@credo-ts/core 0.6.0-pr-2539-20251127092008 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/assertClassBrand.mjs +1 -1
  2. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/checkPrivateRedeclaration.mjs +1 -1
  3. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldGet2.mjs +1 -1
  4. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldInitSpec.mjs +1 -1
  5. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/classPrivateFieldSet2.mjs +1 -1
  6. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorate.mjs +1 -1
  7. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateMetadata.mjs +1 -1
  8. package/build/_virtual/{_@oxc-project_runtime@0.97.0 → _@oxc-project_runtime@0.99.0}/helpers/decorateParam.mjs +1 -1
  9. package/build/_virtual/rolldown_runtime.mjs +10 -5
  10. package/build/agent/AgentModules.d.mts.map +1 -1
  11. package/build/agent/AgentModules.mjs.map +1 -1
  12. package/build/agent/EventEmitter.mjs +3 -3
  13. package/build/agent/context/DefaultAgentContextProvider.mjs +2 -2
  14. package/build/crypto/JwsService.mjs +5 -5
  15. package/build/crypto/JwsService.mjs.map +1 -1
  16. package/build/crypto/webcrypto/types.mjs +4 -4
  17. package/build/crypto/webcrypto/types.mjs.map +1 -1
  18. package/build/modules/cache/CachedStorageService.mjs +3 -3
  19. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRecord.mjs +2 -2
  20. package/build/modules/cache/singleContextLruCache/SingleContextLruCacheRepository.mjs +3 -3
  21. package/build/modules/dcql/DcqlService.mjs +2 -2
  22. package/build/modules/dcql/DcqlService.mjs.map +1 -1
  23. package/build/modules/dids/DidsApi.mjs +2 -2
  24. package/build/modules/dids/domain/DidDocument.mjs +3 -3
  25. package/build/modules/dids/domain/DidDocument.mjs.map +1 -1
  26. package/build/modules/dids/domain/key-type/keyDidMapping.mjs +1 -1
  27. package/build/modules/dids/domain/key-type/keyDidMapping.mjs.map +1 -1
  28. package/build/modules/dids/domain/service/DidCommV1Service.mjs +2 -2
  29. package/build/modules/dids/domain/service/DidCommV2Service.mjs +2 -2
  30. package/build/modules/dids/domain/service/DidDocumentService.mjs +2 -2
  31. package/build/modules/dids/domain/service/IndyAgentService.mjs +2 -2
  32. package/build/modules/dids/domain/service/LegacyDidCommV2Service.mjs +2 -2
  33. package/build/modules/dids/domain/verificationMethod/VerificationMethod.mjs +2 -2
  34. package/build/modules/dids/findMatchingEd25519Key.mjs +2 -2
  35. package/build/modules/dids/findMatchingEd25519Key.mjs.map +1 -1
  36. package/build/modules/dids/helpers.mjs +1 -1
  37. package/build/modules/dids/helpers.mjs.map +1 -1
  38. package/build/modules/dids/repository/DidRecord.mjs +2 -2
  39. package/build/modules/dids/repository/DidRepository.mjs +3 -3
  40. package/build/modules/dids/services/DidRegistrarService.mjs +3 -3
  41. package/build/modules/dids/services/DidResolverService.mjs +3 -3
  42. package/build/modules/dids/types.d.mts +1 -1
  43. package/build/modules/dif-presentation-exchange/DifPresentationExchangeService.mjs +2 -2
  44. package/build/modules/generic-records/GenericRecordsApi.mjs +3 -3
  45. package/build/modules/generic-records/repository/GenericRecordsRepository.mjs +3 -3
  46. package/build/modules/generic-records/services/GenericRecordService.mjs +2 -2
  47. package/build/modules/kms/KeyManagementApi.mjs +2 -2
  48. package/build/modules/kms/KeyManagementModuleConfig.mjs +3 -3
  49. package/build/modules/kms/index.d.mts +2 -2
  50. package/build/modules/kms/index.mjs +2 -2
  51. package/build/modules/kms/jwk/PublicJwk.d.mts +2 -2
  52. package/build/modules/kms/jwk/PublicJwk.mjs +4 -4
  53. package/build/modules/kms/jwk/PublicJwk.mjs.map +1 -1
  54. package/build/modules/kms/jwk/equals.d.mts +2 -2
  55. package/build/modules/kms/jwk/equals.mjs +2 -2
  56. package/build/modules/kms/jwk/equals.mjs.map +1 -1
  57. package/build/modules/kms/jwk/index.d.mts +1 -1
  58. package/build/modules/kms/jwk/index.mjs +1 -1
  59. package/build/modules/mdoc/Mdoc.mjs +4 -4
  60. package/build/modules/mdoc/Mdoc.mjs.map +1 -1
  61. package/build/modules/mdoc/MdocApi.mjs +2 -2
  62. package/build/modules/mdoc/MdocDeviceResponse.mjs +1 -1
  63. package/build/modules/mdoc/MdocDeviceResponse.mjs.map +1 -1
  64. package/build/modules/mdoc/MdocService.mjs +2 -2
  65. package/build/modules/mdoc/repository/MdocRepository.mjs +3 -3
  66. package/build/modules/sd-jwt-vc/SdJwtVcApi.mjs +2 -2
  67. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts +10 -5
  68. package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts.map +1 -1
  69. package/build/modules/sd-jwt-vc/SdJwtVcService.d.mts.map +1 -1
  70. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs +8 -8
  71. package/build/modules/sd-jwt-vc/SdJwtVcService.mjs.map +1 -1
  72. package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.mjs +3 -3
  73. package/build/modules/sd-jwt-vc/typeMetadata.d.mts +17 -2
  74. package/build/modules/sd-jwt-vc/typeMetadata.d.mts.map +1 -1
  75. package/build/modules/sd-jwt-vc/utils.mjs +1 -1
  76. package/build/modules/sd-jwt-vc/utils.mjs.map +1 -1
  77. package/build/modules/vc/W3cCredentialService.mjs +2 -2
  78. package/build/modules/vc/W3cCredentialsApi.mjs +2 -2
  79. package/build/modules/vc/W3cV2CredentialService.mjs +2 -2
  80. package/build/modules/vc/W3cV2CredentialsApi.mjs +2 -2
  81. package/build/modules/vc/data-integrity/SignatureSuiteRegistry.mjs +3 -3
  82. package/build/modules/vc/data-integrity/W3cJsonLdCredentialService.mjs +2 -2
  83. package/build/modules/vc/data-integrity/models/DataIntegrityProof.mjs +2 -2
  84. package/build/modules/vc/data-integrity/models/LinkedDataProof.mjs +2 -2
  85. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiableCredential.mjs +2 -2
  86. package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiablePresentation.mjs +2 -2
  87. package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs +2 -2
  88. package/build/modules/vc/jwt-vc/W3cV2JwtCredentialService.mjs +2 -2
  89. package/build/modules/vc/models/credential/W3cCredential.mjs +2 -2
  90. package/build/modules/vc/models/credential/W3cCredentialSchema.mjs +2 -2
  91. package/build/modules/vc/models/credential/W3cCredentialStatus.mjs +2 -2
  92. package/build/modules/vc/models/credential/W3cCredentialSubject.mjs +2 -2
  93. package/build/modules/vc/models/credential/W3cIssuer.mjs +2 -2
  94. package/build/modules/vc/models/credential/W3cV2Credential.mjs +2 -2
  95. package/build/modules/vc/models/credential/W3cV2CredentialSchema.mjs +2 -2
  96. package/build/modules/vc/models/credential/W3cV2CredentialStatus.mjs +2 -2
  97. package/build/modules/vc/models/credential/W3cV2CredentialSubject.mjs +2 -2
  98. package/build/modules/vc/models/credential/W3cV2EnvelopedVerifiableCredential.mjs +2 -2
  99. package/build/modules/vc/models/credential/W3cV2Evidence.mjs +2 -2
  100. package/build/modules/vc/models/credential/W3cV2Issuer.mjs +2 -2
  101. package/build/modules/vc/models/credential/W3cV2LocalizedValue.mjs +2 -2
  102. package/build/modules/vc/models/credential/W3cV2RefreshService.mjs +2 -2
  103. package/build/modules/vc/models/credential/W3cV2TermsOfUse.mjs +2 -2
  104. package/build/modules/vc/models/presentation/W3cHolder.mjs +2 -2
  105. package/build/modules/vc/models/presentation/W3cPresentation.mjs +2 -2
  106. package/build/modules/vc/models/presentation/W3cV2EnvelopedVerifiablePresentation.mjs +2 -2
  107. package/build/modules/vc/models/presentation/W3cV2Holder.mjs +2 -2
  108. package/build/modules/vc/models/presentation/W3cV2Presentation.mjs +2 -2
  109. package/build/modules/vc/repository/W3cCredentialRepository.mjs +3 -3
  110. package/build/modules/vc/repository/W3cV2CredentialRepository.mjs +3 -3
  111. package/build/modules/vc/sd-jwt-vc/W3cV2SdJwtCredentialService.mjs +1 -1
  112. package/build/modules/x509/X509Api.mjs +2 -2
  113. package/build/modules/x509/X509Certificate.mjs +2 -2
  114. package/build/modules/x509/X509Certificate.mjs.map +1 -1
  115. package/build/modules/x509/X509ModuleConfig.mjs +3 -3
  116. package/build/modules/x509/X509Service.mjs +1 -1
  117. package/build/storage/BaseRecord.mjs +2 -2
  118. package/build/storage/StorageService.d.mts.map +1 -1
  119. package/build/storage/migration/StorageUpdateService.mjs +3 -3
  120. package/build/storage/migration/repository/StorageVersionRepository.mjs +3 -3
  121. package/build/utils/MessageValidator.mjs +1 -1
  122. package/build/utils/MessageValidator.mjs.map +1 -1
  123. package/package.json +6 -6
package/build/modules/mdoc/repository/MdocRepository.mjs CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  import { InjectionSymbols } from "../../../constants.mjs";
4
4
  import { inject, injectable } from "../../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
5
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
8
8
  import { EventEmitter } from "../../../agent/EventEmitter.mjs";
9
9
  import { Repository } from "../../../storage/Repository.mjs";
10
10
  import { MdocRecord } from "./MdocRecord.mjs";
package/build/modules/sd-jwt-vc/SdJwtVcApi.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
4
4
  import { injectable } from "../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { SdJwtVcService } from "./SdJwtVcService.mjs";
9
9
 
package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts CHANGED
@@ -39,18 +39,23 @@ interface SdJwtVcIssuerX5c {
39
39
  method: 'x5c';
40
40
  /**
41
41
  *
42
- * Array of base64-encoded certificate strings in the DER-format.
42
+ * Array of X509 certificates.
43
43
  *
44
44
  * The certificate containing the public key corresponding to the key used to digitally sign the JWS MUST be the first certificate.
45
45
  */
46
46
  x5c: X509Certificate[];
47
47
  /**
48
- * The issuer of the JWT. Should be a HTTPS URI.
48
+ * The issuer of the SD-JWT VC.
49
49
  *
50
- * The issuer value must either match a `uniformResourceIdentifier` SAN entry of the leaf entity certificate
51
- * or the domain name in the `iss` value matches a `dNSName` SAN entry of the leaf-entity certificate.
50
+ * NOTE: in the latest draft of SD-JWT VC the issuer field is optional when using an X509 certificates
51
+ * to sign the SD-JWT VC.
52
+ *
53
+ * Since it's not clear what the iss value should be Credo will likely require
54
+ * the value to be undefined in a future version, but for now if the issuer value
55
+ * is defined it MUST match an SAN URI or DNS entry in the leaf certificate, mimicking
56
+ * previous behavior.
