npm - @credo-ts/core - Versions diffs - 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534 - Mend

@credo-ts/core 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (985) hide show

package/build/modules/vc/models/presentation/W3cV2Presentation.mjs CHANGED Viewed

@@ -2,8 +2,8 @@
 import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
-import { JsonTransformer } from "../../../../utils/JsonTransformer.mjs";
 import { mapSingleOrArray } from "../../../../utils/array.mjs";
+import { JsonTransformer } from "../../../../utils/JsonTransformer.mjs";
 import { IsInstanceOrArrayOfInstances, IsNever, IsUri } from "../../../../utils/validators.mjs";
 import "../../../../utils/index.mjs";
 import { CREDENTIALS_CONTEXT_V2_URL, VERIFIABLE_PRESENTATION_TYPE } from "../../constants.mjs";

package/build/modules/vc/models/presentation/W3cV2VerifiablePresentation.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { ClaimFormat } from "../ClaimFormat.mjs";
-import { W3cV2JwtVerifiablePresentation } from "../../jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 import { W3cV2SdJwtVerifiablePresentation } from "../../sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.mjs";
+import { W3cV2JwtVerifiablePresentation } from "../../jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 //#region src/modules/vc/models/presentation/W3cV2VerifiablePresentation.d.ts

package/build/modules/vc/models/presentation/W3cV2VerifiablePresentation.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { ClaimFormat } from "../ClaimFormat.js";
-import { W3cV2JwtVerifiablePresentation } from "../../jwt-vc/W3cV2JwtVerifiablePresentation.js";
 import { W3cV2SdJwtVerifiablePresentation } from "../../sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.js";
+import { W3cV2JwtVerifiablePresentation } from "../../jwt-vc/W3cV2JwtVerifiablePresentation.js";
 //#region src/modules/vc/models/presentation/W3cV2VerifiablePresentation.d.ts

package/build/modules/vc/repository/W3cCredentialRecord.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cCredentialRecord.d.mts","names":[],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":[],"mappings":";;;;~~UAOiB~~,0BAAA;;cAEH;cACA;EAHG,IAAA,EAIT,uBAJmC;;AAE7B,KAKF,uBAAA,GALE;;;;EAKF,aAAA,CAAA,EAIM,KAJN,CAAA,MAAuB,CAAA;AAOnC,CAAA;AAAoC,KAAxB,wBAAA,GAAwB;UAEtB,EAAA,MAAA;YACD,EADC,KACD,CAAA,MAAA,CAAA;WACD,EADC,KACD,CAAA,MAAA,CAAA;UAIG,EAJH,KAIG,CAAA,MAAA,CAAA;SAEA,CAAA,EAAA,MAAA;aACE,EAHF,uBAGE,CAAA,aAAA,CAAA;YACR,CAAA,EAFM,KAEN,CAAA,MAAA,CAAA;cACA,CAAA,EAFQ,KAER,CAAA,MAAA,CAAA;EAAK,KAAA,EADL,KACK,CAAA,MAAA,CAAA;EAGD,IAAA,CAAA,EAHJ,KAGI,CAAA,MAAA,CAAA;CAAoB;AAAmB,cAAvC,mBAAA,SAA4B,UAAW,CAAA,wBAAA,EAA0B,uBAA1B,CAAA,CAAA;kBAA0B,IAAA,GAAA,qBAAA;WAKxD,IAAA,GAAA,qBAAA;YAEM,EAFN,uBAEM;aAUH,CAAA,KAAA,EAVG,0BAUH;SAA0B,CAAA,CAAA,EAA/B,IAA+B,CAA1B,wBAA0B,EAAA,uBAAA,CAAA;;;;;;;;;;;;0BA4C/B"}
1	+ {"version":3,"file":"W3cCredentialRecord.d.mts","names":[],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,0BAAA;;cAEH;cACA;EAHG,IAAA,EAIT,uBAJmC;;AAE7B,KAKF,uBAAA,GALE;;;;EAKF,aAAA,CAAA,EAIM,KAJN,CAAA,MAAuB,CAAA;AAOnC,CAAA;AAAoC,KAAxB,wBAAA,GAAwB;UAEtB,EAAA,MAAA;YACD,EADC,KACD,CAAA,MAAA,CAAA;WACD,EADC,KACD,CAAA,MAAA,CAAA;UAIG,EAJH,KAIG,CAAA,MAAA,CAAA;SAEA,CAAA,EAAA,MAAA;aACE,EAHF,uBAGE,CAAA,aAAA,CAAA;YACR,CAAA,EAFM,KAEN,CAAA,MAAA,CAAA;cACA,CAAA,EAFQ,KAER,CAAA,MAAA,CAAA;EAAK,KAAA,EADL,KACK,CAAA,MAAA,CAAA;EAGD,IAAA,CAAA,EAHJ,KAGI,CAAA,MAAA,CAAA;CAAoB;AAAmB,cAAvC,mBAAA,SAA4B,UAAW,CAAA,wBAAA,EAA0B,uBAA1B,CAAA,CAAA;kBAA0B,IAAA,GAAA,qBAAA;WAKxD,IAAA,GAAA,qBAAA;YAEM,EAFN,uBAEM;aAUH,CAAA,KAAA,EAVG,0BAUH;SAA0B,CAAA,CAAA,EAA/B,IAA+B,CAA1B,wBAA0B,EAAA,uBAAA,CAAA;;;;;;;;;;;;0BA4C/B"}

package/build/modules/vc/repository/W3cCredentialRecord.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cCredentialRecord.d.ts","names":[],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":[],"mappings":";;;;~~UAOiB~~,0BAAA;;EAAA,SAAA,CAAA,EAEH,IAFG;EAA0B,UAAA,EAG7B,uBAH6B;MAE7B,EAEN,uBAFM;;AAEN,KAGI,uBAAA,GAHJ;EAAuB;AAG/B;AAOA;EAAoC,aAAA,CAAA,EAHlB,KAGkB,CAAA,MAAA,CAAA;;AAGvB,KAHD,wBAAA,GAGC;UACD,EAAA,MAAA;YAIG,EAND,KAMC,CAAA,MAAA,CAAA;WAEA,EAPF,KAOE,CAAA,MAAA,CAAA;UACE,EAPL,KAOK,CAAA,MAAA,CAAA;SACR,CAAA,EAAA,MAAA;aACA,EALM,uBAKN,CAAA,aAAA,CAAA;EAAK,UAAA,CAAA,EAHC,KAGD,CAAA,MAAA,CAAA;EAGD,YAAA,CAAA,EALI,KAKJ,CAAA,MAAoB,CAAA;EAAA,KAAA,EAJxB,KAIwB,CAAA,MAAA,CAAA;MAAmB,CAAA,EAH3C,KAG2C,CAAA,MAAA,CAAA;;AAK9B,cALT,mBAAA,SAA4B,UAKnB,CAL8B,wBAK9B,EALwD,uBAKxD,CAAA,CAAA;kBAEM,IAAA,GAAA,qBAAA;WAUH,IAAA,GAAA,qBAAA;YAA0B,EAZ7B,uBAY6B;aAA/B,CAAA,KAAA,EAVQ,0BAUR;SA4CA,CAAA,CAAA,EA5CA,IA4CA,CA5CK,wBA4CL,EA5C+B,uBA4C/B,CAAA;;;;;;;;;;;;0BAAA"}
1	+ {"version":3,"file":"W3cCredentialRecord.d.ts","names":[],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,0BAAA;;EAAA,SAAA,CAAA,EAEH,IAFG;EAA0B,UAAA,EAG7B,uBAH6B;MAE7B,EAEN,uBAFM;;AAEN,KAGI,uBAAA,GAHJ;EAAuB;AAG/B;AAOA;EAAoC,aAAA,CAAA,EAHlB,KAGkB,CAAA,MAAA,CAAA;;AAGvB,KAHD,wBAAA,GAGC;UACD,EAAA,MAAA;YAIG,EAND,KAMC,CAAA,MAAA,CAAA;WAEA,EAPF,KAOE,CAAA,MAAA,CAAA;UACE,EAPL,KAOK,CAAA,MAAA,CAAA;SACR,CAAA,EAAA,MAAA;aACA,EALM,uBAKN,CAAA,aAAA,CAAA;EAAK,UAAA,CAAA,EAHC,KAGD,CAAA,MAAA,CAAA;EAGD,YAAA,CAAA,EALI,KAKJ,CAAA,MAAoB,CAAA;EAAA,KAAA,EAJxB,KAIwB,CAAA,MAAA,CAAA;MAAmB,CAAA,EAH3C,KAG2C,CAAA,MAAA,CAAA;;AAK9B,cALT,mBAAA,SAA4B,UAKnB,CAL8B,wBAK9B,EALwD,uBAKxD,CAAA,CAAA;kBAEM,IAAA,GAAA,qBAAA;WAUH,IAAA,GAAA,qBAAA;YAA0B,EAZ7B,uBAY6B;aAA/B,CAAA,KAAA,EAVQ,0BAUR;SA4CA,CAAA,CAAA,EA5CA,IA4CA,CA5CK,wBA4CL,EA5C+B,uBA4C/B,CAAA;;;;;;;;;;;;0BAAA"}

package/build/modules/vc/repository/W3cCredentialRecord.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cCredentialRecord.mjs","names":["tags: Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags>"],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":["import type { ~~Constructable~~ } from '../../../~~utils~~/~~mixins~~'\n\nimport { ~~BaseRecord,~~ ~~type Tags~~ } from '../../../~~storage/BaseRecord~~'\nimport { ~~JsonTransformer~~ } from '../../../utils'\nimport { uuid } from '../../../utils/uuid'\nimport { ClaimFormat, type W3cVerifiableCredential, W3cVerifiableCredentialTransformer } from '../models'\n\nexport interface W3cCredentialRecordOptions {\n id?: string\n createdAt?: Date\n credential: W3cVerifiableCredential\n tags: CustomW3cCredentialTags\n}\n\nexport type CustomW3cCredentialTags = {\n /*\n Expanded types are used for JSON-LD credentials to allow for filtering on the expanded type.\n /\n expandedTypes?: Array<string>\n}\n\nexport type DefaultW3cCredentialTags = {\n issuerId: string\n subjectIds: Array<string>\n schemaIds: Array<string>\n contexts: Array<string>\n givenId?: string\n\n // Can be any of the values for claimFormat\n claimFormat: W3cVerifiableCredential['claimFormat']\n\n proofTypes?: Array<string>\n cryptosuites?: Array<string>\n types: Array<string>\n algs?: Array<string>\n}\n\nexport class W3cCredentialRecord extends BaseRecord<DefaultW3cCredentialTags, CustomW3cCredentialTags> {\n public static readonly type = 'W3cCredentialRecord'\n public readonly type = W3cCredentialRecord.type\n\n @W3cVerifiableCredentialTransformer()\n public credential!: W3cVerifiableCredential\n\n public constructor(props: W3cCredentialRecordOptions) {\n super()\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this._tags = props.tags\n this.credential = props.credential\n }\n }\n\n public getTags(): Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags> {\n // Contexts are usually strings, but can sometimes be objects. We're unable to use objects as tags,\n // so we filter out the objects before setting the tags.\n const stringContexts = this.credential.contexts.filter((ctx): ctx is string => typeof ctx === 'string')\n\n const tags: Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags> = {\n ...this._tags,\n issuerId: this.credential.issuerId,\n subjectIds: this.credential.credentialSubjectIds,\n schemaIds: this.credential.credentialSchemaIds,\n contexts: stringContexts,\n givenId: this.credential.id,\n claimFormat: this.credential.claimFormat,\n types: this.credential.type,\n }\n\n // Proof types is used for ldp_vc credentials\n if (this.credential.claimFormat === ClaimFormat.LdpVc) {\n tags.proofTypes = this.credential.proofTypes\n tags.cryptosuites = this.credential.dataIntegrityCryptosuites\n }\n\n // Algs is used for jwt_vc credentials\n else if (this.credential.claimFormat === ClaimFormat.JwtVc) {\n tags.algs = [this.credential.jwt.header.alg]\n }\n\n return tags\n }\n\n /\n This overwrites the default clone method for records\n * as the W3cRecord has issues with the default clone method\n * due to how W3cJwtVerifiableCredential is implemented. This is\n * a temporary way to make sure the clone still works, but ideally\n * we find an alternative.\n /\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded() {\n return this.credential.encoded\n }\n}\n"],"mappings":";;;;;;;;;;;;;~~AAqCA~~,IAAa,sBAAb,MAAa,4BAA4B,WAA8D;CAOrG,AAAO,YAAY,OAAmC;AACpD,SAAO;OANO,OAAO,oBAAoB;AAOzC,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,QAAQ,MAAM;AACnB,QAAK,aAAa,MAAM;;;CAI5B,AAAO,UAAmE;EAGxE,MAAM,iBAAiB,KAAK,WAAW,SAAS,QAAQ,QAAuB,OAAO,QAAQ,SAAS;EAEvG,MAAMA,OAAgE;GACpE,GAAG,KAAK;GACR,UAAU,KAAK,WAAW;GAC1B,YAAY,KAAK,WAAW;GAC5B,WAAW,KAAK,WAAW;GAC3B,UAAU;GACV,SAAS,KAAK,WAAW;GACzB,aAAa,KAAK,WAAW;GAC7B,OAAO,KAAK,WAAW;GACxB;AAGD,MAAI,KAAK,WAAW,gBAAgB,YAAY,OAAO;AACrD,QAAK,aAAa,KAAK,WAAW;AAClC,QAAK,eAAe,KAAK,WAAW;aAI7B,KAAK,WAAW,gBAAgB,YAAY,MACnD,MAAK,OAAO,CAAC,KAAK,WAAW,IAAI,OAAO,IAAI;AAG9C,SAAO;;;;;;;;;CAUT,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;;oBA7DF,OAAO;YAG7B,oCAAoC"}
1	+ {"version":3,"file":"W3cCredentialRecord.mjs","names":["tags: Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags>"],"sources":["../../../../src/modules/vc/repository/W3cCredentialRecord.ts"],"sourcesContent":["import { BaseRecord, type Tags } from '../../../storage/BaseRecord'\nimport { JsonTransformer } from '../../../utils'\nimport type { Constructable } from '../../../utils/mixins'\nimport { uuid } from '../../../utils/uuid'\nimport { ClaimFormat, type W3cVerifiableCredential, W3cVerifiableCredentialTransformer } from '../models'\n\nexport interface W3cCredentialRecordOptions {\n id?: string\n createdAt?: Date\n credential: W3cVerifiableCredential\n tags: CustomW3cCredentialTags\n}\n\nexport type CustomW3cCredentialTags = {\n /*\n Expanded types are used for JSON-LD credentials to allow for filtering on the expanded type.\n /\n expandedTypes?: Array<string>\n}\n\nexport type DefaultW3cCredentialTags = {\n issuerId: string\n subjectIds: Array<string>\n schemaIds: Array<string>\n contexts: Array<string>\n givenId?: string\n\n // Can be any of the values for claimFormat\n claimFormat: W3cVerifiableCredential['claimFormat']\n\n proofTypes?: Array<string>\n cryptosuites?: Array<string>\n types: Array<string>\n algs?: Array<string>\n}\n\nexport class W3cCredentialRecord extends BaseRecord<DefaultW3cCredentialTags, CustomW3cCredentialTags> {\n public static readonly type = 'W3cCredentialRecord'\n public readonly type = W3cCredentialRecord.type\n\n @W3cVerifiableCredentialTransformer()\n public credential!: W3cVerifiableCredential\n\n public constructor(props: W3cCredentialRecordOptions) {\n super()\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this._tags = props.tags\n this.credential = props.credential\n }\n }\n\n public getTags(): Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags> {\n // Contexts are usually strings, but can sometimes be objects. We're unable to use objects as tags,\n // so we filter out the objects before setting the tags.\n const stringContexts = this.credential.contexts.filter((ctx): ctx is string => typeof ctx === 'string')\n\n const tags: Tags<DefaultW3cCredentialTags, CustomW3cCredentialTags> = {\n ...this._tags,\n issuerId: this.credential.issuerId,\n subjectIds: this.credential.credentialSubjectIds,\n schemaIds: this.credential.credentialSchemaIds,\n contexts: stringContexts,\n givenId: this.credential.id,\n claimFormat: this.credential.claimFormat,\n types: this.credential.type,\n }\n\n // Proof types is used for ldp_vc credentials\n if (this.credential.claimFormat === ClaimFormat.LdpVc) {\n tags.proofTypes = this.credential.proofTypes\n tags.cryptosuites = this.credential.dataIntegrityCryptosuites\n }\n\n // Algs is used for jwt_vc credentials\n else if (this.credential.claimFormat === ClaimFormat.JwtVc) {\n tags.algs = [this.credential.jwt.header.alg]\n }\n\n return tags\n }\n\n /\n This overwrites the default clone method for records\n * as the W3cRecord has issues with the default clone method\n * due to how W3cJwtVerifiableCredential is implemented. This is\n * a temporary way to make sure the clone still works, but ideally\n * we find an alternative.\n /\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded() {\n return this.credential.encoded\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAoCA,IAAa,sBAAb,MAAa,4BAA4B,WAA8D;CAOrG,AAAO,YAAY,OAAmC;AACpD,SAAO;OANO,OAAO,oBAAoB;AAOzC,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,QAAQ,MAAM;AACnB,QAAK,aAAa,MAAM;;;CAI5B,AAAO,UAAmE;EAGxE,MAAM,iBAAiB,KAAK,WAAW,SAAS,QAAQ,QAAuB,OAAO,QAAQ,SAAS;EAEvG,MAAMA,OAAgE;GACpE,GAAG,KAAK;GACR,UAAU,KAAK,WAAW;GAC1B,YAAY,KAAK,WAAW;GAC5B,WAAW,KAAK,WAAW;GAC3B,UAAU;GACV,SAAS,KAAK,WAAW;GACzB,aAAa,KAAK,WAAW;GAC7B,OAAO,KAAK,WAAW;GACxB;AAGD,MAAI,KAAK,WAAW,gBAAgB,YAAY,OAAO;AACrD,QAAK,aAAa,KAAK,WAAW;AAClC,QAAK,eAAe,KAAK,WAAW;aAI7B,KAAK,WAAW,gBAAgB,YAAY,MACnD,MAAK,OAAO,CAAC,KAAK,WAAW,IAAI,OAAO,IAAI;AAG9C,SAAO;;;;;;;;;CAUT,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;;oBA7DF,OAAO;YAG7B,oCAAoC"}

