_CONTEXT_URL_2020 })\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAiBA,IAAa,uBAAb,cAA0C,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+B/D,AAAO,YAAY,SAAsC;AACvD,QAAM;GACJ,MAAM;GACN,WAAW;GACX,YAAY,QAAQ;GACpB,YAAY;GACZ,KAAK,QAAQ;GACb,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,mBAAmB,QAAQ;GAC5B,CAAC;AACF,OAAK,kBAAkB;;CAGzB,MAAa,yBAAyB,UAAqB;AACzD,MAAI,CAAC,2BAA2B,EAAY,UAAU,CAAC,CAGrD,OAAM,IAAI,UACR,iFAAiF,KAAK,WAAW,IAClG;AAGH,MAAI,CAAC,aAAa,SAAS,EAAE;GAC3B,MAAM,yBAAyBA,eAAO,UAAU,UAAU,OAAO,CAAC;AAClE,SAAM,IAAI,MACR,yCAAyC,uBAAuB,mEACjE;;AAEH,MAAI,aAAa,SAAS,IAAI,CAAC,uBAAuB,SAAS,CAC7D,OAAM,IAAI,MACR,0GAA0G,+BAA+B,IAC1I;AAIH,MAAI,SAAS,YAAY,OACvB,OAAM,IAAI,MAAM,4CAA4C;;CAIhE,MAAa,sBAAsB,SAA4D;EAC7F,IAAI,qBAAqB,MAAM,MAAM,sBAAsB;GACzD,OAAO,QAAQ;GACf,gBAAgB,QAAQ;GACzB,CAAC;AAGF,MAAI,aAAa,mBAAmB,IAAI,uBAAuB,mBAAmB,EAAE;GAElF,MAAM,YAAY,UAAU,gBAAgB,mBAAmB,mBAAmB;AAClF,OAAI,CAAC,UAAU,GAAG,iBAAiB,CACjC,OAAM,IAAI,MAAM,gDAAgD;AAIlE,sBAAmB,OAAO;AAE1B,wBAAqB;IACnB,GAAG;IACH,oBAAoB;IACpB,iBAAiB,kBAAkB,SAAS,UAAU,UAAU,UAAU;IAC3E;;AAGH,SAAO;;;;;;;;;;;;;CAcT,AAAO,mBAAmB,SAA4D;AACpF,MAAI,2BAA2B,EAAE,UAAU,QAAQ,UAAU,CAAC,CAC5D;AAGF,QAAM,mBAAmB;GAAE,UAAU,QAAQ;GAAU,iBAAiB,QAAQ;GAAiB,CAAC;;;;;;;;;;;;;;;;;;;CAoBpG,MAAa,WAAW,SAMrB;AACD,MAAI,CAAC,2BAA2B,EAAE,UAAU,QAAQ,UAAU,CAAC,CAC7D,QAAO;AAET,SAAO,MAAM,WAAW;GACtB,OAAO,QAAQ;GACf,UAAU,QAAQ;GAClB,SAAS,QAAQ;GACjB,gBAAgB,QAAQ;GACzB,CAAC;;;;;;;;;;;CAYJ,MAAa,KAAK,SAAsD;AACtE,MAAI,EAAE,KAAK,UAAU,OAAO,KAAK,OAAO,SAAS,YAC/C,OAAM,IAAI,MAAM,uCAAuC;EAEzD,MAAM,YAAY,MAAM,KAAK,OAAO,KAAK,EAAE,MAAM,QAAQ,YAAY,CAAC;EACtE,MAAM,mBAAmB,iBAAiB,OAAO,WAAW,YAAY;AAGxE,UAAQ,MAAM,aAAa;AAC3B,SAAO,QAAQ;;;;;;;;;;CAWjB,MAAa,gBAAgB,SAI1B;AACD,MAAI,EAAE,QAAQ,MAAM,cAAc,OAAO,QAAQ,MAAM,eAAe,UACpE,OAAM,IAAI,UAAU,8DAA4D;EAElF,MAAM,YAAY,iBAAiB,OAAO,QAAQ,MAAM,WAAW,CAAC;EAEpE,IAAI,EAAE,aAAa;AACnB,MAAI,CAAC,SAEH,aADY,MAAM,KAAK,WAAW,KAAK,QAAQ,mBAAmB,EACnD,UAAU;AAE3B,SAAO,SAAS,OAAO;GAAE,MAAM,QAAQ;GAAY;GAAW,CAAC;;;qBApMnD,cAAc;qBACd,UAAU,4BAA4B,IAAI,+BAA+B;AAuMzF,SAAS,2BAA2B,SAAkC;CAEpE,MAAM,YAAY,iBAAiB;EACjC,UAAU,QAAQ;EAClB,YAAY;EACb,CAAC;CACF,MAAM,UAAU,iBAAiB;EAAE,UAAU,QAAQ;EAAU,YAAY;EAA4B,CAAC;CACxG,MAAM,WAAW,iBAAiB;EAAE,UAAU,QAAQ;EAAU,YAAY;EAAsB,CAAC;AAGnG,QAAO,aAAa,WAAW;;AAGjC,SAAS,aAAa,oBAA+B;AAEnD,QAAOA,eAAO,SAAS,oBAAoB,QAAQ,6BAA6B;;AAGlF,SAAS,uBAAuB,UAAqB;AACnD,QAAO,iBAAiB;EAAE;EAAU,YAAY;EAAgC,CAAC"}

package/build/modules/vc/index.js

@@ -7,11 +7,6 @@ const require_W3cCredentialStatus = require('./models/credential/W3cCredentialSt
 const require_W3cCredentialSubject = require('./models/credential/W3cCredentialSubject.js');
 const require_W3cIssuer = require('./models/credential/W3cIssuer.js');
 const require_W3cCredential = require('./models/credential/W3cCredential.js');
-const require_DataIntegrityProof = require('./data-integrity/models/DataIntegrityProof.js');
-const require_W3cJsonLdVerifiableCredential = require('./data-integrity/models/W3cJsonLdVerifiableCredential.js');
-const require_util = require('./util.js');
-const require_W3cJwtVerifiableCredential = require('./jwt-vc/W3cJwtVerifiableCredential.js');
-const require_W3cVerifiableCredential = require('./models/credential/W3cVerifiableCredential.js');
 const require_W3cV2CredentialSchema = require('./models/credential/W3cV2CredentialSchema.js');
 const require_W3cV2CredentialStatus = require('./models/credential/W3cV2CredentialStatus.js');
 const require_W3cV2CredentialSubject = require('./models/credential/W3cV2CredentialSubject.js');
@@ -25,27 +20,32 @@ const require_W3cV2JwtVerifiableCredential = require('./jwt-vc/W3cV2JwtVerifiabl
 const require_W3cV2SdJwt = require('./sd-jwt-vc/W3cV2SdJwt.js');
 const require_W3cV2SdJwtVerifiableCredential = require('./sd-jwt-vc/W3cV2SdJwtVerifiableCredential.js');
 const require_W3cV2EnvelopedVerifiableCredential = require('./models/credential/W3cV2EnvelopedVerifiableCredential.js');
-const require_SignatureSuiteRegistry = require('./data-integrity/SignatureSuiteRegistry.js');
-const require_JwsLinkedDataSignature = require('./data-integrity/signature-suites/JwsLinkedDataSignature.js');
-const require_Ed25519Signature2018 = require('./data-integrity/signature-suites/ed25519/Ed25519Signature2018.js');
-const require_Ed25519Signature2020 = require('./data-integrity/signature-suites/ed25519/Ed25519Signature2020.js');
+const require_DataIntegrityProof = require('./data-integrity/models/DataIntegrityProof.js');
+const require_W3cJsonLdVerifiableCredential = require('./data-integrity/models/W3cJsonLdVerifiableCredential.js');
+const require_deriveProof = require('./data-integrity/deriveProof.js');
 const require_index = require('./data-integrity/libraries/index.js');
+const require_IAnonCredsDataIntegrityService = require('./data-integrity/models/IAnonCredsDataIntegrityService.js');
+const require_LdKeyPair = require('./data-integrity/models/LdKeyPair.js');
+const require_util = require('./util.js');
+const require_W3cJwtVerifiableCredential = require('./jwt-vc/W3cJwtVerifiableCredential.js');
+const require_W3cVerifiableCredential = require('./models/credential/W3cVerifiableCredential.js');
 const require_W3cPresentation = require('./models/presentation/W3cPresentation.js');
 const require_W3cJsonLdVerifiablePresentation = require('./data-integrity/models/W3cJsonLdVerifiablePresentation.js');
-const require_LdKeyPair = require('./data-integrity/models/LdKeyPair.js');
-const require_IAnonCredsDataIntegrityService = require('./data-integrity/models/IAnonCredsDataIntegrityService.js');
 const require_CredentialIssuancePurpose = require('./data-integrity/proof-purposes/CredentialIssuancePurpose.js');
-const require_deriveProof = require('./data-integrity/deriveProof.js');
+const require_SignatureSuiteRegistry = require('./data-integrity/SignatureSuiteRegistry.js');
+const require_JwsLinkedDataSignature = require('./data-integrity/signature-suites/JwsLinkedDataSignature.js');
+const require_Ed25519Signature2018 = require('./data-integrity/signature-suites/ed25519/Ed25519Signature2018.js');
+const require_Ed25519Signature2020 = require('./data-integrity/signature-suites/ed25519/Ed25519Signature2020.js');
 const require_W3cCredentialsModuleConfig = require('./W3cCredentialsModuleConfig.js');
 const require_W3cJsonLdCredentialService = require('./data-integrity/W3cJsonLdCredentialService.js');
 require('./data-integrity/index.js');
 const require_W3cJwtVerifiablePresentation = require('./jwt-vc/W3cJwtVerifiablePresentation.js');
 const require_W3cJwtCredentialService = require('./jwt-vc/W3cJwtCredentialService.js');
 const require_W3cV2Presentation = require('./models/presentation/W3cV2Presentation.js');
-const require_W3cV2JwtVerifiablePresentation = require('./jwt-vc/W3cV2JwtVerifiablePresentation.js');
 const require_W3cV2SdJwtVerifiablePresentation = require('./sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.js');
 const require_W3cV2SdJwtCredentialService = require('./sd-jwt-vc/W3cV2SdJwtCredentialService.js');
 require('./sd-jwt-vc/index.js');
+const require_W3cV2JwtVerifiablePresentation = require('./jwt-vc/W3cV2JwtVerifiablePresentation.js');
 const require_W3cV2JwtCredentialService = require('./jwt-vc/W3cV2JwtCredentialService.js');
 require('./jwt-vc/index.js');
 const require_W3cV2VerifiableCredential = require('./models/credential/W3cV2VerifiableCredential.js');
@@ -60,6 +60,6 @@ const require_W3cCredentialService = require('./W3cCredentialService.js');
 const require_W3cCredentialsApi = require('./W3cCredentialsApi.js');
 const require_W3cCredentialsModule = require('./W3cCredentialsModule.js');
 const require_W3cV2CredentialService = require('./W3cV2CredentialService.js');
-const require_W3cV2CredentialsApi = require('./W3cV2CredentialsApi.js');
 require('./W3cV2CredentialServiceOptions.js');
+const require_W3cV2CredentialsApi = require('./W3cV2CredentialsApi.js');
 const require_W3cV2CredentialsModule = require('./W3cV2CredentialsModule.js');