52
57
  */
53
- issuer: string;
58
+ issuer?: string;
54
59
  }
55
60
  type SdJwtVcHolderBinding = SdJwtVcHolderDidBinding | SdJwtVcHolderJwkBinding;
56
61
  type SdJwtVcIssuer = SdJwtVcIssuerDid | SdJwtVcIssuerX5c;
package/build/modules/sd-jwt-vc/SdJwtVcOptions.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SdJwtVcOptions.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcOptions.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;UAMiB,mBAAA;UACP;;KAIE,cAAA,GAAiB;KACjB,aAAA,GAAgB;UAEX,gBAAA;;;mCAGkB;AAXnC;AAKY,UASK,kBAAA,CATY;EACjB,CAAA,CAAA,EAAA,MAAA,CAAA,EAAA,OAAa,GASA,kBATS;AAElC;AAMiB,UAIA,uBAAA,CAHQ;EAGR,MAAA,EAAA,KAAA;EAKA,MAAA,EAAA,MAAA;AAKjB;AAOiB,UAZA,uBAAA,CAqBV;EAYK,MAAA,EAAA,KAAA;EAIA,GAAA,EAnCL,SAmCK;AAEZ;AAAoD,UAlCnC,gBAAA,CAkCmC;EAAiB,MAAA,EAAA,KAAA;EAC1D,MAAA,EAAA,MAAA;;AAMD,UAlCO,gBAAA,CAkCP;EACU,MAAA,EAAA,KAAA;EAKC;;AAarB;;;;EAMsB,GAAA,EAlDf,eAkDe,EAAA;EAiBA;;AAGtB;;;;EA8CY,MAAA,EAAA,MAAA;;KAxGA,oBAAA,GAAuB,0BAA0B;KAIjD,aAAA,GAAgB,mBAAmB;UAE9B,mCAAmC,iBAAiB;WAC1D;;;;WAKA;UACD;oBACU;;;;qBAKC;;;;;;;;;;KAaT,uCAAuC,iBAAiB;oBAChD;;;;sBAKE;;;;;;;;;;;;;;;sBAiBA;;KAGV,oBAAA;;;;;;;;;;;;;;;;;;sBAsBU;;;;;;;;;;;;;;;;wBAmBE;;;;QAKhB"}
1
+ {"version":3,"file":"SdJwtVcOptions.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcOptions.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;UAMiB,mBAAA;UACP;;KAIE,cAAA,GAAiB;KACjB,aAAA,GAAgB;UAEX,gBAAA;;;mCAGkB;AAXnC;AAKY,UASK,kBAAA,CATY;EACjB,CAAA,CAAA,EAAA,MAAA,CAAA,EAAA,OAAa,GASA,kBATS;AAElC;AAMiB,UAIA,uBAAA,CAHQ;EAGR,MAAA,EAAA,KAAA;EAKA,MAAA,EAAA,MAAA;AAKjB;AAOiB,UAZA,uBAAA,CAqBV;EAiBK,MAAA,EAAA,KAAA;EAIA,GAAA,EAxCL,SAwCK;AAEZ;AAAoD,UAvCnC,gBAAA,CAuCmC;EAAiB,MAAA,EAAA,KAAA;EAC1D,MAAA,EAAA,MAAA;;AAMD,UAvCO,gBAAA,CAuCP;EACU,MAAA,EAAA,KAAA;EAKC;;AAarB;;;;EAMsB,GAAA,EAvDf,eAuDe,EAAA;EAiBA;;AAGtB;;;;;;;;;;;KA1DY,oBAAA,GAAuB,0BAA0B;KAIjD,aAAA,GAAgB,mBAAmB;UAE9B,mCAAmC,iBAAiB;WAC1D;;;;WAKA;UACD;oBACU;;;;qBAKC;;;;;;;;;;KAaT,uCAAuC,iBAAiB;oBAChD;;;;sBAKE;;;;;;;;;;;;;;;sBAiBA;;KAGV,oBAAA;;;;;;;;;;;;;;;;;;sBAsBU;;;;;;;;;;;;;;;;wBAmBE;;;;QAKhB"}
package/build/modules/sd-jwt-vc/SdJwtVcService.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SdJwtVcService.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;UA4CiB,uBACA,gBAAgB,+BACf,iBAAiB;;;;eAKpB,WAAA,CAAY;;;;EAPV,OAAA,EAAA,MAAO;EACP,OAAA,EAAA,MAAA;EAAgB,MAAA,EAYvB,MAZuB;EACf,OAAA,EAcP,OAdO;EAAiB,YAAA,EAenB,OAfmB;EAKpB,KAAA,CAAA,EAAA;IAML,MAAA,EAOE,MAPF,CAAA,MAAA,EAAA,OAAA,CAAA;IAGC,OAAA,EAKE,MALF,CAAA,MAAA,EAAA,OAAA,CAAA;EACK,CAAA;EAGJ;;;;AAcZ;EAiBa,QAAA,CAAA,EAAA,MAAc;EAGa,YAAA,CAAA,EAvBvB,mBAuBuB;;AAKtB,UAzBD,kBAAA,CAyBC;EACc,OAAA,EAAA,OAAA;EAAnB,iBAAA,CAAA,EAAA,OAAA;EACA,gBAAA,CAAA,EAAA,OAAA;EAAR,aAAA,CAAA,EAAA,OAAA;EA4D+B,gBAAA,CAAA,EAAA,OAAA;EAAgB,iBAAA,CAAA,EAAA,OAAA;EAA+B,yBAAA,CAAA,EAAA,OAAA;EAAiB,iBAAA,CAAA,EAAA,OAAA;EAEjF,0BAAA,CAAA,EAAA,OAAA;EACN,4BAAA,CAAA,EAAA,OAAA;;;;;AAgC0B,cAzG1B,cAAA,CAyG0B;EAAiB,QAAA,iBAAA;EACtC,WAAA,CAAA,iBAAA,EAvGsB,iBAuGtB;EACZ,IAAA,CAAA,gBApG8B,cAoG9B,CAAA,CAAA,YAAA,EAnGY,YAmGZ,EAAA,OAAA,EAlGO,kBAkGP,CAlG0B,OAkG1B,CAAA,CAAA,EAjGD,OAiGC,CAjGO,OAiGP,CAAA;EAAS,WAAA,CAAA,eArCqB,aAqCrB,GArCqC,aAqCrC,EAAA,gBArCoE,cAqCpE,GArCqF,cAqCrF,CAAA,CAAA,cAAA,EAAA,MAAA,EAAA,YAAA,CAAA,EAnCI,mBAmCJ,CAAA,EAlCV,OAkCU,CAlCF,MAkCE,EAlCM,OAkCN,CAAA;EAAmB,0BAAA,CAAA,cAAA,EAAA,MAAA,EAAA,gBAAA,EA9B4C,UA8B5C,CAAA,EA9ByD,OA8BzD;EAAkB,OAAA,CAAA,gBAFb,cAEa,GAFI,cAEJ,CAAA,CAAA,YAAA,EADlC,YACkC,EAAA;IAAA,OAAA;IAAA,iBAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAAqB,qBAArB,CAA2C,OAA3C,CAAA,CAAA,EAC/C,OAD+C,CAAA,MAAA,CAAA;EAA2C,QAAA,uBAAA;EAAtB,MAAA,CAAA,eAkDpC,aAlDoC,GAkDpB,aAlDoB,EAAA,gBAkDW,cAlDX,GAkD4B,cAlD5B,CAAA,CAAA,YAAA,EAmDvD,YAnDuD,EAAA;IAAA,cAAA;IAAA,UAAA;IAAA,iBAAA;IAAA,iBAAA;IAAA,mBAAA;IAAA;EAAA,CAAA,EAoD2B,oBApD3B,CAAA,EAqDpE,OArDoE,CAAA;IACpE,OAAA,EAAA,IAAA;IAiDgC,OAAA,EAIL,OAJK,CAIG,MAJH,EAIW,OAJX,CAAA;EAAgB,CAAA,GAAA;IAA+B,OAAA,EAAA,KAAA;IAAiB,OAAA,CAAA,EAKnE,OALmE,CAK3D,MAL2D,EAKnD,OALmD,CAAA;IACnF,KAAA,EAIiD,KAJjD;EACZ,CAAA,CAAA;EAAgB,KAAA,CAAA,YAAA,EAmJa,YAnJb,EAAA,OAAA,EAmJoC,mBAnJpC,CAAA,EAmJuD,OAnJvD,CAmJuD,aAnJvD,CAAA;EAAY,OAAA,CAAA,YAAA,EAwJG,YAxJH,EAAA,EAAA,EAAA,MAAA,CAAA,EAwJ8B,OAxJ9B,CAwJsC,aAxJtC,CAAA;EAAmB,MAAA,CAAA,YAAA,EA4JjB,YA5JiB,CAAA,EA4JF,OA5JE,CA4JM,KA5JN,CA4JY,aA5JZ,CAAA,CAAA;EAAmB,WAAA,CAAA,YAAA,EAiKtD,YAjKsD,EAAA,KAAA,EAkK7D,KAlK6D,CAkKvD,aAlKuD,CAAA,EAAA,YAAA,CAAA,EAmKrD,YAnKqD,CAAA,EAoKnE,OApKmE,CAoK3D,KApK2D,CAoKrD,aApKqD,CAAA,CAAA;EAAqB,UAAA,CAAA,YAAA,EAwKrD,YAxKqD,EAAA,EAAA,EAAA,MAAA,CAAA,EAwK7B,OAxK6B,CAAA,IAAA,CAAA;EAAO,MAAA,CAAA,YAAA,EA4KhE,YA5KgE,EAAA,aAAA,EA4KnC,aA5KmC,CAAA,EA4KtB,OA5KsB,CAAA,IAAA,CAAA;EAE5D,QAAA,oBAAA;EAAQ,QAAA,yBAAA;EAAhB,QAAA,kBAAA;EACU,QAAA,oBAAA"}
1
+ {"version":3,"file":"SdJwtVcService.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;;;;UA4CiB,uBACA,gBAAgB,+BACf,iBAAiB;;;;eAKpB,WAAA,CAAY;;;;EAPV,OAAA,EAAA,MAAO;EACP,OAAA,EAAA,MAAA;EAAgB,MAAA,EAYvB,MAZuB;EACf,OAAA,EAcP,OAdO;EAAiB,YAAA,EAenB,OAfmB;EAKpB,KAAA,CAAA,EAAA;IAML,MAAA,EAOE,MAPF,CAAA,MAAA,EAAA,OAAA,CAAA;IAGC,OAAA,EAKE,MALF,CAAA,MAAA,EAAA,OAAA,CAAA;EACK,CAAA;EAGJ;;;;AAcZ;EAiBa,QAAA,CAAA,EAAA,MAAc;EAGa,YAAA,CAAA,EAvBvB,mBAuBuB;;AAKtB,UAzBD,kBAAA,CAyBC;EACc,OAAA,EAAA,OAAA;EAAnB,iBAAA,CAAA,EAAA,OAAA;EACA,gBAAA,CAAA,EAAA,OAAA;EAAR,aAAA,CAAA,EAAA,OAAA;EA4D+B,gBAAA,CAAA,EAAA,OAAA;EAAgB,iBAAA,CAAA,EAAA,OAAA;EAA+B,yBAAA,CAAA,EAAA,OAAA;EAAiB,iBAAA,CAAA,EAAA,OAAA;EAEjF,0BAAA,CAAA,EAAA,OAAA;EACN,4BAAA,CAAA,EAAA,OAAA;;;;;AAgC0B,cAzG1B,cAAA,CAyG0B;EAAiB,QAAA,iBAAA;EACtC,WAAA,CAAA,iBAAA,EAvGsB,iBAuGtB;EACZ,IAAA,CAAA,gBApG8B,cAoG9B,CAAA,CAAA,YAAA,EAnGY,YAmGZ,EAAA,OAAA,EAlGO,kBAkGP,CAlG0B,OAkG1B,CAAA,CAAA,EAjGD,OAiGC,CAjGO,OAiGP,CAAA;EAAS,WAAA,CAAA,eArCqB,aAqCrB,GArCqC,aAqCrC,EAAA,gBArCoE,cAqCpE,GArCqF,cAqCrF,CAAA,CAAA,cAAA,EAAA,MAAA,EAAA,YAAA,CAAA,EAnCI,mBAmCJ,CAAA,EAlCV,OAkCU,CAlCF,MAkCE,EAlCM,OAkCN,CAAA;EAAmB,0BAAA,CAAA,cAAA,EAAA,MAAA,EAAA,gBAAA,EA9B4C,UA8B5C,CAAA,EA9ByD,OA8BzD;EAAkB,OAAA,CAAA,gBAFb,cAEa,GAFI,cAEJ,CAAA,CAAA,YAAA,EADlC,YACkC,EAAA;IAAA,OAAA;IAAA,iBAAA;IAAA,gBAAA;IAAA;EAAA,CAAA,EAAqB,qBAArB,CAA2C,OAA3C,CAAA,CAAA,EAC/C,OAD+C,CAAA,MAAA,CAAA;EAA2C,QAAA,uBAAA;EAAtB,MAAA,CAAA,eA0DpC,aA1DoC,GA0DpB,aA1DoB,EAAA,gBA0DW,cA1DX,GA0D4B,cA1D5B,CAAA,CAAA,YAAA,EA2DvD,YA3DuD,EAAA;IAAA,cAAA;IAAA,UAAA;IAAA,iBAAA;IAAA,iBAAA;IAAA,mBAAA;IAAA;EAAA,CAAA,EA4D2B,oBA5D3B,CAAA,EA6DpE,OA7DoE,CAAA;IACpE,OAAA,EAAA,IAAA;IAyDgC,OAAA,EAIL,OAJK,CAIG,MAJH,EAIW,OAJX,CAAA;EAAgB,CAAA,GAAA;IAA+B,OAAA,EAAA,KAAA;IAAiB,OAAA,CAAA,EAKnE,OALmE,CAK3D,MAL2D,EAKnD,OALmD,CAAA;IACnF,KAAA,EAIiD,KAJjD;EACZ,CAAA,CAAA;EAAgB,KAAA,CAAA,YAAA,EAmJa,YAnJb,EAAA,OAAA,EAmJoC,mBAnJpC,CAAA,EAmJuD,OAnJvD,CAmJuD,aAnJvD,CAAA;EAAY,OAAA,CAAA,YAAA,EAwJG,YAxJH,EAAA,EAAA,EAAA,MAAA,CAAA,EAwJ8B,OAxJ9B,CAwJsC,aAxJtC,CAAA;EAAmB,MAAA,CAAA,YAAA,EA4JjB,YA5JiB,CAAA,EA4JF,OA5JE,CA4JM,KA5JN,CA4JY,aA5JZ,CAAA,CAAA;EAAmB,WAAA,CAAA,YAAA,EAiKtD,YAjKsD,EAAA,KAAA,EAkK7D,KAlK6D,CAkKvD,aAlKuD,CAAA,EAAA,YAAA,CAAA,EAmKrD,YAnKqD,CAAA,EAoKnE,OApKmE,CAoK3D,KApK2D,CAoKrD,aApKqD,CAAA,CAAA;EAAqB,UAAA,CAAA,YAAA,EAwKrD,YAxKqD,EAAA,EAAA,EAAA,MAAA,CAAA,EAwK7B,OAxK6B,CAAA,IAAA,CAAA;EAAO,MAAA,CAAA,YAAA,EA4KhE,YA5KgE,EAAA,aAAA,EA4KnC,aA5KmC,CAAA,EA4KtB,OA5KsB,CAAA,IAAA,CAAA;EAE5D,QAAA,oBAAA;EAAQ,QAAA,yBAAA;EAAhB,QAAA,kBAAA;EACU,QAAA,oBAAA"}
package/build/modules/sd-jwt-vc/SdJwtVcService.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { CredoError } from "../../error/CredoError.mjs";
4
4
  import "../../error/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
9
9
  import { Hasher } from "../../crypto/hashes/Hasher.mjs";
@@ -119,8 +119,9 @@ let SdJwtVcService = class SdJwtVcService$1 {
119
119
  } } : void 0 });
120
120
  }
121
121
  assertValidX5cJwtIssuer(agentContext, iss, leafCertificate) {
122
+ if (!iss) return;
122
123
  if (!iss.startsWith("https://") && !(iss.startsWith("http://") && agentContext.config.allowInsecureHttpUrls)) throw new SdJwtVcError("The X509 certificate issuer must be a HTTPS URI.");
123
- if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) throw new SdJwtVcError(`The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`);
124
+ if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) throw new SdJwtVcError(`The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate. Either remove the 'iss' claim or make it match with at least one SAN-URI or DNS-URI entry`);
124
125
  }
125
126
  async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }) {
126
127
  const sdjwt = new SDJwtVcInstance({ ...this.getBaseSdJwtConfig(agentContext) });
@@ -251,7 +252,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
251
252
  publicJwk = getPublicJwkFromVerificationMethod(verificationMethod);
252
253
  }
253
254
  const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms;
254
- if (supportedSignatureAlgorithms.length === 0) throw new SdJwtVcError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`);
255
+ if (supportedSignatureAlgorithms.length === 0) throw new SdJwtVcError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`);
255
256
  return {
256
257
  alg: supportedSignatureAlgorithms[0],
257
258
  publicJwk,
@@ -265,7 +266,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
265
266
  if (forSigning && !leafCertificate.publicJwk.hasKeyId) throw new SdJwtVcError("Expected leaf certificate in 'x5c' array to have a key id configured.");
266
267
  const publicJwk = leafCertificate.publicJwk;
267
268
  const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms;
268
- if (supportedSignatureAlgorithms.length === 0) throw new SdJwtVcError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`);
269
+ if (supportedSignatureAlgorithms.length === 0) throw new SdJwtVcError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`);
269
270
  const alg = supportedSignatureAlgorithms[0];
270
271
  this.assertValidX5cJwtIssuer(agentContext, issuer.issuer, leafCertificate);
271
272
  return {
@@ -280,7 +281,6 @@ let SdJwtVcService = class SdJwtVcService$1 {
280
281
  async parseIssuerFromCredential(agentContext, sdJwtVc, credoSdJwtVc, _trustedCertificates) {
281
282
  const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig);
282
283
  if (!sdJwtVc.jwt?.payload) throw new SdJwtVcError("Credential not exist");
283
- if (!sdJwtVc.jwt?.payload.iss) throw new SdJwtVcError("Credential does not contain an issuer");
284
284
  const iss = sdJwtVc.jwt.payload.iss;
285
285
  if (sdJwtVc.jwt.header?.x5c) {
286
286
  if (!Array.isArray(sdJwtVc.jwt.header.x5c)) throw new SdJwtVcError("Invalid x5c header in credential. Not an array.");
@@ -306,7 +306,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
306
306
  issuer: iss
307
307
  };
308
308
  }
309
- if (iss.startsWith("did:")) {
309
+ if (iss?.startsWith("did:")) {
310
310
  if (!sdJwtVc.jwt?.header) throw new SdJwtVcError("Credential does not contain a header");
311
311
  if (!sdJwtVc.jwt.header.kid) throw new SdJwtVcError("Credential does not contain a kid in the header");
312
312
  const issuerKid = sdJwtVc.jwt.header.kid;
@@ -322,7 +322,7 @@ let SdJwtVcService = class SdJwtVcService$1 {
322
322
  didUrl
323
323
  };
324
324
  }
325
- throw new SdJwtVcError("Unsupported 'iss' value. Only did is supported at the moment.");
325
+ throw new SdJwtVcError("Unsupported signing method for SD-JWT VC. Only did and x5c are supported at the moment.");
326
326
  }
327
327
  getBaseSdJwtConfig(agentContext) {
328
328
  const kms = agentContext.resolve(KeyManagementApi);
