@sd-jwt/core 0.1.0

package/build/jwt/jwt.js

@@ -0,0 +1,324 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Jwt = void 0;
+const base64url_1 = require("../base64url");
+const error_1 = require("./error");
+const compact_1 = require("./compact");
+const utils_1 = require("../utils");
+class Jwt {
+    constructor(options, additionalOptions) {
+        this.header = options === null || options === void 0 ? void 0 : options.header;
+        this.payload = options === null || options === void 0 ? void 0 : options.payload;
+        this.signature = options === null || options === void 0 ? void 0 : options.signature;
+        this.signer = additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer;
+    }
+    /**
+     *
+     * Instantiate a JWT from a compact format.
+     *
+     * Two generics may be supplied for typing on the Header and Payload. These are not enforced.
+     *
+     * Defined in: {@link https://datatracker.ietf.org/doc/html/rfc7519#section-3 | RFC 7519 }
+     *
+     */
+    static fromCompact(compact) {
+        const { header, payload, signature } = (0, compact_1.jwtFromCompact)(compact);
+        const jwt = new Jwt({
+            header,
+            payload,
+            signature
+        });
+        return jwt;
+    }
+    /**
+     *
+     * Replaces the current Header a new one.
+     *
+     */
+    withHeader(header) {
+        this.header = header;
+        return this;
+    }
+    /**
+     *
+     * Add a new claim to the Header, overriding the old one if it already is on there.
+     *
+     */
+    addHeaderClaim(item, value) {
+        var _a;
+        (_a = this.header) !== null && _a !== void 0 ? _a : (this.header = {});
+        if (value !== undefined && item !== null) {
+            this.header = Object.assign(Object.assign({}, this.header), { [item]: value });
+        }
+        return this;
+    }
+    /**
+     *
+     * Replaces the current Payload a new one.
+     *
+     */
+    withPayload(payload) {
+        this.payload = payload;
+        return this;
+    }
+    /**
+     *
+     * Add a new claim to the Payload, overriding the old one if it already is on there.
+     *
+     */
+    addPayloadClaim(item, value) {
+        var _a;
+        (_a = this.payload) !== null && _a !== void 0 ? _a : (this.payload = {});
+        if (value !== undefined && item !== null) {
+            this.payload = Object.assign(Object.assign({}, this.payload), { [item]: value });
+        }
+        return this;
+    }
+    /**
+     *
+     * Manually append a signature to the JWT. This signature is not validated.
+     *
+     * @note Only use this if the supplying a signing callback does not fit your use case.
+     *
+     */
+    withSignature(signature) {
+        this.signature = signature;
+        return this;
+    }
+    /**
+     *
+     * Add a signing callback to the JWT that will be used for creating the signature.
+     *
+     */
+    withSigner(signer) {
+        this.signer = signer;
+        return this;
+    }
+    /**
+     *
+     * Assert that there is a Header on the JWT.
+     *
+     * @throws when the Header is not defined
+     *
+     */
+    assertHeader() {
+        if (this.header)
+            return;
+        throw new error_1.JwtError('Header must be defined');
+    }
+    /**
+     *
+     * Assert that there is a Payload on the JWT.
+     *
+     * @throws when the Payload is not defined
+     *
+     */
+    assertPayload() {
+        if (this.payload)
+            return;
+        throw new error_1.JwtError('Payload must be defined');
+    }
+    /**
+     *
+     * Assert that there is a Signature on the JWT.
+     *
+     * @throws when the Signature is not defined
+     *
+     */
+    assertSignature() {
+        if (this.signature)
+            return;
+        throw new error_1.JwtError('Signature must be defined');
+    }
+    /**
+     *
+     * Assert that there is a Signing callback on the JWT.
+     *
+     * @throws when the Signer is not defined
+     *
+     */
+    assertSigner() {
+        if (this.signer)
+            return;
+        throw new error_1.JwtError('A signer must be provided to create a signature. You can set it with this.withSigner()');
+    }
+    /**
+     *
+     * Assert that there is a specific claim, possibly with value, in the Header.
+     *
+     */
+    assertClaimInHeader(claimKey, claimValue) {
+        this.assertHeader();
+        try {
+            this.assertClaimInObject(this.header, claimKey, claimValue);
+        }
+        catch (e) {
+            if (e instanceof error_1.JwtError) {
+                e.message += ' within the header';
+            }
+            throw e;
+        }
+    }
+    /**
+     *
+     * Assert that there is a specific claim, possibly with value, in the Payload.
+     *
+     */
+    assertClaimInPayload(claimKey, claimValue) {