package/build/modules/vc/index.mjs

@@ -7,11 +7,6 @@ import { W3cCredentialStatus } from "./models/credential/W3cCredentialStatus.mjs
 import { IsW3cCredentialSubject, W3cCredentialSubject, W3cCredentialSubjectTransformer } from "./models/credential/W3cCredentialSubject.mjs";
 import { IsW3cIssuer, W3cIssuer, W3cIssuerTransformer } from "./models/credential/W3cIssuer.mjs";
 import { W3cCredential } from "./models/credential/W3cCredential.mjs";
-import { DataIntegrityProof } from "./data-integrity/models/DataIntegrityProof.mjs";
-import { W3cJsonLdVerifiableCredential } from "./data-integrity/models/W3cJsonLdVerifiableCredential.mjs";
-import { w3cDate } from "./util.mjs";
-import { W3cJwtVerifiableCredential } from "./jwt-vc/W3cJwtVerifiableCredential.mjs";
-import { W3cVerifiableCredentialTransformer } from "./models/credential/W3cVerifiableCredential.mjs";
 import { W3cV2CredentialSchema } from "./models/credential/W3cV2CredentialSchema.mjs";
 import { W3cV2CredentialStatus } from "./models/credential/W3cV2CredentialStatus.mjs";
 import { W3cV2CredentialSubject } from "./models/credential/W3cV2CredentialSubject.mjs";
@@ -25,27 +20,32 @@ import { W3cV2JwtVerifiableCredential } from "./jwt-vc/W3cV2JwtVerifiableCredent
 import { decodeSdJwt, sdJwtVcHasher } from "./sd-jwt-vc/W3cV2SdJwt.mjs";
 import { W3cV2SdJwtVerifiableCredential } from "./sd-jwt-vc/W3cV2SdJwtVerifiableCredential.mjs";
 import { IsEnvelopedVerifiableCredentialType, W3cV2EnvelopedVerifiableCredential, W3cV2EnvelopedVerifiableCredentialTransformer } from "./models/credential/W3cV2EnvelopedVerifiableCredential.mjs";
-import { SignatureSuiteRegistry, SignatureSuiteToken } from "./data-integrity/SignatureSuiteRegistry.mjs";
-import { JwsLinkedDataSignature } from "./data-integrity/signature-suites/JwsLinkedDataSignature.mjs";
-import { Ed25519Signature2018 } from "./data-integrity/signature-suites/ed25519/Ed25519Signature2018.mjs";
-import { Ed25519Signature2020 } from "./data-integrity/signature-suites/ed25519/Ed25519Signature2020.mjs";
+import { DataIntegrityProof } from "./data-integrity/models/DataIntegrityProof.mjs";
+import { W3cJsonLdVerifiableCredential } from "./data-integrity/models/W3cJsonLdVerifiableCredential.mjs";
+import { deriveProof } from "./data-integrity/deriveProof.mjs";
 import { vcLibraries } from "./data-integrity/libraries/index.mjs";
+import { ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE, AnonCredsDataIntegrityServiceSymbol } from "./data-integrity/models/IAnonCredsDataIntegrityService.mjs";
+import { LdKeyPair } from "./data-integrity/models/LdKeyPair.mjs";
+import { w3cDate } from "./util.mjs";
+import { W3cJwtVerifiableCredential } from "./jwt-vc/W3cJwtVerifiableCredential.mjs";
+import { W3cVerifiableCredentialTransformer } from "./models/credential/W3cVerifiableCredential.mjs";
 import { W3cPresentation } from "./models/presentation/W3cPresentation.mjs";
 import { W3cJsonLdVerifiablePresentation } from "./data-integrity/models/W3cJsonLdVerifiablePresentation.mjs";
-import { LdKeyPair } from "./data-integrity/models/LdKeyPair.mjs";
-import { ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE, AnonCredsDataIntegrityServiceSymbol } from "./data-integrity/models/IAnonCredsDataIntegrityService.mjs";
 import { CredentialIssuancePurpose } from "./data-integrity/proof-purposes/CredentialIssuancePurpose.mjs";
-import { deriveProof } from "./data-integrity/deriveProof.mjs";
+import { SignatureSuiteRegistry, SignatureSuiteToken } from "./data-integrity/SignatureSuiteRegistry.mjs";
+import { JwsLinkedDataSignature } from "./data-integrity/signature-suites/JwsLinkedDataSignature.mjs";
+import { Ed25519Signature2018 } from "./data-integrity/signature-suites/ed25519/Ed25519Signature2018.mjs";
+import { Ed25519Signature2020 } from "./data-integrity/signature-suites/ed25519/Ed25519Signature2020.mjs";
 import { W3cCredentialsModuleConfig } from "./W3cCredentialsModuleConfig.mjs";
 import { W3cJsonLdCredentialService } from "./data-integrity/W3cJsonLdCredentialService.mjs";
 import "./data-integrity/index.mjs";
 import { W3cJwtVerifiablePresentation } from "./jwt-vc/W3cJwtVerifiablePresentation.mjs";
 import { W3cJwtCredentialService } from "./jwt-vc/W3cJwtCredentialService.mjs";
 import { W3cV2Presentation } from "./models/presentation/W3cV2Presentation.mjs";
-import { W3cV2JwtVerifiablePresentation } from "./jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 import { W3cV2SdJwtVerifiablePresentation } from "./sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.mjs";
 import { W3cV2SdJwtCredentialService } from "./sd-jwt-vc/W3cV2SdJwtCredentialService.mjs";
 import "./sd-jwt-vc/index.mjs";
+import { W3cV2JwtVerifiablePresentation } from "./jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 import { W3cV2JwtCredentialService } from "./jwt-vc/W3cV2JwtCredentialService.mjs";
 import "./jwt-vc/index.mjs";
 import { W3cV2VerifiableCredentialTransformer } from "./models/credential/W3cV2VerifiableCredential.mjs";
@@ -60,6 +60,6 @@ import { W3cCredentialService } from "./W3cCredentialService.mjs";
 import { W3cCredentialsApi } from "./W3cCredentialsApi.mjs";
 import { W3cCredentialsModule } from "./W3cCredentialsModule.mjs";
 import { W3cV2CredentialService } from "./W3cV2CredentialService.mjs";
-import { W3cV2CredentialsApi } from "./W3cV2CredentialsApi.mjs";
 import "./W3cV2CredentialServiceOptions.mjs";
+import { W3cV2CredentialsApi } from "./W3cV2CredentialsApi.mjs";
 import { W3cV2CredentialsModule } from "./W3cV2CredentialsModule.mjs";

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.d.mts

@@ -1,9 +1,9 @@
 import { W3cJwtVerifiableCredential } from "./W3cJwtVerifiableCredential.mjs";
+import { W3cVerifyCredentialResult, W3cVerifyPresentationResult } from "../models/W3cVerifyResult.mjs";
 import { W3cJwtVerifiablePresentation } from "./W3cJwtVerifiablePresentation.mjs";
 import { W3cJwtSignCredentialOptions, W3cJwtSignPresentationOptions, W3cJwtVerifyCredentialOptions, W3cJwtVerifyPresentationOptions } from "../W3cCredentialServiceOptions.mjs";
-import { W3cVerifyCredentialResult, W3cVerifyPresentationResult } from "../models/W3cVerifyResult.mjs";
-import { AgentContext } from "../../../agent/context/AgentContext.mjs";
 import { JwsService } from "../../../crypto/JwsService.mjs";
+import { AgentContext } from "../../../agent/context/AgentContext.mjs";
 
 //#region src/modules/vc/jwt-vc/W3cJwtCredentialService.d.ts
 /**

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtCredentialService.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;AAiCa,cAAA,uBAAA,CAAuB;EAAA,QAAA,UAAA;aAGH,CAAA,UAAA,EAAA,UAAA;;;;gBAU5B,CAAA,YAAA,EAFa,YAEb,EAAA,OAAA,EADQ,2BACR,CAAA,EAAA,OAAA,CAAQ,0BAAR,CAAA;;;;;;;kBAiLQ,CAAA,YAAA,EAzIK,YAyIL,EAAA,OAAA,EAxIA,6BAwIA,CAAA,EAvIR,OAuIQ,CAvIA,yBAuIA,CAAA;;;;;;;iCAFK,uBACL,gCACR,QAAQ;;;;;;;mCAsCK,uBACL,kCACR,QAAQ"}
+{"version":3,"file":"W3cJwtCredentialService.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;AA+Ba,cAAA,uBAAA,CAAuB;EAAA,QAAA,UAAA;aAGH,CAAA,UAAA,EAAA,UAAA;;;;gBAU5B,CAAA,YAAA,EAFa,YAEb,EAAA,OAAA,EADQ,2BACR,CAAA,EAAA,OAAA,CAAQ,0BAAR,CAAA;;;;;;;kBAiLQ,CAAA,YAAA,EAzIK,YAyIL,EAAA,OAAA,EAxIA,6BAwIA,CAAA,EAvIR,OAuIQ,CAvIA,yBAuIA,CAAA;;;;;;;iCAFK,uBACL,gCACR,QAAQ;;;;;;;mCAsCK,uBACL,kCACR,QAAQ"}

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.d.ts

@@ -1,9 +1,9 @@
 import { W3cJwtVerifiableCredential } from "./W3cJwtVerifiableCredential.js";
+import { W3cVerifyCredentialResult, W3cVerifyPresentationResult } from "../models/W3cVerifyResult.js";
 import { W3cJwtVerifiablePresentation } from "./W3cJwtVerifiablePresentation.js";
 import { W3cJwtSignCredentialOptions, W3cJwtSignPresentationOptions, W3cJwtVerifyCredentialOptions, W3cJwtVerifyPresentationOptions } from "../W3cCredentialServiceOptions.js";
-import { W3cVerifyCredentialResult, W3cVerifyPresentationResult } from "../models/W3cVerifyResult.js";
-import { AgentContext } from "../../../agent/context/AgentContext.js";
 import { JwsService } from "../../../crypto/JwsService.js";
+import { AgentContext } from "../../../agent/context/AgentContext.js";
 
 //#region src/modules/vc/jwt-vc/W3cJwtCredentialService.d.ts
 

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtCredentialService.d.ts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AAgCA;;AAIiC,cAHpB,uBAAA,CAGoB;UAQf,UAAA;aACL,CAAA,UAAA,EAToB,UASpB;;;;gBA0CA,CAAA,YAAA,EA3CK,YA2CL,EAAA,OAAA,EA1CA,2BA0CA,CAAA,EAzCR,OAyCQ,CAzCA,0BAyCA,CAAA;;;;;;;kBA8KK,CAAA,YAAA,EA/KA,YA+KA,EAAA,OAAA,EA9KL,6BA8KK,CAAA,EA7Kb,OA6Ka,CA7KL,yBA6KK,CAAA;;;;;;;iCAxCA,uBACL,gCACR,QAAQ;;;;;;;mCAsCK,uBACL,kCACR,QAAQ"}
+{"version":3,"file":"W3cJwtCredentialService.d.ts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;AA8BA;;AAIiC,cAHpB,uBAAA,CAGoB;UAQf,UAAA;aACL,CAAA,UAAA,EAToB,UASpB;;;;gBA0CA,CAAA,YAAA,EA3CK,YA2CL,EAAA,OAAA,EA1CA,2BA0CA,CAAA,EAzCR,OAyCQ,CAzCA,0BAyCA,CAAA;;;;;;;kBA8KK,CAAA,YAAA,EA/KA,YA+KA,EAAA,OAAA,EA9KL,6BA8KK,CAAA,EA7Kb,OA6Ka,CA7KL,yBA6KK,CAAA;;;;;;;iCAxCA,uBACL,gCACR,QAAQ;;;;;;;mCAsCK,uBACL,kCACR,QAAQ"}

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.js

@@ -6,15 +6,15 @@ require('../../../error/index.js');
 require('../../../plugins/index.js');
 const require_decorateMetadata = require('../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.js');
 const require_decorate = require('../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
-const require_MessageValidator = require('../../../utils/MessageValidator.js');
 const require_array = require('../../../utils/array.js');
 const require_did = require('../../../utils/did.js');
+const require_MessageValidator = require('../../../utils/MessageValidator.js');
 require('../../../utils/index.js');
 const require_PublicJwk = require('../../kms/jwk/PublicJwk.js');
 require('../../kms/index.js');
 const require_JwsService = require('../../../crypto/JwsService.js');
-const require_keyDidMapping = require('../../dids/domain/key-type/keyDidMapping.js');
 const require_parse = require('../../dids/domain/parse.js');
+const require_keyDidMapping = require('../../dids/domain/key-type/keyDidMapping.js');
 const require_DidResolverService = require('../../dids/services/DidResolverService.js');
 const require_DidsApi = require('../../dids/DidsApi.js');
 require('../../dids/index.js');
@@ -83,7 +83,7 @@ let W3cJwtCredentialService = class W3cJwtCredentialService$1 {
 				purpose: ["assertionMethod"]
 			});
 			const issuerPublicKey = require_keyDidMapping.getPublicJwkFromVerificationMethod(issuerVerificationMethod);
-			let signatureResult = void 0;
+			let signatureResult;
 			try {
 				signatureResult = await this.jwsService.verifyJws(agentContext, {
 					jws: credential.jwt.serializedJwt,
@@ -182,7 +182,7 @@ let W3cJwtCredentialService = class W3cJwtCredentialService$1 {
 				purpose: ["authentication"]
 			});
 			const proverPublicKey = require_keyDidMapping.getPublicJwkFromVerificationMethod(proverVerificationMethod);
-			let signatureResult = void 0;
+			let signatureResult;
 			try {
 				signatureResult = await this.jwsService.verifyJws(agentContext, {
 					jws: presentation.jwt.serializedJwt,

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs

@@ -5,15 +5,15 @@ import "../../../error/index.mjs";
 import { injectable } from "../../../plugins/index.mjs";
 import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
-import { MessageValidator } from "../../../utils/MessageValidator.mjs";
 import { asArray } from "../../../utils/array.mjs";
 import { isDid } from "../../../utils/did.mjs";
+import { MessageValidator } from "../../../utils/MessageValidator.mjs";
 import "../../../utils/index.mjs";
 import { PublicJwk } from "../../kms/jwk/PublicJwk.mjs";
 import "../../kms/index.mjs";
 import { JwsService } from "../../../crypto/JwsService.mjs";
-import { getPublicJwkFromVerificationMethod, getSupportedVerificationMethodTypesForPublicJwk } from "../../dids/domain/key-type/keyDidMapping.mjs";
 import { parseDid } from "../../dids/domain/parse.mjs";
+import { getPublicJwkFromVerificationMethod, getSupportedVerificationMethodTypesForPublicJwk } from "../../dids/domain/key-type/keyDidMapping.mjs";
 import { DidResolverService } from "../../dids/services/DidResolverService.mjs";
 import { DidsApi } from "../../dids/DidsApi.mjs";
 import "../../dids/index.mjs";
@@ -80,7 +80,7 @@ let W3cJwtCredentialService = class W3cJwtCredentialService$1 {
 				purpose: ["assertionMethod"]
 			});
 			const issuerPublicKey = getPublicJwkFromVerificationMethod(issuerVerificationMethod);
-			let signatureResult = void 0;
+			let signatureResult;
 			try {
 				signatureResult = await this.jwsService.verifyJws(agentContext, {
 					jws: credential.jwt.serializedJwt,
@@ -179,7 +179,7 @@ let W3cJwtCredentialService = class W3cJwtCredentialService$1 {
 				purpose: ["authentication"]
 			});
 			const proverPublicKey = getPublicJwkFromVerificationMethod(proverVerificationMethod);
-			let signatureResult = void 0;
+			let signatureResult;
 			try {
 				signatureResult = await this.jwsService.verifyJws(agentContext, {
 					jws: presentation.jwt.serializedJwt,