package/build/modules/vc/repository/W3cV2CredentialRecord.js CHANGED Viewed

@@ -2,8 +2,8 @@
 const require_decorateMetadata = require('../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.js');
 const require_decorate = require('../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
-const require_JsonTransformer = require('../../../utils/JsonTransformer.js');
 const require_array = require('../../../utils/array.js');
+const require_JsonTransformer = require('../../../utils/JsonTransformer.js');
 require('../../../utils/index.js');
 const require_BaseRecord = require('../../../storage/BaseRecord.js');
 const require_uuid = require('../../../utils/uuid.js');

package/build/modules/vc/repository/W3cV2CredentialRecord.mjs CHANGED Viewed

@@ -2,8 +2,8 @@
 import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
-import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
 import { asArray } from "../../../utils/array.mjs";
+import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
 import "../../../utils/index.mjs";
 import { BaseRecord } from "../../../storage/BaseRecord.mjs";
 import { uuid } from "../../../utils/uuid.mjs";

package/build/modules/vc/repository/W3cV2CredentialRecord.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2CredentialRecord.mjs","names":["tags: Tags<DefaultW3cV2CredentialTags, TagsBase>"],"sources":["../../../../src/modules/vc/repository/W3cV2CredentialRecord.ts"],"sourcesContent":["import { BaseRecord, type Tags, type TagsBase } from '../../../storage/BaseRecord'\nimport { ~~JsonTransformer~~, ~~asArray~~ } from '../../../utils'\nimport type { Constructable } from '../../../utils/mixins'\nimport { uuid } from '../../../utils/uuid'\nimport { ClaimFormat, W3cV2EnvelopedVerifiableCredential, type W3cV2VerifiableCredential } from '../models'\nimport { W3cV2VerifiableCredentialTransformer } from '../models/credential/W3cV2VerifiableCredential'\n\nexport interface W3cV2CredentialRecordOptions {\n id?: string\n createdAt?: Date\n credential: W3cV2VerifiableCredential\n}\n\nexport type DefaultW3cV2CredentialTags = {\n issuerId: string\n subjectIds: Array<string>\n schemaIds: Array<string>\n contexts: Array<string>\n givenId?: string\n claimFormat: W3cV2VerifiableCredential['claimFormat']\n\n types: Array<string>\n algs?: Array<string>\n}\n\nexport class W3cV2CredentialRecord extends BaseRecord<DefaultW3cV2CredentialTags> {\n public static readonly type = 'W3cV2CredentialRecord'\n public readonly type = W3cV2CredentialRecord.type\n\n @W3cV2VerifiableCredentialTransformer()\n public credential!: W3cV2VerifiableCredential\n\n public constructor(props: W3cV2CredentialRecordOptions) {\n super()\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this.credential = props.credential\n }\n }\n\n public getTags(): Tags<DefaultW3cV2CredentialTags, TagsBase> {\n const resolvedCredential = this.credential.resolvedCredential\n\n // Contexts are usually strings, but can sometimes be objects. We're unable to use objects as tags,\n // so we filter out the objects before setting the tags.\n const stringContexts = resolvedCredential.contexts.filter((ctx): ctx is string => typeof ctx === 'string')\n\n const tags: Tags<DefaultW3cV2CredentialTags, TagsBase> = {\n ...this._tags,\n issuerId: resolvedCredential.issuerId,\n subjectIds: resolvedCredential.credentialSubjectIds,\n schemaIds: resolvedCredential.credentialSchemaIds,\n contexts: stringContexts,\n givenId: resolvedCredential.id,\n claimFormat: this.credential.claimFormat,\n types: asArray(resolvedCredential.type),\n }\n\n if (this.credential instanceof W3cV2EnvelopedVerifiableCredential) {\n const enveloped = this.credential.envelopedCredential\n if (enveloped.claimFormat === ClaimFormat.JwtW3cVc) {\n tags.algs = [enveloped.jwt.header.alg]\n } else if (enveloped.claimFormat === ClaimFormat.SdJwtW3cVc) {\n tags.algs = [enveloped.sdJwt.header.alg]\n }\n }\n\n return tags\n }\n\n /*\n This overwrites the default `clone` method for records, as the W3cV3CredentialRecord\n * has issues with the default clone method due to the way the JWT and SD-JWT\n * records are implemented. This is a temporary way to make sure the clone still works, but ideally\n * we find an alternative.\n /\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded() {\n return this.credential.encoded\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAyBA,IAAa,wBAAb,MAAa,8BAA8B,WAAuC;CAOhF,AAAO,YAAY,OAAqC;AACtD,SAAO;OANO,OAAO,sBAAsB;AAO3C,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,aAAa,MAAM;;;CAI5B,AAAO,UAAsD;EAC3D,MAAM,qBAAqB,KAAK,WAAW;EAI3C,MAAM,iBAAiB,mBAAmB,SAAS,QAAQ,QAAuB,OAAO,QAAQ,SAAS;EAE1G,MAAMA,OAAmD;GACvD,GAAG,KAAK;GACR,UAAU,mBAAmB;GAC7B,YAAY,mBAAmB;GAC/B,WAAW,mBAAmB;GAC9B,UAAU;GACV,SAAS,mBAAmB;GAC5B,aAAa,KAAK,WAAW;GAC7B,OAAO,QAAQ,mBAAmB,KAAK;GACxC;AAED,MAAI,KAAK,sBAAsB,oCAAoC;GACjE,MAAM,YAAY,KAAK,WAAW;AAClC,OAAI,UAAU,gBAAgB,YAAY,SACxC,MAAK,OAAO,CAAC,UAAU,IAAI,OAAO,IAAI;YAC7B,UAAU,gBAAgB,YAAY,WAC/C,MAAK,OAAO,CAAC,UAAU,MAAM,OAAO,IAAI;;AAI5C,SAAO;;;;;;;;CAST,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;;sBA3DF,OAAO;YAG7B,sCAAsC"}
1	+ {"version":3,"file":"W3cV2CredentialRecord.mjs","names":["tags: Tags<DefaultW3cV2CredentialTags, TagsBase>"],"sources":["../../../../src/modules/vc/repository/W3cV2CredentialRecord.ts"],"sourcesContent":["import { BaseRecord, type Tags, type TagsBase } from '../../../storage/BaseRecord'\nimport { asArray, JsonTransformer } from '../../../utils'\nimport type { Constructable } from '../../../utils/mixins'\nimport { uuid } from '../../../utils/uuid'\nimport { ClaimFormat, W3cV2EnvelopedVerifiableCredential, type W3cV2VerifiableCredential } from '../models'\nimport { W3cV2VerifiableCredentialTransformer } from '../models/credential/W3cV2VerifiableCredential'\n\nexport interface W3cV2CredentialRecordOptions {\n id?: string\n createdAt?: Date\n credential: W3cV2VerifiableCredential\n}\n\nexport type DefaultW3cV2CredentialTags = {\n issuerId: string\n subjectIds: Array<string>\n schemaIds: Array<string>\n contexts: Array<string>\n givenId?: string\n claimFormat: W3cV2VerifiableCredential['claimFormat']\n\n types: Array<string>\n algs?: Array<string>\n}\n\nexport class W3cV2CredentialRecord extends BaseRecord<DefaultW3cV2CredentialTags> {\n public static readonly type = 'W3cV2CredentialRecord'\n public readonly type = W3cV2CredentialRecord.type\n\n @W3cV2VerifiableCredentialTransformer()\n public credential!: W3cV2VerifiableCredential\n\n public constructor(props: W3cV2CredentialRecordOptions) {\n super()\n if (props) {\n this.id = props.id ?? uuid()\n this.createdAt = props.createdAt ?? new Date()\n this.credential = props.credential\n }\n }\n\n public getTags(): Tags<DefaultW3cV2CredentialTags, TagsBase> {\n const resolvedCredential = this.credential.resolvedCredential\n\n // Contexts are usually strings, but can sometimes be objects. We're unable to use objects as tags,\n // so we filter out the objects before setting the tags.\n const stringContexts = resolvedCredential.contexts.filter((ctx): ctx is string => typeof ctx === 'string')\n\n const tags: Tags<DefaultW3cV2CredentialTags, TagsBase> = {\n ...this._tags,\n issuerId: resolvedCredential.issuerId,\n subjectIds: resolvedCredential.credentialSubjectIds,\n schemaIds: resolvedCredential.credentialSchemaIds,\n contexts: stringContexts,\n givenId: resolvedCredential.id,\n claimFormat: this.credential.claimFormat,\n types: asArray(resolvedCredential.type),\n }\n\n if (this.credential instanceof W3cV2EnvelopedVerifiableCredential) {\n const enveloped = this.credential.envelopedCredential\n if (enveloped.claimFormat === ClaimFormat.JwtW3cVc) {\n tags.algs = [enveloped.jwt.header.alg]\n } else if (enveloped.claimFormat === ClaimFormat.SdJwtW3cVc) {\n tags.algs = [enveloped.sdJwt.header.alg]\n }\n }\n\n return tags\n }\n\n /*\n This overwrites the default `clone` method for records, as the W3cV3CredentialRecord\n * has issues with the default clone method due to the way the JWT and SD-JWT\n * records are implemented. This is a temporary way to make sure the clone still works, but ideally\n * we find an alternative.\n /\n public clone(): this {\n return JsonTransformer.fromJSON(JsonTransformer.toJSON(this), this.constructor as Constructable<this>)\n }\n\n /\n encoded is convenience method added to all credential records\n */\n public get encoded() {\n return this.credential.encoded\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAyBA,IAAa,wBAAb,MAAa,8BAA8B,WAAuC;CAOhF,AAAO,YAAY,OAAqC;AACtD,SAAO;OANO,OAAO,sBAAsB;AAO3C,MAAI,OAAO;AACT,QAAK,KAAK,MAAM,MAAM,MAAM;AAC5B,QAAK,YAAY,MAAM,6BAAa,IAAI,MAAM;AAC9C,QAAK,aAAa,MAAM;;;CAI5B,AAAO,UAAsD;EAC3D,MAAM,qBAAqB,KAAK,WAAW;EAI3C,MAAM,iBAAiB,mBAAmB,SAAS,QAAQ,QAAuB,OAAO,QAAQ,SAAS;EAE1G,MAAMA,OAAmD;GACvD,GAAG,KAAK;GACR,UAAU,mBAAmB;GAC7B,YAAY,mBAAmB;GAC/B,WAAW,mBAAmB;GAC9B,UAAU;GACV,SAAS,mBAAmB;GAC5B,aAAa,KAAK,WAAW;GAC7B,OAAO,QAAQ,mBAAmB,KAAK;GACxC;AAED,MAAI,KAAK,sBAAsB,oCAAoC;GACjE,MAAM,YAAY,KAAK,WAAW;AAClC,OAAI,UAAU,gBAAgB,YAAY,SACxC,MAAK,OAAO,CAAC,UAAU,IAAI,OAAO,IAAI;YAC7B,UAAU,gBAAgB,YAAY,WAC/C,MAAK,OAAO,CAAC,UAAU,MAAM,OAAO,IAAI;;AAI5C,SAAO;;;;;;;;CAST,AAAO,QAAc;AACnB,SAAO,gBAAgB,SAAS,gBAAgB,OAAO,KAAK,EAAE,KAAK,YAAmC;;;;;CAMxG,IAAW,UAAU;AACnB,SAAO,KAAK,WAAW;;;sBA3DF,OAAO;YAG7B,sCAAsC"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { ClaimFormat } from "../models/ClaimFormat.mjs";
 import { SingleOrArray } from "../../../types.mjs";
+import { ClaimFormat } from "../models/ClaimFormat.mjs";
 //#region src/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.ts
 interface W3cV2SdJwtHeader {
@@ -24,7 +24,7 @@ interface W3cV2SdJwt<T extends ClaimFormat.SdJwtW3cVc | ClaimFormat.SdJwtW3cVp>
     payload: Record<string, unknown>;
   };
 }
-declare function sdJwtVcHasher(data: string | ArrayBufferLike, alg: string): Uint8Array<ArrayBufferLike>;
+declare function sdJwtVcHasher(data: string | ArrayBufferLike, alg: string): Uint8Array<ArrayBuffer>;
 declare function decodeSdJwt<T extends ClaimFormat.SdJwtW3cVc | ClaimFormat.SdJwtW3cVp>(compact: string, claimFormat: T): W3cV2SdJwt<T>;
 //#endregion
 export { W3cV2SdJwt, W3cV2SdJwtHeader, W3cV2SdJwtPayload, decodeSdJwt, sdJwtVcHasher };

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwt.d.mts","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,gBAAA;;;;AAAjB;AAMiB,UAAA,iBAAA,CAAiB;EAOjB,IAAA,EANT,aAMmB,CAAA,MAAA,CAAA;EAAA,GAAA,CAAA,EAAA,MAAA;KAAW,CAAA,EAAA,MAAA;WAAyB,EAAA,MAAY,CAAA,EAAA,OAAA;;AAGjE,UAHO,UAGP,CAAA,UAH4B,WAAA,CAAY,UAGxC,GAHqD,WAAA,CAAY,UAGjE,CAAA,CAAA;aACC,EAHI,CAGJ;SACK,EAAA,MAAA;QAEJ,EAJF,gBAIE;SACC,EAJF,iBAIE;EAAM,YAAA,EAHH,iBAGG;EAIH,KAAA,CAAA,EAAA;IAAa,MAAA,EALjB,MAKiB,CAAA,MAAA,EAAA,OAAA,CAAA;IAAgB,OAAA,EAJhC,MAIgC,CAAA,MAAA,EAAA,OAAA,CAAA;;;AAA4B,iBAAzD,aAAA,CAAyD,IAAA,EAAA,MAAA,GAA5B,eAA4B,EAAA,GAAA,EAAA,MAAA,CAAA,EAAA,UAAA,CAAA,~~eAAA~~,CAAA;AAIzD,iBAAA,WAAW,CAAA,UAAW,WAAA,CAAY,UAAvB,GAAoC,WAAA,CAAY,UAAhD,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,WAAA,EAEZ,CAFY,CAAA,EAGxB,UAHwB,CAGb,CAHa,CAAA"}
1	+ {"version":3,"file":"W3cV2SdJwt.d.mts","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,gBAAA;;;;AAAjB;AAMiB,UAAA,iBAAA,CAAiB;EAOjB,IAAA,EANT,aAMmB,CAAA,MAAA,CAAA;EAAA,GAAA,CAAA,EAAA,MAAA;KAAW,CAAA,EAAA,MAAA;WAAyB,EAAA,MAAY,CAAA,EAAA,OAAA;;AAGjE,UAHO,UAGP,CAAA,UAH4B,WAAA,CAAY,UAGxC,GAHqD,WAAA,CAAY,UAGjE,CAAA,CAAA;aACC,EAHI,CAGJ;SACK,EAAA,MAAA;QAEJ,EAJF,gBAIE;SACC,EAJF,iBAIE;EAAM,YAAA,EAHH,iBAGG;EAIH,KAAA,CAAA,EAAA;IAAa,MAAA,EALjB,MAKiB,CAAA,MAAA,EAAA,OAAA,CAAA;IAAgB,OAAA,EAJhC,MAIgC,CAAA,MAAA,EAAA,OAAA,CAAA;;;AAA4B,iBAAzD,aAAA,CAAyD,IAAA,EAAA,MAAA,GAA5B,eAA4B,EAAA,GAAA,EAAA,MAAA,CAAA,EAAA,UAAA,CAAA,WAAA,CAAA;AAIzD,iBAAA,WAAW,CAAA,UAAW,WAAA,CAAY,UAAvB,GAAoC,WAAA,CAAY,UAAhD,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,WAAA,EAEZ,CAFY,CAAA,EAGxB,UAHwB,CAGb,CAHa,CAAA"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { ClaimFormat } from "../models/ClaimFormat.js";
 import { SingleOrArray } from "../../../types.js";
+import { ClaimFormat } from "../models/ClaimFormat.js";
 //#region src/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.ts
 interface W3cV2SdJwtHeader {
@@ -24,7 +24,7 @@ interface W3cV2SdJwt<T extends ClaimFormat.SdJwtW3cVc | ClaimFormat.SdJwtW3cVp>
     payload: Record<string, unknown>;
   };
 }
-declare function sdJwtVcHasher(data: string | ArrayBufferLike, alg: string): Uint8Array<ArrayBufferLike>;
+declare function sdJwtVcHasher(data: string | ArrayBufferLike, alg: string): Uint8Array<ArrayBuffer>;
 declare function decodeSdJwt<T extends ClaimFormat.SdJwtW3cVc | ClaimFormat.SdJwtW3cVp>(compact: string, claimFormat: T): W3cV2SdJwt<T>;
 //#endregion
 export { W3cV2SdJwt, W3cV2SdJwtHeader, W3cV2SdJwtPayload, decodeSdJwt, sdJwtVcHasher };