package/build/modules/sd-jwt-vc/SdJwtVcService.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SdJwtVcService.mjs","names":["SdJwtVcService","sdJwtVc: SDJwt","returnSdJwtVc: SdJwtVc<Header, Payload>","publicJwk: PublicJwk","didUrl: string"],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":["import type { SDJwt } from '@sd-jwt/core'\nimport { decodeSdJwtSync } from '@sd-jwt/decode'\nimport { selectDisclosures } from '@sd-jwt/present'\nimport { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc'\nimport type { DisclosureFrame, PresentationFrame } from '@sd-jwt/types'\nimport { injectable } from 'tsyringe'\nimport { AgentContext } from '../../agent'\nimport { Hasher, JwtPayload } from '../../crypto'\nimport { CredoError } from '../../error'\nimport { X509Service } from '../../modules/x509/X509Service'\nimport type { Query, QueryOptions } from '../../storage/StorageService'\nimport type { JsonObject } from '../../types'\nimport { dateToSeconds, nowInSeconds, TypedArrayEncoder } from '../../utils'\nimport { getDomainFromUrl } from '../../utils/domain'\nimport { fetchWithTimeout } from '../../utils/fetch'\nimport { getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { KeyManagementApi, PublicJwk } from '../kms'\nimport { ClaimFormat } from '../vc/index'\nimport { type EncodedX509Certificate, X509Certificate, X509ModuleConfig } from '../x509'\nimport { decodeSdJwtVc, sdJwtVcHasher } from './decodeSdJwtVc'\nimport { buildDisclosureFrameForPayload } from './disclosureFrame'\nimport { SdJwtVcRecord, SdJwtVcRepository } from './repository'\nimport { SdJwtVcError } from './SdJwtVcError'\nimport type {\n SdJwtVcHeader,\n SdJwtVcIssuer,\n SdJwtVcPayload,\n SdJwtVcPresentOptions,\n SdJwtVcSignOptions,\n SdJwtVcStoreOptions,\n SdJwtVcVerifyOptions,\n} from './SdJwtVcOptions'\nimport type { SdJwtVcTypeMetadata } from './typeMetadata'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n resolveDidUrl,\n resolveSigningPublicJwkFromDidUrl,\n} from './utils'\n\ntype SdJwtVcConfig = SDJwtVcInstance['userConfig']\n\nexport interface SdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n> {\n /**\n * claim format is convenience method added to all credential instances\n */\n claimFormat: ClaimFormat.SdJwtDc\n /**\n * encoded is convenience method added to all credential instances\n */\n encoded: string\n compact: string\n header: Header\n\n // TODO: payload type here is a lie, as it is the signed payload (so fields replaced with _sd)\n payload: Payload\n prettyClaims: Payload\n\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n\n /**\n * The key id in the KMS bound to this SD-JWT VC, used for presentations.\n *\n * This will only be set on the holder side if defined on the SdJwtVcRecord\n */\n kmsKeyId?: string\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport interface VerificationResult {\n isValid: boolean\n isValidJwtPayload?: boolean\n isSignatureValid?: boolean\n isStatusValid?: boolean\n isNotBeforeValid?: boolean\n isExpiryTimeValid?: boolean\n areRequiredClaimsIncluded?: boolean\n isKeyBindingValid?: boolean\n containsExpectedKeyBinding?: boolean\n containsRequiredVcProperties?: boolean\n}\n\n/**\n * @internal\n */\n@injectable()\nexport class SdJwtVcService {\n private sdJwtVcRepository: SdJwtVcRepository\n\n public constructor(sdJwtVcRepository: SdJwtVcRepository) {\n this.sdJwtVcRepository = sdJwtVcRepository\n }\n\n public async sign<Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n options: SdJwtVcSignOptions<Payload>\n ): Promise<SdJwtVc> {\n const { payload, disclosureFrame, hashingAlgorithm } = options\n\n // default is sha-256\n if (hashingAlgorithm && hashingAlgorithm !== 'sha-256') {\n throw new SdJwtVcError(`Unsupported hashing algorithm used: ${hashingAlgorithm}`)\n }\n\n const issuer = await this.extractKeyFromIssuer(agentContext, options.issuer, true)\n\n // holer binding is optional\n const holderBinding = options.holder ? await extractKeyFromHolderBinding(agentContext, options.holder) : undefined\n\n const header = {\n alg: issuer.alg,\n typ: options.headerType ?? 'dc+sd-jwt',\n kid: issuer.kid,\n x5c: issuer.x5c?.map((cert) => cert.toString('base64')),\n } as const\n\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, issuer.publicJwk),\n hashAlg: 'sha-256',\n signAlg: issuer.alg,\n })\n\n if (!payload.vct || typeof payload.vct !== 'string') {\n throw new SdJwtVcError(\"Missing required parameter 'vct'\")\n }\n\n const compact = await sdjwt.issue(\n {\n ...payload,\n cnf: holderBinding?.cnf,\n iss: issuer.iss,\n iat: nowInSeconds(),\n vct: payload.vct,\n },\n disclosureFrame as DisclosureFrame<Payload>,\n { header }\n )\n\n const prettyClaims = (await sdjwt.getClaims(compact)) as Payload\n const a = await sdjwt.decode(compact)\n const sdjwtPayload = a.jwt?.payload as Payload | undefined\n if (!sdjwtPayload) {\n throw new SdJwtVcError('Invalid sd-jwt-vc state.')\n }\n\n return {\n compact,\n prettyClaims,\n header: header,\n payload: sdjwtPayload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compact,\n } satisfies SdJwtVc<typeof header, Payload>\n }\n\n public fromCompact<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n compactSdJwtVc: string,\n typeMetadata?: SdJwtVcTypeMetadata\n ): SdJwtVc<Header, Payload> {\n return decodeSdJwtVc(compactSdJwtVc, typeMetadata)\n }\n\n public applyDisclosuresForPayload(compactSdJwtVc: string, requestedPayload: JsonObject): SdJwtVc {\n const decoded = decodeSdJwtSync(compactSdJwtVc, Hasher.hash)\n const presentationFrame = buildDisclosureFrameForPayload(requestedPayload) ?? {}\n\n if (decoded.kbJwt) {\n throw new SdJwtVcError('Cannot apply limit disclosure on an sd-jwt with key binding jwt')\n }\n\n const requiredDisclosures = selectDisclosures(\n decoded.jwt.payload,\n // Map to sd-jwt disclosure format\n decoded.disclosures.map((d) => ({\n digest: d.digestSync({ alg: 'sha-256', hasher: Hasher.hash }),\n encoded: d.encode(),\n key: d.key,\n salt: d.salt,\n value: d.value,\n })),\n presentationFrame as { [key: string]: boolean }\n )\n const [jwt] = compactSdJwtVc.split('~')\n const disclosuresString =\n requiredDisclosures.length > 0 ? `${requiredDisclosures.map((d) => d.encoded).join('~')}~` : ''\n const sdJwt = `${jwt}~${disclosuresString}`\n const disclosedDecoded = decodeSdJwtVc(sdJwt)\n return disclosedDecoded\n }\n\n public async present<Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { sdJwtVc, presentationFrame, verifierMetadata, additionalPayload }: SdJwtVcPresentOptions<Payload>\n ): Promise<string> {\n const sdjwt = new SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext))\n const compactSdJwtVc = typeof sdJwtVc === 'string' ? sdJwtVc : sdJwtVc.compact\n const sdJwtVcInstance = await sdjwt.decode(compactSdJwtVc)\n\n const holderBinding = parseHolderBindingFromCredential(sdJwtVcInstance.jwt?.payload)\n if (!holderBinding && verifierMetadata) {\n throw new SdJwtVcError(\"Verifier metadata provided, but credential has no 'cnf' claim to create a KB-JWT from\")\n }\n\n const holder = holderBinding\n ? await extractKeyFromHolderBinding(agentContext, holderBinding, {\n forSigning: true,\n jwkKeyId: typeof sdJwtVc !== 'string' ? sdJwtVc.kmsKeyId : undefined,\n })\n : undefined\n sdjwt.config({\n kbSigner: holder ? getSdJwtSigner(agentContext, holder.publicJwk) : undefined,\n kbSignAlg: holder?.alg,\n })\n\n const compactDerivedSdJwtVc = await sdjwt.present(compactSdJwtVc, presentationFrame as PresentationFrame<Payload>, {\n kb: verifierMetadata\n ? {\n payload: {\n iat: verifierMetadata.issuedAt,\n nonce: verifierMetadata.nonce,\n aud: verifierMetadata.audience,\n ...additionalPayload,\n },\n }\n : undefined,\n })\n\n return compactDerivedSdJwtVc\n }\n\n private assertValidX5cJwtIssuer(agentContext: AgentContext, iss: string, leafCertificate: X509Certificate) {\n if (!iss.startsWith('https://') && !(iss.startsWith('http://') && agentContext.config.allowInsecureHttpUrls)) {\n throw new SdJwtVcError('The X509 certificate issuer must be a HTTPS URI.')\n }\n\n if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) {\n throw new SdJwtVcError(\n `The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`\n )\n }\n }\n\n public async verify<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }: SdJwtVcVerifyOptions\n ): Promise<\n | { isValid: true; sdJwtVc: SdJwtVc<Header, Payload> }\n | { isValid: false; sdJwtVc?: SdJwtVc<Header, Payload>; error: Error }\n > {\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n // FIXME: will break if using url but no type metadata\n // https://github.com/openwallet-foundation/sd-jwt-js/issues/258\n // loadTypeMetadataFormat: false,\n })\n\n let sdJwtVc: SDJwt\n\n try {\n sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n if (!sdJwtVc.jwt) throw new CredoError('Invalid sd-jwt-vc')\n } catch (error) {\n return {\n isValid: false,\n error,\n }\n }\n\n const returnSdJwtVc: SdJwtVc<Header, Payload> = {\n payload: sdJwtVc.jwt.payload as Payload,\n header: sdJwtVc.jwt.header as Header,\n compact: compactSdJwtVc,\n prettyClaims: await sdJwtVc.getClaims(sdJwtVcHasher),\n\n kbJwt: sdJwtVc.kbJwt\n ? {\n payload: sdJwtVc.kbJwt.payload as Record<string, unknown>,\n header: sdJwtVc.kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n } satisfies SdJwtVc<Header, Payload>\n\n try {\n const credentialIssuer = await this.parseIssuerFromCredential(\n agentContext,\n sdJwtVc,\n returnSdJwtVc,\n trustedCertificates\n )\n const issuer = await this.extractKeyFromIssuer(agentContext, credentialIssuer)\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt.payload)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, issuer.publicJwk),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdjwt.verify(compactSdJwtVc, {\n requiredClaimKeys: requiredClaimKeys ? [...requiredClaimKeys, 'vct'] : ['vct'],\n keyBindingNonce: keyBinding?.nonce,\n currentDate: dateToSeconds(now ?? new Date()),\n skewSeconds: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n if (sdJwtVc.jwt.header?.typ !== 'vc+sd-jwt' && sdJwtVc.jwt.header?.typ !== 'dc+sd-jwt') {\n return {\n error: new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`),\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n JwtPayload.fromJson(returnSdJwtVc.payload).validate({\n now: dateToSeconds(now ?? new Date()),\n skewTime: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n // If keyBinding is present, verify the key binding\n try {\n if (keyBinding) {\n if (!sdJwtVc.kbJwt || !sdJwtVc.kbJwt.payload) {\n throw new SdJwtVcError('Keybinding is required for verification of the sd-jwt-vc')\n }\n\n // Assert `aud` and `nonce` claims\n if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected audience')\n }\n\n if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected nonce')\n }\n }\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n const vct = returnSdJwtVc.payload?.vct\n if (fetchTypeMetadata && typeof vct === 'string' && vct.startsWith('https://')) {\n // modify the uri based on https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#section-6.3.1\n const vctElements = vct.split('/')\n vctElements.splice(3, 0, '.well-known/vct')\n const vctUrl = vctElements.join('/')\n\n const response = await agentContext.config.agentDependencies.fetch(vctUrl)\n if (response.ok) {\n const typeMetadata = await response.json()\n returnSdJwtVc.typeMetadata = typeMetadata as SdJwtVcTypeMetadata\n }\n }\n } catch (_error) {\n // we allow vct without type metadata for now\n }\n } catch (error) {\n return {\n isValid: false,\n error,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n return {\n isValid: true,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n public async store(agentContext: AgentContext, options: SdJwtVcStoreOptions) {\n await this.sdJwtVcRepository.save(agentContext, options.record)\n return options.record\n }\n\n public async getById(agentContext: AgentContext, id: string): Promise<SdJwtVcRecord> {\n return await this.sdJwtVcRepository.getById(agentContext, id)\n }\n\n public async getAll(agentContext: AgentContext): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.getAll(agentContext)\n }\n\n public async findByQuery(\n agentContext: AgentContext,\n query: Query<SdJwtVcRecord>,\n queryOptions?: QueryOptions\n ): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.findByQuery(agentContext, query, queryOptions)\n }\n\n public async deleteById(agentContext: AgentContext, id: string) {\n await this.sdJwtVcRepository.deleteById(agentContext, id)\n }\n\n public async update(agentContext: AgentContext, sdJwtVcRecord: SdJwtVcRecord) {\n await this.sdJwtVcRepository.update(agentContext, sdJwtVcRecord)\n }\n\n private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {\n if (issuer.method === 'did') {\n const parsedDid = parseDid(issuer.didUrl)\n if (!parsedDid.fragment) {\n throw new SdJwtVcError(\n `didUrl '${issuer.didUrl}' does not contain a '#'. Unable to derive key from did document`\n )\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, issuer.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, issuer.