package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtCredentialService.mjs","names":["W3cJwtCredentialService","validationResults: W3cVerifyCredentialResult","credential: W3cJwtVerifiableCredential","signatureResult: VerifyJwsResult | undefined","validationResults: W3cVerifyPresentationResult","presentation: W3cJwtVerifiablePresentation","credentialSubjectAuthentication: SingleValidationResult","verificationMethod: VerificationMethod"],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":["import type { AgentContext } from '../../../agent/context'\nimport type { VerifyJwsResult } from '../../../crypto/JwsService'\nimport type { DidPurpose, VerificationMethod } from '../../dids'\nimport type {\n  W3cJwtSignCredentialOptions,\n  W3cJwtSignPresentationOptions,\n  W3cJwtVerifyCredentialOptions,\n  W3cJwtVerifyPresentationOptions,\n} from '../W3cCredentialServiceOptions'\nimport type { SingleValidationResult, W3cVerifyCredentialResult, W3cVerifyPresentationResult } from '../models'\n\nimport { JwsService } from '../../../crypto/JwsService'\nimport { CredoError } from '../../../error'\nimport { injectable } from '../../../plugins'\nimport { MessageValidator, asArray, isDid } from '../../../utils'\nimport { DidResolverService, DidsApi, parseDid } from '../../dids'\nimport { W3cJsonLdVerifiableCredential } from '../data-integrity'\n\nimport {\n  getPublicJwkFromVerificationMethod,\n  getSupportedVerificationMethodTypesForPublicJwk,\n} from '../../dids/domain/key-type/keyDidMapping'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../../kms'\nimport { W3cJwtVerifiableCredential } from './W3cJwtVerifiableCredential'\nimport { W3cJwtVerifiablePresentation } from './W3cJwtVerifiablePresentation'\nimport { getJwtPayloadFromCredential } from './credentialTransformer'\nimport { getJwtPayloadFromPresentation } from './presentationTransformer'\n\n/**\n * Supports signing and verification of credentials according to the [Verifiable Credential Data Model](https://www.w3.org/TR/vc-data-model)\n * using [Json Web Tokens](https://www.w3.org/TR/vc-data-model/#json-web-token).\n */\n@injectable()\nexport class W3cJwtCredentialService {\n  private jwsService: JwsService\n\n  public constructor(jwsService: JwsService) {\n    this.jwsService = jwsService\n  }\n\n  /**\n   * Signs a credential\n   */\n  public async signCredential(\n    agentContext: AgentContext,\n    options: W3cJwtSignCredentialOptions\n  ): Promise<W3cJwtVerifiableCredential> {\n    // Validate the instance\n    MessageValidator.validateSync(options.credential)\n\n    // Get the JWT payload for the JWT based on the JWT Encoding rules form the VC-DATA-MODEL\n    // https://www.w3.org/TR/vc-data-model/#jwt-encoding\n    const jwtPayload = getJwtPayloadFromCredential(options.credential)\n\n    if (!isDid(options.verificationMethod)) {\n      throw new CredoError('Only did identifiers are supported as verification method')\n    }\n\n    const publicJwk = await this.resolveVerificationMethod(agentContext, options.verificationMethod, [\n      'assertionMethod',\n    ])\n\n    const jwt = await this.jwsService.createJwsCompact(agentContext, {\n      payload: jwtPayload,\n      keyId: publicJwk.keyId,\n      protectedHeaderOptions: {\n        typ: 'JWT',\n        alg: options.alg,\n        kid: options.verificationMethod,\n      },\n    })\n\n    // TODO: this re-parses and validates the credential in the JWT, which is not necessary.\n    // We should somehow create an instance of W3cJwtVerifiableCredential directly from the JWT\n    const jwtVc = W3cJwtVerifiableCredential.fromSerializedJwt(jwt)\n\n    return jwtVc\n  }\n\n  /**\n   * Verifies the signature(s) of a credential\n   *\n   * @param credential the credential to be verified\n   * @returns the verification result\n   */\n  public async verifyCredential(\n    agentContext: AgentContext,\n    options: W3cJwtVerifyCredentialOptions\n  ): Promise<W3cVerifyCredentialResult> {\n    // NOTE: this is mostly from the JSON-LD service that adds this option. Once we support\n    // the same granular validation results, we can remove this and the user could just check\n    // which of the validations failed. Supporting for consistency with the JSON-LD service for now.\n    const verifyCredentialStatus = options.verifyCredentialStatus ?? true\n\n    const validationResults: W3cVerifyCredentialResult = {\n      isValid: false,\n      validations: {},\n    }\n\n    try {\n      let credential: W3cJwtVerifiableCredential\n      try {\n        // If instance is provided as input, we want to validate the credential (otherwise it's done in the fromSerializedJwt method below)\n        if (options.credential instanceof W3cJwtVerifiableCredential) {\n          MessageValidator.validateSync(options.credential.credential)\n        }\n\n        credential =\n          options.credential instanceof W3cJwtVerifiableCredential\n            ? options.credential\n            : W3cJwtVerifiableCredential.fromSerializedJwt(options.credential)\n\n        // Verify the JWT payload (verifies whether it's not expired, etc...)\n        credential.jwt.payload.validate()\n\n        validationResults.validations.dataModel = {\n          isValid: true,\n        }\n      } catch (error) {\n        validationResults.validations.dataModel = {\n          isValid: false,\n          error,\n        }\n\n        return validationResults\n      }\n\n      const issuerVerificationMethod = await this.getVerificationMethodForJwtCredential(agentContext, {\n        credential,\n        purpose: ['assertionMethod'],\n      })\n      const issuerPublicKey = getPublicJwkFromVerificationMethod(issuerVerificationMethod)\n\n      let signatureResult: VerifyJwsResult | undefined = undefined\n      try {\n        // Verify the JWS signature\n        signatureResult = await this.jwsService.verifyJws(agentContext, {\n          jws: credential.jwt.serializedJwt,\n          // We have pre-fetched the key based on the issuer/signer of the credential\n          jwsSigner: {\n            method: 'did',\n            jwk: issuerPublicKey,\n            didUrl: issuerVerificationMethod.id,\n          },\n        })\n\n        if (!signatureResult.isValid) {\n          validationResults.validations.signature = {\n            isValid: false,\n            error: new CredoError('Invalid JWS signature'),\n          }\n        } else {\n          validationResults.validations.signature = {\n            isValid: true,\n          }\n        }\n      } catch (error) {\n        validationResults.validations.signature = {\n          isValid: false,\n          error,\n        }\n      }\n\n      // Validate whether the credential is signed with the 'issuer' id\n      // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n      if (credential.issuerId !== issuerVerificationMethod.controller) {\n        validationResults.validations.issuerIsSigner = {\n          isValid: false,\n          error: new CredoError(\n            `Credential is signed using verification method ${issuerVerificationMethod.id}, while the issuer of the credential is '${credential.issuerId}'`\n          ),\n        }\n      } else {\n        validationResults.validations.issuerIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // Validate whether the `issuer` of the credential is also the signer\n      const issuerIsSigner = signatureResult?.jwsSigners.some(\n        (jwsSigner) => jwsSigner.jwk.fingerprint === issuerPublicKey.fingerprint\n      )\n      if (!issuerIsSigner) {\n        validationResults.validations.issuerIsSigner = {\n          isValid: false,\n          error: new CredoError('Credential is not signed by the issuer of the credential'),\n        }\n      } else {\n        validationResults.validations.issuerIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // Validate credentialStatus\n      if (verifyCredentialStatus && !credential.credentialStatus) {\n        validationResults.validations.credentialStatus = {\n          isValid: true,\n        }\n      } else if (verifyCredentialStatus && credential.credentialStatus) {\n        validationResults.validations.credentialStatus = {\n          isValid: false,\n          error: new CredoError('Verifying credential status is not supported for JWT VCs'),\n        }\n      }\n\n      validationResults.isValid = Object.values(validationResults.validations).every((v) => v.isValid)\n\n      return validationResults\n    } catch (error) {\n      validationResults.error = error\n      return validationResults\n    }\n  }\n\n  /**\n   * Signs a presentation including the credentials it includes\n   *\n   * @param presentation the presentation to be signed\n   * @returns the signed presentation\n   */\n  public async signPresentation(\n    agentContext: AgentContext,\n    options: W3cJwtSignPresentationOptions\n  ): Promise<W3cJwtVerifiablePresentation> {\n    // Validate the instance\n    MessageValidator.validateSync(options.presentation)\n\n    // Get the JWT payload for the JWT based on the JWT Encoding rules form the VC-DATA-MODEL\n    // https://www.w3.org/TR/vc-data-model/#jwt-encoding\n    const jwtPayload = getJwtPayloadFromPresentation(options.presentation)\n\n    // Set the nonce so it's included in the signature\n    jwtPayload.additionalClaims.nonce = options.challenge\n    jwtPayload.aud = options.domain\n\n    const publicJwk = await this.resolveVerificationMethod(agentContext, options.verificationMethod, ['authentication'])\n\n    const jwt = await this.jwsService.createJwsCompact(agentContext, {\n      payload: jwtPayload,\n      keyId: publicJwk.keyId,\n      protectedHeaderOptions: {\n        typ: 'JWT',\n        alg: options.alg,\n        kid: options.verificationMethod,\n      },\n    })\n\n    // TODO: this re-parses and validates the presentation in the JWT, which is not necessary.\n    // We should somehow create an instance of W3cJwtVerifiablePresentation directly from the JWT\n    const jwtVp = W3cJwtVerifiablePresentation.fromSerializedJwt(jwt)\n\n    return jwtVp\n  }\n\n  /**\n   * Verifies a presentation including the credentials it includes\n   *\n   * @param presentation the presentation to be verified\n   * @returns the verification result\n   */\n  public async verifyPresentation(\n    agentContext: AgentContext,\n    options: W3cJwtVerifyPresentationOptions\n  ): Promise<W3cVerifyPresentationResult> {\n    const validationResults: W3cVerifyPresentationResult = {\n      isValid: false,\n      validations: {},\n    }\n\n    try {\n      let presentation: W3cJwtVerifiablePresentation\n      try {\n        // If instance is provided as input, we want to validate the presentation\n        if (options.presentation instanceof W3cJwtVerifiablePresentation) {\n          MessageValidator.validateSync(options.presentation.presentation)\n        }\n\n        presentation =\n          options.presentation instanceof W3cJwtVerifiablePresentation\n            ? options.presentation\n            : W3cJwtVerifiablePresentation.fromSerializedJwt(options.presentation)\n\n        // Verify the JWT payload (verifies whether it's not expired, etc...)\n        presentation.jwt.payload.validate()\n\n        // Make sure challenge matches nonce\n        if (options.challenge !== presentation.jwt.payload.additionalClaims.nonce) {\n          throw new CredoError(`JWT payload 'nonce' does not match challenge '${options.challenge}'`)\n        }\n\n        const audArray = asArray(presentation.jwt.payload.aud)\n        if (options.domain && !audArray.includes(options.domain)) {\n          throw new CredoError(`JWT payload 'aud' does not include domain '${options.domain}'`)\n        }\n\n        validationResults.validations.dataModel = {\n          isValid: true,\n        }\n      } catch (error) {\n        validationResults.validations.dataModel = {\n          isValid: false,\n          error,\n        }\n\n        return validationResults\n      }\n\n      const proverVerificationMethod = await this.getVerificationMethodForJwtCredential(agentContext, {\n        credential: presentation,\n        purpose: ['authentication'],\n      })\n      const proverPublicKey = getPublicJwkFromVerificationMethod(proverVerificationMethod)\n\n      let signatureResult: VerifyJwsResult | undefined = undefined\n      try {\n        // Verify the JWS signature\n        signatureResult = await this.jwsService.verifyJws(agentContext, {\n          jws: presentation.jwt.serializedJwt,\n          allowedJwsSignerMethods: ['did'],\n          jwsSigner: {\n            method: 'did',\n            didUrl: proverVerificationMethod.id,\n            jwk: proverPublicKey,\n          },\n          trustedCertificates: [],\n        })\n\n        if (!signatureResult.isValid) {\n          validationResults.validations.presentationSignature = {\n            isValid: false,\n            error: new CredoError('Invalid JWS signature on presentation'),\n          }\n        } else {\n          validationResults.validations.presentationSignature = {\n            isValid: true,\n          }\n        }\n      } catch (error) {\n        validationResults.validations.presentationSignature = {\n          isValid: false,\n          error,\n        }\n      }\n\n      // Validate whether the presentation is signed with the 'holder' id\n      // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n      if (presentation.holderId && proverVerificationMethod.controller !== presentation.holderId) {\n        validationResults.validations.holderIsSigner = {\n          isValid: false,\n          error: new CredoError(\n            `Presentation is signed using verification method ${proverVerificationMethod.id}, while the holder of the presentation is '${presentation.holderId}'`\n          ),\n        }\n      } else {\n        // If no holderId is present, this validation passes by default as there can't be\n        // a mismatch between the 'holder' property and the signer of the presentation.