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwt.d.ts","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,gBAAA;;EAAA,GAAA,CAAA,EAAA,MAAA;EAMA,CAAA,QAAA,EAAA,MAAA,CAAA,EAAiB,OAAA;AAOlC;AAA2B,UAPV,iBAAA,CAOU;MAAW,EAN9B,aAM0C,CAAA,MAAA,CAAA;KAAa,CAAA,EAAA,MAAA;KAChD,CAAA,EAAA,MAAA;WAEL,EAAA,MAAA,CAAA,EAAA,OAAA;;AAEM,UALC,UAKD,CAAA,UALsB,WAAA,CAAY,UAKlC,GAL+C,WAAA,CAAY,UAK3D,CAAA,CAAA;aAEJ,EANG,CAMH;SACC,EAAA,MAAA;EAAM,MAAA,EALT,gBAKS;EAIH,OAAA,EARL,iBAQkB;EAAA,YAAA,EAPb,iBAOa;OAAgB,CAAA,EAAA;IAA4B,MAAA,EAL7D,MAK6D,CAAA,MAAA,EAAA,OAAA,CAAA;IAAA,OAAA,EAJ5D,MAI4D,CAAA,MAAA,EAAA,OAAA,CAAA;EAAA,CAAA;AAIzE;AAA2B,iBAJX,aAAA,CAIW,IAAA,EAAA,MAAA,GAJkB,eAIlB,EAAA,GAAA,EAAA,MAAA,CAAA,EAJ8C,UAI9C,CAJ8C,~~eAI9C~~,CAAA;AAAW,iBAAtB,WAAkC,CAAA,UAAZ,WAAA,CAAY,UAAA,GAAa,WAAA,CAAY,UAAzB,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,WAAA,EAEnC,CAFmC,CAAA,EAG/C,UAH+C,CAGpC,CAHoC,CAAA"}
1	+ {"version":3,"file":"W3cV2SdJwt.d.ts","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":[],"mappings":";;;;UAMiB,gBAAA;;EAAA,GAAA,CAAA,EAAA,MAAA;EAMA,CAAA,QAAA,EAAA,MAAA,CAAA,EAAiB,OAAA;AAOlC;AAA2B,UAPV,iBAAA,CAOU;MAAW,EAN9B,aAM0C,CAAA,MAAA,CAAA;KAAa,CAAA,EAAA,MAAA;KAChD,CAAA,EAAA,MAAA;WAEL,EAAA,MAAA,CAAA,EAAA,OAAA;;AAEM,UALC,UAKD,CAAA,UALsB,WAAA,CAAY,UAKlC,GAL+C,WAAA,CAAY,UAK3D,CAAA,CAAA;aAEJ,EANG,CAMH;SACC,EAAA,MAAA;EAAM,MAAA,EALT,gBAKS;EAIH,OAAA,EARL,iBAQkB;EAAA,YAAA,EAPb,iBAOa;OAAgB,CAAA,EAAA;IAA4B,MAAA,EAL7D,MAK6D,CAAA,MAAA,EAAA,OAAA,CAAA;IAAA,OAAA,EAJ5D,MAI4D,CAAA,MAAA,EAAA,OAAA,CAAA;EAAA,CAAA;AAIzE;AAA2B,iBAJX,aAAA,CAIW,IAAA,EAAA,MAAA,GAJkB,eAIlB,EAAA,GAAA,EAAA,MAAA,CAAA,EAJ8C,UAI9C,CAJ8C,WAI9C,CAAA;AAAW,iBAAtB,WAAkC,CAAA,UAAZ,WAAA,CAAY,UAAA,GAAa,WAAA,CAAY,UAAzB,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,WAAA,EAEnC,CAFmC,CAAA,EAG/C,UAH+C,CAGpC,CAHoC,CAAA"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwt.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwt.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":["import { decodeSdJwtSync, getClaimsSync } from '@sd-jwt/decode'\nimport { Hasher } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { type SingleOrArray, ~~isJsonObject~~ } from '../../../types'\nimport { ClaimFormat } from '../models'\n\nexport interface W3cV2SdJwtHeader {\n alg: string\n kid?: string\n [property: string]: unknown\n}\n\nexport interface W3cV2SdJwtPayload {\n type: SingleOrArray<string>\n iss?: string\n jti?: string\n [property: string]: unknown\n}\n\nexport interface W3cV2SdJwt<T extends ClaimFormat.SdJwtW3cVc \| ClaimFormat.SdJwtW3cVp> {\n claimFormat: T\n compact: string\n header: W3cV2SdJwtHeader\n payload: W3cV2SdJwtPayload\n prettyClaims: W3cV2SdJwtPayload\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n}\n\nexport function sdJwtVcHasher(data: string \| ArrayBufferLike, alg: string) {\n return Hasher.hash(typeof data === 'string' ? data : new Uint8Array(data), alg)\n}\n\nexport function decodeSdJwt<T extends ClaimFormat.SdJwtW3cVc \| ClaimFormat.SdJwtW3cVp>(\n compact: string,\n claimFormat: T\n): W3cV2SdJwt<T> {\n const { jwt, disclosures, kbJwt } = decodeSdJwtSync(compact, sdJwtVcHasher)\n\n const header = jwt.header as W3cV2SdJwtHeader\n const payload = jwt.payload as W3cV2SdJwtPayload\n const prettyClaims = getClaimsSync(payload, disclosures, sdJwtVcHasher) as W3cV2SdJwtPayload\n\n if (!isJsonObject(prettyClaims)) {\n throw new CredoError('SD-JWT claims are not a valid JSON object')\n }\n\n return {\n claimFormat,\n compact,\n header,\n payload,\n prettyClaims,\n kbJwt,\n }\n}\n"],"mappings":";;;;;;;;;;;AA+BA,SAAgB,cAAc,MAAgC,KAAa;AACzE,QAAO,OAAO,KAAK,OAAO,SAAS,WAAW,OAAO,IAAI,WAAW,KAAK,EAAE,IAAI;;AAGjF,SAAgB,YACd,SACA,aACe;CACf,MAAM,EAAE,KAAK,aAAa,UAAU,gBAAgB,SAAS,cAAc;CAE3E,MAAM,SAAS,IAAI;CACnB,MAAM,UAAU,IAAI;CACpB,MAAM,eAAe,cAAc,SAAS,aAAa,cAAc;AAEvE,KAAI,CAAC,aAAa,aAAa,CAC7B,OAAM,IAAI,WAAW,4CAA4C;AAGnE,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD"}
1	+ {"version":3,"file":"W3cV2SdJwt.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwt.ts"],"sourcesContent":["import { decodeSdJwtSync, getClaimsSync } from '@sd-jwt/decode'\nimport { Hasher } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { isJsonObject, type SingleOrArray } from '../../../types'\nimport { ClaimFormat } from '../models'\n\nexport interface W3cV2SdJwtHeader {\n alg: string\n kid?: string\n [property: string]: unknown\n}\n\nexport interface W3cV2SdJwtPayload {\n type: SingleOrArray<string>\n iss?: string\n jti?: string\n [property: string]: unknown\n}\n\nexport interface W3cV2SdJwt<T extends ClaimFormat.SdJwtW3cVc \| ClaimFormat.SdJwtW3cVp> {\n claimFormat: T\n compact: string\n header: W3cV2SdJwtHeader\n payload: W3cV2SdJwtPayload\n prettyClaims: W3cV2SdJwtPayload\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n}\n\nexport function sdJwtVcHasher(data: string \| ArrayBufferLike, alg: string) {\n return Hasher.hash(typeof data === 'string' ? data : new Uint8Array(data), alg)\n}\n\nexport function decodeSdJwt<T extends ClaimFormat.SdJwtW3cVc \| ClaimFormat.SdJwtW3cVp>(\n compact: string,\n claimFormat: T\n): W3cV2SdJwt<T> {\n const { jwt, disclosures, kbJwt } = decodeSdJwtSync(compact, sdJwtVcHasher)\n\n const header = jwt.header as W3cV2SdJwtHeader\n const payload = jwt.payload as W3cV2SdJwtPayload\n const prettyClaims = getClaimsSync(payload, disclosures, sdJwtVcHasher) as W3cV2SdJwtPayload\n\n if (!isJsonObject(prettyClaims)) {\n throw new CredoError('SD-JWT claims are not a valid JSON object')\n }\n\n return {\n claimFormat,\n compact,\n header,\n payload,\n prettyClaims,\n kbJwt,\n }\n}\n"],"mappings":";;;;;;;;;;;AA+BA,SAAgB,cAAc,MAAgC,KAAa;AACzE,QAAO,OAAO,KAAK,OAAO,SAAS,WAAW,OAAO,IAAI,WAAW,KAAK,EAAE,IAAI;;AAGjF,SAAgB,YACd,SACA,aACe;CACf,MAAM,EAAE,KAAK,aAAa,UAAU,gBAAgB,SAAS,cAAc;CAE3E,MAAM,SAAS,IAAI;CACnB,MAAM,UAAU,IAAI;CACpB,MAAM,eAAe,cAAc,SAAS,aAAa,cAAc;AAEvE,KAAI,CAAC,aAAa,aAAa,CAC7B,OAAM,IAAI,WAAW,4CAA4C;AAGnE,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { W3cV2SdJwtVerifiableCredential } from "./W3cV2SdJwtVerifiableCredential.mjs";
-import { W3cV2SdJwtVerifiablePresentation } from "./W3cV2SdJwtVerifiablePresentation.mjs";
 import { W3cV2SdJwtSignCredentialOptions, W3cV2SdJwtSignPresentationOptions, W3cV2SdJwtVcPresentOptions, W3cV2SdJwtVerifyCredentialOptions, W3cV2SdJwtVerifyPresentationOptions } from "../W3cV2CredentialServiceOptions.mjs";
+import { W3cV2SdJwtVerifiablePresentation } from "./W3cV2SdJwtVerifiablePresentation.mjs";
 import { W3cV2VerifyCredentialResult, W3cV2VerifyPresentationResult } from "../models/W3cV2VerifyResult.mjs";
 import { AgentContext } from "../../../agent/context/AgentContext.mjs";

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { W3cV2SdJwtVerifiableCredential } from "./W3cV2SdJwtVerifiableCredential.js";
-import { W3cV2SdJwtVerifiablePresentation } from "./W3cV2SdJwtVerifiablePresentation.js";
 import { W3cV2SdJwtSignCredentialOptions, W3cV2SdJwtSignPresentationOptions, W3cV2SdJwtVcPresentOptions, W3cV2SdJwtVerifyCredentialOptions, W3cV2SdJwtVerifyPresentationOptions } from "../W3cV2CredentialServiceOptions.js";
+import { W3cV2SdJwtVerifiablePresentation } from "./W3cV2SdJwtVerifiablePresentation.js";
 import { W3cV2VerifyCredentialResult, W3cV2VerifyPresentationResult } from "../models/W3cV2VerifyResult.js";
 import { AgentContext } from "../../../agent/context/AgentContext.js";

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.js CHANGED Viewed

@@ -5,10 +5,10 @@ const require_CredoError = require('../../../error/CredoError.js');
 require('../../../error/index.js');
 require('../../../plugins/index.js');
 const require_decorate = require('../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
+const require_array = require('../../../utils/array.js');
 const require_TypedArrayEncoder = require('../../../utils/TypedArrayEncoder.js');
 const require_MessageValidator = require('../../../utils/MessageValidator.js');
 const require_JsonTransformer = require('../../../utils/JsonTransformer.js');
-const require_array = require('../../../utils/array.js');
 const require_timestamp = require('../../../utils/timestamp.js');
 require('../../../utils/index.js');
 const require_KeyManagementApi = require('../../kms/KeyManagementApi.js');
@@ -99,7 +99,7 @@ let W3cV2SdJwtCredentialService = class W3cV2SdJwtCredentialService$1 {
 				kbVerifier: holder ? require_utils.getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
 			try {
-				await sdJwt.verify(credential.encoded, [], false);
+				await sdJwt.verify(credential.encoded);
 				validationResults.validations.signature = { isValid: true };
 			} catch (error) {
 				validationResults.validations.signature = {
@@ -181,7 +181,7 @@ let W3cV2SdJwtCredentialService = class W3cV2SdJwtCredentialService$1 {
 				kbVerifier: holder ? require_utils.getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
 			try {
-				await sdjwt.verify(presentation.encoded, [], false);
+				await sdjwt.verify(presentation.encoded);
 				validationResults.validations.presentationSignature = { isValid: true };
 			} catch (error) {
 				validationResults.validations.presentationSignature = {

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.mjs CHANGED Viewed

@@ -4,10 +4,10 @@ import { CredoError } from "../../../error/CredoError.mjs";
 import "../../../error/index.mjs";
 import { injectable } from "../../../plugins/index.mjs";
 import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
+import { asArray } from "../../../utils/array.mjs";
 import { TypedArrayEncoder } from "../../../utils/TypedArrayEncoder.mjs";
 import { MessageValidator } from "../../../utils/MessageValidator.mjs";
 import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
-import { asArray } from "../../../utils/array.mjs";
 import { nowInSeconds } from "../../../utils/timestamp.mjs";
 import "../../../utils/index.mjs";
 import { KeyManagementApi } from "../../kms/KeyManagementApi.mjs";
@@ -95,7 +95,7 @@ let W3cV2SdJwtCredentialService = class W3cV2SdJwtCredentialService$1 {
 				kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
 			try {
-				await sdJwt.verify(credential.encoded, [], false);
+				await sdJwt.verify(credential.encoded);
 				validationResults.validations.signature = { isValid: true };
 			} catch (error) {
 				validationResults.validations.signature = {
@@ -177,7 +177,7 @@ let W3cV2SdJwtCredentialService = class W3cV2SdJwtCredentialService$1 {
 				kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : void 0
 			});
 			try {
-				await sdjwt.verify(presentation.encoded, [], false);
+				await sdjwt.verify(presentation.encoded);
 				validationResults.validations.presentationSignature = { isValid: true };
 			} catch (error) {
 				validationResults.validations.presentationSignature = {