+        this.assertPayload();
+        try {
+            this.assertClaimInObject(this.payload, claimKey, claimValue);
+        }
+        catch (e) {
+            if (e instanceof error_1.JwtError) {
+                e.message += ' within the payload';
+            }
+            throw e;
+        }
+    }
+    assertClaimInObject(object, claimKey, claimValue) {
+        const value = (0, utils_1.getValueByKeyAnyLevel)(object, claimKey);
+        if (!value) {
+            throw new error_1.JwtError(`Claim key '${claimKey}' not found in any level`);
+        }
+        if (claimValue && !(0, utils_1.simpleDeepEqual)(value, claimValue)) {
+            throw new error_1.JwtError(`Claim key '${claimKey}' was found, but values did not match`);
+        }
+    }
+    /**
+     *
+     * Get a claim within the payload.
+     *
+     * @throws when the payload is not defined
+     * @throws when the claim could not be found at any level
+     *
+     */
+    getClaimInPayload(claimKey) {
+        this.assertPayload();
+        return this.getClaimInObject(this.payload, claimKey);
+    }
+    /**
+     *
+     * Get a claim within the payload.
+     *
+     * @throws when the payload is not defined
+     * @throws when the claim could not be found at any level
+     *
+     */
+    getClaimInHeader(claimKey) {
+        this.assertHeader();
+        return this.getClaimInObject(this.header, claimKey);
+    }
+    getClaimInObject(object, claimKey) {
+        const value = (0, utils_1.getValueByKeyAnyLevel)(object, claimKey);
+        if (!value) {
+            throw new error_1.JwtError(`Claim key '${claimKey}' not found in any level`);
+        }
+        return value;
+    }
+    /**
+     *
+     * Returns a string of what needs to be signed.
+     *
+     * Defined in: {@link https://datatracker.ietf.org/doc/html/rfc7519#section-3 | RFC 7519}
+     *
+     */
+    get signableInput() {
+        this.assertHeader();
+        this.assertPayload();
+        return `${this.compactHeader}.${this.compactPayload}`;
+    }
+    /**
+     *
+     * Sign the Header and Payload and append the signature to the JWT.
+     *
+     */
+    signAndAdd() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertSigner();
+            const signature = yield this.signer(this.signableInput, this.header);
+            this.withSignature(signature);
+            return this;
+        });
+    }
+    get compactHeader() {
+        this.assertHeader();
+        return base64url_1.Base64url.encodeFromJson(this.header);
+    }
+    get compactPayload() {
+        this.assertPayload();
+        return base64url_1.Base64url.encodeFromJson(this.payload);
+    }
+    /**
+     *
+     * Create a compact format of the JWT.
+     *
+     * This will add a signature if there is none.
+     *
+     * @throws When the signature and signer are not defined
+     *
+     */
+    toCompact() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertHeader();
+            this.assertPayload();
+            if (!this.signature) {
+                yield this.signAndAdd();
+            }
+            const encodedSignature = base64url_1.Base64url.encode(this.signature);
+            return `${this.compactHeader}.${this.compactPayload}.${encodedSignature}`;
+        });
+    }
+    /**
+     *
+     * Verify the JWT.
+     *
+     * - Check the nbf claim with `now`
+     * - Check the exp claim with `now`
+     * - Additionally validate any required claims
+     * - Additionally pass in a specific publicKeyJwk to validate the signature
+     *
+     */
+    verify(verifySignature, requiredClaims, publicKeyJwk) {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertHeader();
+            this.assertPayload();
+            this.assertSignature();
+            const ret = {};
+            ret.isSignatureValid = yield verifySignature({
+                header: this.header,
+                signature: this.signature,
+                message: this.signableInput,
+                publicKeyJwk
+            });
+            if ('nbf' in this.payload) {
+                const now = new Date();
+                const notBefore = new Date(this.payload.nbf * 1000);
+                ret.isNotBeforeValid = notBefore < now;
+            }
+            if ('exp' in this.payload) {
+                const now = new Date();
+                const expiryTime = new Date(this.payload.exp * 1000);
+                ret.isExpiryTimeValid = expiryTime > now;
+            }
+            if (requiredClaims) {
+                ret.areRequiredClaimsIncluded = requiredClaims.every((claim) => claim in this.payload);
+            }
+            ret.isValid = Object.values(ret)
+                .filter((i) => typeof i === 'boolean')
+                .every((i) => !!i);
+            return ret;
+        });
+    }
+}
+exports.Jwt = Jwt;
+//# sourceMappingURL=jwt.js.map