\n        validationResults.validations.holderIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // To keep things simple, we only support JWT VCs in JWT VPs for now\n      const credentials = asArray(presentation.presentation.verifiableCredential)\n\n      // Verify all credentials in parallel, and await the result\n      validationResults.validations.credentials = await Promise.all(\n        credentials.map(async (credential) => {\n          if (credential instanceof W3cJsonLdVerifiableCredential) {\n            return {\n              isValid: false,\n              error: new CredoError(\n                'Credential is of format ldp_vc. presentations in jwt_vp format can only contain credentials in jwt_vc format'\n              ),\n              validations: {},\n            }\n          }\n\n          const credentialResult = await this.verifyCredential(agentContext, {\n            credential,\n            verifyCredentialStatus: options.verifyCredentialStatus,\n          })\n\n          let credentialSubjectAuthentication: SingleValidationResult\n\n          // Check whether any of the credentialSubjectIds for each credential is the same as the controller of the verificationMethod\n          // This authenticates the presentation creator controls one of the credentialSubject ids.\n          // NOTE: this doesn't take into account the case where the credentialSubject is no the holder. In the\n          // future we can add support for other flows, but for now this is the most common use case.\n          // TODO: should this be handled on a higher level? I don't really see it being handled in the jsonld lib\n          // or in the did-jwt-vc lib (it seems they don't even verify the credentials itself), but we probably need some\n          // more experience on the use cases before we loosen the restrictions (as it means we need to handle it on a higher layer).\n          const credentialSubjectIds = credential.credentialSubjectIds\n          const presentationAuthenticatesCredentialSubject = credentialSubjectIds.some(\n            (subjectId) => proverVerificationMethod.controller === subjectId\n          )\n\n          if (credentialSubjectIds.length > 0 && !presentationAuthenticatesCredentialSubject) {\n            credentialSubjectAuthentication = {\n              isValid: false,\n              error: new CredoError(\n                'Credential has one or more credentialSubject ids, but presentation does not authenticate credential subject'\n              ),\n            }\n          } else {\n            credentialSubjectAuthentication = {\n              isValid: true,\n            }\n          }\n\n          return {\n            ...credentialResult,\n            isValid: credentialResult.isValid && credentialSubjectAuthentication.isValid,\n            validations: {\n              ...credentialResult.validations,\n              credentialSubjectAuthentication,\n            },\n          }\n        })\n      )\n\n      // Deeply nested check whether all validations have passed\n      validationResults.isValid = Object.values(validationResults.validations).every((v) =>\n        Array.isArray(v) ? v.every((vv) => vv.isValid) : v.isValid\n      )\n\n      return validationResults\n    } catch (error) {\n      validationResults.error = error\n      return validationResults\n    }\n  }\n\n  private async resolveVerificationMethod(\n    agentContext: AgentContext,\n    verificationMethod: string,\n    allowsPurposes?: DidPurpose[]\n  ): Promise<PublicJwk> {\n    const dids = agentContext.resolve(DidsApi)\n\n    const parsedDid = parseDid(verificationMethod)\n    const { didDocument, keys } = await dids.resolveCreatedDidDocumentWithKeys(parsedDid.did)\n    const verificationMethodObject = didDocument.dereferenceKey(verificationMethod, allowsPurposes)\n    const publicJwk = getPublicJwkFromVerificationMethod(verificationMethodObject)\n\n    publicJwk.keyId =\n      keys?.find(({ didDocumentRelativeKeyId }) => verificationMethodObject.id.endsWith(didDocumentRelativeKeyId))\n        ?.kmsKeyId ?? publicJwk.legacyKeyId\n\n    return publicJwk\n  }\n\n  /**\n   * This method tries to find the verification method associated with the JWT credential or presentation.\n   * This verification method can then be used to verify the credential or presentation signature.\n   *\n   * The following methods are used to extract the verification method:\n   *  - verification method is resolved based on the `kid` in the protected header\n   *    - either as absolute reference (e.g. `did:example:123#key-1`)\n   *    - or as relative reference to the `iss` of the JWT (e.g. `iss` is `did:example:123` and `kid` is `#key-1`)\n   *  - the did document is resolved based on the `iss` field, after which the verification method is extracted based on the `alg`\n   *    used to sign the JWT and the specified `purpose`. Only a single verification method may be present, and in all other cases,\n   *    an error is thrown.\n   *\n   * The signer (`iss`) of the JWT is verified against the `controller` of the verificationMethod resolved in the did\n   * document. This means if the `iss` of a credential is `did:example:123` and the controller of the verificationMethod\n   * is `did:example:456`, an error is thrown to prevent the JWT from successfully being verified.\n   *\n   * In addition the JWT must conform to one of the following rules:\n   *   - MUST be a credential and have an `iss` field and MAY have an absolute or relative `kid`\n   *   - MUST not be a credential AND ONE of the following:\n   *      - have an `iss` field and MAY have an absolute or relative `kid`\n   *      - does not have an `iss` field and MUST have an absolute `kid`\n   */\n  private async getVerificationMethodForJwtCredential(\n    agentContext: AgentContext,\n    options: {\n      credential: W3cJwtVerifiableCredential | W3cJwtVerifiablePresentation\n      purpose?: DidPurpose[]\n    }\n  ) {\n    const { credential, purpose } = options\n    const kid = credential.jwt.header.kid\n\n    const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n\n    // The signerId is the `holder` of the presentation or the `issuer` of the credential\n    // For a credential only the `iss` COULD be enough to resolve the signer key (see method comments)\n    const signerId = credential.jwt.payload.iss\n\n    let verificationMethod: VerificationMethod\n\n    // If the kid starts with # we assume it is a relative did url, and we resolve it based on the `iss` and the `kid`\n    if (kid?.startsWith('#')) {\n      if (!signerId) {\n        throw new CredoError(`JWT 'kid' MUST be absolute when when no 'iss' is present in JWT payload`)\n      }\n\n      const didDocument = await didResolver.resolveDidDocument(agentContext, signerId)\n      verificationMethod = didDocument.dereferenceKey(`${signerId}${kid}`, purpose)\n    }\n    // this is a full did url (todo check if it contains a #)\n    else if (kid && isDid(kid)) {\n      const didDocument = await didResolver.resolveDidDocument(agentContext, kid)\n\n      verificationMethod = didDocument.dereferenceKey(kid, purpose)\n\n      if (signerId && didDocument.id !== signerId) {\n        throw new CredoError(`kid '${kid}' does not match id of signer (holder/issuer) '${signerId}'`)\n      }\n    } else {\n      if (!signerId) {\n        throw new CredoError(`JWT 'iss' MUST be present in payload when no 'kid' is specified`)\n      }\n\n      // Find the verificationMethod in the did document based on the alg and proofPurpose\n      const jwkClass = PublicJwk.supportedPublicJwkClassForSignatureAlgorithm(\n        credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n      )\n      const supportedVerificationMethodTypes = getSupportedVerificationMethodTypesForPublicJwk(jwkClass)\n\n      const didDocument = await didResolver.resolveDidDocument(agentContext, signerId)\n      const verificationMethods =\n        didDocument.assertionMethod\n          ?.map((v) => (typeof v === 'string' ? didDocument.dereferenceVerificationMethod(v) : v))\n          .filter((v) => supportedVerificationMethodTypes.includes(v.type)) ?? []\n\n      if (verificationMethods.length === 0) {\n        throw new CredoError(\n          `No verification methods found for signer '${signerId}' and key type '${jwkClass.name}' for alg '${credential.jwt.header.alg}'. Unable to determine which public key is associated with the credential.`\n        )\n      }\n      if (verificationMethods.length > 1) {\n        throw new CredoError(\n          `Multiple verification methods found for signer '${signerId}' and key type '${jwkClass.name}' for alg '${credential.jwt.header.alg}'. Unable to determine which public key is associated with the credential.`\n        )\n      }\n\n      verificationMethod = verificationMethods[0]\n    }\n\n    // Verify the controller of the verificationMethod matches the signer of the credential\n    if (signerId && verificationMethod.controller !== signerId) {\n      throw new CredoError(\n        `Verification method controller '${verificationMethod.controller}' does not match the signer '${signerId}'`\n      )\n    }\n\n    return verificationMethod\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiCO,oCAAMA,0BAAwB;CAGnC,AAAO,YAAY,YAAwB;AACzC,OAAK,aAAa;;;;;CAMpB,MAAa,eACX,cACA,SACqC;AAErC,mBAAiB,aAAa,QAAQ,WAAW;EAIjD,MAAM,aAAa,4BAA4B,QAAQ,WAAW;AAElE,MAAI,CAAC,MAAM,QAAQ,mBAAmB,CACpC,OAAM,IAAI,WAAW,4DAA4D;EAGnF,MAAM,YAAY,MAAM,KAAK,0BAA0B,cAAc,QAAQ,oBAAoB,CAC/F,kBACD,CAAC;EAEF,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,cAAc;GAC/D,SAAS;GACT,OAAO,UAAU;GACjB,wBAAwB;IACtB,KAAK;IACL,KAAK,QAAQ;IACb,KAAK,QAAQ;IACd;GACF,CAAC;AAMF,SAFc,2BAA2B,kBAAkB,IAAI;;;;;;;;CAWjE,MAAa,iBACX,cACA,SACoC;EAIpC,MAAM,yBAAyB,QAAQ,0BAA0B;EAEjE,MAAMC,oBAA+C;GACnD,SAAS;GACT,aAAa,EAAE;GAChB;AAED,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,sBAAsB,2BAChC,kBAAiB,aAAa,QAAQ,WAAW,WAAW;AAG9D,iBACE,QAAQ,sBAAsB,6BAC1B,QAAQ,aACR,2BAA2B,kBAAkB,QAAQ,WAAW;AAGtE,eAAW,IAAI,QAAQ,UAAU;AAEjC,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,KAAK,sCAAsC,cAAc;IAC9F;IACA,SAAS,CAAC,kBAAkB;IAC7B,CAAC;GACF,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,IAAIC,kBAA+C;AACnD,OAAI;AAEF,sBAAkB,MAAM,KAAK,WAAW,UAAU,cAAc;KAC9D,KAAK,WAAW,IAAI;KAEpB,WAAW;MACT,QAAQ;MACR,KAAK;MACL,QAAQ,yBAAyB;MAClC;KACF,CAAC;AAEF,QAAI,CAAC,gBAAgB,QACnB,mBAAkB,YAAY,YAAY;KACxC,SAAS;KACT,OAAO,IAAI,WAAW,wBAAwB;KAC/C;QAED,mBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YAEI,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;;AAKH,OAAI,WAAW,aAAa,yBAAyB,WACnD,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,kDAAkD,yBAAyB,GAAG,2CAA2C,WAAW,SAAS,GAC9I;IACF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAOH,OAAI,CAHmB,iBAAiB,WAAW,MAChD,cAAc,UAAU,IAAI,gBAAgB,gBAAgB,YAC9D,CAEC,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WAAW,2DAA2D;IAClF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAIH,OAAI,0BAA0B,CAAC,WAAW,iBACxC,mBAAkB,YAAY,mBAAmB,EAC/C,SAAS,MACV;YACQ,0BAA0B,WAAW,iBAC9C,mBAAkB,YAAY,mBAAmB;IAC/C,SAAS;IACT,OAAO,IAAI,WAAW,2DAA2D;IAClF;AAGH,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAAM,EAAE,QAAQ;AAEhG,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;;;;;;;CAUX,MAAa,iBACX,cACA,SACuC;AAEvC,mBAAiB,aAAa,QAAQ,aAAa;EAInD,MAAM,aAAa,8BAA8B,QAAQ,aAAa;AAGtE,aAAW,iBAAiB,QAAQ,QAAQ;AAC5C,aAAW,MAAM,QAAQ;EAEzB,MAAM,YAAY,MAAM,KAAK,0BAA0B,cAAc,QAAQ,oBAAoB,CAAC,iBAAiB,CAAC;EAEpH,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,cAAc;GAC/D,SAAS;GACT,OAAO,UAAU;GACjB,wBAAwB;IACtB,KAAK;IACL,KAAK,QAAQ;IACb,KAAK,QAAQ;IACd;GACF,CAAC;AAMF,SAFc,6BAA6B,kBAAkB,IAAI;;;;;;;;CAWnE,MAAa,mBACX,cACA,SACsC;EACtC,MAAMC,oBAAiD;GACrD,SAAS;GACT,aAAa,EAAE;GAChB;AAED,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,wBAAwB,6BAClC,kBAAiB,aAAa,QAAQ,aAAa,aAAa;AAGlE,mBACE,QAAQ,wBAAwB,+BAC5B,QAAQ,eACR,6BAA6B,kBAAkB,QAAQ,aAAa;AAG1E,iBAAa,IAAI,QAAQ,UAAU;AAGnC,QAAI,QAAQ,cAAc,aAAa,IAAI,QAAQ,iBAAiB,MAClE,OAAM,IAAI,WAAW,iDAAiD,QAAQ,UAAU,GAAG;IAG7F,MAAM,WAAW,QAAQ,aAAa,IAAI,QAAQ,IAAI;AACtD,QAAI,QAAQ,UAAU,CAAC,SAAS,SAAS,QAAQ,OAAO,CACtD,OAAM,IAAI,WAAW,8CAA8C,QAAQ,OAAO,GAAG;AAGvF,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,KAAK,sCAAsC,cAAc;IAC9F,YAAY;IACZ,SAAS,CAAC,iBAAiB;IAC5B,CAAC;GACF,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,IAAIF,kBAA+C;AACnD,OAAI;AAEF,sBAAkB,MAAM,KAAK,WAAW,UAAU,cAAc;KAC9D,KAAK,aAAa,IAAI;KACtB,yBAAyB,CAAC,MAAM;KAChC,WAAW;MACT,QAAQ;MACR,QAAQ,yBAAyB;MACjC,KAAK;MACN;KACD,qBAAqB,EAAE;KACxB,CAAC;AAEF,QAAI,CAAC,gBAAgB,QACnB,mBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT,OAAO,IAAI,WAAW,wCAAwC;KAC/D;QAED,mBAAkB,YAAY,wBAAwB,EACpD,SAAS,MACV;YAEI,OAAO;AACd,sBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT;KACD;;AAKH,OAAI,aAAa,YAAY,yBAAyB,eAAe,aAAa,SAChF,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,oDAAoD,yBAAyB,GAAG,6CAA6C,aAAa,SAAS,GACpJ;IACF;OAID,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;GAIH,MAAM,cAAc,QAAQ,aAAa,aAAa,qBAAqB;AAG3E,qBAAkB,YAAY,cAAc,MAAM,QAAQ,IACxD,YAAY,IAAI,OAAO,eAAe;AACpC,QAAI,sBAAsB,8BACxB,QAAO;KACL,SAAS;KACT,OAAO,IAAI,WACT,+GACD;KACD,aAAa,EAAE;KAChB;IAGH,MAAM,mBAAmB,MAAM,KAAK,iBAAiB,cAAc;KACjE;KACA,wBAAwB,QAAQ;KACjC,CAAC;IAEF,IAAIG;IASJ,MAAM,uBAAuB,WAAW;IACxC,MAAM,6CAA6C,qBAAqB,MACrE,cAAc,yBAAyB,eAAe,UACxD;AAED,QAAI,qBAAqB,SAAS,KAAK,CAAC,2CACtC,mCAAkC;KAChC,SAAS;KACT,OAAO,IAAI,WACT,8GACD;KACF;QAED,mCAAkC,EAChC,SAAS,MACV;AAGH,WAAO;KACL,GAAG;KACH,SAAS,iBAAiB,WAAW,gCAAgC;KACrE,aAAa;MACX,GAAG,iBAAiB;MACpB;MACD;KACF;KACD,CACH;AAGD,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAC9E,MAAM,QAAQ,EAAE,GAAG,EAAE,OAAO,OAAO,GAAG,QAAQ,GAAG,EAAE,QACpD;AAED,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;CAIX,MAAc,0BACZ,cACA,oBACA,gBACoB;EACpB,MAAM,OAAO,aAAa,QAAQ,QAAQ;EAE1C,MAAM,YAAY,SAAS,mBAAmB;EAC9C,MAAM,EAAE,aAAa,SAAS,MAAM,KAAK,kCAAkC,UAAU,IAAI;EACzF,MAAM,2BAA2B,YAAY,eAAe,oBAAoB,eAAe;EAC/F,MAAM,YAAY,mCAAmC,yBAAyB;AAE9E,YAAU,QACR,MAAM,MAAM,EAAE,+BAA+B,yBAAyB,GAAG,SAAS,yBAAyB,CAAC,EACxG,YAAY,UAAU;AAE5B,SAAO;;;;;;;;;;;;;;;;;;;;;;;;CAyBT,MAAc,sCACZ,cACA,SAIA;EACA,MAAM,EAAE,YAAY,YAAY;EAChC,MAAM,MAAM,WAAW,IAAI,OAAO;EAElC,MAAM,cAAc,aAAa,kBAAkB,QAAQ,mBAAmB;EAI9E,MAAM,WAAW,WAAW,IAAI,QAAQ;EAExC,IAAIC;AAGJ,MAAI,KAAK,WAAW,IAAI,EAAE;AACxB,OAAI,CAAC,SACH,OAAM,IAAI,WAAW,0EAA0E;AAIjG,yBADoB,MAAM,YAAY,mBAAmB,cAAc,SAAS,EAC/C,eAAe,GAAG,WAAW,OAAO,QAAQ;aAGtE,OAAO,MAAM,IAAI,EAAE;GAC1B,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;AAE3E,wBAAqB,YAAY,eAAe,KAAK,QAAQ;AAE7D,OAAI,YAAY,YAAY,OAAO,SACjC,OAAM,IAAI,WAAW,QAAQ,IAAI,iDAAiD,SAAS,GAAG;SAE3F;AACL,OAAI,CAAC,SACH,OAAM,IAAI,WAAW,kEAAkE;GAIzF,MAAM,WAAW,UAAU,6CACzB,WAAW,IAAI,OAAO,IACvB;GACD,MAAM,mCAAmC,gDAAgD,SAAS;GAElG,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,SAAS;GAChF,MAAM,sBACJ,YAAY,iBACR,KAAK,MAAO,OAAO,MAAM,WAAW,YAAY,8BAA8B,EAAE,GAAG,EAAG,CACvF,QAAQ,MAAM,iCAAiC,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE;AAE3E,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,6CAA6C,SAAS,kBAAkB,SAAS,KAAK,aAAa,WAAW,IAAI,OAAO,IAAI,4EAC9H;AAEH,OAAI,oBAAoB,SAAS,EAC/B,OAAM,IAAI,WACR,mDAAmD,SAAS,kBAAkB,SAAS,KAAK,aAAa,WAAW,IAAI,OAAO,IAAI,4EACpI;AAGH,wBAAqB,oBAAoB;;AAI3C,MAAI,YAAY,mBAAmB,eAAe,SAChD,OAAM,IAAI,WACR,mCAAmC,mBAAmB,WAAW,+BAA+B,SAAS,GAC1G;AAGH,SAAO;;;sCAngBV,YAAY"}