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwtCredentialService.mjs","names":["W3cV2SdJwtCredentialService","validationResults: W3cV2VerifyCredentialResult","credential: W3cV2SdJwtVerifiableCredential","validationResults: W3cV2VerifyPresentationResult","presentation: W3cV2SdJwtVerifiablePresentation","credentialSubjectAuthentication: SingleValidationResult"],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.ts"],"sourcesContent":["import { SDJwtInstance } from '@sd-jwt/core'\nimport type { DisclosureFrame, PresentationFrame, SDJWTConfig } from '@sd-jwt/types'\nimport type { AgentContext } from '../../../agent/context'\nimport { JwtPayload } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { injectable } from '../../../plugins'\nimport { JsonTransformer, MessageValidator, TypedArrayEncoder, asArray, nowInSeconds } from '../../../utils'\nimport { getPublicJwkFromVerificationMethod } from '../../dids/domain/key-type/keyDidMapping'\nimport { KeyManagementApi } from '../../kms'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n} from '../../sd-jwt-vc/utils'\nimport type {\n W3cV2SdJwtSignCredentialOptions,\n W3cV2SdJwtSignPresentationOptions,\n W3cV2SdJwtVcPresentOptions,\n W3cV2SdJwtVerifyCredentialOptions,\n W3cV2SdJwtVerifyPresentationOptions,\n} from '../W3cV2CredentialServiceOptions'\nimport type {\n SingleValidationResult,\n W3cV2JsonCredential,\n W3cV2JsonPresentation,\n W3cV2VerifyCredentialResult,\n W3cV2VerifyPresentationResult,\n} from '../models'\nimport {\n extractHolderFromPresentationCredentials,\n getVerificationMethodForJwt,\n validateAndResolveVerificationMethod,\n} from '../v2-jwt-utils'\nimport { sdJwtVcHasher } from './W3cV2SdJwt'\nimport { W3cV2SdJwtVerifiableCredential } from './W3cV2SdJwtVerifiableCredential'\nimport { W3cV2SdJwtVerifiablePresentation } from './W3cV2SdJwtVerifiablePresentation'\n\n/*\n List of fields that cannot be selectively disclosed.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-with-sd-jwt\n * @see https://www.w3.org/TR/vc-jose-cose/#securing-vps-sd-jwt\n /\nconst NON_DISCLOSEABLE_FIELDS = ['@context', 'type', 'credentialStatus', 'credentialSchema', 'relatedResource']\n\n/\n Supports signing and verifying W3C Verifiable Credentials and Presentations\n * secured with Selective Disclosure JSON Web Tokens (SD-JWT).\n \n @see https://www.w3.org/TR/vc-data-model/\n * @see https://www.w3.org/TR/vc-jose-cose/#with-sd-jwt\n /\n@injectable()\nexport class W3cV2SdJwtCredentialService {\n /\n Signs a credential\n /\n public async signCredential(\n agentContext: AgentContext,\n options: W3cV2SdJwtSignCredentialOptions\n ): Promise<W3cV2SdJwtVerifiableCredential> {\n // Validate the instance\n MessageValidator.validateSync(options.credential)\n\n // The JWT payload is simply the credential\n const payload = JsonTransformer.toJSON(options.credential) as W3cV2JsonCredential\n\n // Add iat and cnf to the payload\n payload.iat = nowInSeconds()\n payload.cnf = options.holder ? (await extractKeyFromHolderBinding(agentContext, options.holder)).cnf : undefined\n\n // Validate and resolve the verification method\n const publicJwk = await validateAndResolveVerificationMethod(agentContext, options.verificationMethod, [\n 'assertionMethod',\n ])\n\n // Validate the disclosure frame\n const disclosureFrame = options.disclosureFrame as DisclosureFrame<W3cV2JsonCredential> \| undefined\n this.validateDisclosureFrame(disclosureFrame)\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, publicJwk),\n hashAlg: options.hashingAlgorithm ?? 'sha-256',\n signAlg: options.alg,\n })\n\n // Sign SD-JWT\n const compact = await sdJwt.issue<W3cV2JsonCredential>(payload, disclosureFrame, {\n header: {\n typ: 'vc+sd-jwt',\n alg: options.alg,\n kid: options.verificationMethod,\n },\n })\n\n return W3cV2SdJwtVerifiableCredential.fromCompact(compact)\n }\n\n /\n Verifies the signature(s) of a credential\n \n @param credential the credential to be verified\n * @returns the verification result\n /\n public async verifyCredential(\n agentContext: AgentContext,\n options: W3cV2SdJwtVerifyCredentialOptions\n ): Promise<W3cV2VerifyCredentialResult> {\n const validationResults: W3cV2VerifyCredentialResult = {\n isValid: false,\n validations: {},\n }\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n })\n\n try {\n let credential: W3cV2SdJwtVerifiableCredential\n try {\n // If instance is provided as input, we want to validate the credential\n // Otherwise, it is done by fromCompact below\n if (options.credential instanceof W3cV2SdJwtVerifiableCredential) {\n options.credential.validate()\n }\n\n credential =\n options.credential instanceof W3cV2SdJwtVerifiableCredential\n ? options.credential\n : W3cV2SdJwtVerifiableCredential.fromCompact(options.credential)\n\n // Validate JWT payload\n JwtPayload.fromJson(credential.sdJwt.payload).validate()\n\n validationResults.validations.dataModel = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.dataModel = {\n isValid: false,\n error,\n }\n\n return validationResults\n }\n\n const issuerVerificationMethod = await getVerificationMethodForJwt(agentContext, credential, ['assertionMethod'])\n const issuerPublicKey = getPublicJwkFromVerificationMethod(issuerVerificationMethod)\n\n const holderBinding = parseHolderBindingFromCredential(credential.sdJwt.prettyClaims)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdJwt.config({\n verifier: getSdJwtVerifier(agentContext, issuerPublicKey),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdJwt.verify(credential.encoded, [], false)\n\n validationResults.validations.signature = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.signature = {\n isValid: false,\n error,\n }\n }\n\n // Validate whether the credential is signed with the 'issuer' id\n // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n if (credential.resolvedCredential.issuerId !== issuerVerificationMethod.controller) {\n validationResults.validations.issuerIsSigner = {\n isValid: false,\n error: new CredoError(\n `Credential is signed using verification method ${issuerVerificationMethod.id}, while the issuer of the credential is '${credential.resolvedCredential.issuerId}'`\n ),\n }\n } else {\n validationResults.validations.issuerIsSigner = {\n isValid: true,\n }\n }\n\n validationResults.isValid = Object.values(validationResults.validations).every((v) => v.isValid)\n return validationResults\n } catch (error) {\n validationResults.error = error\n return validationResults\n }\n }\n\n /\n Signs a presentation including the credentials it includes\n \n @param presentation the presentation to be signed\n * @returns the signed presentation\n /\n public async signPresentation(\n agentContext: AgentContext,\n options: W3cV2SdJwtSignPresentationOptions\n ): Promise<W3cV2SdJwtVerifiablePresentation> {\n // Validate the instance\n MessageValidator.validateSync(options.presentation)\n\n // The JWT payload is simply the presentation\n const payload = JsonTransformer.toJSON(options.presentation) as W3cV2JsonPresentation\n\n // Add the nonce and aud to the payload\n payload.nonce = options.challenge\n payload.aud = options.domain\n\n const holder = await extractHolderFromPresentationCredentials(agentContext, options.presentation)\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, holder.publicJwk),\n hashAlg: options.hashingAlgorithm ?? 'sha-256',\n signAlg: holder.alg,\n })\n\n // Validate the disclosure frame\n const disclosureFrame = options.disclosureFrame as DisclosureFrame<W3cV2JsonPresentation> \| undefined\n this.validateDisclosureFrame(disclosureFrame)\n\n // Sign SD-JWT\n const compact = await sdJwt.issue<W3cV2JsonPresentation>(payload, disclosureFrame, {\n header: {\n typ: 'vp+sd-jwt',\n alg: holder.alg,\n kid: holder?.cnf?.kid,\n },\n })\n\n return W3cV2SdJwtVerifiablePresentation.fromCompact(compact)\n }\n\n /\n Verifies a presentation including the credentials it includes\n \n @param presentation the presentation to be verified\n * @returns the verification result\n */\n public async verifyPresentation(\n agentContext: AgentContext,\n options: W3cV2SdJwtVerifyPresentationOptions\n ): Promise<W3cV2VerifyPresentationResult> {\n const validationResults: W3cV2VerifyPresentationResult = {\n isValid: false,\n validations: {},\n }\n\n const sdjwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n })\n\n try {\n let presentation: W3cV2SdJwtVerifiablePresentation\n try {\n // If instance is provided as input, we want to validate the presentation\n if (options.presentation instanceof W3cV2SdJwtVerifiablePresentation) {\n MessageValidator.validateSync(options.presentation.resolvedPresentation)\n }\n\n presentation =\n options.presentation instanceof W3cV2SdJwtVerifiablePresentation\n ? options.presentation\n : W3cV2SdJwtVerifiablePresentation.fromCompact(options.presentation)\n\n // Validate JWT payload\n JwtPayload.fromJson(presentation.sdJwt.payload).validate()\n\n validationResults.validations.dataModel = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.dataModel = {\n isValid: false,\n error,\n }\n\n return validationResults\n }\n\n const proverVerificationMethod = await getVerificationMethodForJwt(agentContext, presentation, ['authentication'])\n const proverPublicKey = getPublicJwkFromVerificationMethod(proverVerificationMethod)\n const holderBinding = parseHolderBindingFromCredential(presentation.sdJwt.prettyClaims)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, proverPublicKey),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdjwt.verify(presentation.encoded, [], false)\n\n validationResults.validations.presentationSignature = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.presentationSignature = {\n isValid: false,\n error,\n }\n }\n\n // Validate whether the presentation is signed with the 'holder' id\n // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n if (\n presentation.resolvedPresentation.holderId &&\n proverVerificationMethod.controller !== presentation.resolvedPresentation.holderId\n ) {\n validationResults.validations.holderIsSigner = {\n isValid: false,\n error: new CredoError(\n `Presentation is signed using verification method ${proverVerificationMethod.id}, while the holder of the presentation is '${presentation.resolvedPresentation.holderId}'`\n ),\n }\n } else {\n // If no holderId is present, this validation passes by default as there can't be\n // a mismatch between the 'holder' property and the signer of the presentation.\n validationResults.validations.holderIsSigner = {\n isValid: true,\n }\n }\n\n // To keep things simple, we only support JWT VCs in JWT VPs for now\n const credentials = asArray(presentation.resolvedPresentation.verifiableCredential)\n\n // Verify all credentials in parallel, and await the result\n validationResults.validations.credentials = await Promise.all(\n credentials.map(async (credential) => {\n if (!(credential.envelopedCredential instanceof W3cV2SdJwtVerifiableCredential)) {\n return {\n isValid: false,\n error: new CredoError(\n 'Credential is not of format SD-JWT. Presentations in SD-JWT format can only contain credentials in SD-JWT format.'\n ),\n validations: {},\n }\n }\n\n const credentialResult = await this.verifyCredential(agentContext, {\n credential: credential.envelopedCredential,\n })\n\n let credentialSubjectAuthentication: SingleValidationResult\n\n // Check whether any of the credentialSubjectIds for each credential is the same as the controller of the verificationMethod\n // This authenticates the presentation creator controls one of the credentialSubject ids.\n // NOTE: this doesn't take into account the case where the credentialSubject is no the holder. In the\n // future we can add support for other flows, but for now this is the most common use case.\n // TODO: should this be handled on a higher level? I don't really see it being handled in the jsonld lib\n // or in the did-jwt-vc lib (it seems they don't even verify the credentials itself), but we probably need some\n // more experience on the use cases before we loosen the restrictions (as it means we need to handle it on a higher layer).\n const credentialSubjectIds = credential.resolvedCredential.credentialSubjectIds\n const presentationAuthenticatesCredentialSubject = credentialSubjectIds.some(\n (subjectId) => proverVerificationMethod.controller === subjectId\n )\n\n if (credentialSubjectIds.length > 0 && !presentationAuthenticatesCredentialSubject) {\n credentialSubjectAuthentication = {\n isValid: false,\n error: new CredoError(\n 'Credential has one or more credentialSubject ids, but presentation does not authenticate credential subject'\n ),\n }\n } else {\n credentialSubjectAuthentication = {\n isValid: true,\n }\n }\n\n return {\n ...credentialResult,\n isValid: credentialResult.isValid && credentialSubjectAuthentication.isValid,\n validations: {\n ...credentialResult.validations,\n credentialSubjectAuthentication,\n },\n }\n })\n )\n\n // Deeply nested check whether all validations have passed\n validationResults.isValid = Object.values(validationResults.validations).every((v) =>\n Array.isArray(v) ? v.every((vv) => vv.isValid) : v.isValid\n )\n\n return validationResults\n } catch (error) {\n validationResults.error = error\n return validationResults\n }\n }\n\n public async present(\n agentContext: AgentContext,\n options: W3cV2SdJwtVcPresentOptions\n ): Promise<W3cV2SdJwtVerifiableCredential> {\n const originalCompact =\n options.credential instanceof W3cV2SdJwtVerifiableCredential ? options.credential.encoded : options.credential\n\n const presentationFrame = options.presentationFrame as PresentationFrame<W3cV2JsonCredential>\n\n const sdjwt = new SDJwtInstance(this.getBaseSdJwtConfig(agentContext))\n const disclosedCompact = await sdjwt.present(originalCompact, presentationFrame)\n\n return W3cV2SdJwtVerifiableCredential.fromCompact(disclosedCompact)\n }\n\n private validateDisclosureFrame(disclosureFrame?: DisclosureFrame<W3cV2JsonCredential \| W3cV2JsonPresentation>) {\n if (!disclosureFrame) return\n\n for (const field of NON_DISCLOSEABLE_FIELDS) {\n if (disclosureFrame[field]) {\n throw new CredoError(`'${field}' property cannot be selectively disclosed`)\n }\n\n if (Array.isArray(disclosureFrame._sd) && disclosureFrame._sd?.includes(field)) {\n throw new CredoError(`'${field}' property cannot be selectively disclosed`)\n }\n }\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SDJWTConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CA,MAAM,0BAA0B;CAAC;CAAY;CAAQ;CAAoB;CAAoB;CAAkB;AAUxG,wCAAMA,8BAA4B;;;;CAIvC,MAAa,eACX,cACA,SACyC;AAEzC,mBAAiB,aAAa,QAAQ,WAAW;EAGjD,MAAM,UAAU,gBAAgB,OAAO,QAAQ,WAAW;AAG1D,UAAQ,MAAM,cAAc;AAC5B,UAAQ,MAAM,QAAQ,UAAU,MAAM,4BAA4B,cAAc,QAAQ,OAAO,EAAE,MAAM;EAGvG,MAAM,YAAY,MAAM,qCAAqC,cAAc,QAAQ,oBAAoB,CACrG,kBACD,CAAC;EAGF,MAAM,kBAAkB,QAAQ;AAChC,OAAK,wBAAwB,gBAAgB;EAU7C,MAAM,UAAU,MARF,IAAI,cAAc;GAC9B,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,UAAU;GAC/C,SAAS,QAAQ,oBAAoB;GACrC,SAAS,QAAQ;GAClB,CAAC,CAG0B,MAA2B,SAAS,iBAAiB,EAC/E,QAAQ;GACN,KAAK;GACL,KAAK,QAAQ;GACb,KAAK,QAAQ;GACd,EACF,CAAC;AAEF,SAAO,+BAA+B,YAAY,QAAQ;;;;;;;;CAS5D,MAAa,iBACX,cACA,SACsC;EACtC,MAAMC,oBAAiD;GACrD,SAAS;GACT,aAAa,EAAE;GAChB;EAED,MAAM,QAAQ,IAAI,cAAc,EAC9B,GAAG,KAAK,mBAAmB,aAAa,EACzC,CAAC;AAEF,MAAI;GACF,IAAIC;AACJ,OAAI;AAGF,QAAI,QAAQ,sBAAsB,+BAChC,SAAQ,WAAW,UAAU;AAG/B,iBACE,QAAQ,sBAAsB,iCAC1B,QAAQ,aACR,+BAA+B,YAAY,QAAQ,WAAW;AAGpE,eAAW,SAAS,WAAW,MAAM,QAAQ,CAAC,UAAU;AAExD,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,4BAA4B,cAAc,YAAY,CAAC,kBAAkB,CAAC;GACjH,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,MAAM,gBAAgB,iCAAiC,WAAW,MAAM,aAAa;GACrF,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,gBAAgB;IACzD,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,WAAW,SAAS,EAAE,EAAE,MAAM;AAEjD,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;;AAKH,OAAI,WAAW,mBAAmB,aAAa,yBAAyB,WACtE,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,kDAAkD,yBAAyB,GAAG,2CAA2C,WAAW,mBAAmB,SAAS,GACjK;IACF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAGH,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAAM,EAAE,QAAQ;AAChG,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;;;;;;;CAUX,MAAa,iBACX,cACA,SAC2C;AAE3C,mBAAiB,aAAa,QAAQ,aAAa;EAGnD,MAAM,UAAU,gBAAgB,OAAO,QAAQ,aAAa;AAG5D,UAAQ,QAAQ,QAAQ;AACxB,UAAQ,MAAM,QAAQ;EAEtB,MAAM,SAAS,MAAM,yCAAyC,cAAc,QAAQ,aAAa;EAEjG,MAAM,QAAQ,IAAI,cAAc;GAC9B,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS,QAAQ,oBAAoB;GACrC,SAAS,OAAO;GACjB,CAAC;EAGF,MAAM,kBAAkB,QAAQ;AAChC,OAAK,wBAAwB,gBAAgB;EAG7C,MAAM,UAAU,MAAM,MAAM,MAA6B,SAAS,iBAAiB,EACjF,QAAQ;GACN,KAAK;GACL,KAAK,OAAO;GACZ,KAAK,QAAQ,KAAK;GACnB,EACF,CAAC;AAEF,SAAO,iCAAiC,YAAY,QAAQ;;;;;;;;CAS9D,MAAa,mBACX,cACA,SACwC;EACxC,MAAMC,oBAAmD;GACvD,SAAS;GACT,aAAa,EAAE;GAChB;EAED,MAAM,QAAQ,IAAI,cAAc,EAC9B,GAAG,KAAK,mBAAmB,aAAa,EACzC,CAAC;AAEF,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,wBAAwB,iCAClC,kBAAiB,aAAa,QAAQ,aAAa,qBAAqB;AAG1E,mBACE,QAAQ,wBAAwB,mCAC5B,QAAQ,eACR,iCAAiC,YAAY,QAAQ,aAAa;AAGxE,eAAW,SAAS,aAAa,MAAM,QAAQ,CAAC,UAAU;AAE1D,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,4BAA4B,cAAc,cAAc,CAAC,iBAAiB,CAAC;GAClH,MAAM,kBAAkB,mCAAmC,yBAAyB;GACpF,MAAM,gBAAgB,iCAAiC,aAAa,MAAM,aAAa;GACvF,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,gBAAgB;IACzD,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,aAAa,SAAS,EAAE,EAAE,MAAM;AAEnD,sBAAkB,YAAY,wBAAwB,EACpD,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT;KACD;;AAKH,OACE,aAAa,qBAAqB,YAClC,yBAAyB,eAAe,aAAa,qBAAqB,SAE1E,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,oDAAoD,yBAAyB,GAAG,6CAA6C,aAAa,qBAAqB,SAAS,GACzK;IACF;OAID,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;GAIH,MAAM,cAAc,QAAQ,aAAa,qBAAqB,qBAAqB;AAGnF,qBAAkB,YAAY,cAAc,MAAM,QAAQ,IACxD,YAAY,IAAI,OAAO,eAAe;AACpC,QAAI,EAAE,WAAW,+BAA+B,gCAC9C,QAAO;KACL,SAAS;KACT,OAAO,IAAI,WACT,oHACD;KACD,aAAa,EAAE;KAChB;IAGH,MAAM,mBAAmB,MAAM,KAAK,iBAAiB,cAAc,EACjE,YAAY,WAAW,qBACxB,CAAC;IAEF,IAAIC;IASJ,MAAM,uBAAuB,WAAW,mBAAmB;IAC3D,MAAM,6CAA6C,qBAAqB,MACrE,cAAc,yBAAyB,eAAe,UACxD;AAED,QAAI,qBAAqB,SAAS,KAAK,CAAC,2CACtC,mCAAkC;KAChC,SAAS;KACT,OAAO,IAAI,WACT,8GACD;KACF;QAED,mCAAkC,EAChC,SAAS,MACV;AAGH,WAAO;KACL,GAAG;KACH,SAAS,iBAAiB,WAAW,gCAAgC;KACrE,aAAa;MACX,GAAG,iBAAiB;MACpB;MACD;KACF;KACD,CACH;AAGD,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAC9E,MAAM,QAAQ,EAAE,GAAG,EAAE,OAAO,OAAO,GAAG,QAAQ,GAAG,EAAE,QACpD;AAED,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;CAIX,MAAa,QACX,cACA,SACyC;EACzC,MAAM,kBACJ,QAAQ,sBAAsB,iCAAiC,QAAQ,WAAW,UAAU,QAAQ;EAEtG,MAAM,oBAAoB,QAAQ;EAGlC,MAAM,mBAAmB,MADX,IAAI,cAAc,KAAK,mBAAmB,aAAa,CAAC,CACjC,QAAQ,iBAAiB,kBAAkB;AAEhF,SAAO,+BAA+B,YAAY,iBAAiB;;CAGrE,AAAQ,wBAAwB,iBAAgF;AAC9G,MAAI,CAAC,gBAAiB;AAEtB,OAAK,MAAM,SAAS,yBAAyB;AAC3C,OAAI,gBAAgB,OAClB,OAAM,IAAI,WAAW,IAAI,MAAM,4CAA4C;AAG7E,OAAI,MAAM,QAAQ,gBAAgB,IAAI,IAAI,gBAAgB,KAAK,SAAS,MAAM,CAC5E,OAAM,IAAI,WAAW,IAAI,MAAM,4CAA4C;;;CAKjF,AAAQ,mBAAmB,cAAyC;EAClE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;;0CA9XJ,YAAY"}
1	+ {"version":3,"file":"W3cV2SdJwtCredentialService.mjs","names":["W3cV2SdJwtCredentialService","validationResults: W3cV2VerifyCredentialResult","credential: W3cV2SdJwtVerifiableCredential","validationResults: W3cV2VerifyPresentationResult","presentation: W3cV2SdJwtVerifiablePresentation","credentialSubjectAuthentication: SingleValidationResult"],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.ts"],"sourcesContent":["import { SDJwtInstance } from '@sd-jwt/core'\nimport type { DisclosureFrame, PresentationFrame, SDJWTConfig } from '@sd-jwt/types'\nimport type { AgentContext } from '../../../agent/context'\nimport { JwtPayload } from '../../../crypto'\nimport { CredoError } from '../../../error'\nimport { injectable } from '../../../plugins'\nimport { asArray, JsonTransformer, MessageValidator, nowInSeconds, TypedArrayEncoder } from '../../../utils'\nimport { getPublicJwkFromVerificationMethod } from '../../dids/domain/key-type/keyDidMapping'\nimport { KeyManagementApi } from '../../kms'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n} from '../../sd-jwt-vc/utils'\nimport type {\n SingleValidationResult,\n W3cV2JsonCredential,\n W3cV2JsonPresentation,\n W3cV2VerifyCredentialResult,\n W3cV2VerifyPresentationResult,\n} from '../models'\nimport {\n extractHolderFromPresentationCredentials,\n getVerificationMethodForJwt,\n validateAndResolveVerificationMethod,\n} from '../v2-jwt-utils'\nimport type {\n W3cV2SdJwtSignCredentialOptions,\n W3cV2SdJwtSignPresentationOptions,\n W3cV2SdJwtVcPresentOptions,\n W3cV2SdJwtVerifyCredentialOptions,\n W3cV2SdJwtVerifyPresentationOptions,\n} from '../W3cV2CredentialServiceOptions'\nimport { sdJwtVcHasher } from './W3cV2SdJwt'\nimport { W3cV2SdJwtVerifiableCredential } from './W3cV2SdJwtVerifiableCredential'\nimport { W3cV2SdJwtVerifiablePresentation } from './W3cV2SdJwtVerifiablePresentation'\n\n/*\n List of fields that cannot be selectively disclosed.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-with-sd-jwt\n * @see https://www.w3.org/TR/vc-jose-cose/#securing-vps-sd-jwt\n /\nconst NON_DISCLOSEABLE_FIELDS = ['@context', 'type', 'credentialStatus', 'credentialSchema', 'relatedResource']\n\n/\n Supports signing and verifying W3C Verifiable Credentials and Presentations\n * secured with Selective Disclosure JSON Web Tokens (SD-JWT).\n \n @see https://www.w3.org/TR/vc-data-model/\n * @see https://www.w3.org/TR/vc-jose-cose/#with-sd-jwt\n /\n@injectable()\nexport class W3cV2SdJwtCredentialService {\n /\n Signs a credential\n /\n public async signCredential(\n agentContext: AgentContext,\n options: W3cV2SdJwtSignCredentialOptions\n ): Promise<W3cV2SdJwtVerifiableCredential> {\n // Validate the instance\n MessageValidator.validateSync(options.credential)\n\n // The JWT payload is simply the credential\n const payload = JsonTransformer.toJSON(options.credential) as W3cV2JsonCredential\n\n // Add iat and cnf to the payload\n payload.iat = nowInSeconds()\n payload.cnf = options.holder ? (await extractKeyFromHolderBinding(agentContext, options.holder)).cnf : undefined\n\n // Validate and resolve the verification method\n const publicJwk = await validateAndResolveVerificationMethod(agentContext, options.verificationMethod, [\n 'assertionMethod',\n ])\n\n // Validate the disclosure frame\n const disclosureFrame = options.disclosureFrame as DisclosureFrame<W3cV2JsonCredential> \| undefined\n this.validateDisclosureFrame(disclosureFrame)\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, publicJwk),\n hashAlg: options.hashingAlgorithm ?? 'sha-256',\n signAlg: options.alg,\n })\n\n // Sign SD-JWT\n const compact = await sdJwt.issue<W3cV2JsonCredential>(payload, disclosureFrame, {\n header: {\n typ: 'vc+sd-jwt',\n alg: options.alg,\n kid: options.verificationMethod,\n },\n })\n\n return W3cV2SdJwtVerifiableCredential.fromCompact(compact)\n }\n\n /\n Verifies the signature(s) of a credential\n \n @param credential the credential to be verified\n * @returns the verification result\n /\n public async verifyCredential(\n agentContext: AgentContext,\n options: W3cV2SdJwtVerifyCredentialOptions\n ): Promise<W3cV2VerifyCredentialResult> {\n const validationResults: W3cV2VerifyCredentialResult = {\n isValid: false,\n validations: {},\n }\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n })\n\n try {\n let credential: W3cV2SdJwtVerifiableCredential\n try {\n // If instance is provided as input, we want to validate the credential\n // Otherwise, it is done by fromCompact below\n if (options.credential instanceof W3cV2SdJwtVerifiableCredential) {\n options.credential.validate()\n }\n\n credential =\n options.credential instanceof W3cV2SdJwtVerifiableCredential\n ? options.credential\n : W3cV2SdJwtVerifiableCredential.fromCompact(options.credential)\n\n // Validate JWT payload\n JwtPayload.fromJson(credential.sdJwt.payload).validate()\n\n validationResults.validations.dataModel = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.dataModel = {\n isValid: false,\n error,\n }\n\n return validationResults\n }\n\n const issuerVerificationMethod = await getVerificationMethodForJwt(agentContext, credential, ['assertionMethod'])\n const issuerPublicKey = getPublicJwkFromVerificationMethod(issuerVerificationMethod)\n\n const holderBinding = parseHolderBindingFromCredential(credential.sdJwt.prettyClaims)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdJwt.config({\n verifier: getSdJwtVerifier(agentContext, issuerPublicKey),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdJwt.verify(credential.encoded)\n\n validationResults.validations.signature = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.signature = {\n isValid: false,\n error,\n }\n }\n\n // Validate whether the credential is signed with the 'issuer' id\n // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n if (credential.resolvedCredential.issuerId !== issuerVerificationMethod.controller) {\n validationResults.validations.issuerIsSigner = {\n isValid: false,\n error: new CredoError(\n `Credential is signed using verification method ${issuerVerificationMethod.id}, while the issuer of the credential is '${credential.resolvedCredential.issuerId}'`\n ),\n }\n } else {\n validationResults.validations.issuerIsSigner = {\n isValid: true,\n }\n }\n\n validationResults.isValid = Object.values(validationResults.validations).every((v) => v.isValid)\n return validationResults\n } catch (error) {\n validationResults.error = error\n return validationResults\n }\n }\n\n /\n Signs a presentation including the credentials it includes\n \n @param presentation the presentation to be signed\n * @returns the signed presentation\n /\n public async signPresentation(\n agentContext: AgentContext,\n options: W3cV2SdJwtSignPresentationOptions\n ): Promise<W3cV2SdJwtVerifiablePresentation> {\n // Validate the instance\n MessageValidator.validateSync(options.presentation)\n\n // The JWT payload is simply the presentation\n const payload = JsonTransformer.toJSON(options.presentation) as W3cV2JsonPresentation\n\n // Add the nonce and aud to the payload\n payload.nonce = options.challenge\n payload.aud = options.domain\n\n const holder = await extractHolderFromPresentationCredentials(agentContext, options.presentation)\n\n const sdJwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, holder.publicJwk),\n hashAlg: options.hashingAlgorithm ?? 'sha-256',\n signAlg: holder.alg,\n })\n\n // Validate the disclosure frame\n const disclosureFrame = options.disclosureFrame as DisclosureFrame<W3cV2JsonPresentation> \| undefined\n this.validateDisclosureFrame(disclosureFrame)\n\n // Sign SD-JWT\n const compact = await sdJwt.issue<W3cV2JsonPresentation>(payload, disclosureFrame, {\n header: {\n typ: 'vp+sd-jwt',\n alg: holder.alg,\n kid: holder?.cnf?.kid,\n },\n })\n\n return W3cV2SdJwtVerifiablePresentation.fromCompact(compact)\n }\n\n /\n Verifies a presentation including the credentials it includes\n \n @param presentation the presentation to be verified\n * @returns the verification result\n */\n public async verifyPresentation(\n agentContext: AgentContext,\n options: W3cV2SdJwtVerifyPresentationOptions\n ): Promise<W3cV2VerifyPresentationResult> {\n const validationResults: W3cV2VerifyPresentationResult = {\n isValid: false,\n validations: {},\n }\n\n const sdjwt = new SDJwtInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n })\n\n try {\n let presentation: W3cV2SdJwtVerifiablePresentation\n try {\n // If instance is provided as input, we want to validate the presentation\n if (options.presentation instanceof W3cV2SdJwtVerifiablePresentation) {\n MessageValidator.validateSync(options.presentation.resolvedPresentation)\n }\n\n presentation =\n options.presentation instanceof W3cV2SdJwtVerifiablePresentation\n ? options.presentation\n : W3cV2SdJwtVerifiablePresentation.fromCompact(options.presentation)\n\n // Validate JWT payload\n JwtPayload.fromJson(presentation.sdJwt.payload).validate()\n\n validationResults.validations.dataModel = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.dataModel = {\n isValid: false,\n error,\n }\n\n return validationResults\n }\n\n const proverVerificationMethod = await getVerificationMethodForJwt(agentContext, presentation, ['authentication'])\n const proverPublicKey = getPublicJwkFromVerificationMethod(proverVerificationMethod)\n const holderBinding = parseHolderBindingFromCredential(presentation.sdJwt.prettyClaims)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, proverPublicKey),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdjwt.verify(presentation.encoded)\n\n validationResults.validations.presentationSignature = {\n isValid: true,\n }\n } catch (error) {\n validationResults.validations.presentationSignature = {\n isValid: false,\n error,\n }\n }\n\n // Validate whether the presentation is signed with the 'holder' id\n // NOTE: this uses the verificationMethod.controller. We may want to use the verificationMethod.id?\n if (\n presentation.resolvedPresentation.holderId &&\n proverVerificationMethod.controller !== presentation.resolvedPresentation.holderId\n ) {\n validationResults.validations.holderIsSigner = {\n isValid: false,\n error: new CredoError(\n `Presentation is signed using verification method ${proverVerificationMethod.id}, while the holder of the presentation is '${presentation.resolvedPresentation.holderId}'`\n ),\n }\n } else {\n // If no holderId is present, this validation passes by default as there can't be\n // a mismatch between the 'holder' property and the signer of the presentation.\n validationResults.validations.holderIsSigner = {\n isValid: true,\n }\n }\n\n // To keep things simple, we only support JWT VCs in JWT VPs for now\n const credentials = asArray(presentation.resolvedPresentation.verifiableCredential)\n\n // Verify all credentials in parallel, and await the result\n validationResults.validations.credentials = await Promise.all(\n credentials.map(async (credential) => {\n if (!(credential.envelopedCredential instanceof W3cV2SdJwtVerifiableCredential)) {\n return {\n isValid: false,\n error: new CredoError(\n 'Credential is not of format SD-JWT. Presentations in SD-JWT format can only contain credentials in SD-JWT format.'\n ),\n validations: {},\n }\n }\n\n const credentialResult = await this.verifyCredential(agentContext, {\n credential: credential.envelopedCredential,\n })\n\n let credentialSubjectAuthentication: SingleValidationResult\n\n // Check whether any of the credentialSubjectIds for each credential is the same as the controller of the verificationMethod\n // This authenticates the presentation creator controls one of the credentialSubject ids.\n // NOTE: this doesn't take into account the case where the credentialSubject is no the holder. In the\n // future we can add support for other flows, but for now this is the most common use case.\n // TODO: should this be handled on a higher level? I don't really see it being handled in the jsonld lib\n // or in the did-jwt-vc lib (it seems they don't even verify the credentials itself), but we probably need some\n // more experience on the use cases before we loosen the restrictions (as it means we need to handle it on a higher layer).\n const credentialSubjectIds = credential.resolvedCredential.credentialSubjectIds\n const presentationAuthenticatesCredentialSubject = credentialSubjectIds.some(\n (subjectId) => proverVerificationMethod.controller === subjectId\n )\n\n if (credentialSubjectIds.length > 0 && !presentationAuthenticatesCredentialSubject) {\n credentialSubjectAuthentication = {\n isValid: false,\n error: new CredoError(\n 'Credential has one or more credentialSubject ids, but presentation does not authenticate credential subject'\n ),\n }\n } else {\n credentialSubjectAuthentication = {\n isValid: true,\n }\n }\n\n return {\n ...credentialResult,\n isValid: credentialResult.isValid && credentialSubjectAuthentication.isValid,\n validations: {\n ...credentialResult.validations,\n credentialSubjectAuthentication,\n },\n }\n })\n )\n\n // Deeply nested check whether all validations have passed\n validationResults.isValid = Object.values(validationResults.validations).every((v) =>\n Array.isArray(v) ? v.every((vv) => vv.isValid) : v.isValid\n )\n\n return validationResults\n } catch (error) {\n validationResults.error = error\n return validationResults\n }\n }\n\n public async present(\n agentContext: AgentContext,\n options: W3cV2SdJwtVcPresentOptions\n ): Promise<W3cV2SdJwtVerifiableCredential> {\n const originalCompact =\n options.credential instanceof W3cV2SdJwtVerifiableCredential ? options.credential.encoded : options.credential\n\n const presentationFrame = options.presentationFrame as PresentationFrame<W3cV2JsonCredential>\n\n const sdjwt = new SDJwtInstance(this.getBaseSdJwtConfig(agentContext))\n const disclosedCompact = await sdjwt.present(originalCompact, presentationFrame)\n\n return W3cV2SdJwtVerifiableCredential.fromCompact(disclosedCompact)\n }\n\n private validateDisclosureFrame(disclosureFrame?: DisclosureFrame<W3cV2JsonCredential \| W3cV2JsonPresentation>) {\n if (!disclosureFrame) return\n\n for (const field of NON_DISCLOSEABLE_FIELDS) {\n if (disclosureFrame[field]) {\n throw new CredoError(`'${field}' property cannot be selectively disclosed`)\n }\n\n if (Array.isArray(disclosureFrame._sd) && disclosureFrame._sd?.includes(field)) {\n throw new CredoError(`'${field}' property cannot be selectively disclosed`)\n }\n }\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SDJWTConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4CA,MAAM,0BAA0B;CAAC;CAAY;CAAQ;CAAoB;CAAoB;CAAkB;AAUxG,wCAAMA,8BAA4B;;;;CAIvC,MAAa,eACX,cACA,SACyC;AAEzC,mBAAiB,aAAa,QAAQ,WAAW;EAGjD,MAAM,UAAU,gBAAgB,OAAO,QAAQ,WAAW;AAG1D,UAAQ,MAAM,cAAc;AAC5B,UAAQ,MAAM,QAAQ,UAAU,MAAM,4BAA4B,cAAc,QAAQ,OAAO,EAAE,MAAM;EAGvG,MAAM,YAAY,MAAM,qCAAqC,cAAc,QAAQ,oBAAoB,CACrG,kBACD,CAAC;EAGF,MAAM,kBAAkB,QAAQ;AAChC,OAAK,wBAAwB,gBAAgB;EAU7C,MAAM,UAAU,MARF,IAAI,cAAc;GAC9B,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,UAAU;GAC/C,SAAS,QAAQ,oBAAoB;GACrC,SAAS,QAAQ;GAClB,CAAC,CAG0B,MAA2B,SAAS,iBAAiB,EAC/E,QAAQ;GACN,KAAK;GACL,KAAK,QAAQ;GACb,KAAK,QAAQ;GACd,EACF,CAAC;AAEF,SAAO,+BAA+B,YAAY,QAAQ;;;;;;;;CAS5D,MAAa,iBACX,cACA,SACsC;EACtC,MAAMC,oBAAiD;GACrD,SAAS;GACT,aAAa,EAAE;GAChB;EAED,MAAM,QAAQ,IAAI,cAAc,EAC9B,GAAG,KAAK,mBAAmB,aAAa,EACzC,CAAC;AAEF,MAAI;GACF,IAAIC;AACJ,OAAI;AAGF,QAAI,QAAQ,sBAAsB,+BAChC,SAAQ,WAAW,UAAU;AAG/B,iBACE,QAAQ,sBAAsB,iCAC1B,QAAQ,aACR,+BAA+B,YAAY,QAAQ,WAAW;AAGpE,eAAW,SAAS,WAAW,MAAM,QAAQ,CAAC,UAAU;AAExD,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,4BAA4B,cAAc,YAAY,CAAC,kBAAkB,CAAC;GACjH,MAAM,kBAAkB,mCAAmC,yBAAyB;GAEpF,MAAM,gBAAgB,iCAAiC,WAAW,MAAM,aAAa;GACrF,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,gBAAgB;IACzD,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,WAAW,QAAQ;AAEtC,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;;AAKH,OAAI,WAAW,mBAAmB,aAAa,yBAAyB,WACtE,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,kDAAkD,yBAAyB,GAAG,2CAA2C,WAAW,mBAAmB,SAAS,GACjK;IACF;OAED,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;AAGH,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAAM,EAAE,QAAQ;AAChG,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;;;;;;;CAUX,MAAa,iBACX,cACA,SAC2C;AAE3C,mBAAiB,aAAa,QAAQ,aAAa;EAGnD,MAAM,UAAU,gBAAgB,OAAO,QAAQ,aAAa;AAG5D,UAAQ,QAAQ,QAAQ;AACxB,UAAQ,MAAM,QAAQ;EAEtB,MAAM,SAAS,MAAM,yCAAyC,cAAc,QAAQ,aAAa;EAEjG,MAAM,QAAQ,IAAI,cAAc;GAC9B,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS,QAAQ,oBAAoB;GACrC,SAAS,OAAO;GACjB,CAAC;EAGF,MAAM,kBAAkB,QAAQ;AAChC,OAAK,wBAAwB,gBAAgB;EAG7C,MAAM,UAAU,MAAM,MAAM,MAA6B,SAAS,iBAAiB,EACjF,QAAQ;GACN,KAAK;GACL,KAAK,OAAO;GACZ,KAAK,QAAQ,KAAK;GACnB,EACF,CAAC;AAEF,SAAO,iCAAiC,YAAY,QAAQ;;;;;;;;CAS9D,MAAa,mBACX,cACA,SACwC;EACxC,MAAMC,oBAAmD;GACvD,SAAS;GACT,aAAa,EAAE;GAChB;EAED,MAAM,QAAQ,IAAI,cAAc,EAC9B,GAAG,KAAK,mBAAmB,aAAa,EACzC,CAAC;AAEF,MAAI;GACF,IAAIC;AACJ,OAAI;AAEF,QAAI,QAAQ,wBAAwB,iCAClC,kBAAiB,aAAa,QAAQ,aAAa,qBAAqB;AAG1E,mBACE,QAAQ,wBAAwB,mCAC5B,QAAQ,eACR,iCAAiC,YAAY,QAAQ,aAAa;AAGxE,eAAW,SAAS,aAAa,MAAM,QAAQ,CAAC,UAAU;AAE1D,sBAAkB,YAAY,YAAY,EACxC,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,YAAY;KACxC,SAAS;KACT;KACD;AAED,WAAO;;GAGT,MAAM,2BAA2B,MAAM,4BAA4B,cAAc,cAAc,CAAC,iBAAiB,CAAC;GAClH,MAAM,kBAAkB,mCAAmC,yBAAyB;GACpF,MAAM,gBAAgB,iCAAiC,aAAa,MAAM,aAAa;GACvF,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,gBAAgB;IACzD,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,aAAa,QAAQ;AAExC,sBAAkB,YAAY,wBAAwB,EACpD,SAAS,MACV;YACM,OAAO;AACd,sBAAkB,YAAY,wBAAwB;KACpD,SAAS;KACT;KACD;;AAKH,OACE,aAAa,qBAAqB,YAClC,yBAAyB,eAAe,aAAa,qBAAqB,SAE1E,mBAAkB,YAAY,iBAAiB;IAC7C,SAAS;IACT,OAAO,IAAI,WACT,oDAAoD,yBAAyB,GAAG,6CAA6C,aAAa,qBAAqB,SAAS,GACzK;IACF;OAID,mBAAkB,YAAY,iBAAiB,EAC7C,SAAS,MACV;GAIH,MAAM,cAAc,QAAQ,aAAa,qBAAqB,qBAAqB;AAGnF,qBAAkB,YAAY,cAAc,MAAM,QAAQ,IACxD,YAAY,IAAI,OAAO,eAAe;AACpC,QAAI,EAAE,WAAW,+BAA+B,gCAC9C,QAAO;KACL,SAAS;KACT,OAAO,IAAI,WACT,oHACD;KACD,aAAa,EAAE;KAChB;IAGH,MAAM,mBAAmB,MAAM,KAAK,iBAAiB,cAAc,EACjE,YAAY,WAAW,qBACxB,CAAC;IAEF,IAAIC;IASJ,MAAM,uBAAuB,WAAW,mBAAmB;IAC3D,MAAM,6CAA6C,qBAAqB,MACrE,cAAc,yBAAyB,eAAe,UACxD;AAED,QAAI,qBAAqB,SAAS,KAAK,CAAC,2CACtC,mCAAkC;KAChC,SAAS;KACT,OAAO,IAAI,WACT,8GACD;KACF;QAED,mCAAkC,EAChC,SAAS,MACV;AAGH,WAAO;KACL,GAAG;KACH,SAAS,iBAAiB,WAAW,gCAAgC;KACrE,aAAa;MACX,GAAG,iBAAiB;MACpB;MACD;KACF;KACD,CACH;AAGD,qBAAkB,UAAU,OAAO,OAAO,kBAAkB,YAAY,CAAC,OAAO,MAC9E,MAAM,QAAQ,EAAE,GAAG,EAAE,OAAO,OAAO,GAAG,QAAQ,GAAG,EAAE,QACpD;AAED,UAAO;WACA,OAAO;AACd,qBAAkB,QAAQ;AAC1B,UAAO;;;CAIX,MAAa,QACX,cACA,SACyC;EACzC,MAAM,kBACJ,QAAQ,sBAAsB,iCAAiC,QAAQ,WAAW,UAAU,QAAQ;EAEtG,MAAM,oBAAoB,QAAQ;EAGlC,MAAM,mBAAmB,MADX,IAAI,cAAc,KAAK,mBAAmB,aAAa,CAAC,CACjC,QAAQ,iBAAiB,kBAAkB;AAEhF,SAAO,+BAA+B,YAAY,iBAAiB;;CAGrE,AAAQ,wBAAwB,iBAAgF;AAC9G,MAAI,CAAC,gBAAiB;AAEtB,OAAK,MAAM,SAAS,yBAAyB;AAC3C,OAAI,gBAAgB,OAClB,OAAM,IAAI,WAAW,IAAI,MAAM,4CAA4C;AAG7E,OAAI,MAAM,QAAQ,gBAAgB,IAAI,IAAI,gBAAgB,KAAK,SAAS,MAAM,CAC5E,OAAM,IAAI,WAAW,IAAI,MAAM,4CAA4C;;;CAKjF,AAAQ,mBAAmB,cAAyC;EAClE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;;0CA9XJ,YAAY"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiableCredential.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiableCredential.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\nimport { W3cV2Credential } from '../models/credential/W3cV2Credential'\nimport { type W3cV2SdJwt, ~~decodeSdJwt~~ } from './W3cV2SdJwt'\n\nexport interface W3cV2SdJwtVerifiableCredentialOptions {\n sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVc>\n}\n\n/*\n Represents a Verifiable Credential encoded as a SD-JWT.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-with-sd-jwt\n /\nexport class W3cV2SdJwtVerifiableCredential {\n public constructor(options: W3cV2SdJwtVerifiableCredentialOptions) {\n this.sdJwt = options.sdJwt\n this.resolvedCredential = JsonTransformer.fromJSON(options.sdJwt.prettyClaims, W3cV2Credential, { validate: false })\n\n // Validates the SD-JWT and resolved credential\n this.validate()\n }\n\n public static fromCompact(compact: string) {\n const sdJwt = decodeSdJwt(compact, ClaimFormat.SdJwtW3cVc)\n\n return new W3cV2SdJwtVerifiableCredential({\n sdJwt,\n })\n }\n\n /\n The original SD-JWT.\n /\n public readonly sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVc>\n\n /\n Resolved credential is the fully resolved {@link W3cV2Credential} instance.\n /\n public readonly resolvedCredential: W3cV2Credential\n\n /\n The encoded version of this credential.\n /\n public get encoded() {\n return this.sdJwt.compact\n }\n\n /\n The {@link ClaimFormat} of the credential.\n \n For W3C VC SD-JWT credentials this is always `vc+sd-jwt`.\n /\n public get claimFormat(): ClaimFormat.SdJwtW3cVc {\n return ClaimFormat.SdJwtW3cVc\n }\n\n /\n Validates the SD-JWT and the resolved credential.\n */\n public validate() {\n // Validate the resolved credential according to the data model\n MessageValidator.validateSync(this.resolvedCredential)\n\n // Basic JWT validations to ensure compliance to the specification\n const sdJwt = this.sdJwt\n const header = sdJwt.header\n const payload = sdJwt.prettyClaims\n\n if ('typ' in header && header.typ !== 'vc+sd-jwt') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'typ' header.`)\n }\n\n if ('cyt' in header && header.cyt !== 'vc') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'cyt' header.`)\n }\n\n const iss = header.iss ?? payload.iss\n if (iss) {\n if (this.resolvedCredential.issuerId !== iss) {\n throw new CredoError(`The provided W3C VC SD-JWT has both 'iss' and 'issuer' claims, but they differ.`)\n }\n }\n\n if (payload.jti) {\n if (this.resolvedCredential.id && this.resolvedCredential.id !== payload.jti) {\n throw new CredoError(`The provided W3C VC JWT has both 'jti' and 'id' claims, but they differ.`)\n }\n }\n\n if (payload.sub) {\n if (!this.resolvedCredential.credentialSubjectIds.includes(payload.sub as string)) {\n throw new CredoError(\n `The provided W3C VC SD-JWT has a 'sub' claim, but it does not match any credentialSubject.`\n )\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,iCAAb,MAAa,+BAA+B;CAC1C,AAAO,YAAY,SAAgD;AACjE,OAAK,QAAQ,QAAQ;AACrB,OAAK,qBAAqB,gBAAgB,SAAS,QAAQ,MAAM,cAAc,iBAAiB,EAAE,UAAU,OAAO,CAAC;AAGpH,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,+BAA+B,EACxC,OAHY,YAAY,SAAS,YAAY,WAAW,EAIzD,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,MAAM;;;;;;;CAQpB,IAAW,cAAsC;AAC/C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,mBAAmB;EAGtD,MAAM,QAAQ,KAAK;EACnB,MAAM,SAAS,MAAM;EACrB,MAAM,UAAU,MAAM;AAEtB,MAAI,SAAS,UAAU,OAAO,QAAQ,YACpC,OAAM,IAAI,WAAW,qEAAqE;AAG5F,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,qEAAqE;EAG5F,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,KACF;OAAI,KAAK,mBAAmB,aAAa,IACvC,OAAM,IAAI,WAAW,kFAAkF;;AAI3G,MAAI,QAAQ,KACV;OAAI,KAAK,mBAAmB,MAAM,KAAK,mBAAmB,OAAO,QAAQ,IACvE,OAAM,IAAI,WAAW,2EAA2E;;AAIpG,MAAI,QAAQ,KACV;OAAI,CAAC,KAAK,mBAAmB,qBAAqB,SAAS,QAAQ,IAAc,CAC/E,OAAM,IAAI,WACR,6FACD"}
1	+ {"version":3,"file":"W3cV2SdJwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiableCredential.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\nimport { W3cV2Credential } from '../models/credential/W3cV2Credential'\nimport { decodeSdJwt, type W3cV2SdJwt } from './W3cV2SdJwt'\n\nexport interface W3cV2SdJwtVerifiableCredentialOptions {\n sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVc>\n}\n\n/*\n Represents a Verifiable Credential encoded as a SD-JWT.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-with-sd-jwt\n /\nexport class W3cV2SdJwtVerifiableCredential {\n public constructor(options: W3cV2SdJwtVerifiableCredentialOptions) {\n this.sdJwt = options.sdJwt\n this.resolvedCredential = JsonTransformer.fromJSON(options.sdJwt.prettyClaims, W3cV2Credential, { validate: false })\n\n // Validates the SD-JWT and resolved credential\n this.validate()\n }\n\n public static fromCompact(compact: string) {\n const sdJwt = decodeSdJwt(compact, ClaimFormat.SdJwtW3cVc)\n\n return new W3cV2SdJwtVerifiableCredential({\n sdJwt,\n })\n }\n\n /\n The original SD-JWT.\n /\n public readonly sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVc>\n\n /\n Resolved credential is the fully resolved {@link W3cV2Credential} instance.\n /\n public readonly resolvedCredential: W3cV2Credential\n\n /\n The encoded version of this credential.\n /\n public get encoded() {\n return this.sdJwt.compact\n }\n\n /\n The {@link ClaimFormat} of the credential.\n \n For W3C VC SD-JWT credentials this is always `vc+sd-jwt`.\n /\n public get claimFormat(): ClaimFormat.SdJwtW3cVc {\n return ClaimFormat.SdJwtW3cVc\n }\n\n /\n Validates the SD-JWT and the resolved credential.\n */\n public validate() {\n // Validate the resolved credential according to the data model\n MessageValidator.validateSync(this.resolvedCredential)\n\n // Basic JWT validations to ensure compliance to the specification\n const sdJwt = this.sdJwt\n const header = sdJwt.header\n const payload = sdJwt.prettyClaims\n\n if ('typ' in header && header.typ !== 'vc+sd-jwt') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'typ' header.`)\n }\n\n if ('cyt' in header && header.cyt !== 'vc') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'cyt' header.`)\n }\n\n const iss = header.iss ?? payload.iss\n if (iss) {\n if (this.resolvedCredential.issuerId !== iss) {\n throw new CredoError(`The provided W3C VC SD-JWT has both 'iss' and 'issuer' claims, but they differ.`)\n }\n }\n\n if (payload.jti) {\n if (this.resolvedCredential.id && this.resolvedCredential.id !== payload.jti) {\n throw new CredoError(`The provided W3C VC JWT has both 'jti' and 'id' claims, but they differ.`)\n }\n }\n\n if (payload.sub) {\n if (!this.resolvedCredential.credentialSubjectIds.includes(payload.sub as string)) {\n throw new CredoError(\n `The provided W3C VC SD-JWT has a 'sub' claim, but it does not match any credentialSubject.`\n )\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,iCAAb,MAAa,+BAA+B;CAC1C,AAAO,YAAY,SAAgD;AACjE,OAAK,QAAQ,QAAQ;AACrB,OAAK,qBAAqB,gBAAgB,SAAS,QAAQ,MAAM,cAAc,iBAAiB,EAAE,UAAU,OAAO,CAAC;AAGpH,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,+BAA+B,EACxC,OAHY,YAAY,SAAS,YAAY,WAAW,EAIzD,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,MAAM;;;;;;;CAQpB,IAAW,cAAsC;AAC/C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,mBAAmB;EAGtD,MAAM,QAAQ,KAAK;EACnB,MAAM,SAAS,MAAM;EACrB,MAAM,UAAU,MAAM;AAEtB,MAAI,SAAS,UAAU,OAAO,QAAQ,YACpC,OAAM,IAAI,WAAW,qEAAqE;AAG5F,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,qEAAqE;EAG5F,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,KACF;OAAI,KAAK,mBAAmB,aAAa,IACvC,OAAM,IAAI,WAAW,kFAAkF;;AAI3G,MAAI,QAAQ,KACV;OAAI,KAAK,mBAAmB,MAAM,KAAK,mBAAmB,OAAO,QAAQ,IACvE,OAAM,IAAI,WAAW,2EAA2E;;AAIpG,MAAI,QAAQ,KACV;OAAI,CAAC,KAAK,mBAAmB,qBAAqB,SAAS,QAAQ,IAAc,CAC/E,OAAM,IAAI,WACR,6FACD"}