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n iss: parsedDid.did,\n kid: `#${parsedDid.fragment}`,\n }\n }\n\n // FIXME: probably need to make the input an x509 certificate so we can attach a key id\n if (issuer.method === 'x5c') {\n const leafCertificate = issuer.x5c[0]\n if (!leafCertificate) {\n throw new SdJwtVcError(\"Empty 'x5c' array provided\")\n }\n\n // TODO: We don't have an x509 certificate record so we expect the key id to already be set\n if (forSigning && !leafCertificate.publicJwk.hasKeyId) {\n throw new SdJwtVcError(\"Expected leaf certificate in 'x5c' array to have a key id configured.\")\n }\n\n const publicJwk = leafCertificate.publicJwk\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n this.assertValidX5cJwtIssuer(agentContext, issuer.issuer, leafCertificate)\n\n return {\n publicJwk,\n iss: issuer.issuer,\n x5c: issuer.x5c,\n alg,\n }\n }\n\n throw new SdJwtVcError(\"Unsupported credential issuer. Only 'did' and 'x5c' is supported at the moment.\")\n }\n\n private async parseIssuerFromCredential<Header extends SdJwtVcHeader, Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n sdJwtVc: SDJwt<Header, Payload>,\n credoSdJwtVc: SdJwtVc<Header, Payload>,\n _trustedCertificates?: EncodedX509Certificate[]\n ): Promise<SdJwtVcIssuer> {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n if (!sdJwtVc.jwt?.payload) {\n throw new SdJwtVcError('Credential not exist')\n }\n\n if (!sdJwtVc.jwt?.payload.iss) {\n throw new SdJwtVcError('Credential does not contain an issuer')\n }\n\n const iss = sdJwtVc.jwt.payload.iss as string\n\n if (sdJwtVc.jwt.header?.x5c) {\n if (!Array.isArray(sdJwtVc.jwt.header.x5c)) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array.')\n }\n if (sdJwtVc.jwt.header.x5c.length === 0) {\n throw new SdJwtVcError('Invalid x5c header in credential. Empty array.')\n }\n if (sdJwtVc.jwt.header.x5c.some((x5c) => typeof x5c !== 'string')) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array of strings.')\n }\n\n let trustedCertificates = _trustedCertificates\n const certificateChain = sdJwtVc.jwt.header.x5c.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: credoSdJwtVc,\n },\n })) ?? x509Config.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new SdJwtVcError(\n 'No trusted certificates configured for X509 certificate chain validation. Issuer cannot be verified.'\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: sdJwtVc.jwt.header.x5c,\n trustedCertificates,\n })\n\n return {\n method: 'x5c',\n x5c: certificateChain,\n issuer: iss,\n }\n }\n\n if (iss.startsWith('did:')) {\n // If `did` is used, we require a relative KID to be present to identify\n // the key used by issuer to sign the sd-jwt-vc\n\n if (!sdJwtVc.jwt?.header) {\n throw new SdJwtVcError('Credential does not contain a header')\n }\n\n if (!sdJwtVc.jwt.header.kid) {\n throw new SdJwtVcError('Credential does not contain a kid in the header')\n }\n\n const issuerKid = sdJwtVc.jwt.header.kid as string\n\n let didUrl: string\n if (issuerKid.startsWith('#')) {\n didUrl = `${iss}${issuerKid}`\n } else if (issuerKid.startsWith('did:')) {\n const didFromKid = parseDid(issuerKid)\n if (didFromKid.did !== iss) {\n throw new SdJwtVcError(\n `kid in header is an absolute DID URL, but the did (${didFromKid.did}) does not match with the 'iss' did (${iss})`\n )\n }\n\n didUrl = issuerKid\n } else {\n throw new SdJwtVcError(\n 'Invalid issuer kid for did. Only absolute or relative (starting with #) did urls are supported.'\n )\n }\n\n return {\n method: 'did',\n didUrl,\n }\n }\n throw new SdJwtVcError(\"Unsupported 'iss' value. Only did is supported at the moment.\")\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SdJwtVcConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n statusListFetcher: this.getStatusListFetcher(agentContext),\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n\n private getStatusListFetcher(agentContext: AgentContext) {\n return async (uri: string) => {\n const response = await fetchWithTimeout(agentContext.config.agentDependencies.fetch, uri, {\n headers: {\n Accept: 'application/statuslist+jwt',\n },\n })\n\n if (!response.ok) {\n throw new CredoError(\n `Received invalid response with status ${\n response.status\n } when fetching status list from ${uri}. ${await response.text()}`\n )\n }\n\n return await response.text()\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+FO,2BAAMA,iBAAe;CAG1B,AAAO,YAAY,mBAAsC;AACvD,OAAK,oBAAoB;;CAG3B,MAAa,KACX,cACA,SACkB;EAClB,MAAM,EAAE,SAAS,iBAAiB,qBAAqB;AAGvD,MAAI,oBAAoB,qBAAqB,UAC3C,OAAM,IAAI,aAAa,uCAAuC,mBAAmB;EAGnF,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,QAAQ,QAAQ,KAAK;EAGlF,MAAM,gBAAgB,QAAQ,SAAS,MAAM,4BAA4B,cAAc,QAAQ,OAAO,GAAG;EAEzG,MAAM,SAAS;GACb,KAAK,OAAO;GACZ,KAAK,QAAQ,cAAc;GAC3B,KAAK,OAAO;GACZ,KAAK,OAAO,KAAK,KAAK,SAAS,KAAK,SAAS,SAAS,CAAC;GACxD;EAED,MAAM,QAAQ,IAAI,gBAAgB;GAChC,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS;GACT,SAAS,OAAO;GACjB,CAAC;AAEF,MAAI,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,SACzC,OAAM,IAAI,aAAa,mCAAmC;EAG5D,MAAM,UAAU,MAAM,MAAM,MAC1B;GACE,GAAG;GACH,KAAK,eAAe;GACpB,KAAK,OAAO;GACZ,KAAK,cAAc;GACnB,KAAK,QAAQ;GACd,EACD,iBACA,EAAE,QAAQ,CACX;EAED,MAAM,eAAgB,MAAM,MAAM,UAAU,QAAQ;EAEpD,MAAM,gBADI,MAAM,MAAM,OAAO,QAAQ,EACd,KAAK;AAC5B,MAAI,CAAC,aACH,OAAM,IAAI,aAAa,2BAA2B;AAGpD,SAAO;GACL;GACA;GACQ;GACR,SAAS;GACT,aAAa,YAAY;GACzB,SAAS;GACV;;CAGH,AAAO,YACL,gBACA,cAC0B;AAC1B,SAAO,cAAc,gBAAgB,aAAa;;CAGpD,AAAO,2BAA2B,gBAAwB,kBAAuC;EAC/F,MAAM,UAAU,gBAAgB,gBAAgB,OAAO,KAAK;EAC5D,MAAM,oBAAoB,+BAA+B,iBAAiB,IAAI,EAAE;AAEhF,MAAI,QAAQ,MACV,OAAM,IAAI,aAAa,kEAAkE;EAG3F,MAAM,sBAAsB,kBAC1B,QAAQ,IAAI,SAEZ,QAAQ,YAAY,KAAK,OAAO;GAC9B,QAAQ,EAAE,WAAW;IAAE,KAAK;IAAW,QAAQ,OAAO;IAAM,CAAC;GAC7D,SAAS,EAAE,QAAQ;GACnB,KAAK,EAAE;GACP,MAAM,EAAE;GACR,OAAO,EAAE;GACV,EAAE,EACH,kBACD;EACD,MAAM,CAAC,OAAO,eAAe,MAAM,IAAI;AAKvC,SADyB,cADX,GAAG,IAAI,GADnB,oBAAoB,SAAS,IAAI,GAAG,oBAAoB,KAAK,MAAM,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,KAAK,KAElD;;CAI/C,MAAa,QACX,cACA,EAAE,SAAS,mBAAmB,kBAAkB,qBAC/B;EACjB,MAAM,QAAQ,IAAI,gBAAgB,KAAK,mBAAmB,aAAa,CAAC;EACxE,MAAM,iBAAiB,OAAO,YAAY,WAAW,UAAU,QAAQ;EAGvE,MAAM,gBAAgB,kCAFE,MAAM,MAAM,OAAO,eAAe,EAEa,KAAK,QAAQ;AACpF,MAAI,CAAC,iBAAiB,iBACpB,OAAM,IAAI,aAAa,wFAAwF;EAGjH,MAAM,SAAS,gBACX,MAAM,4BAA4B,cAAc,eAAe;GAC7D,YAAY;GACZ,UAAU,OAAO,YAAY,WAAW,QAAQ,WAAW;GAC5D,CAAC,GACF;AACJ,QAAM,OAAO;GACX,UAAU,SAAS,eAAe,cAAc,OAAO,UAAU,GAAG;GACpE,WAAW,QAAQ;GACpB,CAAC;AAeF,SAb8B,MAAM,MAAM,QAAQ,gBAAgB,mBAAiD,EACjH,IAAI,mBACA,EACE,SAAS;GACP,KAAK,iBAAiB;GACtB,OAAO,iBAAiB;GACxB,KAAK,iBAAiB;GACtB,GAAG;GACJ,EACF,GACD,QACL,CAAC;;CAKJ,AAAQ,wBAAwB,cAA4B,KAAa,iBAAkC;AACzG,MAAI,CAAC,IAAI,WAAW,WAAW,IAAI,EAAE,IAAI,WAAW,UAAU,IAAI,aAAa,OAAO,uBACpF,OAAM,IAAI,aAAa,mDAAmD;AAG5E,MAAI,CAAC,gBAAgB,aAAa,SAAS,IAAI,IAAI,CAAC,gBAAgB,aAAa,SAAS,iBAAiB,IAAI,CAAC,CAC9G,OAAM,IAAI,aACR,qKACD;;CAIL,MAAa,OACX,cACA,EAAE,gBAAgB,YAAY,mBAAmB,mBAAmB,qBAAqB,OAIzF;EACA,MAAM,QAAQ,IAAI,gBAAgB,EAChC,GAAG,KAAK,mBAAmB,aAAa,EAIzC,CAAC;EAEF,IAAIC;AAEJ,MAAI;AACF,aAAU,MAAM,MAAM,OAAO,eAAe;AAC5C,OAAI,CAAC,QAAQ,IAAK,OAAM,IAAI,WAAW,oBAAoB;WACpD,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACD;;EAGH,MAAMC,gBAA0C;GAC9C,SAAS,QAAQ,IAAI;GACrB,QAAQ,QAAQ,IAAI;GACpB,SAAS;GACT,cAAc,MAAM,QAAQ,UAAU,cAAc;GAEpD,OAAO,QAAQ,QACX;IACE,SAAS,QAAQ,MAAM;IACvB,QAAQ,QAAQ,MAAM;IACvB,GACD;GACJ,aAAa,YAAY;GACzB,SAAS;GACV;AAED,MAAI;GACF,MAAM,mBAAmB,MAAM,KAAK,0BAClC,cACA,SACA,eACA,oBACD;GACD,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,iBAAiB;GAC9E,MAAM,gBAAgB,iCAAiC,QAAQ,IAAI,QAAQ;GAC3E,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,OAAO,UAAU;IAC1D,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,gBAAgB;KACjC,mBAAmB,oBAAoB,CAAC,GAAG,mBAAmB,MAAM,GAAG,CAAC,MAAM;KAC9E,iBAAiB,YAAY;KAC7B,aAAa,cAAc,uBAAO,IAAI,MAAM,CAAC;KAC7C,aAAa;KACd,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI,QAAQ,IAAI,QAAQ,QAAQ,eAAe,QAAQ,IAAI,QAAQ,QAAQ,YACzE,QAAO;IACL,OAAO,IAAI,aAAa,4DAA4D;IACpF,SAAS;IACT,SAAS;IACV;AAGH,OAAI;AACF,eAAW,SAAS,cAAc,QAAQ,CAAC,SAAS;KAClD,KAAK,cAAc,uBAAO,IAAI,MAAM,CAAC;KACrC,UAAU;KACX,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAIH,OAAI;AACF,QAAI,YAAY;AACd,SAAI,CAAC,QAAQ,SAAS,CAAC,QAAQ,MAAM,QACnC,OAAM,IAAI,aAAa,2DAA2D;AAIpF,SAAI,QAAQ,MAAM,QAAQ,QAAQ,WAAW,SAC3C,OAAM,IAAI,aAAa,6DAA6D;AAGtF,SAAI,QAAQ,MAAM,QAAQ,UAAU,WAAW,MAC7C,OAAM,IAAI,aAAa,0DAA0D;;YAG9E,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI;IACF,MAAM,MAAM,cAAc,SAAS;AACnC,QAAI,qBAAqB,OAAO,QAAQ,YAAY,IAAI,WAAW,WAAW,EAAE;KAE9E,MAAM,cAAc,IAAI,MAAM,IAAI;AAClC,iBAAY,OAAO,GAAG,GAAG,kBAAkB;KAC3C,MAAM,SAAS,YAAY,KAAK,IAAI;KAEpC,MAAM,WAAW,MAAM,aAAa,OAAO,kBAAkB,MAAM,OAAO;AAC1E,SAAI,SAAS,GAEX,eAAc,eADO,MAAM,SAAS,MAAM;;YAIvC,QAAQ;WAGV,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACA,SAAS;IACV;;AAGH,SAAO;GACL,SAAS;GACT,SAAS;GACV;;CAGH,MAAa,MAAM,cAA4B,SAA8B;AAC3E,QAAM,KAAK,kBAAkB,KAAK,cAAc,QAAQ,OAAO;AAC/D,SAAO,QAAQ;;CAGjB,MAAa,QAAQ,cAA4B,IAAoC;AACnF,SAAO,MAAM,KAAK,kBAAkB,QAAQ,cAAc,GAAG;;CAG/D,MAAa,OAAO,cAA2D;AAC7E,SAAO,MAAM,KAAK,kBAAkB,OAAO,aAAa;;CAG1D,MAAa,YACX,cACA,OACA,cAC+B;AAC/B,SAAO,MAAM,KAAK,kBAAkB,YAAY,cAAc,OAAO,aAAa;;CAGpF,MAAa,WAAW,cAA4B,IAAY;AAC9D,QAAM,KAAK,kBAAkB,WAAW,cAAc,GAAG;;CAG3D,MAAa,OAAO,cAA4B,eAA8B;AAC5E,QAAM,KAAK,kBAAkB,OAAO,cAAc,cAAc;;CAGlE,MAAc,qBAAqB,cAA4B,QAAuB,aAAa,OAAO;AACxG,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,YAAY,SAAS,OAAO,OAAO;AACzC,OAAI,CAAC,UAAU,SACb,OAAM,IAAI,aACR,WAAW,OAAO,OAAO,kEAC1B;GAGH,IAAIC;AACJ,OAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;QAC3E;IACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,gBAAY,mCAAmC,mBAAmB;;GAGpE,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;AAIH,UAAO;IACL,KAHU,6BAA6B;IAIvC;IACA,KAAK,UAAU;IACf,KAAK,IAAI,UAAU;IACpB;;AAIH,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,kBAAkB,OAAO,IAAI;AACnC,OAAI,CAAC,gBACH,OAAM,IAAI,aAAa,6BAA6B;AAItD,OAAI,cAAc,CAAC,gBAAgB,UAAU,SAC3C,OAAM,IAAI,aAAa,wEAAwE;GAGjG,MAAM,YAAY,gBAAgB;GAClC,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;GAEH,MAAM,MAAM,6BAA6B;AAEzC,QAAK,wBAAwB,cAAc,OAAO,QAAQ,gBAAgB;AAE1E,UAAO;IACL;IACA,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ;IACD;;AAGH,QAAM,IAAI,aAAa,kFAAkF;;CAG3G,MAAc,0BACZ,cACA,SACA,cACA,sBACwB;EACxB,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;AAC3E,MAAI,CAAC,QAAQ,KAAK,QAChB,OAAM,IAAI,aAAa,uBAAuB;AAGhD,MAAI,CAAC,QAAQ,KAAK,QAAQ,IACxB,OAAM,IAAI,aAAa,wCAAwC;EAGjE,MAAM,MAAM,QAAQ,IAAI,QAAQ;AAEhC,MAAI,QAAQ,IAAI,QAAQ,KAAK;AAC3B,OAAI,CAAC,MAAM,QAAQ,QAAQ,IAAI,OAAO,IAAI,CACxC,OAAM,IAAI,aAAa,kDAAkD;AAE3E,OAAI,QAAQ,IAAI,OAAO,IAAI,WAAW,EACpC,OAAM,IAAI,aAAa,iDAAiD;AAE1E,OAAI,QAAQ,IAAI,OAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,SAAS,CAC/D,OAAM,IAAI,aAAa,6DAA6D;GAGtF,IAAI,sBAAsB;GAC1B,MAAM,mBAAmB,QAAQ,IAAI,OAAO,IAAI,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAE3G,OAAI,CAAC,oBACH,uBACG,MAAM,WAAW,wCAAwC,cAAc;IACtE;IACA,cAAc;KACZ,MAAM;KACN,YAAY;KACb;IACF,CAAC,IAAK,WAAW;AAGtB,OAAI,CAAC,oBACH,OAAM,IAAI,aACR,uGACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,QAAQ,IAAI,OAAO;IACrC;IACD,CAAC;AAEF,UAAO;IACL,QAAQ;IACR,KAAK;IACL,QAAQ;IACT;;AAGH,MAAI,IAAI,WAAW,OAAO,EAAE;AAI1B,OAAI,CAAC,QAAQ,KAAK,OAChB,OAAM,IAAI,aAAa,uCAAuC;AAGhE,OAAI,CAAC,QAAQ,IAAI,OAAO,IACtB,OAAM,IAAI,aAAa,kDAAkD;GAG3E,MAAM,YAAY,QAAQ,IAAI,OAAO;GAErC,IAAIC;AACJ,OAAI,UAAU,WAAW,IAAI,CAC3B,UAAS,GAAG,MAAM;YACT,UAAU,WAAW,OAAO,EAAE;IACvC,MAAM,aAAa,SAAS,UAAU;AACtC,QAAI,WAAW,QAAQ,IACrB,OAAM,IAAI,aACR,sDAAsD,WAAW,IAAI,uCAAuC,IAAI,GACjH;AAGH,aAAS;SAET,OAAM,IAAI,aACR,kGACD;AAGH,UAAO;IACL,QAAQ;IACR;IACD;;AAEH,QAAM,IAAI,aAAa,gEAAgE;;CAGzF,AAAQ,mBAAmB,cAA2C;EACpE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,mBAAmB,KAAK,qBAAqB,aAAa;GAC1D,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;CAGH,AAAQ,qBAAqB,cAA4B;AACvD,SAAO,OAAO,QAAgB;GAC5B,MAAM,WAAW,MAAM,iBAAiB,aAAa,OAAO,kBAAkB,OAAO,KAAK,EACxF,SAAS,EACP,QAAQ,8BACT,EACF,CAAC;AAEF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,WACR,yCACE,SAAS,OACV,kCAAkC,IAAI,IAAI,MAAM,SAAS,MAAM,GACjE;AAGH,UAAO,MAAM,SAAS,MAAM;;;;6BAjhBjC,YAAY"}
1