+{"version":3,"file":"W3cJwtCredentialService.mjs","names":["W3cJwtCredentialService","validationResults: W3cVerifyCredentialResult","credential: W3cJwtVerifiableCredential","signatureResult: VerifyJwsResult | undefined","validationResults: W3cVerifyPresentationResult","presentation: W3cJwtVerifiablePresentation","credentialSubjectAuthentication: SingleValidationResult","verificationMethod: VerificationMethod"],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtCredentialService.ts"],"sourcesContent":["import type { AgentContext } from '../../../agent/context'\nimport type { VerifyJwsResult } from '../../../crypto/JwsService'\nimport { JwsService } from '../../../crypto/JwsService'\nimport { CredoError } from '../../../error'\nimport { injectable } from '../../../plugins'\nimport { asArray, isDid, MessageValidator } from '../../../utils'\nimport type { DidPurpose, VerificationMethod } from '../../dids'\nimport { DidResolverService, DidsApi, parseDid } from '../../dids'\nimport {\n  getPublicJwkFromVerificationMethod,\n  getSupportedVerificationMethodTypesForPublicJwk,\n} from '../../dids/domain/key-type/keyDidMapping'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../../kms'\nimport { W3cJsonLdVerifiableCredential } from '../data-integrity'\nimport type { SingleValidationResult, W3cVerifyCredentialResult, W3cVerifyPresentationResult } from '../models'\nimport type {\n  W3cJwtSignCredentialOptions,\n  W3cJwtSignPresentationOptions,\n  W3cJwtVerifyCredentialOptions,\n  W3cJwtVerifyPresentationOptions,\n} from '../W3cCredentialServiceOptions'\nimport { getJwtPayloadFromCredential } from './credentialTransformer'\nimport { getJwtPayloadFromPresentation } from './presentationTransformer'\nimport { W3cJwtVerifiableCredential } from './W3cJwtVerifiableCredential'\nimport { W3cJwtVerifiablePresentation } from './W3cJwtVerifiablePresentation'\n\n/**\n * Supports signing and verification of credentials according to the [Verifiable Credential Data Model](https://www.w3.org/TR/vc-data-model)\n * using [Json Web Tokens](https://www.w3.org/TR/vc-data-model/#json-web-token).\n */\n@injectable()\nexport class W3cJwtCredentialService {\n  private jwsService: JwsService\n\n  public constructor(jwsService: JwsService) {\n    this.jwsService = jwsService\n  }\n\n  /**\n   * Signs a credential\n   */\n  public async signCredential(\n    agentContext: AgentContext,\n    options: W3cJwtSignCredentialOptions\n  ): Promise<W3cJwtVerifiableCredential> {\n    // Validate the instance\n    MessageValidator.validateSync(options.credential)\n\n    // Get the JWT payload for the JWT based on the JWT Encoding rules form the VC-DATA-MODEL\n    // https://www.w3.org/TR/vc-data-model/#jwt-encoding\n    const jwtPayload = getJwtPayloadFromCredential(options.credential)\n\n    if (!isDid(options.verificationMethod)) {\n      throw new CredoError('Only did identifiers are supported as verification method')\n    }\n\n    const publicJwk = await this.resolveVerificationMethod(agentContext, options.verificationMethod, [\n      'assertionMethod',\n    ])\n\n    const jwt = await this.jwsService.createJwsCompact(agentContext, {\n      payload: jwtPayload,\n      keyId: publicJwk.keyId,\n      protectedHeaderOptions: {\n        typ: 'JWT',\n        alg: options.alg,\n        kid: options.verificationMethod,\n      },\n    })\n\n    // TODO: this re-parses and validates the credential in the JWT, which is not necessary.\n    // We should somehow create an instance of W3cJwtVerifiableCredential directly from the JWT\n    const jwtVc = W3cJwtVerifiableCredential.fromSerializedJwt(jwt)\n\n    return jwtVc\n  }\n\n  /**\n   * Verifies the signature(s) of a credential\n   *\n   * @param credential the credential to be verified\n   * @returns the verification result\n   */\n  public async verifyCredential(\n    agentContext: AgentContext,\n    options: W3cJwtVerifyCredentialOptions\n  ): Promise<W3cVerifyCredentialResult> {\n    // NOTE: this is mostly from the JSON-LD service that adds this option. Once we support\n    // the same granular validation results, we can remove this and the user could just check\n    // which of the validations failed. Supporting for consistency with the JSON-LD service for now.\n    const verifyCredentialStatus = options.verifyCredentialStatus ?? true\n\n    const validationResults: W3cVerifyCredentialResult = {\n      isValid: false,\n      validations: {},\n    }\n\n    try {\n      let credential: W3cJwtVerifiableCredential\n      try {\n        // If instance is provided as input, we want to validate the credential (otherwise it's done in the fromSerializedJwt method below)\n        if (options.credential instanceof W3cJwtVerifiableCredential) {\n          MessageValidator.validateSync(options.credential.credential)\n        }\n\n        credential =\n          options.credential instanceof W3cJwtVerifiableCredential\n            ? options.credential\n            : W3cJwtVerifiableCredential.fromSerializedJwt(options.credential)\n\n        // Verify the JWT payload (verifies whether it's not expired, etc...)\n        credential.jwt.payload.validate()\n\n        validationResults.validations.dataModel = {\n          isValid: true,\n        }\n      } catch (error) {\n        validationResults.validations.dataModel = {\n          isValid: false,\n          error,\n        }\n\n        return validationResults\n      }\n\n      const issuerVerificationMethod = await this.getVerificationMethodForJwtCredential(agentContext, {\n        credential,\n        purpose: ['assertionMethod'],\n      })\n      const issuerPublicKey = getPublicJwkFromVerificationMethod(issuerVerificationMethod)\n\n      let signatureResult: VerifyJwsResult | undefined\n      try {\n        // Verify the JWS signature\n        signatureResult = await this.jwsService.verifyJws(agentContext, {\n          jws: credential.jwt.serializedJwt,\n          // We have pre-fetched the key based on the issuer/signer of the credential\n          jwsSigner: {\n            method: 'did',\n            jwk: issuerPublicKey,\n            didUrl: issuerVerificationMethod.id,\n          },\n        })\n\n        if (!signatureResult.isValid) {\n          validationResults.validations.signature = {\n            isValid: false,\n            error: new CredoError('Invalid JWS signature'),\n          }\n        } else {\n          validationResults.validations.signature = {\n            isValid: true,\n          }\n        }\n      } catch (error) {\n        validationResults.validations.signature = {\n          isValid: false,\n          error,\n        }\n      }\n\n      // Validate whether the credential is signed with the 'issuer' id\n      // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n      if (credential.issuerId !== issuerVerificationMethod.controller) {\n        validationResults.validations.issuerIsSigner = {\n          isValid: false,\n          error: new CredoError(\n            `Credential is signed using verification method ${issuerVerificationMethod.id}, while the issuer of the credential is '${credential.issuerId}'`\n          ),\n        }\n      } else {\n        validationResults.validations.issuerIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // Validate whether the `issuer` of the credential is also the signer\n      const issuerIsSigner = signatureResult?.jwsSigners.some(\n        (jwsSigner) => jwsSigner.jwk.fingerprint === issuerPublicKey.fingerprint\n      )\n      if (!issuerIsSigner) {\n        validationResults.validations.issuerIsSigner = {\n          isValid: false,\n          error: new CredoError('Credential is not signed by the issuer of the credential'),\n        }\n      } else {\n        validationResults.validations.issuerIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // Validate credentialStatus\n      if (verifyCredentialStatus && !credential.credentialStatus) {\n        validationResults.validations.credentialStatus = {\n          isValid: true,\n        }\n      } else if (verifyCredentialStatus && credential.credentialStatus) {\n        validationResults.validations.credentialStatus = {\n          isValid: false,\n          error: new CredoError('Verifying credential status is not supported for JWT VCs'),\n        }\n      }\n\n      validationResults.isValid = Object.values(validationResults.validations).every((v) => v.isValid)\n\n      return validationResults\n    } catch (error) {\n      validationResults.error = error\n      return validationResults\n    }\n  }\n\n  /**\n   * Signs a presentation including the credentials it includes\n   *\n   * @param presentation the presentation to be signed\n   * @returns the signed presentation\n   */\n  public async signPresentation(\n    agentContext: AgentContext,\n    options: W3cJwtSignPresentationOptions\n  ): Promise<W3cJwtVerifiablePresentation> {\n    // Validate the instance\n    MessageValidator.validateSync(options.presentation)\n\n    // Get the JWT payload for the JWT based on the JWT Encoding rules form the VC-DATA-MODEL\n    // https://www.w3.org/TR/vc-data-model/#jwt-encoding\n    const jwtPayload = getJwtPayloadFromPresentation(options.presentation)\n\n    // Set the nonce so it's included in the signature\n    jwtPayload.additionalClaims.nonce = options.challenge\n    jwtPayload.aud = options.domain\n\n    const publicJwk = await this.resolveVerificationMethod(agentContext, options.verificationMethod, ['authentication'])\n\n    const jwt = await this.jwsService.createJwsCompact(agentContext, {\n      payload: jwtPayload,\n      keyId: publicJwk.keyId,\n      protectedHeaderOptions: {\n        typ: 'JWT',\n        alg: options.alg,\n        kid: options.verificationMethod,\n      },\n    })\n\n    // TODO: this re-parses and validates the presentation in the JWT, which is not necessary.\n    // We should somehow create an instance of W3cJwtVerifiablePresentation directly from the JWT\n    const jwtVp = W3cJwtVerifiablePresentation.fromSerializedJwt(jwt)\n\n    return jwtVp\n  }\n\n  /**\n   * Verifies a presentation including the credentials it includes\n   *\n   * @param presentation the presentation to be verified\n   * @returns the verification result\n   */\n  public async verifyPresentation(\n    agentContext: AgentContext,\n    options: W3cJwtVerifyPresentationOptions\n  ): Promise<W3cVerifyPresentationResult> {\n    const validationResults: W3cVerifyPresentationResult = {\n      isValid: false,\n      validations: {},\n    }\n\n    try {\n      let presentation: W3cJwtVerifiablePresentation\n      try {\n        // If instance is provided as input, we want to validate the presentation\n        if (options.presentation instanceof W3cJwtVerifiablePresentation) {\n          MessageValidator.validateSync(options.presentation.presentation)\n        }\n\n        presentation =\n          options.presentation instanceof W3cJwtVerifiablePresentation\n            ? options.presentation\n            : W3cJwtVerifiablePresentation.fromSerializedJwt(options.presentation)\n\n        // Verify the JWT payload (verifies whether it's not expired, etc...)\n        presentation.jwt.payload.validate()\n\n        // Make sure challenge matches nonce\n        if (options.challenge !== presentation.jwt.payload.additionalClaims.nonce) {\n          throw new CredoError(`JWT payload 'nonce' does not match challenge '${options.challenge}'`)\n        }\n\n        const audArray = asArray(presentation.jwt.payload.aud)\n        if (options.domain && !audArray.includes(options.domain)) {\n          throw new CredoError(`JWT payload 'aud' does not include domain '${options.domain}'`)\n        }\n\n        validationResults.validations.dataModel = {\n          isValid: true,\n        }\n      } catch (error) {\n        validationResults.validations.dataModel = {\n          isValid: false,\n          error,\n        }\n\n        return validationResults\n      }\n\n      const proverVerificationMethod = await this.getVerificationMethodForJwtCredential(agentContext, {\n        credential: presentation,\n        purpose: ['authentication'],\n      })\n      const proverPublicKey = getPublicJwkFromVerificationMethod(proverVerificationMethod)\n\n      let signatureResult: VerifyJwsResult | undefined\n      try {\n        // Verify the JWS signature\n        signatureResult = await this.jwsService.verifyJws(agentContext, {\n          jws: presentation.jwt.serializedJwt,\n          allowedJwsSignerMethods: ['did'],\n          jwsSigner: {\n            method: 'did',\n            didUrl: proverVerificationMethod.id,\n            jwk: proverPublicKey,\n          },\n          trustedCertificates: [],\n        })\n\n        if (!signatureResult.isValid) {\n          validationResults.validations.presentationSignature = {\n            isValid: false,\n            error: new CredoError('Invalid JWS signature on presentation'),\n          }\n        } else {\n          validationResults.validations.presentationSignature = {\n            isValid: true,\n          }\n        }\n      } catch (error) {\n        validationResults.validations.presentationSignature = {\n          isValid: false,\n          error,\n        }\n      }\n\n      // Validate whether the presentation is signed with the 'holder' id\n      // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n      if (presentation.holderId && proverVerificationMethod.controller !== presentation.holderId) {\n        validationResults.validations.holderIsSigner = {\n          isValid: false,\n          error: new CredoError(\n            `Presentation is signed using verification method ${proverVerificationMethod.id}, while the holder of the presentation is '${presentation.holderId}'`\n          ),\n        }\n      } else {\n        // If no holderId is present, this validation passes by default as there can't be\n        // a mismatch between the 'holder' property and the signer of the presentation.