package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"W3cV2SdJwtVerifiablePresentation.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models'\nimport { W3cV2Presentation } from '../models/presentation/W3cV2Presentation'\nimport { type W3cV2SdJwt, ~~decodeSdJwt~~ } from './W3cV2SdJwt'\n\nexport interface W3cV2SdJwtVerifiablePresentationOptions {\n sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVp>\n}\n\n/*\n Represents a Verifiable Presentation encoded as a SD-JWT.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-vps-sd-jwt\n /\nexport class W3cV2SdJwtVerifiablePresentation {\n public constructor(options: W3cV2SdJwtVerifiablePresentationOptions) {\n this.sdJwt = options.sdJwt\n this.resolvedPresentation = JsonTransformer.fromJSON(options.sdJwt.prettyClaims, W3cV2Presentation, {\n validate: false,\n })\n\n // Validates the SD-JWT and resolved presentation\n this.validate()\n }\n\n public static fromCompact(compact: string) {\n const sdJwt = decodeSdJwt(compact, ClaimFormat.SdJwtW3cVp)\n\n return new W3cV2SdJwtVerifiablePresentation({\n sdJwt,\n })\n }\n\n /\n The original SD-JWT.\n /\n public readonly sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVp>\n\n /\n Resolved presentation is the fully resolved {@link W3cV2Presentation} instance.\n /\n public readonly resolvedPresentation: W3cV2Presentation\n\n /\n The encoded version of this presentation.\n /\n public get encoded() {\n return this.sdJwt.compact\n }\n\n /\n The {@link ClaimFormat} of the presentation.\n \n For W3C VP SD-JWT credentials this is always `vp+sd-jwt`.\n /\n public get claimFormat(): ClaimFormat.SdJwtW3cVp {\n return ClaimFormat.SdJwtW3cVp\n }\n\n /\n Validates the SD-JWT and the resolved presentation.\n */\n public validate() {\n // Validate the resolved credential according to the data model\n MessageValidator.validateSync(this.resolvedPresentation)\n\n // Basic JWT validations to ensure compliance to the specification\n const sdJwt = this.sdJwt\n const header = sdJwt.header\n const payload = sdJwt.prettyClaims\n\n if ('typ' in header && header.typ !== 'vp+sd-jwt') {\n throw new CredoError(`The provided W3C VP JWT does not have the correct 'typ' header.`)\n }\n\n if ('cyt' in header && header.cyt !== 'vp') {\n throw new CredoError(`The provided W3C VP JWT does not have the correct 'cyt' header.`)\n }\n\n const iss = header.iss ?? payload.iss\n if (iss && this.resolvedPresentation.holderId) {\n if (this.resolvedPresentation.holderId !== iss) {\n throw new CredoError(`The provided W3C VP SD-JWT has both 'iss' and 'holder' claims, but they differ.`)\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAeA,IAAa,mCAAb,MAAa,iCAAiC;CAC5C,AAAO,YAAY,SAAkD;AACnE,OAAK,QAAQ,QAAQ;AACrB,OAAK,uBAAuB,gBAAgB,SAAS,QAAQ,MAAM,cAAc,mBAAmB,EAClG,UAAU,OACX,CAAC;AAGF,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,iCAAiC,EAC1C,OAHY,YAAY,SAAS,YAAY,WAAW,EAIzD,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,MAAM;;;;;;;CAQpB,IAAW,cAAsC;AAC/C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,qBAAqB;EAGxD,MAAM,QAAQ,KAAK;EACnB,MAAM,SAAS,MAAM;EACrB,MAAM,UAAU,MAAM;AAEtB,MAAI,SAAS,UAAU,OAAO,QAAQ,YACpC,OAAM,IAAI,WAAW,kEAAkE;AAGzF,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,kEAAkE;EAGzF,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,OAAO,KAAK,qBAAqB,UACnC;OAAI,KAAK,qBAAqB,aAAa,IACzC,OAAM,IAAI,WAAW,kFAAkF"}
1	+ {"version":3,"file":"W3cV2SdJwtVerifiablePresentation.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiablePresentation.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models'\nimport { W3cV2Presentation } from '../models/presentation/W3cV2Presentation'\nimport { decodeSdJwt, type W3cV2SdJwt } from './W3cV2SdJwt'\n\nexport interface W3cV2SdJwtVerifiablePresentationOptions {\n sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVp>\n}\n\n/*\n Represents a Verifiable Presentation encoded as a SD-JWT.\n \n @see https://www.w3.org/TR/vc-jose-cose/#securing-vps-sd-jwt\n /\nexport class W3cV2SdJwtVerifiablePresentation {\n public constructor(options: W3cV2SdJwtVerifiablePresentationOptions) {\n this.sdJwt = options.sdJwt\n this.resolvedPresentation = JsonTransformer.fromJSON(options.sdJwt.prettyClaims, W3cV2Presentation, {\n validate: false,\n })\n\n // Validates the SD-JWT and resolved presentation\n this.validate()\n }\n\n public static fromCompact(compact: string) {\n const sdJwt = decodeSdJwt(compact, ClaimFormat.SdJwtW3cVp)\n\n return new W3cV2SdJwtVerifiablePresentation({\n sdJwt,\n })\n }\n\n /\n The original SD-JWT.\n /\n public readonly sdJwt: W3cV2SdJwt<ClaimFormat.SdJwtW3cVp>\n\n /\n Resolved presentation is the fully resolved {@link W3cV2Presentation} instance.\n /\n public readonly resolvedPresentation: W3cV2Presentation\n\n /\n The encoded version of this presentation.\n /\n public get encoded() {\n return this.sdJwt.compact\n }\n\n /\n The {@link ClaimFormat} of the presentation.\n \n For W3C VP SD-JWT credentials this is always `vp+sd-jwt`.\n /\n public get claimFormat(): ClaimFormat.SdJwtW3cVp {\n return ClaimFormat.SdJwtW3cVp\n }\n\n /\n Validates the SD-JWT and the resolved presentation.\n */\n public validate() {\n // Validate the resolved credential according to the data model\n MessageValidator.validateSync(this.resolvedPresentation)\n\n // Basic JWT validations to ensure compliance to the specification\n const sdJwt = this.sdJwt\n const header = sdJwt.header\n const payload = sdJwt.prettyClaims\n\n if ('typ' in header && header.typ !== 'vp+sd-jwt') {\n throw new CredoError(`The provided W3C VP JWT does not have the correct 'typ' header.`)\n }\n\n if ('cyt' in header && header.cyt !== 'vp') {\n throw new CredoError(`The provided W3C VP JWT does not have the correct 'cyt' header.`)\n }\n\n const iss = header.iss ?? payload.iss\n if (iss && this.resolvedPresentation.holderId) {\n if (this.resolvedPresentation.holderId !== iss) {\n throw new CredoError(`The provided W3C VP SD-JWT has both 'iss' and 'holder' claims, but they differ.`)\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAeA,IAAa,mCAAb,MAAa,iCAAiC;CAC5C,AAAO,YAAY,SAAkD;AACnE,OAAK,QAAQ,QAAQ;AACrB,OAAK,uBAAuB,gBAAgB,SAAS,QAAQ,MAAM,cAAc,mBAAmB,EAClG,UAAU,OACX,CAAC;AAGF,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,iCAAiC,EAC1C,OAHY,YAAY,SAAS,YAAY,WAAW,EAIzD,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,MAAM;;;;;;;CAQpB,IAAW,cAAsC;AAC/C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,qBAAqB;EAGxD,MAAM,QAAQ,KAAK;EACnB,MAAM,SAAS,MAAM;EACrB,MAAM,UAAU,MAAM;AAEtB,MAAI,SAAS,UAAU,OAAO,QAAQ,YACpC,OAAM,IAAI,WAAW,kEAAkE;AAGzF,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,kEAAkE;EAGzF,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,OAAO,KAAK,qBAAqB,UACnC;OAAI,KAAK,qBAAqB,aAAa,IACzC,OAAM,IAAI,WAAW,kFAAkF"}