+ {"version":3,"file":"SdJwtVcService.mjs","names":["SdJwtVcService","sdJwtVc: SDJwt","returnSdJwtVc: SdJwtVc<Header, Payload>","publicJwk: PublicJwk","didUrl: string"],"sources":["../../../src/modules/sd-jwt-vc/SdJwtVcService.ts"],"sourcesContent":["import type { SDJwt } from '@sd-jwt/core'\nimport { decodeSdJwtSync } from '@sd-jwt/decode'\nimport { selectDisclosures } from '@sd-jwt/present'\nimport { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc'\nimport type { DisclosureFrame, PresentationFrame } from '@sd-jwt/types'\nimport { injectable } from 'tsyringe'\nimport { AgentContext } from '../../agent'\nimport { Hasher, JwtPayload } from '../../crypto'\nimport { CredoError } from '../../error'\nimport { X509Service } from '../../modules/x509/X509Service'\nimport type { Query, QueryOptions } from '../../storage/StorageService'\nimport type { JsonObject } from '../../types'\nimport { dateToSeconds, nowInSeconds, TypedArrayEncoder } from '../../utils'\nimport { getDomainFromUrl } from '../../utils/domain'\nimport { fetchWithTimeout } from '../../utils/fetch'\nimport { getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { KeyManagementApi, PublicJwk } from '../kms'\nimport { ClaimFormat } from '../vc/index'\nimport { type EncodedX509Certificate, X509Certificate, X509ModuleConfig } from '../x509'\nimport { decodeSdJwtVc, sdJwtVcHasher } from './decodeSdJwtVc'\nimport { buildDisclosureFrameForPayload } from './disclosureFrame'\nimport { SdJwtVcRecord, SdJwtVcRepository } from './repository'\nimport { SdJwtVcError } from './SdJwtVcError'\nimport type {\n SdJwtVcHeader,\n SdJwtVcIssuer,\n SdJwtVcPayload,\n SdJwtVcPresentOptions,\n SdJwtVcSignOptions,\n SdJwtVcStoreOptions,\n SdJwtVcVerifyOptions,\n} from './SdJwtVcOptions'\nimport type { SdJwtVcTypeMetadata } from './typeMetadata'\nimport {\n extractKeyFromHolderBinding,\n getSdJwtSigner,\n getSdJwtVerifier,\n parseHolderBindingFromCredential,\n resolveDidUrl,\n resolveSigningPublicJwkFromDidUrl,\n} from './utils'\n\ntype SdJwtVcConfig = SDJwtVcInstance['userConfig']\n\nexport interface SdJwtVc<\n Header extends SdJwtVcHeader = SdJwtVcHeader,\n Payload extends SdJwtVcPayload = SdJwtVcPayload,\n> {\n /**\n * claim format is convenience method added to all credential instances\n */\n claimFormat: ClaimFormat.SdJwtDc\n /**\n * encoded is convenience method added to all credential instances\n */\n encoded: string\n compact: string\n header: Header\n\n // TODO: payload type here is a lie, as it is the signed payload (so fields replaced with _sd)\n payload: Payload\n prettyClaims: Payload\n\n kbJwt?: {\n header: Record<string, unknown>\n payload: Record<string, unknown>\n }\n\n /**\n * The key id in the KMS bound to this SD-JWT VC, used for presentations.\n *\n * This will only be set on the holder side if defined on the SdJwtVcRecord\n */\n kmsKeyId?: string\n\n typeMetadata?: SdJwtVcTypeMetadata\n}\n\nexport interface VerificationResult {\n isValid: boolean\n isValidJwtPayload?: boolean\n isSignatureValid?: boolean\n isStatusValid?: boolean\n isNotBeforeValid?: boolean\n isExpiryTimeValid?: boolean\n areRequiredClaimsIncluded?: boolean\n isKeyBindingValid?: boolean\n containsExpectedKeyBinding?: boolean\n containsRequiredVcProperties?: boolean\n}\n\n/**\n * @internal\n */\n@injectable()\nexport class SdJwtVcService {\n private sdJwtVcRepository: SdJwtVcRepository\n\n public constructor(sdJwtVcRepository: SdJwtVcRepository) {\n this.sdJwtVcRepository = sdJwtVcRepository\n }\n\n public async sign<Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n options: SdJwtVcSignOptions<Payload>\n ): Promise<SdJwtVc> {\n const { payload, disclosureFrame, hashingAlgorithm } = options\n\n // default is sha-256\n if (hashingAlgorithm && hashingAlgorithm !== 'sha-256') {\n throw new SdJwtVcError(`Unsupported hashing algorithm used: ${hashingAlgorithm}`)\n }\n\n const issuer = await this.extractKeyFromIssuer(agentContext, options.issuer, true)\n\n // holer binding is optional\n const holderBinding = options.holder ? await extractKeyFromHolderBinding(agentContext, options.holder) : undefined\n\n const header = {\n alg: issuer.alg,\n typ: options.headerType ?? 'dc+sd-jwt',\n kid: issuer.kid,\n x5c: issuer.x5c?.map((cert) => cert.toString('base64')),\n } as const\n\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n signer: getSdJwtSigner(agentContext, issuer.publicJwk),\n hashAlg: 'sha-256',\n signAlg: issuer.alg,\n })\n\n if (!payload.vct || typeof payload.vct !== 'string') {\n throw new SdJwtVcError(\"Missing required parameter 'vct'\")\n }\n\n const compact = await sdjwt.issue(\n {\n ...payload,\n cnf: holderBinding?.cnf,\n iss: issuer.iss,\n iat: nowInSeconds(),\n vct: payload.vct,\n },\n disclosureFrame as DisclosureFrame<Payload>,\n { header }\n )\n\n const prettyClaims = (await sdjwt.getClaims(compact)) as Payload\n const a = await sdjwt.decode(compact)\n const sdjwtPayload = a.jwt?.payload as Payload | undefined\n if (!sdjwtPayload) {\n throw new SdJwtVcError('Invalid sd-jwt-vc state.')\n }\n\n return {\n compact,\n prettyClaims,\n header: header,\n payload: sdjwtPayload,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compact,\n } satisfies SdJwtVc<typeof header, Payload>\n }\n\n public fromCompact<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n compactSdJwtVc: string,\n typeMetadata?: SdJwtVcTypeMetadata\n ): SdJwtVc<Header, Payload> {\n return decodeSdJwtVc(compactSdJwtVc, typeMetadata)\n }\n\n public applyDisclosuresForPayload(compactSdJwtVc: string, requestedPayload: JsonObject): SdJwtVc {\n const decoded = decodeSdJwtSync(compactSdJwtVc, Hasher.hash)\n const presentationFrame = buildDisclosureFrameForPayload(requestedPayload) ?? {}\n\n if (decoded.kbJwt) {\n throw new SdJwtVcError('Cannot apply limit disclosure on an sd-jwt with key binding jwt')\n }\n\n const requiredDisclosures = selectDisclosures(\n decoded.jwt.payload,\n // Map to sd-jwt disclosure format\n decoded.disclosures.map((d) => ({\n digest: d.digestSync({ alg: 'sha-256', hasher: Hasher.hash }),\n encoded: d.encode(),\n key: d.key,\n salt: d.salt,\n value: d.value,\n })),\n presentationFrame as { [key: string]: boolean }\n )\n const [jwt] = compactSdJwtVc.split('~')\n const disclosuresString =\n requiredDisclosures.length > 0 ? `${requiredDisclosures.map((d) => d.encoded).join('~')}~` : ''\n const sdJwt = `${jwt}~${disclosuresString}`\n const disclosedDecoded = decodeSdJwtVc(sdJwt)\n return disclosedDecoded\n }\n\n public async present<Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { sdJwtVc, presentationFrame, verifierMetadata, additionalPayload }: SdJwtVcPresentOptions<Payload>\n ): Promise<string> {\n const sdjwt = new SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext))\n const compactSdJwtVc = typeof sdJwtVc === 'string' ? sdJwtVc : sdJwtVc.compact\n const sdJwtVcInstance = await sdjwt.decode(compactSdJwtVc)\n\n const holderBinding = parseHolderBindingFromCredential(sdJwtVcInstance.jwt?.payload)\n if (!holderBinding && verifierMetadata) {\n throw new SdJwtVcError(\"Verifier metadata provided, but credential has no 'cnf' claim to create a KB-JWT from\")\n }\n\n const holder = holderBinding\n ? await extractKeyFromHolderBinding(agentContext, holderBinding, {\n forSigning: true,\n jwkKeyId: typeof sdJwtVc !== 'string' ? sdJwtVc.kmsKeyId : undefined,\n })\n : undefined\n sdjwt.config({\n kbSigner: holder ? getSdJwtSigner(agentContext, holder.publicJwk) : undefined,\n kbSignAlg: holder?.alg,\n })\n\n const compactDerivedSdJwtVc = await sdjwt.present(compactSdJwtVc, presentationFrame as PresentationFrame<Payload>, {\n kb: verifierMetadata\n ? {\n payload: {\n iat: verifierMetadata.issuedAt,\n nonce: verifierMetadata.nonce,\n aud: verifierMetadata.audience,\n ...additionalPayload,\n },\n }\n : undefined,\n })\n\n return compactDerivedSdJwtVc\n }\n\n private assertValidX5cJwtIssuer(\n agentContext: AgentContext,\n iss: string | undefined,\n leafCertificate: X509Certificate\n ) {\n // No 'iss' is allowed for X509\n if (!iss) return\n\n // If iss is present it MUST be an HTTPS url\n if (!iss.startsWith('https://') && !(iss.startsWith('http://') && agentContext.config.allowInsecureHttpUrls)) {\n throw new SdJwtVcError('The X509 certificate issuer must be a HTTPS URI.')\n }\n\n if (!leafCertificate.sanUriNames?.includes(iss) && !leafCertificate.sanDnsNames?.includes(getDomainFromUrl(iss))) {\n throw new SdJwtVcError(\n `The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate. Either remove the 'iss' claim or make it match with at least one SAN-URI or DNS-URI entry`\n )\n }\n }\n\n public async verify<Header extends SdJwtVcHeader = SdJwtVcHeader, Payload extends SdJwtVcPayload = SdJwtVcPayload>(\n agentContext: AgentContext,\n { compactSdJwtVc, keyBinding, requiredClaimKeys, fetchTypeMetadata, trustedCertificates, now }: SdJwtVcVerifyOptions\n ): Promise<\n | { isValid: true; sdJwtVc: SdJwtVc<Header, Payload> }\n | { isValid: false; sdJwtVc?: SdJwtVc<Header, Payload>; error: Error }\n > {\n const sdjwt = new SDJwtVcInstance({\n ...this.getBaseSdJwtConfig(agentContext),\n // FIXME: will break if using url but no type metadata\n // https://github.com/openwallet-foundation/sd-jwt-js/issues/258\n // loadTypeMetadataFormat: false,\n })\n\n let sdJwtVc: SDJwt\n\n try {\n sdJwtVc = await sdjwt.decode(compactSdJwtVc)\n if (!sdJwtVc.jwt) throw new CredoError('Invalid sd-jwt-vc')\n } catch (error) {\n return {\n isValid: false,\n error,\n }\n }\n\n const returnSdJwtVc: SdJwtVc<Header, Payload> = {\n payload: sdJwtVc.jwt.payload as Payload,\n header: sdJwtVc.jwt.header as Header,\n compact: compactSdJwtVc,\n prettyClaims: await sdJwtVc.getClaims(sdJwtVcHasher),\n\n kbJwt: sdJwtVc.kbJwt\n ? {\n payload: sdJwtVc.kbJwt.payload as Record<string, unknown>,\n header: sdJwtVc.kbJwt.header as Record<string, unknown>,\n }\n : undefined,\n claimFormat: ClaimFormat.SdJwtDc,\n encoded: compactSdJwtVc,\n } satisfies SdJwtVc<Header, Payload>\n\n try {\n const credentialIssuer = await this.parseIssuerFromCredential(\n agentContext,\n sdJwtVc,\n returnSdJwtVc,\n trustedCertificates\n )\n const issuer = await this.extractKeyFromIssuer(agentContext, credentialIssuer)\n const holderBinding = parseHolderBindingFromCredential(sdJwtVc.jwt.payload)\n const holder = holderBinding ? await extractKeyFromHolderBinding(agentContext, holderBinding) : undefined\n\n sdjwt.config({\n verifier: getSdJwtVerifier(agentContext, issuer.publicJwk),\n kbVerifier: holder ? getSdJwtVerifier(agentContext, holder.publicJwk) : undefined,\n })\n\n try {\n await sdjwt.verify(compactSdJwtVc, {\n requiredClaimKeys: requiredClaimKeys ? [...requiredClaimKeys, 'vct'] : ['vct'],\n keyBindingNonce: keyBinding?.nonce,\n currentDate: dateToSeconds(now ?? new Date()),\n skewSeconds: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n if (sdJwtVc.jwt.header?.typ !== 'vc+sd-jwt' && sdJwtVc.jwt.header?.typ !== 'dc+sd-jwt') {\n return {\n error: new SdJwtVcError(`SD-JWT VC header 'typ' must be 'dc+sd-jwt' or 'vc+sd-jwt'`),\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n JwtPayload.fromJson(returnSdJwtVc.payload).validate({\n now: dateToSeconds(now ?? new Date()),\n skewTime: 0,\n })\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n // If keyBinding is present, verify the key binding\n try {\n if (keyBinding) {\n if (!sdJwtVc.kbJwt || !sdJwtVc.kbJwt.payload) {\n throw new SdJwtVcError('Keybinding is required for verification of the sd-jwt-vc')\n }\n\n // Assert `aud` and `nonce` claims\n if (sdJwtVc.kbJwt.payload.aud !== keyBinding.audience) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected audience')\n }\n\n if (sdJwtVc.kbJwt.payload.nonce !== keyBinding.nonce) {\n throw new SdJwtVcError('The key binding JWT does not contain the expected nonce')\n }\n }\n } catch (error) {\n return {\n error,\n isValid: false,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n try {\n const vct = returnSdJwtVc.payload?.vct\n if (fetchTypeMetadata && typeof vct === 'string' && vct.startsWith('https://')) {\n // modify the uri based on https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#section-6.3.1\n const vctElements = vct.split('/')\n vctElements.splice(3, 0, '.well-known/vct')\n const vctUrl = vctElements.join('/')\n\n const response = await agentContext.config.agentDependencies.fetch(vctUrl)\n if (response.ok) {\n const typeMetadata = await response.json()\n returnSdJwtVc.typeMetadata = typeMetadata as SdJwtVcTypeMetadata\n }\n }\n } catch (_error) {\n // we allow vct without type metadata for now\n }\n } catch (error) {\n return {\n isValid: false,\n error,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n return {\n isValid: true,\n sdJwtVc: returnSdJwtVc,\n }\n }\n\n public async store(agentContext: AgentContext, options: SdJwtVcStoreOptions) {\n await this.sdJwtVcRepository.save(agentContext, options.record)\n return options.record\n }\n\n public async getById(agentContext: AgentContext, id: string): Promise<SdJwtVcRecord> {\n return await this.sdJwtVcRepository.getById(agentContext, id)\n }\n\n public async getAll(agentContext: AgentContext): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.getAll(agentContext)\n }\n\n public async findByQuery(\n agentContext: AgentContext,\n query: Query<SdJwtVcRecord>,\n queryOptions?: QueryOptions\n ): Promise<Array<SdJwtVcRecord>> {\n return await this.sdJwtVcRepository.findByQuery(agentContext, query, queryOptions)\n }\n\n public async deleteById(agentContext: AgentContext, id: string) {\n await this.sdJwtVcRepository.deleteById(agentContext, id)\n }\n\n public async update(agentContext: AgentContext, sdJwtVcRecord: SdJwtVcRecord) {\n await this.sdJwtVcRepository.update(agentContext, sdJwtVcRecord)\n }\n\n private async extractKeyFromIssuer(agentContext: AgentContext, issuer: SdJwtVcIssuer, forSigning = false) {\n if (issuer.method === 'did') {\n const parsedDid = parseDid(issuer.didUrl)\n if (!parsedDid.fragment) {\n throw new SdJwtVcError(\n `didUrl '${issuer.didUrl}' does not contain a '#'. Unable to derive key from did document`\n )\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, issuer.