\n        validationResults.validations.holderIsSigner = {\n          isValid: true,\n        }\n      }\n\n      // To keep things simple, we only support JWT VCs in JWT VPs for now\n      const credentials = asArray(presentation.presentation.verifiableCredential)\n\n      // Verify all credentials in parallel, and await the result\n      validationResults.validations.credentials = await Promise.all(\n        credentials.map(async (credential) => {\n          if (credential instanceof W3cJsonLdVerifiableCredential) {\n            return {\n              isValid: false,\n              error: new CredoError(\n                'Credential is of format ldp_vc. presentations in jwt_vp format can only contain credentials in jwt_vc format'\n              ),\n              validations: {},\n            }\n          }\n\n          const credentialResult = await this.verifyCredential(agentContext, {\n            credential,\n            verifyCredentialStatus: options.verifyCredentialStatus,\n          })\n\n          let credentialSubjectAuthentication: SingleValidationResult\n\n          // Check whether any of the credentialSubjectIds for each credential is the same as the controller of the verificationMethod\n          // This authenticates the presentation creator controls one of the credentialSubject ids.\n          // NOTE: this doesn't take into account the case where the credentialSubject is no the holder. In the\n          // future we can add support for other flows, but for now this is the most common use case.\n          // TODO: should this be handled on a higher level? I don't really see it being handled in the jsonld lib\n          // or in the did-jwt-vc lib (it seems they don't even verify the credentials itself), but we probably need some\n          // more experience on the use cases before we loosen the restrictions (as it means we need to handle it on a higher layer).\n          const credentialSubjectIds = credential.credentialSubjectIds\n          const presentationAuthenticatesCredentialSubject = credentialSubjectIds.some(\n            (subjectId) => proverVerificationMethod.controller === subjectId\n          )\n\n          if (credentialSubjectIds.length > 0 && !presentationAuthenticatesCredentialSubject) {\n            credentialSubjectAuthentication = {\n              isValid: false,\n              error: new CredoError(\n                'Credential has one or more credentialSubject ids, but presentation does not authenticate credential subject'\n              ),\n            }\n          } else {\n            credentialSubjectAuthentication = {\n              isValid: true,\n            }\n          }\n\n          return {\n            ...credentialResult,\n            isValid: credentialResult.isValid && credentialSubjectAuthentication.isValid,\n            validations: {\n              ...credentialResult.validations,\n              credentialSubjectAuthentication,\n            },\n          }\n        })\n      )\n\n      // Deeply nested check whether all validations have passed\n      validationResults.isValid = Object.values(validationResults.validations).every((v) =>\n        Array.isArray(v) ? v.every((vv) => vv.isValid) : v.isValid\n      )\n\n      return validationResults\n    } catch (error) {\n      validationResults.error = error\n      return validationResults\n    }\n  }\n\n  private async resolveVerificationMethod(\n    agentContext: AgentContext,\n    verificationMethod: string,\n    allowsPurposes?: DidPurpose[]\n  ): Promise<PublicJwk> {\n    const dids = agentContext.resolve(DidsApi)\n\n    const parsedDid = parseDid(verificationMethod)\n    const { didDocument, keys } = await dids.resolveCreatedDidDocumentWithKeys(parsedDid.did)\n    const verificationMethodObject = didDocument.dereferenceKey(verificationMethod, allowsPurposes)\n    const publicJwk = getPublicJwkFromVerificationMethod(verificationMethodObject)\n\n    publicJwk.keyId =\n      keys?.find(({ didDocumentRelativeKeyId }) => verificationMethodObject.id.endsWith(didDocumentRelativeKeyId))\n        ?.kmsKeyId ?? publicJwk.legacyKeyId\n\n    return publicJwk\n  }\n\n  /**\n   * This method tries to find the verification method associated with the JWT credential or presentation.\n   * This verification method can then be used to verify the credential or presentation signature.\n   *\n   * The following methods are used to extract the verification method:\n   *  - verification method is resolved based on the `kid` in the protected header\n   *    - either as absolute reference (e.g. `did:example:123#key-1`)\n   *    - or as relative reference to the `iss` of the JWT (e.g. `iss` is `did:example:123` and `kid` is `#key-1`)\n   *  - the did document is resolved based on the `iss` field, after which the verification method is extracted based on the `alg`\n   *    used to sign the JWT and the specified `purpose`. Only a single verification method may be present, and in all other cases,\n   *    an error is thrown.\n   *\n   * The signer (`iss`) of the JWT is verified against the `controller` of the verificationMethod resolved in the did\n   * document. This means if the `iss` of a credential is `did:example:123` and the controller of the verificationMethod\n   * is `did:example:456`, an error is thrown to prevent the JWT from successfully being verified.\n   *\n   * In addition the JWT must conform to one of the following rules:\n   *   - MUST be a credential and have an `iss` field and MAY have an absolute or relative `kid`\n   *   - MUST not be a credential AND ONE of the following:\n   *      - have an `iss` field and MAY have an absolute or relative `kid`\n   *      - does not have an `iss` field and MUST have an absolute `kid`\n   */\n  private async getVerificationMethodForJwtCredential(\n    agentContext: AgentContext,\n    options: {\n      credential: W3cJwtVerifiableCredential | W3cJwtVerifiablePresentation\n      purpose?: DidPurpose[]\n    }\n  ) {\n    const { credential, purpose } = options\n    const kid = credential.jwt.header.kid\n\n    const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n\n    // The signerId is the `holder` of the presentation or the `issuer` of the credential\n    // For a credential only the `iss` COULD be enough to resolve the signer key (see method comments)\n    const signerId = credential.jwt.payload.iss\n\n    let verificationMethod: VerificationMethod\n\n    // If the kid starts with # we assume it is a relative did url, and we resolve it based on the `iss` and the `kid`\n    if (kid?.startsWith('#')) {\n      if (!signerId) {\n        throw new CredoError(`JWT 'kid' MUST be absolute when when no 'iss' is present in JWT payload`)\n      }\n\n      const didDocument = await didResolver.resolveDidDocument(agentContext, signerId)\n      verificationMethod = didDocument.dereferenceKey(`${signerId}${kid}`, purpose)\n    }\n    // this is a full did url (todo check if it contains a #)\n    else if (kid && isDid(kid)) {\n      const didDocument = await didResolver.resolveDidDocument(agentContext, kid)\n\n      verificationMethod = didDocument.dereferenceKey(kid, purpose)\n\n      if (signerId && didDocument.id !== signerId) {\n        throw new CredoError(`kid '${kid}' does not match id of signer (holder/issuer) '${signerId}'`)\n      }\n    } else {\n      if (!signerId) {\n        throw new CredoError(`JWT 'iss' MUST be present in payload when no 'kid' is specified`)\n      }\n\n      // Find the verificationMethod in the did document based on the alg and proofPurpose\n      const jwkClass = PublicJwk.supportedPublicJwkClassForSignatureAlgorithm(\n        credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n      )\n      const supportedVerificationMethodTypes = getSupportedVerificationMethodTypesForPublicJwk(jwkClass)\n\n      const didDocument = await didResolver.resolveDidDocument(agentContext, signerId)\n      const verificationMethods =\n        didDocument.assertionMethod\n          ?.map((v) => (typeof v === 'string' ? didDocument.dereferenceVerificationMethod(v) : v))\n          .filter((v) => supportedVerificationMethodTypes.includes(v.type)) ?? []\n\n      if (verificationMethods.length === 0) {\n        throw new CredoError(\n          `No verification methods found for signer '${signerId}' and key type '${jwkClass.name}' for alg '${credential.jwt.header.alg}'. Unable to determine which public key is associated with the credential.`\n        )\n      }\n      if (verificationMethods.length > 1) {\n        throw new CredoError(\n          `Multiple verification methods found for signer '${signerId}' and key type '${jwkClass.name}' for alg '${credential.jwt.header.alg}'. Unable to determine which public key is associated with the credential.`\n        )\n      }\n\n      verificationMethod = verificationMethods[0]\n    }\n\n    // Verify the controller of the verificationMethod matches the signer of the credential\n    if (signerId && verificationMethod.controller !== signerId) {\n      throw new CredoError(\n        `Verification method controller '${verificationMethod.controller}' does not match the signer '${signerId}'`\n      )\n    }\n\n    return verificationMethod\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BO,oCAAMA,0BAAwB;CAGnC,AAAO,YAAY,YAAwB;AACzC,OAAK,aAAa;;;;;CAMpB,MAAa,eACX,cACA,SACqC;AAErC,mBAAiB,aAAa,QAAQ,WAAW;EAIjD,MAAM,aAAa,4BAA4B,QAAQ,WAAW;AAElE,MAAI,CAAC,MAAM,QAAQ,mBAAmB,CACpC,OAAM,IAAI,WAAW,4DAA4D;EAGnF,MAAM,YAAY,MAAM,KAAK,0BAA0B,cAAc,QAAQ,oBAAoB,CAC/F,kBACD,CAAC;EAEF,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,cAAc;GAC/D,SAAS;GACT,OAAO,UAAU;GACjB,wBAAwB;IACtB,KAAK;IACL,KAAK,QAAQ;IACb,KAAK,QAAQ;IACd;GACF,CAAC;AAMF,SAFc,2BAA2B,kBAAkB,IAAI;;;;;;;;CAWjE,MAAa,iBACX,cACA,SACoC;EAIpC,MAAM,yBAAyB,QAAQ,0BAA0B;EAEjE,MAAMC,oBAA+C;GACnD,SAAS;GACT,aAAa,EAAE;GAChB;AAED,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,sBAAsB,2BAChC,kBAAiB,aAAa,QAAQ,WAAW,WAAW;AAG9D,iBACE,QAAQ,sBAAsB,6BAC1B,QAAQ,aACR,2BAA2B,kBAAkB,QAAQ,WAAW;AAGtE,eAAW,IAAI,QAAQ,UAAU;AAEjC,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,KAAK,sCAAsC,cAAc;IAC9F;IACA,SAAS,CAAC,kBAAkB;IAC7B,CAAC;GACF,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,IAAIC;AACJ,OAAI;AAEF,sBAAkB,MAAM,KAAK,WAAW,UAAU,cAAc;KAC9D,KAAK,WAAW,IAAI;KAEpB,WAAW;MACT,QAAQ;MACR,KAAK;MACL,QAAQ,yBAAyB;MAClC;KACF,CAAC;AAEF,QAAI,CAAC,gBAAgB,QACnB,mBAAkB,YAAY,YAAY;KACxC,SAAS;KACT,OAAO,IAAI,WAAW,wBAAwB;KAC/C;QAED,mBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YAEI,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;;AAKH,OAAI,WAAW,aAAa,yBAAyB,WACnD,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,kDAAkD,yBAAyB,GAAG,2CAA2C,WAAW,SAAS,GAC9I;IACF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAOH,OAAI,CAHmB,iBAAiB,WAAW,MAChD,cAAc,UAAU,IAAI,gBAAgB,gBAAgB,YAC9D,CAEC,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WAAW,2DAA2D;IAClF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAIH,OAAI,0BAA0B,CAAC,WAAW,iBACxC,mBAAkB,YAAY,mBAAmB,EAC/C,SAAS,MACV;YACQ,0BAA0B,WAAW,iBAC9C,mBAAkB,YAAY,mBAAmB;IAC/C,SAAS;IACT,OAAO,IAAI,WAAW,2DAA2D;IAClF;AAGH,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAAM,EAAE,QAAQ;AAEhG,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;;;;;;;CAUX,MAAa,iBACX,cACA,SACuC;AAEvC,mBAAiB,aAAa,QAAQ,aAAa;EAInD,MAAM,aAAa,8BAA8B,QAAQ,aAAa;AAGtE,aAAW,iBAAiB,QAAQ,QAAQ;AAC5C,aAAW,MAAM,QAAQ;EAEzB,MAAM,YAAY,MAAM,KAAK,0BAA0B,cAAc,QAAQ,oBAAoB,CAAC,iBAAiB,CAAC;EAEpH,MAAM,MAAM,MAAM,KAAK,WAAW,iBAAiB,cAAc;GAC/D,SAAS;GACT,OAAO,UAAU;GACjB,wBAAwB;IACtB,KAAK;IACL,KAAK,QAAQ;IACb,KAAK,QAAQ;IACd;GACF,CAAC;AAMF,SAFc,6BAA6B,kBAAkB,IAAI;;;;;;;;CAWnE,MAAa,mBACX,cACA,SACsC;EACtC,MAAMC,oBAAiD;GACrD,SAAS;GACT,aAAa,EAAE;GAChB;AAED,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,wBAAwB,6BAClC,kBAAiB,aAAa,QAAQ,aAAa,aAAa;AAGlE,mBACE,QAAQ,wBAAwB,+BAC5B,QAAQ,eACR,6BAA6B,kBAAkB,QAAQ,aAAa;AAG1E,iBAAa,IAAI,QAAQ,UAAU;AAGnC,QAAI,QAAQ,cAAc,aAAa,IAAI,QAAQ,iBAAiB,MAClE,OAAM,IAAI,WAAW,iDAAiD,QAAQ,UAAU,GAAG;IAG7F,MAAM,WAAW,QAAQ,aAAa,IAAI,QAAQ,IAAI;AACtD,QAAI,QAAQ,UAAU,CAAC,SAAS,SAAS,QAAQ,OAAO,CACtD,OAAM,IAAI,WAAW,8CAA8C,QAAQ,OAAO,GAAG;AAGvF,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,KAAK,sCAAsC,cAAc;IAC9F,YAAY;IACZ,SAAS,CAAC,iBAAiB;IAC5B,CAAC;GACF,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,IAAIF;AACJ,OAAI;AAEF,sBAAkB,MAAM,KAAK,WAAW,UAAU,cAAc;KAC9D,KAAK,aAAa,IAAI;KACtB,yBAAyB,CAAC,MAAM;KAChC,WAAW;MACT,QAAQ;MACR,QAAQ,yBAAyB;MACjC,KAAK;MACN;KACD,qBAAqB,EAAE;KACxB,CAAC;AAEF,QAAI,CAAC,gBAAgB,QACnB,mBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT,OAAO,IAAI,WAAW,wCAAwC;KAC/D;QAED,mBAAkB,YAAY,wBAAwB,EACpD,SAAS,MACV;YAEI,OAAO;AACd,sBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT;KACD;;AAKH,OAAI,aAAa,YAAY,yBAAyB,eAAe,aAAa,SAChF,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,oDAAoD,yBAAyB,GAAG,6CAA6C,aAAa,SAAS,GACpJ;IACF;OAID,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;GAIH,MAAM,cAAc,QAAQ,aAAa,aAAa,qBAAqB;AAG3E,qBAAkB,YAAY,cAAc,MAAM,QAAQ,IACxD,YAAY,IAAI,OAAO,eAAe;AACpC,QAAI,sBAAsB,8BACxB,QAAO;KACL,SAAS;KACT,OAAO,IAAI,WACT,+GACD;KACD,aAAa,EAAE;KAChB;IAGH,MAAM,mBAAmB,MAAM,KAAK,iBAAiB,cAAc;KACjE;KACA,wBAAwB,QAAQ;KACjC,CAAC;IAEF,IAAIG;IASJ,MAAM,uBAAuB,WAAW;IACxC,MAAM,6CAA6C,qBAAqB,MACrE,cAAc,yBAAyB,eAAe,UACxD;AAED,QAAI,qBAAqB,SAAS,KAAK,CAAC,2CACtC,mCAAkC;KAChC,SAAS;KACT,OAAO,IAAI,WACT,8GACD;KACF;QAED,mCAAkC,EAChC,SAAS,MACV;AAGH,WAAO;KACL,GAAG;KACH,SAAS,iBAAiB,WAAW,gCAAgC;KACrE,aAAa;MACX,GAAG,iBAAiB;MACpB;MACD;KACF;KACD,CACH;AAGD,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAC9E,MAAM,QAAQ,EAAE,GAAG,EAAE,OAAO,OAAO,GAAG,QAAQ,GAAG,EAAE,QACpD;AAED,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;CAIX,MAAc,0BACZ,cACA,oBACA,gBACoB;EACpB,MAAM,OAAO,aAAa,QAAQ,QAAQ;EAE1C,MAAM,YAAY,SAAS,mBAAmB;EAC9C,MAAM,EAAE,aAAa,SAAS,MAAM,KAAK,kCAAkC,UAAU,IAAI;EACzF,MAAM,2BAA2B,YAAY,eAAe,oBAAoB,eAAe;EAC/F,MAAM,YAAY,mCAAmC,yBAAyB;AAE9E,YAAU,QACR,MAAM,MAAM,EAAE,+BAA+B,yBAAyB,GAAG,SAAS,yBAAyB,CAAC,EACxG,YAAY,UAAU;AAE5B,SAAO;;;;;;;;;;;;;;;;;;;;;;;;CAyBT,MAAc,sCACZ,cACA,SAIA;EACA,MAAM,EAAE,YAAY,YAAY;EAChC,MAAM,MAAM,WAAW,IAAI,OAAO;EAElC,MAAM,cAAc,aAAa,kBAAkB,QAAQ,mBAAmB;EAI9E,MAAM,WAAW,WAAW,IAAI,QAAQ;EAExC,IAAIC;AAGJ,MAAI,KAAK,WAAW,IAAI,EAAE;AACxB,OAAI,CAAC,SACH,OAAM,IAAI,WAAW,0EAA0E;AAIjG,yBADoB,MAAM,YAAY,mBAAmB,cAAc,SAAS,EAC/C,eAAe,GAAG,WAAW,OAAO,QAAQ;aAGtE,OAAO,MAAM,IAAI,EAAE;GAC1B,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;AAE3E,wBAAqB,YAAY,eAAe,KAAK,QAAQ;AAE7D,OAAI,YAAY,YAAY,OAAO,SACjC,OAAM,IAAI,WAAW,QAAQ,IAAI,iDAAiD,SAAS,GAAG;SAE3F;AACL,OAAI,CAAC,SACH,OAAM,IAAI,WAAW,kEAAkE;GAIzF,MAAM,WAAW,UAAU,6CACzB,WAAW,IAAI,OAAO,IACvB;GACD,MAAM,mCAAmC,gDAAgD,SAAS;GAElG,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,SAAS;GAChF,MAAM,sBACJ,YAAY,iBACR,KAAK,MAAO,OAAO,MAAM,WAAW,YAAY,8BAA8B,EAAE,GAAG,EAAG,CACvF,QAAQ,MAAM,iCAAiC,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE;AAE3E,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,6CAA6C,SAAS,kBAAkB,SAAS,KAAK,aAAa,WAAW,IAAI,OAAO,IAAI,4EAC9H;AAEH,OAAI,oBAAoB,SAAS,EAC/B,OAAM,IAAI,WACR,mDAAmD,SAAS,kBAAkB,SAAS,KAAK,aAAa,WAAW,IAAI,OAAO,IAAI,4EACpI;AAGH,wBAAqB,oBAAoB;;AAI3C,MAAI,YAAY,mBAAmB,eAAe,SAChD,OAAM,IAAI,WACR,mCAAmC,mBAAmB,WAAW,+BAA+B,SAAS,GAC1G;AAGH,SAAO;;;sCAngBV,YAAY"}