package/build/modules/vc/v2-jwt-utils.js CHANGED Viewed

@@ -8,16 +8,16 @@ const require_did = require('../../utils/did.js');
 require('../../utils/index.js');
 const require_PublicJwk = require('../kms/jwk/PublicJwk.js');
 require('../kms/index.js');
-const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 const require_parse = require('../dids/domain/parse.js');
+const require_keyDidMapping = require('../dids/domain/key-type/keyDidMapping.js');
 const require_DidResolverService = require('../dids/services/DidResolverService.js');
 const require_DidsApi = require('../dids/DidsApi.js');
 require('../dids/index.js');
 const require_W3cV2JwtVerifiableCredential = require('./jwt-vc/W3cV2JwtVerifiableCredential.js');
 const require_W3cV2SdJwtVerifiableCredential = require('./sd-jwt-vc/W3cV2SdJwtVerifiableCredential.js');
-const require_W3cV2JwtVerifiablePresentation = require('./jwt-vc/W3cV2JwtVerifiablePresentation.js');
 const require_utils = require('../sd-jwt-vc/utils.js');
 require('./sd-jwt-vc/index.js');
+const require_W3cV2JwtVerifiablePresentation = require('./jwt-vc/W3cV2JwtVerifiablePresentation.js');
 require('./jwt-vc/index.js');
 require('./models/index.js');