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, issuer.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n iss: parsedDid.did,\n kid: `#${parsedDid.fragment}`,\n }\n }\n\n if (issuer.method === 'x5c') {\n const leafCertificate = issuer.x5c[0]\n if (!leafCertificate) {\n throw new SdJwtVcError(\"Empty 'x5c' array provided\")\n }\n\n if (forSigning && !leafCertificate.publicJwk.hasKeyId) {\n throw new SdJwtVcError(\"Expected leaf certificate in 'x5c' array to have a key id configured.\")\n }\n\n const publicJwk = leafCertificate.publicJwk\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new SdJwtVcError(\n `No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`\n )\n }\n const alg = supportedSignatureAlgorithms[0]\n\n this.assertValidX5cJwtIssuer(agentContext, issuer.issuer, leafCertificate)\n\n return {\n publicJwk,\n iss: issuer.issuer,\n x5c: issuer.x5c,\n alg,\n }\n }\n\n throw new SdJwtVcError(\"Unsupported credential issuer. Only 'did' and 'x5c' is supported at the moment.\")\n }\n\n private async parseIssuerFromCredential<Header extends SdJwtVcHeader, Payload extends SdJwtVcPayload>(\n agentContext: AgentContext,\n sdJwtVc: SDJwt<Header, Payload>,\n credoSdJwtVc: SdJwtVc<Header, Payload>,\n _trustedCertificates?: EncodedX509Certificate[]\n ): Promise<SdJwtVcIssuer> {\n const x509Config = agentContext.dependencyManager.resolve(X509ModuleConfig)\n if (!sdJwtVc.jwt?.payload) {\n throw new SdJwtVcError('Credential not exist')\n }\n\n const iss = sdJwtVc.jwt.payload.iss as string | undefined\n\n if (sdJwtVc.jwt.header?.x5c) {\n if (!Array.isArray(sdJwtVc.jwt.header.x5c)) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array.')\n }\n if (sdJwtVc.jwt.header.x5c.length === 0) {\n throw new SdJwtVcError('Invalid x5c header in credential. Empty array.')\n }\n if (sdJwtVc.jwt.header.x5c.some((x5c) => typeof x5c !== 'string')) {\n throw new SdJwtVcError('Invalid x5c header in credential. Not an array of strings.')\n }\n\n let trustedCertificates = _trustedCertificates\n const certificateChain = sdJwtVc.jwt.header.x5c.map((cert) => X509Certificate.fromEncodedCertificate(cert))\n\n if (!trustedCertificates) {\n trustedCertificates =\n (await x509Config.getTrustedCertificatesForVerification?.(agentContext, {\n certificateChain,\n verification: {\n type: 'credential',\n credential: credoSdJwtVc,\n },\n })) ?? x509Config.trustedCertificates\n }\n\n if (!trustedCertificates) {\n throw new SdJwtVcError(\n 'No trusted certificates configured for X509 certificate chain validation. Issuer cannot be verified.'\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: sdJwtVc.jwt.header.x5c,\n trustedCertificates,\n })\n\n return {\n method: 'x5c',\n x5c: certificateChain,\n issuer: iss,\n }\n }\n\n if (iss?.startsWith('did:')) {\n // If `did` is used, we require a relative KID to be present to identify\n // the key used by issuer to sign the sd-jwt-vc\n\n if (!sdJwtVc.jwt?.header) {\n throw new SdJwtVcError('Credential does not contain a header')\n }\n\n if (!sdJwtVc.jwt.header.kid) {\n throw new SdJwtVcError('Credential does not contain a kid in the header')\n }\n\n const issuerKid = sdJwtVc.jwt.header.kid as string\n\n let didUrl: string\n if (issuerKid.startsWith('#')) {\n didUrl = `${iss}${issuerKid}`\n } else if (issuerKid.startsWith('did:')) {\n const didFromKid = parseDid(issuerKid)\n if (didFromKid.did !== iss) {\n throw new SdJwtVcError(\n `kid in header is an absolute DID URL, but the did (${didFromKid.did}) does not match with the 'iss' did (${iss})`\n )\n }\n\n didUrl = issuerKid\n } else {\n throw new SdJwtVcError(\n 'Invalid issuer kid for did. Only absolute or relative (starting with #) did urls are supported.'\n )\n }\n\n return {\n method: 'did',\n didUrl,\n }\n }\n\n throw new SdJwtVcError('Unsupported signing method for SD-JWT VC. Only did and x5c are supported at the moment.')\n }\n\n private getBaseSdJwtConfig(agentContext: AgentContext): SdJwtVcConfig {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return {\n hasher: sdJwtVcHasher,\n statusListFetcher: this.getStatusListFetcher(agentContext),\n saltGenerator: (length) => TypedArrayEncoder.toBase64URL(kms.randomBytes({ length })).slice(0, length),\n }\n }\n\n private getStatusListFetcher(agentContext: AgentContext) {\n return async (uri: string) => {\n const response = await fetchWithTimeout(agentContext.config.agentDependencies.fetch, uri, {\n headers: {\n Accept: 'application/statuslist+jwt',\n },\n })\n\n if (!response.ok) {\n throw new CredoError(\n `Received invalid response with status ${\n response.status\n } when fetching status list from ${uri}. ${await response.text()}`\n )\n }\n\n return await response.text()\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+FO,2BAAMA,iBAAe;CAG1B,AAAO,YAAY,mBAAsC;AACvD,OAAK,oBAAoB;;CAG3B,MAAa,KACX,cACA,SACkB;EAClB,MAAM,EAAE,SAAS,iBAAiB,qBAAqB;AAGvD,MAAI,oBAAoB,qBAAqB,UAC3C,OAAM,IAAI,aAAa,uCAAuC,mBAAmB;EAGnF,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,QAAQ,QAAQ,KAAK;EAGlF,MAAM,gBAAgB,QAAQ,SAAS,MAAM,4BAA4B,cAAc,QAAQ,OAAO,GAAG;EAEzG,MAAM,SAAS;GACb,KAAK,OAAO;GACZ,KAAK,QAAQ,cAAc;GAC3B,KAAK,OAAO;GACZ,KAAK,OAAO,KAAK,KAAK,SAAS,KAAK,SAAS,SAAS,CAAC;GACxD;EAED,MAAM,QAAQ,IAAI,gBAAgB;GAChC,GAAG,KAAK,mBAAmB,aAAa;GACxC,QAAQ,eAAe,cAAc,OAAO,UAAU;GACtD,SAAS;GACT,SAAS,OAAO;GACjB,CAAC;AAEF,MAAI,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,SACzC,OAAM,IAAI,aAAa,mCAAmC;EAG5D,MAAM,UAAU,MAAM,MAAM,MAC1B;GACE,GAAG;GACH,KAAK,eAAe;GACpB,KAAK,OAAO;GACZ,KAAK,cAAc;GACnB,KAAK,QAAQ;GACd,EACD,iBACA,EAAE,QAAQ,CACX;EAED,MAAM,eAAgB,MAAM,MAAM,UAAU,QAAQ;EAEpD,MAAM,gBADI,MAAM,MAAM,OAAO,QAAQ,EACd,KAAK;AAC5B,MAAI,CAAC,aACH,OAAM,IAAI,aAAa,2BAA2B;AAGpD,SAAO;GACL;GACA;GACQ;GACR,SAAS;GACT,aAAa,YAAY;GACzB,SAAS;GACV;;CAGH,AAAO,YACL,gBACA,cAC0B;AAC1B,SAAO,cAAc,gBAAgB,aAAa;;CAGpD,AAAO,2BAA2B,gBAAwB,kBAAuC;EAC/F,MAAM,UAAU,gBAAgB,gBAAgB,OAAO,KAAK;EAC5D,MAAM,oBAAoB,+BAA+B,iBAAiB,IAAI,EAAE;AAEhF,MAAI,QAAQ,MACV,OAAM,IAAI,aAAa,kEAAkE;EAG3F,MAAM,sBAAsB,kBAC1B,QAAQ,IAAI,SAEZ,QAAQ,YAAY,KAAK,OAAO;GAC9B,QAAQ,EAAE,WAAW;IAAE,KAAK;IAAW,QAAQ,OAAO;IAAM,CAAC;GAC7D,SAAS,EAAE,QAAQ;GACnB,KAAK,EAAE;GACP,MAAM,EAAE;GACR,OAAO,EAAE;GACV,EAAE,EACH,kBACD;EACD,MAAM,CAAC,OAAO,eAAe,MAAM,IAAI;AAKvC,SADyB,cADX,GAAG,IAAI,GADnB,oBAAoB,SAAS,IAAI,GAAG,oBAAoB,KAAK,MAAM,EAAE,QAAQ,CAAC,KAAK,IAAI,CAAC,KAAK,KAElD;;CAI/C,MAAa,QACX,cACA,EAAE,SAAS,mBAAmB,kBAAkB,qBAC/B;EACjB,MAAM,QAAQ,IAAI,gBAAgB,KAAK,mBAAmB,aAAa,CAAC;EACxE,MAAM,iBAAiB,OAAO,YAAY,WAAW,UAAU,QAAQ;EAGvE,MAAM,gBAAgB,kCAFE,MAAM,MAAM,OAAO,eAAe,EAEa,KAAK,QAAQ;AACpF,MAAI,CAAC,iBAAiB,iBACpB,OAAM,IAAI,aAAa,wFAAwF;EAGjH,MAAM,SAAS,gBACX,MAAM,4BAA4B,cAAc,eAAe;GAC7D,YAAY;GACZ,UAAU,OAAO,YAAY,WAAW,QAAQ,WAAW;GAC5D,CAAC,GACF;AACJ,QAAM,OAAO;GACX,UAAU,SAAS,eAAe,cAAc,OAAO,UAAU,GAAG;GACpE,WAAW,QAAQ;GACpB,CAAC;AAeF,SAb8B,MAAM,MAAM,QAAQ,gBAAgB,mBAAiD,EACjH,IAAI,mBACA,EACE,SAAS;GACP,KAAK,iBAAiB;GACtB,OAAO,iBAAiB;GACxB,KAAK,iBAAiB;GACtB,GAAG;GACJ,EACF,GACD,QACL,CAAC;;CAKJ,AAAQ,wBACN,cACA,KACA,iBACA;AAEA,MAAI,CAAC,IAAK;AAGV,MAAI,CAAC,IAAI,WAAW,WAAW,IAAI,EAAE,IAAI,WAAW,UAAU,IAAI,aAAa,OAAO,uBACpF,OAAM,IAAI,aAAa,mDAAmD;AAG5E,MAAI,CAAC,gBAAgB,aAAa,SAAS,IAAI,IAAI,CAAC,gBAAgB,aAAa,SAAS,iBAAiB,IAAI,CAAC,CAC9G,OAAM,IAAI,aACR,+PACD;;CAIL,MAAa,OACX,cACA,EAAE,gBAAgB,YAAY,mBAAmB,mBAAmB,qBAAqB,OAIzF;EACA,MAAM,QAAQ,IAAI,gBAAgB,EAChC,GAAG,KAAK,mBAAmB,aAAa,EAIzC,CAAC;EAEF,IAAIC;AAEJ,MAAI;AACF,aAAU,MAAM,MAAM,OAAO,eAAe;AAC5C,OAAI,CAAC,QAAQ,IAAK,OAAM,IAAI,WAAW,oBAAoB;WACpD,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACD;;EAGH,MAAMC,gBAA0C;GAC9C,SAAS,QAAQ,IAAI;GACrB,QAAQ,QAAQ,IAAI;GACpB,SAAS;GACT,cAAc,MAAM,QAAQ,UAAU,cAAc;GAEpD,OAAO,QAAQ,QACX;IACE,SAAS,QAAQ,MAAM;IACvB,QAAQ,QAAQ,MAAM;IACvB,GACD;GACJ,aAAa,YAAY;GACzB,SAAS;GACV;AAED,MAAI;GACF,MAAM,mBAAmB,MAAM,KAAK,0BAClC,cACA,SACA,eACA,oBACD;GACD,MAAM,SAAS,MAAM,KAAK,qBAAqB,cAAc,iBAAiB;GAC9E,MAAM,gBAAgB,iCAAiC,QAAQ,IAAI,QAAQ;GAC3E,MAAM,SAAS,gBAAgB,MAAM,4BAA4B,cAAc,cAAc,GAAG;AAEhG,SAAM,OAAO;IACX,UAAU,iBAAiB,cAAc,OAAO,UAAU;IAC1D,YAAY,SAAS,iBAAiB,cAAc,OAAO,UAAU,GAAG;IACzE,CAAC;AAEF,OAAI;AACF,UAAM,MAAM,OAAO,gBAAgB;KACjC,mBAAmB,oBAAoB,CAAC,GAAG,mBAAmB,MAAM,GAAG,CAAC,MAAM;KAC9E,iBAAiB,YAAY;KAC7B,aAAa,cAAc,uBAAO,IAAI,MAAM,CAAC;KAC7C,aAAa;KACd,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI,QAAQ,IAAI,QAAQ,QAAQ,eAAe,QAAQ,IAAI,QAAQ,QAAQ,YACzE,QAAO;IACL,OAAO,IAAI,aAAa,4DAA4D;IACpF,SAAS;IACT,SAAS;IACV;AAGH,OAAI;AACF,eAAW,SAAS,cAAc,QAAQ,CAAC,SAAS;KAClD,KAAK,cAAc,uBAAO,IAAI,MAAM,CAAC;KACrC,UAAU;KACX,CAAC;YACK,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAIH,OAAI;AACF,QAAI,YAAY;AACd,SAAI,CAAC,QAAQ,SAAS,CAAC,QAAQ,MAAM,QACnC,OAAM,IAAI,aAAa,2DAA2D;AAIpF,SAAI,QAAQ,MAAM,QAAQ,QAAQ,WAAW,SAC3C,OAAM,IAAI,aAAa,6DAA6D;AAGtF,SAAI,QAAQ,MAAM,QAAQ,UAAU,WAAW,MAC7C,OAAM,IAAI,aAAa,0DAA0D;;YAG9E,OAAO;AACd,WAAO;KACL;KACA,SAAS;KACT,SAAS;KACV;;AAGH,OAAI;IACF,MAAM,MAAM,cAAc,SAAS;AACnC,QAAI,qBAAqB,OAAO,QAAQ,YAAY,IAAI,WAAW,WAAW,EAAE;KAE9E,MAAM,cAAc,IAAI,MAAM,IAAI;AAClC,iBAAY,OAAO,GAAG,GAAG,kBAAkB;KAC3C,MAAM,SAAS,YAAY,KAAK,IAAI;KAEpC,MAAM,WAAW,MAAM,aAAa,OAAO,kBAAkB,MAAM,OAAO;AAC1E,SAAI,SAAS,GAEX,eAAc,eADO,MAAM,SAAS,MAAM;;YAIvC,QAAQ;WAGV,OAAO;AACd,UAAO;IACL,SAAS;IACT;IACA,SAAS;IACV;;AAGH,SAAO;GACL,SAAS;GACT,SAAS;GACV;;CAGH,MAAa,MAAM,cAA4B,SAA8B;AAC3E,QAAM,KAAK,kBAAkB,KAAK,cAAc,QAAQ,OAAO;AAC/D,SAAO,QAAQ;;CAGjB,MAAa,QAAQ,cAA4B,IAAoC;AACnF,SAAO,MAAM,KAAK,kBAAkB,QAAQ,cAAc,GAAG;;CAG/D,MAAa,OAAO,cAA2D;AAC7E,SAAO,MAAM,KAAK,kBAAkB,OAAO,aAAa;;CAG1D,MAAa,YACX,cACA,OACA,cAC+B;AAC/B,SAAO,MAAM,KAAK,kBAAkB,YAAY,cAAc,OAAO,aAAa;;CAGpF,MAAa,WAAW,cAA4B,IAAY;AAC9D,QAAM,KAAK,kBAAkB,WAAW,cAAc,GAAG;;CAG3D,MAAa,OAAO,cAA4B,eAA8B;AAC5E,QAAM,KAAK,kBAAkB,OAAO,cAAc,cAAc;;CAGlE,MAAc,qBAAqB,cAA4B,QAAuB,aAAa,OAAO;AACxG,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,YAAY,SAAS,OAAO,OAAO;AACzC,OAAI,CAAC,UAAU,SACb,OAAM,IAAI,aACR,WAAW,OAAO,OAAO,kEAC1B;GAGH,IAAIC;AACJ,OAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;QAC3E;IACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,gBAAY,mCAAmC,mBAAmB;;GAGpE,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;AAIH,UAAO;IACL,KAHU,6BAA6B;IAIvC;IACA,KAAK,UAAU;IACf,KAAK,IAAI,UAAU;IACpB;;AAGH,MAAI,OAAO,WAAW,OAAO;GAC3B,MAAM,kBAAkB,OAAO,IAAI;AACnC,OAAI,CAAC,gBACH,OAAM,IAAI,aAAa,6BAA6B;AAGtD,OAAI,cAAc,CAAC,gBAAgB,UAAU,SAC3C,OAAM,IAAI,aAAa,wEAAwE;GAGjG,MAAM,YAAY,gBAAgB;GAClC,MAAM,+BAA+B,UAAU;AAC/C,OAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,aACR,uDAAuD,UAAU,0BAClE;GAEH,MAAM,MAAM,6BAA6B;AAEzC,QAAK,wBAAwB,cAAc,OAAO,QAAQ,gBAAgB;AAE1E,UAAO;IACL;IACA,KAAK,OAAO;IACZ,KAAK,OAAO;IACZ;IACD;;AAGH,QAAM,IAAI,aAAa,kFAAkF;;CAG3G,MAAc,0BACZ,cACA,SACA,cACA,sBACwB;EACxB,MAAM,aAAa,aAAa,kBAAkB,QAAQ,iBAAiB;AAC3E,MAAI,CAAC,QAAQ,KAAK,QAChB,OAAM,IAAI,aAAa,uBAAuB;EAGhD,MAAM,MAAM,QAAQ,IAAI,QAAQ;AAEhC,MAAI,QAAQ,IAAI,QAAQ,KAAK;AAC3B,OAAI,CAAC,MAAM,QAAQ,QAAQ,IAAI,OAAO,IAAI,CACxC,OAAM,IAAI,aAAa,kDAAkD;AAE3E,OAAI,QAAQ,IAAI,OAAO,IAAI,WAAW,EACpC,OAAM,IAAI,aAAa,iDAAiD;AAE1E,OAAI,QAAQ,IAAI,OAAO,IAAI,MAAM,QAAQ,OAAO,QAAQ,SAAS,CAC/D,OAAM,IAAI,aAAa,6DAA6D;GAGtF,IAAI,sBAAsB;GAC1B,MAAM,mBAAmB,QAAQ,IAAI,OAAO,IAAI,KAAK,SAAS,gBAAgB,uBAAuB,KAAK,CAAC;AAE3G,OAAI,CAAC,oBACH,uBACG,MAAM,WAAW,wCAAwC,cAAc;IACtE;IACA,cAAc;KACZ,MAAM;KACN,YAAY;KACb;IACF,CAAC,IAAK,WAAW;AAGtB,OAAI,CAAC,oBACH,OAAM,IAAI,aACR,uGACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,QAAQ,IAAI,OAAO;IACrC;IACD,CAAC;AAEF,UAAO;IACL,QAAQ;IACR,KAAK;IACL,QAAQ;IACT;;AAGH,MAAI,KAAK,WAAW,OAAO,EAAE;AAI3B,OAAI,CAAC,QAAQ,KAAK,OAChB,OAAM,IAAI,aAAa,uCAAuC;AAGhE,OAAI,CAAC,QAAQ,IAAI,OAAO,IACtB,OAAM,IAAI,aAAa,kDAAkD;GAG3E,MAAM,YAAY,QAAQ,IAAI,OAAO;GAErC,IAAIC;AACJ,OAAI,UAAU,WAAW,IAAI,CAC3B,UAAS,GAAG,MAAM;YACT,UAAU,WAAW,OAAO,EAAE;IACvC,MAAM,aAAa,SAAS,UAAU;AACtC,QAAI,WAAW,QAAQ,IACrB,OAAM,IAAI,aACR,sDAAsD,WAAW,IAAI,uCAAuC,IAAI,GACjH;AAGH,aAAS;SAET,OAAM,IAAI,aACR,kGACD;AAGH,UAAO;IACL,QAAQ;IACR;IACD;;AAGH,QAAM,IAAI,aAAa,0FAA0F;;CAGnH,AAAQ,mBAAmB,cAA2C;EACpE,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,SAAO;GACL,QAAQ;GACR,mBAAmB,KAAK,qBAAqB,aAAa;GAC1D,gBAAgB,WAAW,kBAAkB,YAAY,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO;GACvG;;CAGH,AAAQ,qBAAqB,cAA4B;AACvD,SAAO,OAAO,QAAgB;GAC5B,MAAM,WAAW,MAAM,iBAAiB,aAAa,OAAO,kBAAkB,OAAO,KAAK,EACxF,SAAS,EACP,QAAQ,8BACT,EACF,CAAC;AAEF,OAAI,CAAC,SAAS,GACZ,OAAM,IAAI,WACR,yCACE,SAAS,OACV,kCAAkC,IAAI,IAAI,MAAM,SAAS,MAAM,GACjE;AAGH,UAAO,MAAM,SAAS,MAAM;;;;6BAphBjC,YAAY"}