package/build/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.mts

@@ -1,12 +1,12 @@
-import { W3cCredentialSubject } from "../models/credential/W3cCredentialSubject.mjs";
-import { W3cIssuer } from "../models/credential/W3cIssuer.mjs";
+import { JsonObject, SingleOrArray } from "../../../types.mjs";
+import { ClaimFormat } from "../models/ClaimFormat.mjs";
 import { W3cCredentialSchema } from "../models/credential/W3cCredentialSchema.mjs";
 import { W3cCredentialStatus } from "../models/credential/W3cCredentialStatus.mjs";
+import { W3cCredentialSubject } from "../models/credential/W3cCredentialSubject.mjs";
+import { W3cIssuer } from "../models/credential/W3cIssuer.mjs";
 import { W3cCredential } from "../models/credential/W3cCredential.mjs";
 import { W3cJsonCredential } from "../models/credential/W3cJsonCredential.mjs";
-import { ClaimFormat } from "../models/ClaimFormat.mjs";
 import { Jwt } from "../../../crypto/jose/jwt/Jwt.mjs";
-import { JsonObject, SingleOrArray } from "../../../types.mjs";
 
 //#region src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.ts
 interface W3cJwtVerifiableCredentialOptions {

package/build/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtVerifiableCredential.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;UASiB,iCAAA;OACV;;cAGM,0BAAA;gBACU;;uBAGO;mDAMyB;;AAdvD;AAIA;;;;;;MA0BwC,UAAA,CAAA,CAAA,EAAb,aAAa;MAgBpB,aAAA,CAAA,CAAA,EAAA,MAAA;MAYD,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GA5BqB,UA4BrB,CAAA,EAAA;MAYW,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAAA,IAAA,CAAA,CAAA,EAAA,MAAA,EAAA;MAID,MAAA,CAAA,CAAA,EAAA,MAAA,GA5BT,SA4BS;MAAA,YAAA,CAAA,CAAA,EAAA,MAAA;MAIA,cAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAuBD,iBAAY,CAAA,CAAA,EA/BV,aA+BU,CA3CrB,oBAAA,CA2CqB;MAYT,gBAAA,CAAA,CAAA,EAvCF,aAuCE,CA3CD,mBAAA,CA2CC,GAAA,SAAA;EAAiB,IAAA,gBAAA,CAAA,CAAA,EAvCnB,mBAAA,GAuCmB,SAAA;;;;4BAnCnB;;;;qBAuBD,WAAA,CAAY;;;;;;wBAYT"}
+{"version":3,"file":"W3cJwtVerifiableCredential.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;UAQiB,iCAAA;OACV;;cAGM,0BAAA;gBACU;;uBAGO;mDAMyB;;AAdvD;AAIA;;;;;;MA0BwC,UAAA,CAAA,CAAA,EAAb,aAAa;MAgBpB,aAAA,CAAA,CAAA,EAAA,MAAA;MAYD,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GA5BqB,UA4BrB,CAAA,EAAA;MAYW,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAAA,IAAA,CAAA,CAAA,EAAA,MAAA,EAAA;MAID,MAAA,CAAA,CAAA,EAAA,MAAA,GA5BT,SA4BS;MAAA,YAAA,CAAA,CAAA,EAAA,MAAA;MAIA,cAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAuBD,iBAAY,CAAA,CAAA,EA/BV,aA+BU,CA3CrB,oBAAA,CA2CqB;MAYT,gBAAA,CAAA,CAAA,EAvCF,aAuCE,CA3CD,mBAAA,CA2CC,GAAA,SAAA;EAAiB,IAAA,gBAAA,CAAA,CAAA,EAvCnB,mBAAA,GAuCmB,SAAA;;;;4BAnCnB;;;;qBAuBD,WAAA,CAAY;;;;;;wBAYT"}

package/build/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.ts

@@ -1,12 +1,12 @@
-import { W3cCredentialSubject } from "../models/credential/W3cCredentialSubject.js";
-import { W3cIssuer } from "../models/credential/W3cIssuer.js";
+import { JsonObject, SingleOrArray } from "../../../types.js";
+import { ClaimFormat } from "../models/ClaimFormat.js";
 import { W3cCredentialSchema } from "../models/credential/W3cCredentialSchema.js";
 import { W3cCredentialStatus } from "../models/credential/W3cCredentialStatus.js";
+import { W3cCredentialSubject } from "../models/credential/W3cCredentialSubject.js";
+import { W3cIssuer } from "../models/credential/W3cIssuer.js";
 import { W3cCredential } from "../models/credential/W3cCredential.js";
 import { W3cJsonCredential } from "../models/credential/W3cJsonCredential.js";
-import { ClaimFormat } from "../models/ClaimFormat.js";
 import { Jwt } from "../../../crypto/jose/jwt/Jwt.js";
-import { JsonObject, SingleOrArray } from "../../../types.js";
 
 //#region src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.ts
 interface W3cJwtVerifiableCredentialOptions {

package/build/modules/vc/jwt-vc/W3cJwtVerifiableCredential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtVerifiableCredential.d.ts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;UASiB,iCAAA;OACV;;cAGM,0BAAA;gBACU;;uBAGO;EARb,OAAA,iBAAA,CAAA,aAAiC,EAAA,MAAA,CAAA,EAcK,0BAb7C;EAGG;;;;;;;;MAsDM,UAAA,CAAA,CAAA,EA5BQ,aA4BR;MAYW,aAAA,CAAA,CAAA,EAAA,MAAA;MAAA,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GAxCU,UAwCV,CAAA,EAAA;MAID,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAAA,IAAA,CAAA,CAAA,EAAA,MAAA,EAAA;MAIA,MAAA,CAAA,CAAA,EAAA,MAAA,GAhCT,SAgCS;MAuBD,YAAY,CAAA,CAAA,EAAA,MAAA;MAYT,cAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;EAAiB,IAAA,iBAAA,CAAA,CAAA,EA3ClB,aA2CkB,CAvD7B,oBAAA,CAuD6B;0BAvCnB,cAJC,mBAAA;0BAID,mBAAA;;;;4BAIA;;;;qBAuBD,WAAA,CAAY;;;;;;wBAYT"}
+{"version":3,"file":"W3cJwtVerifiableCredential.d.ts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;UAQiB,iCAAA;OACV;;cAGM,0BAAA;gBACU;;uBAGO;EARb,OAAA,iBAAA,CAAA,aAAiC,EAAA,MAAA,CAAA,EAcK,0BAb7C;EAGG;;;;;;;;MAsDM,UAAA,CAAA,CAAA,EA5BQ,aA4BR;MAYW,aAAA,CAAA,CAAA,EAAA,MAAA;MAAA,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GAxCU,UAwCV,CAAA,EAAA;MAID,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAAA,IAAA,CAAA,CAAA,EAAA,MAAA,EAAA;MAIA,MAAA,CAAA,CAAA,EAAA,MAAA,GAhCT,SAgCS;MAuBD,YAAY,CAAA,CAAA,EAAA,MAAA;MAYT,cAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;EAAiB,IAAA,iBAAA,CAAA,CAAA,EA3ClB,aA2CkB,CAvD7B,oBAAA,CAuD6B;0BAvCnB,cAJC,mBAAA;0BAID,mBAAA;;;;4BAIA;;;;qBAuBD,WAAA,CAAY;;;;;;wBAYT"}