package/build/modules/vc/v2-jwt-utils.mjs CHANGED Viewed

@@ -8,16 +8,16 @@ import { isDid } from "../../utils/did.mjs";
 import "../../utils/index.mjs";
 import { PublicJwk } from "../kms/jwk/PublicJwk.mjs";
 import "../kms/index.mjs";
-import { getPublicJwkFromVerificationMethod, getSupportedVerificationMethodTypesForPublicJwk } from "../dids/domain/key-type/keyDidMapping.mjs";
 import { parseDid } from "../dids/domain/parse.mjs";
+import { getPublicJwkFromVerificationMethod, getSupportedVerificationMethodTypesForPublicJwk } from "../dids/domain/key-type/keyDidMapping.mjs";
 import { DidResolverService } from "../dids/services/DidResolverService.mjs";
 import { DidsApi } from "../dids/DidsApi.mjs";
 import "../dids/index.mjs";
 import { W3cV2JwtVerifiableCredential } from "./jwt-vc/W3cV2JwtVerifiableCredential.mjs";
 import { W3cV2SdJwtVerifiableCredential } from "./sd-jwt-vc/W3cV2SdJwtVerifiableCredential.mjs";
-import { W3cV2JwtVerifiablePresentation } from "./jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 import { extractKeyFromHolderBinding, parseHolderBindingFromCredential } from "../sd-jwt-vc/utils.mjs";
 import "./sd-jwt-vc/index.mjs";
+import { W3cV2JwtVerifiablePresentation } from "./jwt-vc/W3cV2JwtVerifiablePresentation.mjs";
 import "./jwt-vc/index.mjs";
 import "./models/index.mjs";

package/build/modules/vc/v2-jwt-utils.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"v2-jwt-utils.mjs","names":["claims: Record<string, unknown>","alg: KnownJwaSignatureAlgorithm","kid: string \| undefined","iss: string \| undefined","verificationMethod: VerificationMethod"],"sources":["../../../src/modules/vc/v2-jwt-utils.ts"],"sourcesContent":["import { AgentContext } from '../../agent'\nimport { CredoError } from '../../error'\nimport { asArray, isDid } from '../../utils'\nimport {\n type DidPurpose,\n DidResolverService,\n DidsApi,\n ~~VerificationMethod~~,\n ~~getPublicJwkFromVerificationMethod~~,\n ~~parseDid~~,\n} from '../dids'\nimport { getSupportedVerificationMethodTypesForPublicJwk } from '../dids/domain/key-type/keyDidMapping'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { extractKeyFromHolderBinding, parseHolderBindingFromCredential } from '../sd-jwt-vc/utils'\nimport { W3cV2JwtVerifiableCredential, W3cV2JwtVerifiablePresentation } from './jwt-vc'\nimport { W3cV2Presentation } from './models'\nimport { W3cV2SdJwtVerifiableCredential, W3cV2SdJwtVerifiablePresentation } from './sd-jwt-vc'\n\nexport async function validateAndResolveVerificationMethod(\n agentContext: AgentContext,\n verificationMethod: string,\n allowsPurposes?: DidPurpose[]\n) {\n if (!isDid(verificationMethod)) {\n throw new CredoError('Only did identifiers are supported as verification method')\n }\n\n const parsedDid = parseDid(verificationMethod)\n if (!parsedDid.fragment) {\n throw new CredoError(`didUrl '${parsedDid.didUrl}' does not contain a '#'. Unable to derive key from did document`)\n }\n\n const dids = agentContext.resolve(DidsApi)\n const { didDocument, keys } = await dids.resolveCreatedDidDocumentWithKeys(parsedDid.did)\n const verificationMethodObject = didDocument.dereferenceKey(verificationMethod, allowsPurposes)\n const publicJwk = getPublicJwkFromVerificationMethod(verificationMethodObject)\n\n publicJwk.keyId =\n keys?.find(({ didDocumentRelativeKeyId }) => verificationMethodObject.id.endsWith(didDocumentRelativeKeyId))\n ?.kmsKeyId ?? publicJwk.legacyKeyId\n\n return publicJwk\n}\n\nexport async function extractHolderFromPresentationCredentials(\n agentContext: AgentContext,\n presentation: W3cV2Presentation\n) {\n // At the moment, we only support signing presentations with a single credential\n // Technically, it should be possible to support more than a single one. However,\n // in the context we support (OID4VP) it doesn't make sense to support multiple ones.\n const credentials = asArray(presentation.verifiableCredential)\n if (credentials.length !== 1) {\n throw new CredoError('Only a single verifiable credential is supported in a presentation')\n }\n\n const credential = credentials[0]\n let claims: Record<string, unknown>\n\n if (credential.envelopedCredential instanceof W3cV2SdJwtVerifiableCredential) {\n claims = credential.envelopedCredential.sdJwt.prettyClaims\n } else {\n claims = credential.envelopedCredential.jwt.payload.toJson()\n }\n\n // We require the credential to include a holder binding in the form of a 'cnf' claim\n const holderBinding = parseHolderBindingFromCredential(claims)\n if (!holderBinding) {\n throw new CredoError('No holder binding found in credential included in presentation')\n }\n\n return await extractKeyFromHolderBinding(agentContext, holderBinding, true)\n}\n\n/*\n This method tries to find the verification method associated with the JWT credential or presentation.\n * This verification method can then be used to verify the credential or presentation signature.\n */\nexport async function getVerificationMethodForJwt(\n agentContext: AgentContext,\n credential:\n \| W3cV2JwtVerifiableCredential\n \| W3cV2JwtVerifiablePresentation\n \| W3cV2SdJwtVerifiableCredential\n \| W3cV2SdJwtVerifiablePresentation,\n purpose?: DidPurpose[]\n) {\n let alg: KnownJwaSignatureAlgorithm\n let kid: string \| undefined\n let iss: string \| undefined\n\n // Determine the algorithm, kid and iss based on the type of credential / presentation\n if (credential instanceof W3cV2JwtVerifiableCredential) {\n alg = credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.jwt.header.kid\n iss = credential.jwt.payload.iss ?? credential.resolvedCredential.issuerId\n } else if (credential instanceof W3cV2JwtVerifiablePresentation) {\n alg = credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.jwt.header.kid\n iss = credential.jwt.payload.iss ?? credential.resolvedPresentation.holderId\n } else if (credential instanceof W3cV2SdJwtVerifiableCredential) {\n alg = credential.sdJwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.sdJwt.header.kid\n iss = credential.sdJwt.payload.iss ?? credential.resolvedCredential.issuerId\n } else {\n alg = credential.sdJwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.sdJwt.header.kid\n iss = credential.sdJwt.payload.iss ?? credential.resolvedPresentation.holderId\n }\n\n const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n let verificationMethod: VerificationMethod\n\n // If the kid starts with # we assume it is a relative did url, and we resolve\n //it based on the `iss` and the `kid`\n if (kid?.startsWith('#')) {\n if (!iss \|\| !isDid(iss)) {\n throw new CredoError(`JWT 'iss' MUST be a did when 'kid' is a relative did url`)\n }\n\n const didDocument = await didResolver.resolveDidDocument(agentContext, iss)\n verificationMethod = didDocument.dereferenceKey(`${iss}${kid}`, purpose)\n } else if (kid && isDid(kid)) {\n const didDocument = await didResolver.resolveDidDocument(agentContext, kid)\n verificationMethod = didDocument.dereferenceKey(kid, purpose)\n\n if (iss && didDocument.id !== iss) {\n throw new CredoError(`kid '${kid}' does not match id of signer (holder/issuer) '${iss}'`)\n }\n } else {\n if (!iss) {\n throw new CredoError(`JWT 'iss' MUST be present in payload when no 'kid' is specified`)\n }\n\n // Find the verificationMethod in the did document based on the alg and proofPurpose\n const jwkClass = PublicJwk.supportedPublicJwkClassForSignatureAlgorithm(alg)\n const supportedVerificationMethodTypes = getSupportedVerificationMethodTypesForPublicJwk(jwkClass)\n\n const didDocument = await didResolver.resolveDidDocument(agentContext, iss)\n const verificationMethods =\n didDocument.assertionMethod\n ?.map((v) => (typeof v === 'string' ? didDocument.dereferenceVerificationMethod(v) : v))\n .filter((v) => supportedVerificationMethodTypes.includes(v.type)) ?? []\n\n if (verificationMethods.length === 0) {\n throw new CredoError(\n `No verification methods found for signer '${iss}' and key type '${jwkClass.name}' for alg '${alg}'. Unable to determine which public key is associated with the credential.`\n )\n }\n if (verificationMethods.length > 1) {\n throw new CredoError(\n `Multiple verification methods found for signer '${iss}' and key type '${jwkClass.name}' for alg '${alg}'. Unable to determine which public key is associated with the credential.`\n )\n }\n\n verificationMethod = verificationMethods[0]\n }\n\n // Verify the controller of the verificationMethod matches the signer of the credential\n if (iss && verificationMethod.controller !== iss) {\n throw new CredoError(\n `Verification method controller '${verificationMethod.controller}' does not match the signer '${iss}'`\n )\n }\n\n return verificationMethod\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAkBA,eAAsB,qCACpB,cACA,oBACA,gBACA;AACA,KAAI,CAAC,MAAM,mBAAmB,CAC5B,OAAM,IAAI,WAAW,4DAA4D;CAGnF,MAAM,YAAY,SAAS,mBAAmB;AAC9C,KAAI,CAAC,UAAU,SACb,OAAM,IAAI,WAAW,WAAW,UAAU,OAAO,kEAAkE;CAIrH,MAAM,EAAE,aAAa,SAAS,MADjB,aAAa,QAAQ,QAAQ,CACD,kCAAkC,UAAU,IAAI;CACzF,MAAM,2BAA2B,YAAY,eAAe,oBAAoB,eAAe;CAC/F,MAAM,YAAY,mCAAmC,yBAAyB;AAE9E,WAAU,QACR,MAAM,MAAM,EAAE,+BAA+B,yBAAyB,GAAG,SAAS,yBAAyB,CAAC,EACxG,YAAY,UAAU;AAE5B,QAAO;;AAGT,eAAsB,yCACpB,cACA,cACA;CAIA,MAAM,cAAc,QAAQ,aAAa,qBAAqB;AAC9D,KAAI,YAAY,WAAW,EACzB,OAAM,IAAI,WAAW,qEAAqE;CAG5F,MAAM,aAAa,YAAY;CAC/B,IAAIA;AAEJ,KAAI,WAAW,+BAA+B,+BAC5C,UAAS,WAAW,oBAAoB,MAAM;KAE9C,UAAS,WAAW,oBAAoB,IAAI,QAAQ,QAAQ;CAI9D,MAAM,gBAAgB,iCAAiC,OAAO;AAC9D,KAAI,CAAC,cACH,OAAM,IAAI,WAAW,iEAAiE;AAGxF,QAAO,MAAM,4BAA4B,cAAc,eAAe,KAAK;;;;;;AAO7E,eAAsB,4BACpB,cACA,YAKA,SACA;CACA,IAAIC;CACJ,IAAIC;CACJ,IAAIC;AAGJ,KAAI,sBAAsB,8BAA8B;AACtD,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,QAAQ,OAAO,WAAW,mBAAmB;YACzD,sBAAsB,gCAAgC;AAC/D,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,QAAQ,OAAO,WAAW,qBAAqB;YAC3D,sBAAsB,gCAAgC;AAC/D,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,QAAQ,OAAO,WAAW,mBAAmB;QAC/D;AACL,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,QAAQ,OAAO,WAAW,qBAAqB;;CAGxE,MAAM,cAAc,aAAa,kBAAkB,QAAQ,mBAAmB;CAC9E,IAAIC;AAIJ,KAAI,KAAK,WAAW,IAAI,EAAE;AACxB,MAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CACrB,OAAM,IAAI,WAAW,2DAA2D;AAIlF,wBADoB,MAAM,YAAY,mBAAmB,cAAc,IAAI,EAC1C,eAAe,GAAG,MAAM,OAAO,QAAQ;YAC/D,OAAO,MAAM,IAAI,EAAE;EAC5B,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;AAC3E,uBAAqB,YAAY,eAAe,KAAK,QAAQ;AAE7D,MAAI,OAAO,YAAY,OAAO,IAC5B,OAAM,IAAI,WAAW,QAAQ,IAAI,iDAAiD,IAAI,GAAG;QAEtF;AACL,MAAI,CAAC,IACH,OAAM,IAAI,WAAW,kEAAkE;EAIzF,MAAM,WAAW,UAAU,6CAA6C,IAAI;EAC5E,MAAM,mCAAmC,gDAAgD,SAAS;EAElG,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;EAC3E,MAAM,sBACJ,YAAY,iBACR,KAAK,MAAO,OAAO,MAAM,WAAW,YAAY,8BAA8B,EAAE,GAAG,EAAG,CACvF,QAAQ,MAAM,iCAAiC,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE;AAE3E,MAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,6CAA6C,IAAI,kBAAkB,SAAS,KAAK,aAAa,IAAI,4EACnG;AAEH,MAAI,oBAAoB,SAAS,EAC/B,OAAM,IAAI,WACR,mDAAmD,IAAI,kBAAkB,SAAS,KAAK,aAAa,IAAI,4EACzG;AAGH,uBAAqB,oBAAoB;;AAI3C,KAAI,OAAO,mBAAmB,eAAe,IAC3C,OAAM,IAAI,WACR,mCAAmC,mBAAmB,WAAW,+BAA+B,IAAI,GACrG;AAGH,QAAO"}
1	+ {"version":3,"file":"v2-jwt-utils.mjs","names":["claims: Record<string, unknown>","alg: KnownJwaSignatureAlgorithm","kid: string \| undefined","iss: string \| undefined","verificationMethod: VerificationMethod"],"sources":["../../../src/modules/vc/v2-jwt-utils.ts"],"sourcesContent":["import { AgentContext } from '../../agent'\nimport { CredoError } from '../../error'\nimport { asArray, isDid } from '../../utils'\nimport {\n type DidPurpose,\n DidResolverService,\n DidsApi,\n getPublicJwkFromVerificationMethod,\n parseDid,\n VerificationMethod,\n} from '../dids'\nimport { getSupportedVerificationMethodTypesForPublicJwk } from '../dids/domain/key-type/keyDidMapping'\nimport { type KnownJwaSignatureAlgorithm, PublicJwk } from '../kms'\nimport { extractKeyFromHolderBinding, parseHolderBindingFromCredential } from '../sd-jwt-vc/utils'\nimport { W3cV2JwtVerifiableCredential, W3cV2JwtVerifiablePresentation } from './jwt-vc'\nimport { W3cV2Presentation } from './models'\nimport { W3cV2SdJwtVerifiableCredential, W3cV2SdJwtVerifiablePresentation } from './sd-jwt-vc'\n\nexport async function validateAndResolveVerificationMethod(\n agentContext: AgentContext,\n verificationMethod: string,\n allowsPurposes?: DidPurpose[]\n) {\n if (!isDid(verificationMethod)) {\n throw new CredoError('Only did identifiers are supported as verification method')\n }\n\n const parsedDid = parseDid(verificationMethod)\n if (!parsedDid.fragment) {\n throw new CredoError(`didUrl '${parsedDid.didUrl}' does not contain a '#'. Unable to derive key from did document`)\n }\n\n const dids = agentContext.resolve(DidsApi)\n const { didDocument, keys } = await dids.resolveCreatedDidDocumentWithKeys(parsedDid.did)\n const verificationMethodObject = didDocument.dereferenceKey(verificationMethod, allowsPurposes)\n const publicJwk = getPublicJwkFromVerificationMethod(verificationMethodObject)\n\n publicJwk.keyId =\n keys?.find(({ didDocumentRelativeKeyId }) => verificationMethodObject.id.endsWith(didDocumentRelativeKeyId))\n ?.kmsKeyId ?? publicJwk.legacyKeyId\n\n return publicJwk\n}\n\nexport async function extractHolderFromPresentationCredentials(\n agentContext: AgentContext,\n presentation: W3cV2Presentation\n) {\n // At the moment, we only support signing presentations with a single credential\n // Technically, it should be possible to support more than a single one. However,\n // in the context we support (OID4VP) it doesn't make sense to support multiple ones.\n const credentials = asArray(presentation.verifiableCredential)\n if (credentials.length !== 1) {\n throw new CredoError('Only a single verifiable credential is supported in a presentation')\n }\n\n const credential = credentials[0]\n let claims: Record<string, unknown>\n\n if (credential.envelopedCredential instanceof W3cV2SdJwtVerifiableCredential) {\n claims = credential.envelopedCredential.sdJwt.prettyClaims\n } else {\n claims = credential.envelopedCredential.jwt.payload.toJson()\n }\n\n // We require the credential to include a holder binding in the form of a 'cnf' claim\n const holderBinding = parseHolderBindingFromCredential(claims)\n if (!holderBinding) {\n throw new CredoError('No holder binding found in credential included in presentation')\n }\n\n return await extractKeyFromHolderBinding(agentContext, holderBinding, true)\n}\n\n/*\n This method tries to find the verification method associated with the JWT credential or presentation.\n * This verification method can then be used to verify the credential or presentation signature.\n */\nexport async function getVerificationMethodForJwt(\n agentContext: AgentContext,\n credential:\n \| W3cV2JwtVerifiableCredential\n \| W3cV2JwtVerifiablePresentation\n \| W3cV2SdJwtVerifiableCredential\n \| W3cV2SdJwtVerifiablePresentation,\n purpose?: DidPurpose[]\n) {\n let alg: KnownJwaSignatureAlgorithm\n let kid: string \| undefined\n let iss: string \| undefined\n\n // Determine the algorithm, kid and iss based on the type of credential / presentation\n if (credential instanceof W3cV2JwtVerifiableCredential) {\n alg = credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.jwt.header.kid\n iss = credential.jwt.payload.iss ?? credential.resolvedCredential.issuerId\n } else if (credential instanceof W3cV2JwtVerifiablePresentation) {\n alg = credential.jwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.jwt.header.kid\n iss = credential.jwt.payload.iss ?? credential.resolvedPresentation.holderId\n } else if (credential instanceof W3cV2SdJwtVerifiableCredential) {\n alg = credential.sdJwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.sdJwt.header.kid\n iss = credential.sdJwt.payload.iss ?? credential.resolvedCredential.issuerId\n } else {\n alg = credential.sdJwt.header.alg as KnownJwaSignatureAlgorithm\n kid = credential.sdJwt.header.kid\n iss = credential.sdJwt.payload.iss ?? credential.resolvedPresentation.holderId\n }\n\n const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n let verificationMethod: VerificationMethod\n\n // If the kid starts with # we assume it is a relative did url, and we resolve\n //it based on the `iss` and the `kid`\n if (kid?.startsWith('#')) {\n if (!iss \|\| !isDid(iss)) {\n throw new CredoError(`JWT 'iss' MUST be a did when 'kid' is a relative did url`)\n }\n\n const didDocument = await didResolver.resolveDidDocument(agentContext, iss)\n verificationMethod = didDocument.dereferenceKey(`${iss}${kid}`, purpose)\n } else if (kid && isDid(kid)) {\n const didDocument = await didResolver.resolveDidDocument(agentContext, kid)\n verificationMethod = didDocument.dereferenceKey(kid, purpose)\n\n if (iss && didDocument.id !== iss) {\n throw new CredoError(`kid '${kid}' does not match id of signer (holder/issuer) '${iss}'`)\n }\n } else {\n if (!iss) {\n throw new CredoError(`JWT 'iss' MUST be present in payload when no 'kid' is specified`)\n }\n\n // Find the verificationMethod in the did document based on the alg and proofPurpose\n const jwkClass = PublicJwk.supportedPublicJwkClassForSignatureAlgorithm(alg)\n const supportedVerificationMethodTypes = getSupportedVerificationMethodTypesForPublicJwk(jwkClass)\n\n const didDocument = await didResolver.resolveDidDocument(agentContext, iss)\n const verificationMethods =\n didDocument.assertionMethod\n ?.map((v) => (typeof v === 'string' ? didDocument.dereferenceVerificationMethod(v) : v))\n .filter((v) => supportedVerificationMethodTypes.includes(v.type)) ?? []\n\n if (verificationMethods.length === 0) {\n throw new CredoError(\n `No verification methods found for signer '${iss}' and key type '${jwkClass.name}' for alg '${alg}'. Unable to determine which public key is associated with the credential.`\n )\n }\n if (verificationMethods.length > 1) {\n throw new CredoError(\n `Multiple verification methods found for signer '${iss}' and key type '${jwkClass.name}' for alg '${alg}'. Unable to determine which public key is associated with the credential.`\n )\n }\n\n verificationMethod = verificationMethods[0]\n }\n\n // Verify the controller of the verificationMethod matches the signer of the credential\n if (iss && verificationMethod.controller !== iss) {\n throw new CredoError(\n `Verification method controller '${verificationMethod.controller}' does not match the signer '${iss}'`\n )\n }\n\n return verificationMethod\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAkBA,eAAsB,qCACpB,cACA,oBACA,gBACA;AACA,KAAI,CAAC,MAAM,mBAAmB,CAC5B,OAAM,IAAI,WAAW,4DAA4D;CAGnF,MAAM,YAAY,SAAS,mBAAmB;AAC9C,KAAI,CAAC,UAAU,SACb,OAAM,IAAI,WAAW,WAAW,UAAU,OAAO,kEAAkE;CAIrH,MAAM,EAAE,aAAa,SAAS,MADjB,aAAa,QAAQ,QAAQ,CACD,kCAAkC,UAAU,IAAI;CACzF,MAAM,2BAA2B,YAAY,eAAe,oBAAoB,eAAe;CAC/F,MAAM,YAAY,mCAAmC,yBAAyB;AAE9E,WAAU,QACR,MAAM,MAAM,EAAE,+BAA+B,yBAAyB,GAAG,SAAS,yBAAyB,CAAC,EACxG,YAAY,UAAU;AAE5B,QAAO;;AAGT,eAAsB,yCACpB,cACA,cACA;CAIA,MAAM,cAAc,QAAQ,aAAa,qBAAqB;AAC9D,KAAI,YAAY,WAAW,EACzB,OAAM,IAAI,WAAW,qEAAqE;CAG5F,MAAM,aAAa,YAAY;CAC/B,IAAIA;AAEJ,KAAI,WAAW,+BAA+B,+BAC5C,UAAS,WAAW,oBAAoB,MAAM;KAE9C,UAAS,WAAW,oBAAoB,IAAI,QAAQ,QAAQ;CAI9D,MAAM,gBAAgB,iCAAiC,OAAO;AAC9D,KAAI,CAAC,cACH,OAAM,IAAI,WAAW,iEAAiE;AAGxF,QAAO,MAAM,4BAA4B,cAAc,eAAe,KAAK;;;;;;AAO7E,eAAsB,4BACpB,cACA,YAKA,SACA;CACA,IAAIC;CACJ,IAAIC;CACJ,IAAIC;AAGJ,KAAI,sBAAsB,8BAA8B;AACtD,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,QAAQ,OAAO,WAAW,mBAAmB;YACzD,sBAAsB,gCAAgC;AAC/D,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,OAAO;AAC5B,QAAM,WAAW,IAAI,QAAQ,OAAO,WAAW,qBAAqB;YAC3D,sBAAsB,gCAAgC;AAC/D,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,QAAQ,OAAO,WAAW,mBAAmB;QAC/D;AACL,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,OAAO;AAC9B,QAAM,WAAW,MAAM,QAAQ,OAAO,WAAW,qBAAqB;;CAGxE,MAAM,cAAc,aAAa,kBAAkB,QAAQ,mBAAmB;CAC9E,IAAIC;AAIJ,KAAI,KAAK,WAAW,IAAI,EAAE;AACxB,MAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CACrB,OAAM,IAAI,WAAW,2DAA2D;AAIlF,wBADoB,MAAM,YAAY,mBAAmB,cAAc,IAAI,EAC1C,eAAe,GAAG,MAAM,OAAO,QAAQ;YAC/D,OAAO,MAAM,IAAI,EAAE;EAC5B,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;AAC3E,uBAAqB,YAAY,eAAe,KAAK,QAAQ;AAE7D,MAAI,OAAO,YAAY,OAAO,IAC5B,OAAM,IAAI,WAAW,QAAQ,IAAI,iDAAiD,IAAI,GAAG;QAEtF;AACL,MAAI,CAAC,IACH,OAAM,IAAI,WAAW,kEAAkE;EAIzF,MAAM,WAAW,UAAU,6CAA6C,IAAI;EAC5E,MAAM,mCAAmC,gDAAgD,SAAS;EAElG,MAAM,cAAc,MAAM,YAAY,mBAAmB,cAAc,IAAI;EAC3E,MAAM,sBACJ,YAAY,iBACR,KAAK,MAAO,OAAO,MAAM,WAAW,YAAY,8BAA8B,EAAE,GAAG,EAAG,CACvF,QAAQ,MAAM,iCAAiC,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE;AAE3E,MAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,6CAA6C,IAAI,kBAAkB,SAAS,KAAK,aAAa,IAAI,4EACnG;AAEH,MAAI,oBAAoB,SAAS,EAC/B,OAAM,IAAI,WACR,mDAAmD,IAAI,kBAAkB,SAAS,KAAK,aAAa,IAAI,4EACzG;AAGH,uBAAqB,oBAAoB;;AAI3C,KAAI,OAAO,mBAAmB,eAAe,IAC3C,OAAM,IAAI,WACR,mCAAmC,mBAAmB,WAAW,+BAA+B,IAAI,GACrG;AAGH,QAAO"}