package/build/jwt/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/jwt/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4CAAwC;AACxC,mCAAkC;AAElC,uCAA0C;AAE1C,oCAAiE;AAiDjE,MAAa,GAAG;IAsCZ,YACI,OAAqC,EACrC,iBAAwC;QAExC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QAEnC,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,CAAA;IAC3C,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,WAAW,CAGvB,OAAe;QACb,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,wBAAc,EACjD,OAAO,CACV,CAAA;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAkB;YACjC,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAC,CAAA;QAEF,OAAO,GAAiE,CAAA;IAC5E,CAAC;IAED;;;;OAIG;IACI,UAAU,CACb,MAAc;QAEd,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,cAAc,CACjB,IAA2B,EAC3B,KAAoC;;QAEpC,MAAA,IAAI,CAAC,MAAM,oCAAX,IAAI,CAAC,MAAM,GAAK,EAAY,EAAA;QAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,mCAAQ,IAAI,CAAC,MAAM,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACnD,CAAC;QACD,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,WAAW,CACd,OAAgB;QAEhB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;OAIG;IACI,eAAe,CAClB,IAA4B,EAC5B,KAAqC;;QAErC,MAAA,IAAI,CAAC,OAAO,oCAAZ,IAAI,CAAC,OAAO,GAAK,EAAa,EAAA;QAC9B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,OAAO,mCAAQ,IAAI,CAAC,OAAO,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACrD,CAAC;QACD,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;;;OAMG;IACI,aAAa,CAChB,SAAqB;QAErB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAAc;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CAAC,wBAAwB,CAAC,CAAA;IAChD,CAAC;IAED;;;;;;OAMG;IACI,aAAa;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAM;QAExB,MAAM,IAAI,gBAAQ,CAAC,yBAAyB,CAAC,CAAA;IACjD,CAAC;IAED;;;;;;OAMG;IACI,eAAe;QAClB,IAAI,IAAI,CAAC,SAAS;YAAE,OAAM;QAE1B,MAAM,IAAI,gBAAQ,CAAC,2BAA2B,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CACd,wFAAwF,CAC3F,CAAA;IACL,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CACtB,QAA+B,EAC/B,UAA8C;QAE9C,IAAI,CAAC,YAAY,EAAE,CAAA;QAEnB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,MAAO,EACZ,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,oBAAoB,CAAA;YACrC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,oBAAoB,CACvB,QAAgC,EAChC,UAA+C;QAE/C,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,OAAQ,EACb,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,qBAAqB,CAAA;YACtC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAEO,mBAAmB,CACvB,MAA+B,EAC/B,QAAgB,EAChB,UAAoB;QAEpB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,IAAI,UAAU,IAAI,CAAC,IAAA,uBAAe,EAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,gBAAQ,CACd,cAAc,QAAQ,uCAAuC,CAChE,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACI,iBAAiB,CAAI,QAAgC;QACxD,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,OAAQ,EAAE,QAAkB,CAAC,CAAA;IACtE,CAAC;IAED;;;;;;;OAOG;IACI,gBAAgB,CAAI,QAA+B;QACtD,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,MAAO,EAAE,QAAkB,CAAC,CAAA;IACrE,CAAC;IAEO,gBAAgB,CACpB,MAA+B,EAC/B,QAAgB;QAEhB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAI,MAAM,EAAE,QAAQ,CAAC,CAAA;QAExD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,OAAO,KAAK,CAAA;IAChB,CAAC;IAED;;;;;;OAMG;IACH,IAAW,aAAa;QACpB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,EAAE,CAAA;IACzD,CAAC;IAED;;;;OAIG;IACU,UAAU;;YAGnB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAO,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAO,CAAC,CAAA;YACtE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YAE7B,OAAO,IAAqD,CAAA;QAChE,CAAC;KAAA;IAED,IAAY,aAAa;QACrB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,qBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAO,CAAC,CAAA;IACjD,CAAC;IAED,IAAY,cAAc;QACtB,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,qBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAQ,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;;;OAQG;IACU,SAAS;;YAClB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,gBAAgB,GAAG,qBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAA;YAE1D,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,IAAI,gBAAgB,EAAE,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,MAAM,CACf,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;YAEtC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,MAAM,GAAG,GAAmC,EAAE,CAAA;YAE9C,GAAG,CAAC,gBAAgB,GAAG,MAAM,eAAe,CAAC;gBACzC,MAAM,EAAE,IAAI,CAAC,MAAO;gBACpB,SAAS,EAAE,IAAI,CAAC,SAAU;gBAC1B,OAAO,EAAE,IAAI,CAAC,aAAa;gBAC3B,YAAY;aACf,CAAC,CAAA;YAEF,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEhE,GAAG,CAAC,gBAAgB,GAAG,SAAS,GAAG,GAAG,CAAA;YAC1C,CAAC;YAED,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEjE,GAAG,CAAC,iBAAiB,GAAG,UAAU,GAAG,GAAG,CAAA;YAC5C,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACjB,GAAG,CAAC,yBAAyB,GAAG,cAAc,CAAC,KAAK,CAChD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,OAAQ,CACpC,CAAA;YACL,CAAC;YAED,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;iBAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;iBACrC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEtB,OAAO,GAA4B,CAAA;QACvC,CAAC;KAAA;CACJ;AA/aD,kBA+aC"}