package/build/modules/sd-jwt-vc/repository/SdJwtVcRepository.mjs CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  import { InjectionSymbols } from "../../../constants.mjs";
4
4
  import { inject, injectable } from "../../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
7
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
5
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
8
8
  import { EventEmitter } from "../../../agent/EventEmitter.mjs";
9
9
  import { Repository } from "../../../storage/Repository.mjs";
10
10
  import { SdJwtVcRecord } from "./SdJwtVcRecord.mjs";
package/build/modules/sd-jwt-vc/typeMetadata.d.mts CHANGED
@@ -1,8 +1,17 @@
1
1
  //#region src/modules/sd-jwt-vc/typeMetadata.d.ts
2
2
  interface SdJwtVcTypeMetadataClaim {
3
3
  path: Array<string | null>;
4
+ /**
5
+ * A boolean indicating that the claim must be present in the issued credential.
6
+ * This property is OPTIONAL. If omitted, the default value is false
7
+ */
8
+ mandatory?: boolean;
4
9
  display?: Array<{
5
- lang: string;
10
+ /**
11
+ * @deprecated `locale` should be used
12
+ */
13
+ lang?: string;
14
+ locale?: string;
6
15
  label: string;
7
16
  description?: string;
8
17
  }>;
@@ -19,6 +28,7 @@ interface SdJwtVcTypeMetadataRenderingMethodSimple {
19
28
  alt_text?: string;
20
29
  };
21
30
  background_color?: string;
31
+ background_image?: string;
22
32
  text_color?: string;
23
33
  }
24
34
  interface SdJwtVcTypeMetadataRenderingMethodSvgTemplate {
@@ -31,7 +41,11 @@ interface SdJwtVcTypeMetadataRenderingMethodSvgTemplate {
31
41
  };
32
42
  }
33
43
  interface SdJwtVcTypeMetadataDisplay {
34
- lang: string;
44
+ /**
45
+ * @deprecated `locale` should be used
46
+ */
47
+ lang?: string;
48
+ locale?: string;
35
49
  name: string;
36
50
  description?: string;
37
51
  rendering?: {
@@ -41,6 +55,7 @@ interface SdJwtVcTypeMetadataDisplay {
41
55
  };
42
56
  }
43
57
  interface SdJwtVcTypeMetadata {
58
+ vct: string;
44
59
  name?: string;
45
60
  description?: string;
46
61
  extends?: string;
package/build/modules/sd-jwt-vc/typeMetadata.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"typeMetadata.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/typeMetadata.ts"],"sourcesContent":[],"mappings":";UAAiB,wBAAA;QACT;YACI;IAFK,IAAA,EAAA,MAAA;IAcA,KAAA,EAAA,MAAA;IAUA,WAAA,CAAA,EAAA,MAAA;EAUA,CAAA,CAAA;EAWA;;;;;;UA/BA,wCAAA;;;;;;;;;UAUA,6CAAA;;;;;;;;;UAUA,0BAAA;;;;;aAKJ;oBACO;;;;UAKH,mBAAA;;;;;YAOL;WACD"}
1
+ {"version":3,"file":"typeMetadata.d.mts","names":[],"sources":["../../../src/modules/sd-jwt-vc/typeMetadata.ts"],"sourcesContent":[],"mappings":";UAAiB,wBAAA;QACT;;AADR;AAyBA;AAWA;EAUiB,SAAA,CAAA,EAAA,OAAA;EAgBA,OAAA,CAAA,EArDL,KAqDK,CAAA;;;;;;;;;;;;;;;UArCA,wCAAA;;;;;;;;;;UAWA,6CAAA;;;;;;;;;UAUA,0BAAA;;;;;;;;;aAUJ;oBACO;;;;UAKH,mBAAA;;;;;;YAQL;WACD"}
package/build/modules/sd-jwt-vc/utils.mjs CHANGED
@@ -36,7 +36,7 @@ async function extractKeyFromHolderBinding(agentContext, holder, { forSigning =
36
36
  publicJwk = getPublicJwkFromVerificationMethod(verificationMethod);
37
37
  }
38
38
  const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms;
39
- if (supportedSignatureAlgorithms.length === 0) throw new CredoError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`);
39
+ if (supportedSignatureAlgorithms.length === 0) throw new CredoError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`);
40
40
  return {
41
41
  alg: supportedSignatureAlgorithms[0],
42
42
  publicJwk,
package/build/modules/sd-jwt-vc/utils.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"utils.mjs","names":["publicJwk: PublicJwk","cnf: CnfPayload"],"sources":["../../../src/modules/sd-jwt-vc/utils.ts"],"sourcesContent":["import type { Signer, Verifier } from '@sd-jwt/types'\nimport { AgentContext } from '../../agent'\nimport { CredoError } from '../../error'\nimport { TypedArrayEncoder } from '../../utils'\nimport { DidResolverService, DidsApi, getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { type Jwk, KeyManagementApi, PublicJwk } from '../kms'\nimport type { SdJwtVcHolderBinding } from './SdJwtVcOptions'\n\nexport async function resolveSigningPublicJwkFromDidUrl(agentContext: AgentContext, didUrl: string) {\n const dids = agentContext.dependencyManager.resolve(DidsApi)\n\n const { publicJwk } = await dids.resolveVerificationMethodFromCreatedDidRecord(didUrl)\n return publicJwk\n}\n\nexport async function resolveDidUrl(agentContext: AgentContext, didUrl: string) {\n const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n const didDocument = await didResolver.resolveDidDocument(agentContext, didUrl)\n\n return {\n verificationMethod: didDocument.dereferenceKey(didUrl, ['assertionMethod']),\n didDocument,\n }\n}\n\nexport async function extractKeyFromHolderBinding(\n agentContext: AgentContext,\n holder: SdJwtVcHolderBinding,\n { forSigning = false, jwkKeyId }: { forSigning?: boolean; jwkKeyId?: string } = {}\n) {\n if (holder.method === 'did') {\n const parsedDid = parseDid(holder.didUrl)\n if (!parsedDid.fragment) {\n throw new CredoError(`didUrl '${holder.didUrl}' does not contain a '#'. Unable to derive key from did document`)\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, holder.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, holder.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new CredoError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypehumanDescription}`)\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n cnf: {\n // We need to include the whole didUrl here, otherwise the verifier\n // won't know which did it is associated with\n kid: holder.didUrl,\n },\n }\n }\n if (holder.method === 'jwk') {\n const publicJwk = holder.jwk\n const alg = publicJwk.supportedSignatureAlgorithms[0]\n\n // FIXME: shouldn't we use `if (forSigning && !publicJwk.keyId)`, or at least use keyId over legacyKeyId\n // It depends on whether we foresee security issues with trusting the `kid` field in the issued credential jwk.\n // If there is no key id configured when signing, we assume this credential was issued before we included key ids\n // and the we use the legacy key id.\n if (forSigning) {\n publicJwk.keyId = jwkKeyId ?? publicJwk.legacyKeyId\n }\n\n return {\n alg,\n publicJwk,\n cnf: {\n jwk: publicJwk.toJson(),\n },\n }\n }\n\n throw new CredoError(\"Unsupported credential holder binding. Only 'did' and 'jwk' are supported at the moment.\")\n}\n\n/**\n * @todo validate the JWT header (alg)\n */\nexport function getSdJwtSigner(agentContext: AgentContext, key: PublicJwk): Signer {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return async (input: string) => {\n const result = await kms.sign({\n keyId: key.keyId,\n data: TypedArrayEncoder.fromString(input),\n algorithm: key.signatureAlgorithm,\n })\n\n return TypedArrayEncoder.toBase64URL(result.signature)\n }\n}\n\n/**\n * @todo validate the JWT header (alg)\n */\nexport function getSdJwtVerifier(agentContext: AgentContext, key: PublicJwk): Verifier {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return async (message: string, signatureBase64Url: string) => {\n const result = await kms.verify({\n signature: TypedArrayEncoder.fromBase64(signatureBase64Url),\n key: {\n publicJwk: key.toJson(),\n },\n data: TypedArrayEncoder.fromString(message),\n algorithm: key.signatureAlgorithm,\n })\n\n return result.verified\n }\n}\n\nexport interface CnfPayload {\n jwk?: Jwk\n kid?: string\n}\n\nexport function parseHolderBindingFromCredential(payload?: Record<string, unknown>): SdJwtVcHolderBinding | null {\n if (!payload) {\n throw new CredoError('Unable to extract payload from SD-JWT VC')\n }\n\n if (!payload.cnf) {\n return null\n }\n const cnf: CnfPayload = payload.cnf\n\n if (cnf.jwk) {\n return {\n method: 'jwk',\n jwk: PublicJwk.fromUnknown(cnf.jwk),\n }\n }\n if (cnf.kid) {\n if (!cnf.kid.startsWith('did:') || !cnf.kid.includes('#')) {\n throw new CredoError('Invalid holder kid for did. Only absolute KIDs for cnf are supported')\n }\n return {\n method: 'did',\n didUrl: cnf.kid,\n }\n }\n\n throw new CredoError(\"Unsupported credential holder binding. Only 'did' and 'jwk' are supported at the moment.\")\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAQA,eAAsB,kCAAkC,cAA4B,QAAgB;CAGlG,MAAM,EAAE,cAAc,MAFT,aAAa,kBAAkB,QAAQ,QAAQ,CAE3B,8CAA8C,OAAO;AACtF,QAAO;;AAGT,eAAsB,cAAc,cAA4B,QAAgB;CAE9E,MAAM,cAAc,MADA,aAAa,kBAAkB,QAAQ,mBAAmB,CACxC,mBAAmB,cAAc,OAAO;AAE9E,QAAO;EACL,oBAAoB,YAAY,eAAe,QAAQ,CAAC,kBAAkB,CAAC;EAC3E;EACD;;AAGH,eAAsB,4BACpB,cACA,QACA,EAAE,aAAa,OAAO,aAA0D,EAAE,EAClF;AACA,KAAI,OAAO,WAAW,OAAO;AAE3B,MAAI,CADc,SAAS,OAAO,OAAO,CAC1B,SACb,OAAM,IAAI,WAAW,WAAW,OAAO,OAAO,kEAAkE;EAGlH,IAAIA;AACJ,MAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;OAC3E;GACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,eAAY,mCAAmC,mBAAmB;;EAGpE,MAAM,+BAA+B,UAAU;AAC/C,MAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,WAAW,uDAAuD,UAAU,0BAA0B;AAIlH,SAAO;GACL,KAHU,6BAA6B;GAIvC;GACA,KAAK,EAGH,KAAK,OAAO,QACb;GACF;;AAEH,KAAI,OAAO,WAAW,OAAO;EAC3B,MAAM,YAAY,OAAO;EACzB,MAAM,MAAM,UAAU,6BAA6B;AAMnD,MAAI,WACF,WAAU,QAAQ,YAAY,UAAU;AAG1C,SAAO;GACL;GACA;GACA,KAAK,EACH,KAAK,UAAU,QAAQ,EACxB;GACF;;AAGH,OAAM,IAAI,WAAW,2FAA2F;;;;;AAMlH,SAAgB,eAAe,cAA4B,KAAwB;CACjF,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,QAAO,OAAO,UAAkB;EAC9B,MAAM,SAAS,MAAM,IAAI,KAAK;GAC5B,OAAO,IAAI;GACX,MAAM,kBAAkB,WAAW,MAAM;GACzC,WAAW,IAAI;GAChB,CAAC;AAEF,SAAO,kBAAkB,YAAY,OAAO,UAAU;;;;;;AAO1D,SAAgB,iBAAiB,cAA4B,KAA0B;CACrF,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,QAAO,OAAO,SAAiB,uBAA+B;AAU5D,UATe,MAAM,IAAI,OAAO;GAC9B,WAAW,kBAAkB,WAAW,mBAAmB;GAC3D,KAAK,EACH,WAAW,IAAI,QAAQ,EACxB;GACD,MAAM,kBAAkB,WAAW,QAAQ;GAC3C,WAAW,IAAI;GAChB,CAAC,EAEY;;;AASlB,SAAgB,iCAAiC,SAAgE;AAC/G,KAAI,CAAC,QACH,OAAM,IAAI,WAAW,2CAA2C;AAGlE,KAAI,CAAC,QAAQ,IACX,QAAO;CAET,MAAMC,MAAkB,QAAQ;AAEhC,KAAI,IAAI,IACN,QAAO;EACL,QAAQ;EACR,KAAK,UAAU,YAAY,IAAI,IAAI;EACpC;AAEH,KAAI,IAAI,KAAK;AACX,MAAI,CAAC,IAAI,IAAI,WAAW,OAAO,IAAI,CAAC,IAAI,IAAI,SAAS,IAAI,CACvD,OAAM,IAAI,WAAW,uEAAuE;AAE9F,SAAO;GACL,QAAQ;GACR,QAAQ,IAAI;GACb;;AAGH,OAAM,IAAI,WAAW,2FAA2F"}
1