package/build/modules/vc/validators.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"validators.mjs","names":[],"sources":["../../../src/modules/vc/validators.ts"],"sourcesContent":["import type { ValidationOptions } from 'class-validator'\n\nimport { ~~ValidateBy,~~ buildMessage, isString, isURL } from 'class-validator'\nimport { isJsonObject } from '../../types'\nimport { CREDENTIALS_CONTEXT_V1_URL, VERIFIABLE_CREDENTIAL_TYPE, VERIFIABLE_PRESENTATION_TYPE } from './constants'\n\nexport interface IsCredentialJsonLdContextValidationOptions extends ValidationOptions {\n /*\n Whether to allow string value in addition to arrays.\n \n @default false\n /\n allowString?: boolean\n\n /\n The expected credential context URL.\n \n @default {@link CREDENTIALS_CONTEXT_V1_URL}\n */\n credentialContext?: string\n}\n\nexport function IsCredentialJsonLdContext(\n validationOptions?: IsCredentialJsonLdContextValidationOptions\n): PropertyDecorator {\n const allowString = validationOptions?.allowString ?? false\n const credentialContext = validationOptions?.credentialContext ?? CREDENTIALS_CONTEXT_V1_URL\n\n return ValidateBy(\n {\n name: 'IsCredentialJsonLdContext',\n validator: {\n validate: (value): boolean => {\n if (!Array.isArray(value)) return allowString && isString(value) && value === credentialContext\n\n // First item must be the verifiable credential context\n if (value[0] !== credentialContext) return false\n\n return value.every((v) => (isString(v) && isURL(v)) \|\| isJsonObject(v))\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be an array of strings or objects, where the first item is the verifiable credential context URL.`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n\nexport function IsCredentialType(validationOptions?: ValidationOptions): PropertyDecorator {\n return ValidateBy(\n {\n name: 'IsVerifiableCredentialType',\n validator: {\n validate: (value): boolean => {\n return Array.isArray(value)\n ? value.includes(VERIFIABLE_CREDENTIAL_TYPE) && value.every((v) => typeof v === 'string')\n : value === VERIFIABLE_CREDENTIAL_TYPE\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be \"VerifiableCredential\" or an array of strings which includes \"VerifiableCredential\"`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n\nexport function IsVerifiablePresentationType(validationOptions?: ValidationOptions): PropertyDecorator {\n return ValidateBy(\n {\n name: 'IsVerifiablePresentationType',\n validator: {\n validate: (value): boolean => {\n return Array.isArray(value)\n ? value.includes(VERIFIABLE_PRESENTATION_TYPE) && value.every((v) => typeof v === 'string')\n : value === VERIFIABLE_PRESENTATION_TYPE\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be \"VerifiablePresentation\" or an array of strings which includes \"VerifiablePresentation\"`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n"],"mappings":";;;;;;;AAsBA,SAAgB,0BACd,mBACmB;CACnB,MAAM,cAAc,mBAAmB,eAAe;CACtD,MAAM,oBAAoB,mBAAmB,qBAAqB;AAElE,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,QAAI,CAAC,MAAM,QAAQ,MAAM,CAAE,QAAO,eAAe,SAAS,MAAM,IAAI,UAAU;AAG9E,QAAI,MAAM,OAAO,kBAAmB,QAAO;AAE3C,WAAO,MAAM,OAAO,MAAO,SAAS,EAAE,IAAI,MAAM,EAAE,IAAK,aAAa,EAAE,CAAC;;GAEzE,gBAAgB,cACb,eACC,GAAG,WAAW,mHAChB,kBACD;GACF;EACF,EACD,kBACD;;AAGH,SAAgB,iBAAiB,mBAA0D;AACzF,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,WAAO,MAAM,QAAQ,MAAM,GACvB,MAAM,SAAS,2BAA2B,IAAI,MAAM,OAAO,MAAM,OAAO,MAAM,SAAS,GACvF,UAAU;;GAEhB,gBAAgB,cACb,eACC,GAAG,WAAW,wGAChB,kBACD;GACF;EACF,EACD,kBACD;;AAGH,SAAgB,6BAA6B,mBAA0D;AACrG,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,WAAO,MAAM,QAAQ,MAAM,GACvB,MAAM,SAAS,6BAA6B,IAAI,MAAM,OAAO,MAAM,OAAO,MAAM,SAAS,GACzF,UAAU;;GAEhB,gBAAgB,cACb,eACC,GAAG,WAAW,4GAChB,kBACD;GACF;EACF,EACD,kBACD"}
1	+ {"version":3,"file":"validators.mjs","names":[],"sources":["../../../src/modules/vc/validators.ts"],"sourcesContent":["import type { ValidationOptions } from 'class-validator'\n\nimport { buildMessage, isString, isURL, ValidateBy } from 'class-validator'\nimport { isJsonObject } from '../../types'\nimport { CREDENTIALS_CONTEXT_V1_URL, VERIFIABLE_CREDENTIAL_TYPE, VERIFIABLE_PRESENTATION_TYPE } from './constants'\n\nexport interface IsCredentialJsonLdContextValidationOptions extends ValidationOptions {\n /*\n Whether to allow string value in addition to arrays.\n \n @default false\n /\n allowString?: boolean\n\n /\n The expected credential context URL.\n \n @default {@link CREDENTIALS_CONTEXT_V1_URL}\n */\n credentialContext?: string\n}\n\nexport function IsCredentialJsonLdContext(\n validationOptions?: IsCredentialJsonLdContextValidationOptions\n): PropertyDecorator {\n const allowString = validationOptions?.allowString ?? false\n const credentialContext = validationOptions?.credentialContext ?? CREDENTIALS_CONTEXT_V1_URL\n\n return ValidateBy(\n {\n name: 'IsCredentialJsonLdContext',\n validator: {\n validate: (value): boolean => {\n if (!Array.isArray(value)) return allowString && isString(value) && value === credentialContext\n\n // First item must be the verifiable credential context\n if (value[0] !== credentialContext) return false\n\n return value.every((v) => (isString(v) && isURL(v)) \|\| isJsonObject(v))\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be an array of strings or objects, where the first item is the verifiable credential context URL.`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n\nexport function IsCredentialType(validationOptions?: ValidationOptions): PropertyDecorator {\n return ValidateBy(\n {\n name: 'IsVerifiableCredentialType',\n validator: {\n validate: (value): boolean => {\n return Array.isArray(value)\n ? value.includes(VERIFIABLE_CREDENTIAL_TYPE) && value.every((v) => typeof v === 'string')\n : value === VERIFIABLE_CREDENTIAL_TYPE\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be \"VerifiableCredential\" or an array of strings which includes \"VerifiableCredential\"`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n\nexport function IsVerifiablePresentationType(validationOptions?: ValidationOptions): PropertyDecorator {\n return ValidateBy(\n {\n name: 'IsVerifiablePresentationType',\n validator: {\n validate: (value): boolean => {\n return Array.isArray(value)\n ? value.includes(VERIFIABLE_PRESENTATION_TYPE) && value.every((v) => typeof v === 'string')\n : value === VERIFIABLE_PRESENTATION_TYPE\n },\n defaultMessage: buildMessage(\n (eachPrefix) =>\n `${eachPrefix}$property must be \"VerifiablePresentation\" or an array of strings which includes \"VerifiablePresentation\"`,\n validationOptions\n ),\n },\n },\n validationOptions\n )\n}\n"],"mappings":";;;;;;;AAsBA,SAAgB,0BACd,mBACmB;CACnB,MAAM,cAAc,mBAAmB,eAAe;CACtD,MAAM,oBAAoB,mBAAmB,qBAAqB;AAElE,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,QAAI,CAAC,MAAM,QAAQ,MAAM,CAAE,QAAO,eAAe,SAAS,MAAM,IAAI,UAAU;AAG9E,QAAI,MAAM,OAAO,kBAAmB,QAAO;AAE3C,WAAO,MAAM,OAAO,MAAO,SAAS,EAAE,IAAI,MAAM,EAAE,IAAK,aAAa,EAAE,CAAC;;GAEzE,gBAAgB,cACb,eACC,GAAG,WAAW,mHAChB,kBACD;GACF;EACF,EACD,kBACD;;AAGH,SAAgB,iBAAiB,mBAA0D;AACzF,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,WAAO,MAAM,QAAQ,MAAM,GACvB,MAAM,SAAS,2BAA2B,IAAI,MAAM,OAAO,MAAM,OAAO,MAAM,SAAS,GACvF,UAAU;;GAEhB,gBAAgB,cACb,eACC,GAAG,WAAW,wGAChB,kBACD;GACF;EACF,EACD,kBACD;;AAGH,SAAgB,6BAA6B,mBAA0D;AACrG,QAAO,WACL;EACE,MAAM;EACN,WAAW;GACT,WAAW,UAAmB;AAC5B,WAAO,MAAM,QAAQ,MAAM,GACvB,MAAM,SAAS,6BAA6B,IAAI,MAAM,OAAO,MAAM,OAAO,MAAM,SAAS,GACzF,UAAU;;GAEhB,gBAAgB,cACb,eACC,GAAG,WAAW,4GAChB,kBACD;GACF;EACF,EACD,kBACD"}

package/build/modules/x509/X509Api.d.mts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { X509Certificate } from "./X509Certificate.mjs";
 import { X509CreateCertificateOptions, X509ValidateCertificateChainOptions } from "./X509ServiceOptions.mjs";
+import { X509Certificate } from "./X509Certificate.mjs";
 import { X509ModuleConfig } from "./X509ModuleConfig.mjs";
 import { AgentContext } from "../../agent/context/AgentContext.mjs";

package/build/modules/x509/X509Api.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { X509Certificate } from "./X509Certificate.js";
 import { X509CreateCertificateOptions, X509ValidateCertificateChainOptions } from "./X509ServiceOptions.js";
+import { X509Certificate } from "./X509Certificate.js";
 import { X509ModuleConfig } from "./X509ModuleConfig.js";
 import { AgentContext } from "../../agent/context/AgentContext.js";

package/build/modules/x509/X509Api.js CHANGED Viewed

@@ -6,8 +6,8 @@ require('../../plugins/index.js');
 const require_decorateMetadata = require('../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.js');
 const require_decorate = require('../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.js');
 require('../../agent/index.js');
-const require_X509Service = require('./X509Service.js');
 const require_X509ModuleConfig = require('./X509ModuleConfig.js');
+const require_X509Service = require('./X509Service.js');
 let tsyringe = require("tsyringe");
 tsyringe = require_rolldown_runtime.__toESM(tsyringe);

package/build/modules/x509/X509Api.mjs CHANGED Viewed

@@ -5,8 +5,8 @@ import { injectable } from "../../plugins/index.mjs";
 import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorateMetadata.mjs";
 import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
 import "../../agent/index.mjs";
-import { X509Service } from "./X509Service.mjs";
 import { X509ModuleConfig } from "./X509ModuleConfig.mjs";
+import { X509Service } from "./X509Service.mjs";
 //#region src/modules/x509/X509Api.ts
 var _ref, _ref2;