package/build/keyBinding/index.d.ts

@@ -0,0 +1 @@
+export * from './keyBinding';

package/build/keyBinding/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./keyBinding"), exports);
+//# sourceMappingURL=index.js.map

package/build/keyBinding/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keyBinding/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA4B"}

package/build/keyBinding/keyBinding.d.ts

@@ -0,0 +1,56 @@
+import { Jwt, JwtAdditionalOptions, JwtOptions, JwtVerificationResult } from '../jwt';
+import { SignatureAndEncryptionAlgorithm } from '../signatureAndEncryptionAlgorithm';
+import { MakePropertyRequired, Signer, Verifier } from '../types';
+type ReturnKeyBindingWithHeaderAndPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends KeyBinding<H, P>> = MakePropertyRequired<T, 'header' | 'payload'>;
+export type KeyBindingHeader<H extends Record<string, unknown> = Record<string, unknown>> = H & {
+    typ: 'kb+jwt';
+    alg: SignatureAndEncryptionAlgorithm | string;
+};
+export type KeyBindingPayload<P extends Record<string, unknown> = Record<string, unknown>> = P & {
+    iat: number;
+    aud: string;
+    nonce: string;
+};
+export type KeyBindingOptions<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> = JwtOptions<KeyBindingHeader<Header>, KeyBindingPayload<Payload>>;
+export type KeyBindingAdditionalOptions<Header extends Record<string, unknown> = Record<string, unknown>> = JwtAdditionalOptions<KeyBindingHeader<Header>>;
+export type KeyBindingVerificationResult = JwtVerificationResult;
+export declare class KeyBinding<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends Jwt<Header, Payload> {
+    signer?: Signer<Header>;
+    constructor(options?: KeyBindingOptions<Header, Payload>, additionalOptions?: KeyBindingAdditionalOptions<Header>);
+    /**
+     *
+     * Convert a standard `JWT` to an instance of `KeyBinding`.
+     *
+     * @throws when the claims are not valid for key binding
+     *
+     */
+    static fromJwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(jwt: Jwt<Header, Payload>): KeyBinding<Header, Payload>;
+    /**
+     *
+     * Verify the jwt as a valid `KeyBinding` jwt.
+     *
+     * Invalid when:
+     *   - The required claims for key binding are not included
+     *   - The signature is invalid
+     *   - The optional required additional claims are not included
+     *
+     */
+    verify(verifySignature: Verifier<Header>, requiredClaims?: Array<keyof Payload | string>, publicKeyJwk?: Record<string, unknown>): Promise<KeyBindingVerificationResult>;
+    /**
+     *
+     * Convert a compact `JWT` into an instance of `KeyBinding`.
+     *
+     * @throws when the claims are not valid for key binding
+     *
+     */
+    static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnKeyBindingWithHeaderAndPayload<Header, Payload, KeyBinding<Header, Payload>>;
+    /**
+     *
+     * Asserts the required properties for valid key binding.
+     *