+ {"version":3,"file":"utils.mjs","names":["publicJwk: PublicJwk","cnf: CnfPayload"],"sources":["../../../src/modules/sd-jwt-vc/utils.ts"],"sourcesContent":["import type { Signer, Verifier } from '@sd-jwt/types'\nimport { AgentContext } from '../../agent'\nimport { CredoError } from '../../error'\nimport { TypedArrayEncoder } from '../../utils'\nimport { DidResolverService, DidsApi, getPublicJwkFromVerificationMethod, parseDid } from '../dids'\nimport { type Jwk, KeyManagementApi, PublicJwk } from '../kms'\nimport type { SdJwtVcHolderBinding } from './SdJwtVcOptions'\n\nexport async function resolveSigningPublicJwkFromDidUrl(agentContext: AgentContext, didUrl: string) {\n const dids = agentContext.dependencyManager.resolve(DidsApi)\n\n const { publicJwk } = await dids.resolveVerificationMethodFromCreatedDidRecord(didUrl)\n return publicJwk\n}\n\nexport async function resolveDidUrl(agentContext: AgentContext, didUrl: string) {\n const didResolver = agentContext.dependencyManager.resolve(DidResolverService)\n const didDocument = await didResolver.resolveDidDocument(agentContext, didUrl)\n\n return {\n verificationMethod: didDocument.dereferenceKey(didUrl, ['assertionMethod']),\n didDocument,\n }\n}\n\nexport async function extractKeyFromHolderBinding(\n agentContext: AgentContext,\n holder: SdJwtVcHolderBinding,\n { forSigning = false, jwkKeyId }: { forSigning?: boolean; jwkKeyId?: string } = {}\n) {\n if (holder.method === 'did') {\n const parsedDid = parseDid(holder.didUrl)\n if (!parsedDid.fragment) {\n throw new CredoError(`didUrl '${holder.didUrl}' does not contain a '#'. Unable to derive key from did document`)\n }\n\n let publicJwk: PublicJwk\n if (forSigning) {\n publicJwk = await resolveSigningPublicJwkFromDidUrl(agentContext, holder.didUrl)\n } else {\n const { verificationMethod } = await resolveDidUrl(agentContext, holder.didUrl)\n publicJwk = getPublicJwkFromVerificationMethod(verificationMethod)\n }\n\n const supportedSignatureAlgorithms = publicJwk.supportedSignatureAlgorithms\n if (supportedSignatureAlgorithms.length === 0) {\n throw new CredoError(`No supported JWA signature algorithms found for key ${publicJwk.jwkTypeHumanDescription}`)\n }\n const alg = supportedSignatureAlgorithms[0]\n\n return {\n alg,\n publicJwk,\n cnf: {\n // We need to include the whole didUrl here, otherwise the verifier\n // won't know which did it is associated with\n kid: holder.didUrl,\n },\n }\n }\n if (holder.method === 'jwk') {\n const publicJwk = holder.jwk\n const alg = publicJwk.supportedSignatureAlgorithms[0]\n\n // FIXME: shouldn't we use `if (forSigning && !publicJwk.keyId)`, or at least use keyId over legacyKeyId\n // It depends on whether we foresee security issues with trusting the `kid` field in the issued credential jwk.\n // If there is no key id configured when signing, we assume this credential was issued before we included key ids\n // and the we use the legacy key id.\n if (forSigning) {\n publicJwk.keyId = jwkKeyId ?? publicJwk.legacyKeyId\n }\n\n return {\n alg,\n publicJwk,\n cnf: {\n jwk: publicJwk.toJson(),\n },\n }\n }\n\n throw new CredoError(\"Unsupported credential holder binding. Only 'did' and 'jwk' are supported at the moment.\")\n}\n\n/**\n * @todo validate the JWT header (alg)\n */\nexport function getSdJwtSigner(agentContext: AgentContext, key: PublicJwk): Signer {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return async (input: string) => {\n const result = await kms.sign({\n keyId: key.keyId,\n data: TypedArrayEncoder.fromString(input),\n algorithm: key.signatureAlgorithm,\n })\n\n return TypedArrayEncoder.toBase64URL(result.signature)\n }\n}\n\n/**\n * @todo validate the JWT header (alg)\n */\nexport function getSdJwtVerifier(agentContext: AgentContext, key: PublicJwk): Verifier {\n const kms = agentContext.resolve(KeyManagementApi)\n\n return async (message: string, signatureBase64Url: string) => {\n const result = await kms.verify({\n signature: TypedArrayEncoder.fromBase64(signatureBase64Url),\n key: {\n publicJwk: key.toJson(),\n },\n data: TypedArrayEncoder.fromString(message),\n algorithm: key.signatureAlgorithm,\n })\n\n return result.verified\n }\n}\n\nexport interface CnfPayload {\n jwk?: Jwk\n kid?: string\n}\n\nexport function parseHolderBindingFromCredential(payload?: Record<string, unknown>): SdJwtVcHolderBinding | null {\n if (!payload) {\n throw new CredoError('Unable to extract payload from SD-JWT VC')\n }\n\n if (!payload.cnf) {\n return null\n }\n const cnf: CnfPayload = payload.cnf\n\n if (cnf.jwk) {\n return {\n method: 'jwk',\n jwk: PublicJwk.fromUnknown(cnf.jwk),\n }\n }\n if (cnf.kid) {\n if (!cnf.kid.startsWith('did:') || !cnf.kid.includes('#')) {\n throw new CredoError('Invalid holder kid for did. Only absolute KIDs for cnf are supported')\n }\n return {\n method: 'did',\n didUrl: cnf.kid,\n }\n }\n\n throw new CredoError(\"Unsupported credential holder binding. Only 'did' and 'jwk' are supported at the moment.\")\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAQA,eAAsB,kCAAkC,cAA4B,QAAgB;CAGlG,MAAM,EAAE,cAAc,MAFT,aAAa,kBAAkB,QAAQ,QAAQ,CAE3B,8CAA8C,OAAO;AACtF,QAAO;;AAGT,eAAsB,cAAc,cAA4B,QAAgB;CAE9E,MAAM,cAAc,MADA,aAAa,kBAAkB,QAAQ,mBAAmB,CACxC,mBAAmB,cAAc,OAAO;AAE9E,QAAO;EACL,oBAAoB,YAAY,eAAe,QAAQ,CAAC,kBAAkB,CAAC;EAC3E;EACD;;AAGH,eAAsB,4BACpB,cACA,QACA,EAAE,aAAa,OAAO,aAA0D,EAAE,EAClF;AACA,KAAI,OAAO,WAAW,OAAO;AAE3B,MAAI,CADc,SAAS,OAAO,OAAO,CAC1B,SACb,OAAM,IAAI,WAAW,WAAW,OAAO,OAAO,kEAAkE;EAGlH,IAAIA;AACJ,MAAI,WACF,aAAY,MAAM,kCAAkC,cAAc,OAAO,OAAO;OAC3E;GACL,MAAM,EAAE,uBAAuB,MAAM,cAAc,cAAc,OAAO,OAAO;AAC/E,eAAY,mCAAmC,mBAAmB;;EAGpE,MAAM,+BAA+B,UAAU;AAC/C,MAAI,6BAA6B,WAAW,EAC1C,OAAM,IAAI,WAAW,uDAAuD,UAAU,0BAA0B;AAIlH,SAAO;GACL,KAHU,6BAA6B;GAIvC;GACA,KAAK,EAGH,KAAK,OAAO,QACb;GACF;;AAEH,KAAI,OAAO,WAAW,OAAO;EAC3B,MAAM,YAAY,OAAO;EACzB,MAAM,MAAM,UAAU,6BAA6B;AAMnD,MAAI,WACF,WAAU,QAAQ,YAAY,UAAU;AAG1C,SAAO;GACL;GACA;GACA,KAAK,EACH,KAAK,UAAU,QAAQ,EACxB;GACF;;AAGH,OAAM,IAAI,WAAW,2FAA2F;;;;;AAMlH,SAAgB,eAAe,cAA4B,KAAwB;CACjF,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,QAAO,OAAO,UAAkB;EAC9B,MAAM,SAAS,MAAM,IAAI,KAAK;GAC5B,OAAO,IAAI;GACX,MAAM,kBAAkB,WAAW,MAAM;GACzC,WAAW,IAAI;GAChB,CAAC;AAEF,SAAO,kBAAkB,YAAY,OAAO,UAAU;;;;;;AAO1D,SAAgB,iBAAiB,cAA4B,KAA0B;CACrF,MAAM,MAAM,aAAa,QAAQ,iBAAiB;AAElD,QAAO,OAAO,SAAiB,uBAA+B;AAU5D,UATe,MAAM,IAAI,OAAO;GAC9B,WAAW,kBAAkB,WAAW,mBAAmB;GAC3D,KAAK,EACH,WAAW,IAAI,QAAQ,EACxB;GACD,MAAM,kBAAkB,WAAW,QAAQ;GAC3C,WAAW,IAAI;GAChB,CAAC,EAEY;;;AASlB,SAAgB,iCAAiC,SAAgE;AAC/G,KAAI,CAAC,QACH,OAAM,IAAI,WAAW,2CAA2C;AAGlE,KAAI,CAAC,QAAQ,IACX,QAAO;CAET,MAAMC,MAAkB,QAAQ;AAEhC,KAAI,IAAI,IACN,QAAO;EACL,QAAQ;EACR,KAAK,UAAU,YAAY,IAAI,IAAI;EACpC;AAEH,KAAI,IAAI,KAAK;AACX,MAAI,CAAC,IAAI,IAAI,WAAW,OAAO,IAAI,CAAC,IAAI,IAAI,SAAS,IAAI,CACvD,OAAM,IAAI,WAAW,uEAAuE;AAE9F,SAAO;GACL,QAAQ;GACR,QAAQ,IAAI;GACb;;AAGH,OAAM,IAAI,WAAW,2FAA2F"}
package/build/modules/vc/W3cCredentialService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../error/CredoError.mjs";
4
4
  import "../../error/index.mjs";
5
5
  import { injectable } from "../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { CREDENTIALS_CONTEXT_V1_URL } from "./constants.mjs";
9
9
  import { ClaimFormat } from "./models/ClaimFormat.mjs";
10
10
  import { W3cJsonLdVerifiableCredential } from "./data-integrity/models/W3cJsonLdVerifiableCredential.mjs";
package/build/modules/vc/W3cCredentialsApi.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
4
4
  import { injectable } from "../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { W3cCredentialService } from "./W3cCredentialService.mjs";
9
9
 
package/build/modules/vc/W3cV2CredentialService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../error/CredoError.mjs";
4
4
  import "../../error/index.mjs";
5
5
  import { injectable } from "../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { ClaimFormat } from "./models/ClaimFormat.mjs";
9
9
  import { W3cV2JwtVerifiableCredential } from "./jwt-vc/W3cV2JwtVerifiableCredential.mjs";
10
10
  import { W3cV2SdJwtVerifiableCredential } from "./sd-jwt-vc/W3cV2SdJwtVerifiableCredential.mjs";
package/build/modules/vc/W3cV2CredentialsApi.mjs CHANGED
@@ -2,8 +2,8 @@
2
2
 
3
3
  import { AgentContext } from "../../agent/context/AgentContext.mjs";
4
4
  import { injectable } from "../../plugins/index.mjs";
5
- import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
6
- import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
5
+ import { __decorateMetadata } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
6
+ import { __decorate } from "../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
7
7
  import "../../agent/index.mjs";
8
8
  import { W3cV2CredentialService } from "./W3cV2CredentialService.mjs";
9
9
 
package/build/modules/vc/data-integrity/SignatureSuiteRegistry.mjs CHANGED
@@ -3,10 +3,10 @@
3
3
  import { CredoError } from "../../../error/CredoError.mjs";
4
4
  import "../../../error/index.mjs";
5
5
  import { injectAll, injectable } from "../../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { PublicJwk } from "../../kms/jwk/PublicJwk.mjs";
9
- import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateParam.mjs";
9
+ import { __decorateParam } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateParam.mjs";
10
10
  import { suites } from "./libraries/jsonld-signatures.mjs";
11
11
 
12
12
  //#region src/modules/vc/data-integrity/SignatureSuiteRegistry.ts
package/build/modules/vc/data-integrity/W3cJsonLdCredentialService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../../error/CredoError.mjs";
4
4
  import "../../../error/index.mjs";
5
5
  import { injectable } from "../../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { asArray } from "../../../utils/array.mjs";
9
9
  import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
10
10
  import "../../../utils/index.mjs";
package/build/modules/vc/data-integrity/models/DataIntegrityProof.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { IsUri } from "../../../../utils/validators.mjs";
6
6
  import "../../../../utils/index.mjs";
7
7
  import { IsEnum, IsOptional, IsString } from "class-validator";
package/build/modules/vc/data-integrity/models/LinkedDataProof.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { IsUri } from "../../../../utils/validators.mjs";
6
6
  import "../../../../utils/index.mjs";
7
7
  import { IsOptional, IsString } from "class-validator";
package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiableCredential.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { asArray, mapSingleOrArray } from "../../../../utils/array.mjs";
6
6
  import { JsonTransformer } from "../../../../utils/JsonTransformer.mjs";
7
7
  import { IsInstanceOrArrayOfInstances } from "../../../../utils/validators.mjs";
package/build/modules/vc/data-integrity/models/W3cJsonLdVerifiablePresentation.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { asArray } from "../../../../utils/array.mjs";
6
6
  import { JsonTransformer } from "../../../../utils/JsonTransformer.mjs";
7
7
  import { IsInstanceOrArrayOfInstances } from "../../../../utils/validators.mjs";
package/build/modules/vc/jwt-vc/W3cJwtCredentialService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../../error/CredoError.mjs";
4
4
  import "../../../error/index.mjs";
5
5
  import { injectable } from "../../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { asArray } from "../../../utils/array.mjs";
9
9
  import { isDid } from "../../../utils/did.mjs";
10
10
  import { MessageValidator } from "../../../utils/MessageValidator.mjs";
package/build/modules/vc/jwt-vc/W3cV2JwtCredentialService.mjs CHANGED
@@ -3,8 +3,8 @@
3
3
  import { CredoError } from "../../../error/CredoError.mjs";
4
4
  import "../../../error/index.mjs";
5
5
  import { injectable } from "../../../plugins/index.mjs";
6
- import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
7
- import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
6
+ import { __decorateMetadata } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
7
+ import { __decorate } from "../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
8
8
  import { asArray } from "../../../utils/array.mjs";
9
9
  import { MessageValidator } from "../../../utils/MessageValidator.mjs";
10
10
  import { JsonTransformer } from "../../../utils/JsonTransformer.mjs";
package/build/modules/vc/models/credential/W3cCredential.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { asArray, mapSingleOrArray } from "../../../../utils/array.mjs";
6
6
  import { JsonTransformer } from "../../../../utils/JsonTransformer.mjs";
7
7
  import { IsInstanceOrArrayOfInstances, IsUri } from "../../../../utils/validators.mjs";
package/build/modules/vc/models/credential/W3cCredentialSchema.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { IsUri } from "../../../../utils/validators.mjs";
6
6
  import { IsString } from "class-validator";
7
7
 
package/build/modules/vc/models/credential/W3cCredentialStatus.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
2
 
3
- import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorateMetadata.mjs";
4
- import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.97.0/helpers/decorate.mjs";
3
+ import { __decorateMetadata } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorateMetadata.mjs";
4
+ import { __decorate } from "../../../../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
5
5
  import { IsUri } from "../../../../utils/validators.mjs";
6
6
  import { IsString } from "class-validator";
7
7