package/build/modules/vc/jwt-vc/W3cJwtVerifiableCredential.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":["import type { W3cCredential } from '../models/credential/W3cCredential'\nimport type { W3cJsonCredential } from '../models/credential/W3cJsonCredential'\n\nimport { Jwt } from '../../../crypto/jose/jwt/Jwt'\nimport { JsonTransformer } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\n\nimport { getCredentialFromJwtPayload } from './credentialTransformer'\n\nexport interface W3cJwtVerifiableCredentialOptions {\n  jwt: Jwt\n}\n\nexport class W3cJwtVerifiableCredential {\n  public readonly jwt: Jwt\n  private _credential: W3cCredential\n\n  public constructor(options: W3cJwtVerifiableCredentialOptions) {\n    this.jwt = options.jwt\n\n    this._credential = getCredentialFromJwtPayload(this.jwt.payload)\n  }\n\n  public static fromSerializedJwt(serializedJwt: string) {\n    const jwt = Jwt.fromSerializedJwt(serializedJwt)\n\n    return new W3cJwtVerifiableCredential({\n      jwt,\n    })\n  }\n\n  /**\n   * Get the W3cCredential from the JWT payload. This does not include the JWT wrapper,\n   * and thus is not suitable for sharing. If you need a JWT, use the `serializedJwt` property.\n   *\n   * All properties and getters from the `W3cCredential` interface are implemented as getters\n   * on the `W3cJwtVerifiableCredential` class itself, so you can also use this directly\n   * instead of accessing the inner `credential` property.\n   */\n  public get credential(): W3cCredential {\n    return this._credential\n  }\n\n  public get serializedJwt(): string {\n    return this.jwt.serializedJwt\n  }\n\n  //\n  // Below all properties from the `W3cCredential` interface are implemented as getters\n  // this is to make the interface compatible with the W3cJsonLdVerifiableCredential interface\n  // which makes using the different classes interchangeably from a user point of view.\n  // This is 'easier' than extending the W3cCredential class as it means we have to create the\n  // instance based on JSON, but also add custom properties.\n  //\n\n  public get context() {\n    return this.credential.context\n  }\n\n  public get id() {\n    return this.credential.id\n  }\n\n  public get type() {\n    return this.credential.type\n  }\n\n  public get issuer() {\n    return this.credential.issuer\n  }\n\n  public get issuanceDate() {\n    return this.credential.issuanceDate\n  }\n\n  public get expirationDate() {\n    return this.credential.expirationDate\n  }\n\n  public get credentialSubject() {\n    return this.credential.credentialSubject\n  }\n\n  public get credentialSchema() {\n    return this.credential.credentialSchema\n  }\n\n  public get credentialStatus() {\n    return this.credential.credentialStatus\n  }\n\n  public get issuerId() {\n    return this.credential.issuerId\n  }\n\n  public get credentialSchemaIds() {\n    return this.credential.credentialSchemaIds\n  }\n\n  public get credentialSubjectIds() {\n    return this.credential.credentialSubjectIds\n  }\n\n  public get contexts() {\n    return this.credential.contexts\n  }\n\n  /**\n   * The {@link ClaimFormat} of the credential. For JWT credentials this is always `jwt_vc`.\n   */\n  public get claimFormat(): ClaimFormat.JwtVc {\n    return ClaimFormat.JwtVc\n  }\n\n  /**\n   * Get the encoded variant of the W3C Verifiable Credential. For JWT credentials this is\n   * a JWT string.\n   */\n  public get encoded() {\n    return this.serializedJwt\n  }\n\n  public get jsonCredential(): W3cJsonCredential {\n    return JsonTransformer.toJSON(this.credential) as W3cJsonCredential\n  }\n}\n"],"mappings":";;;;;;;;;AAaA,IAAa,6BAAb,MAAa,2BAA2B;CAItC,AAAO,YAAY,SAA4C;AAC7D,OAAK,MAAM,QAAQ;AAEnB,OAAK,cAAc,4BAA4B,KAAK,IAAI,QAAQ;;CAGlE,OAAc,kBAAkB,eAAuB;AAGrD,SAAO,IAAI,2BAA2B,EACpC,KAHU,IAAI,kBAAkB,cAAc,EAI/C,CAAC;;;;;;;;;;CAWJ,IAAW,aAA4B;AACrC,SAAO,KAAK;;CAGd,IAAW,gBAAwB;AACjC,SAAO,KAAK,IAAI;;CAWlB,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;CAGzB,IAAW,KAAK;AACd,SAAO,KAAK,WAAW;;CAGzB,IAAW,OAAO;AAChB,SAAO,KAAK,WAAW;;CAGzB,IAAW,SAAS;AAClB,SAAO,KAAK,WAAW;;CAGzB,IAAW,eAAe;AACxB,SAAO,KAAK,WAAW;;CAGzB,IAAW,iBAAiB;AAC1B,SAAO,KAAK,WAAW;;CAGzB,IAAW,oBAAoB;AAC7B,SAAO,KAAK,WAAW;;CAGzB,IAAW,mBAAmB;AAC5B,SAAO,KAAK,WAAW;;CAGzB,IAAW,mBAAmB;AAC5B,SAAO,KAAK,WAAW;;CAGzB,IAAW,WAAW;AACpB,SAAO,KAAK,WAAW;;CAGzB,IAAW,sBAAsB;AAC/B,SAAO,KAAK,WAAW;;CAGzB,IAAW,uBAAuB;AAChC,SAAO,KAAK,WAAW;;CAGzB,IAAW,WAAW;AACpB,SAAO,KAAK,WAAW;;;;;CAMzB,IAAW,cAAiC;AAC1C,SAAO,YAAY;;;;;;CAOrB,IAAW,UAAU;AACnB,SAAO,KAAK;;CAGd,IAAW,iBAAoC;AAC7C,SAAO,gBAAgB,OAAO,KAAK,WAAW"}
+{"version":3,"file":"W3cJwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiableCredential.ts"],"sourcesContent":["import { Jwt } from '../../../crypto/jose/jwt/Jwt'\nimport { JsonTransformer } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\nimport type { W3cCredential } from '../models/credential/W3cCredential'\nimport type { W3cJsonCredential } from '../models/credential/W3cJsonCredential'\n\nimport { getCredentialFromJwtPayload } from './credentialTransformer'\n\nexport interface W3cJwtVerifiableCredentialOptions {\n  jwt: Jwt\n}\n\nexport class W3cJwtVerifiableCredential {\n  public readonly jwt: Jwt\n  private _credential: W3cCredential\n\n  public constructor(options: W3cJwtVerifiableCredentialOptions) {\n    this.jwt = options.jwt\n\n    this._credential = getCredentialFromJwtPayload(this.jwt.payload)\n  }\n\n  public static fromSerializedJwt(serializedJwt: string) {\n    const jwt = Jwt.fromSerializedJwt(serializedJwt)\n\n    return new W3cJwtVerifiableCredential({\n      jwt,\n    })\n  }\n\n  /**\n   * Get the W3cCredential from the JWT payload. This does not include the JWT wrapper,\n   * and thus is not suitable for sharing. If you need a JWT, use the `serializedJwt` property.\n   *\n   * All properties and getters from the `W3cCredential` interface are implemented as getters\n   * on the `W3cJwtVerifiableCredential` class itself, so you can also use this directly\n   * instead of accessing the inner `credential` property.\n   */\n  public get credential(): W3cCredential {\n    return this._credential\n  }\n\n  public get serializedJwt(): string {\n    return this.jwt.serializedJwt\n  }\n\n  //\n  // Below all properties from the `W3cCredential` interface are implemented as getters\n  // this is to make the interface compatible with the W3cJsonLdVerifiableCredential interface\n  // which makes using the different classes interchangeably from a user point of view.\n  // This is 'easier' than extending the W3cCredential class as it means we have to create the\n  // instance based on JSON, but also add custom properties.\n  //\n\n  public get context() {\n    return this.credential.context\n  }\n\n  public get id() {\n    return this.credential.id\n  }\n\n  public get type() {\n    return this.credential.type\n  }\n\n  public get issuer() {\n    return this.credential.issuer\n  }\n\n  public get issuanceDate() {\n    return this.credential.issuanceDate\n  }\n\n  public get expirationDate() {\n    return this.credential.expirationDate\n  }\n\n  public get credentialSubject() {\n    return this.credential.credentialSubject\n  }\n\n  public get credentialSchema() {\n    return this.credential.credentialSchema\n  }\n\n  public get credentialStatus() {\n    return this.credential.credentialStatus\n  }\n\n  public get issuerId() {\n    return this.credential.issuerId\n  }\n\n  public get credentialSchemaIds() {\n    return this.credential.credentialSchemaIds\n  }\n\n  public get credentialSubjectIds() {\n    return this.credential.credentialSubjectIds\n  }\n\n  public get contexts() {\n    return this.credential.contexts\n  }\n\n  /**\n   * The {@link ClaimFormat} of the credential. For JWT credentials this is always `jwt_vc`.\n   */\n  public get claimFormat(): ClaimFormat.JwtVc {\n    return ClaimFormat.JwtVc\n  }\n\n  /**\n   * Get the encoded variant of the W3C Verifiable Credential. For JWT credentials this is\n   * a JWT string.\n   */\n  public get encoded() {\n    return this.serializedJwt\n  }\n\n  public get jsonCredential(): W3cJsonCredential {\n    return JsonTransformer.toJSON(this.credential) as W3cJsonCredential\n  }\n}\n"],"mappings":";;;;;;;;;AAYA,IAAa,6BAAb,MAAa,2BAA2B;CAItC,AAAO,YAAY,SAA4C;AAC7D,OAAK,MAAM,QAAQ;AAEnB,OAAK,cAAc,4BAA4B,KAAK,IAAI,QAAQ;;CAGlE,OAAc,kBAAkB,eAAuB;AAGrD,SAAO,IAAI,2BAA2B,EACpC,KAHU,IAAI,kBAAkB,cAAc,EAI/C,CAAC;;;;;;;;;;CAWJ,IAAW,aAA4B;AACrC,SAAO,KAAK;;CAGd,IAAW,gBAAwB;AACjC,SAAO,KAAK,IAAI;;CAWlB,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;CAGzB,IAAW,KAAK;AACd,SAAO,KAAK,WAAW;;CAGzB,IAAW,OAAO;AAChB,SAAO,KAAK,WAAW;;CAGzB,IAAW,SAAS;AAClB,SAAO,KAAK,WAAW;;CAGzB,IAAW,eAAe;AACxB,SAAO,KAAK,WAAW;;CAGzB,IAAW,iBAAiB;AAC1B,SAAO,KAAK,WAAW;;CAGzB,IAAW,oBAAoB;AAC7B,SAAO,KAAK,WAAW;;CAGzB,IAAW,mBAAmB;AAC5B,SAAO,KAAK,WAAW;;CAGzB,IAAW,mBAAmB;AAC5B,SAAO,KAAK,WAAW;;CAGzB,IAAW,WAAW;AACpB,SAAO,KAAK,WAAW;;CAGzB,IAAW,sBAAsB;AAC/B,SAAO,KAAK,WAAW;;CAGzB,IAAW,uBAAuB;AAChC,SAAO,KAAK,WAAW;;CAGzB,IAAW,WAAW;AACpB,SAAO,KAAK,WAAW;;;;;CAMzB,IAAW,cAAiC;AAC1C,SAAO,YAAY;;;;;;CAOrB,IAAW,UAAU;AACnB,SAAO,KAAK;;CAGd,IAAW,iBAAoC;AAC7C,SAAO,gBAAgB,OAAO,KAAK,WAAW"}

package/build/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.d.mts

@@ -1,10 +1,10 @@
+import { JsonObject, SingleOrArray } from "../../../types.mjs";
 import { ClaimFormat } from "../models/ClaimFormat.mjs";
 import { W3cJsonLdVerifiableCredential } from "../data-integrity/models/W3cJsonLdVerifiableCredential.mjs";
 import { Jwt } from "../../../crypto/jose/jwt/Jwt.mjs";
 import { W3cJwtVerifiableCredential } from "./W3cJwtVerifiableCredential.mjs";
 import { W3cHolder } from "../models/presentation/W3cHolder.mjs";
 import { W3cPresentation } from "../models/presentation/W3cPresentation.mjs";
-import { JsonObject, SingleOrArray } from "../../../types.mjs";
 
 //#region src/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.d.ts
 interface W3cJwtVerifiablePresentationOptions {

package/build/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"W3cJwtVerifiablePresentation.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.ts"],"sourcesContent":[],"mappings":";;;;;;;;;UAQiB,mCAAA;OACV;;cAGM,4BAAA;gBACU;;uBAGO;mDAMyB;EAdtC;AAIjB;;;;;;;MA8CoB,YAAA,CAAA,CAAA,EAhBS,eAgBT;MAYD,aAAA,CAAA,CAAA,EAAA,MAAA;MAIc,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GAhCW,UAgCX,CAAA,EAAA;MAAA,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAWL,IAAA,CAAA,CAAA,EAAA,MAAY,EAAA;EAAK,IAAA,MAAA,CAAA,CAAA,EAAA,MAAA,GA3BzB,SAAA,GA2ByB,SAAA;8BAXZ,cAJd,0BAAA,GAIc;;;;;qBAWL,WAAA,CAAY"}
+{"version":3,"file":"W3cJwtVerifiablePresentation.d.mts","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.ts"],"sourcesContent":[],"mappings":";;;;;;;;;UAOiB,mCAAA;OACV;;cAGM,4BAAA;gBACU;;uBAGO;mDAMyB;EAdtC;AAIjB;;;;;;;MA8CoB,YAAA,CAAA,CAAA,EAhBS,eAgBT;MAYD,aAAA,CAAA,CAAA,EAAA,MAAA;MAIc,OAAA,CAAA,CAAA,EAAA,CAAA,MAAA,GAhCW,UAgCX,CAAA,EAAA;MAAA,EAAA,CAAA,CAAA,EAAA,MAAA,GAAA,SAAA;MAWL,IAAA,CAAA,CAAA,EAAA,MAAY,EAAA;EAAK,IAAA,MAAA,CAAA,CAAA,EAAA,MAAA,GA3BzB,SAAA,GA2ByB,SAAA;8BAXZ,cAJd,0BAAA,GAIc;;;;;qBAWL,WAAA,CAAY"}

package/build/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.d.ts

@@ -1,10 +1,10 @@
+import { JsonObject, SingleOrArray } from "../../../types.js";
 import { ClaimFormat } from "../models/ClaimFormat.js";
 import { W3cJsonLdVerifiableCredential } from "../data-integrity/models/W3cJsonLdVerifiableCredential.js";
 import { Jwt } from "../../../crypto/jose/jwt/Jwt.js";
 import { W3cJwtVerifiableCredential } from "./W3cJwtVerifiableCredential.js";
 import { W3cHolder } from "../models/presentation/W3cHolder.js";
 import { W3cPresentation } from "../models/presentation/W3cPresentation.js";
-import { JsonObject, SingleOrArray } from "../../../types.js";
 
 //#region src/modules/vc/jwt-vc/W3cJwtVerifiablePresentation.d.ts
 interface W3cJwtVerifiablePresentationOptions {