+     * @throws when a claim in the header, or payload, is invalid
+     *
+     */
+    assertValidForKeyBinding(): Promise<void>;
+}
+export {};

package/build/keyBinding/keyBinding.js

@@ -0,0 +1,99 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyBinding = void 0;
+const jwt_1 = require("../jwt");
+class KeyBinding extends jwt_1.Jwt {
+    constructor(options, additionalOptions) {
+        super(options);
+        this.signer = additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer;
+    }
+    /**
+     *
+     * Convert a standard `JWT` to an instance of `KeyBinding`.
+     *
+     * @throws when the claims are not valid for key binding
+     *
+     */
+    static fromJwt(jwt) {
+        const keyBinding = new KeyBinding({
+            header: jwt.header,
+            payload: jwt.payload,
+            signature: jwt.signature
+        }, { signer: jwt.signer });
+        keyBinding.assertValidForKeyBinding();
+        return keyBinding;
+    }
+    /**
+     *
+     * Verify the jwt as a valid `KeyBinding` jwt.
+     *
+     * Invalid when:
+     *   - The required claims for key binding are not included
+     *   - The signature is invalid
+     *   - The optional required additional claims are not included
+     *
+     */
+    verify(verifySignature, requiredClaims, publicKeyJwk) {
+        const _super = Object.create(null, {
+            verify: { get: () => super.verify }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            this.assertValidForKeyBinding();
+            const jwtVerificationResult = yield _super.verify.call(this, verifySignature, requiredClaims, publicKeyJwk);
+            return jwtVerificationResult;
+        });
+    }
+    /**
+     *
+     * Convert a compact `JWT` into an instance of `KeyBinding`.
+     *
+     * @throws when the claims are not valid for key binding
+     *
+     */
+    static fromCompact(compact) {
+        const jwt = jwt_1.Jwt.fromCompact(compact);
+        const keyBinding = KeyBinding.fromJwt(jwt);
+        return keyBinding;
+    }
+    /**
+     *
+     * Asserts the required properties for valid key binding.
+     *
+     * @throws when a claim in the header, or payload, is invalid
+     *
+     */
+    assertValidForKeyBinding() {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                this.assertHeader();
+                this.assertPayload();
+                if (!this.signature) {
+                    yield this.signAndAdd();
+                }
+                this.assertSignature();
+                this.assertClaimInHeader('typ', 'kb+jwt');
+                this.assertClaimInHeader('alg');
+                this.assertClaimInPayload('iat');
+                this.assertClaimInPayload('nonce');
+                this.assertClaimInPayload('aud');
+            }
+            catch (e) {
+                if (e instanceof Error) {
+                    e.message = `jwt is not valid for usage with key binding. Error: ${e.message}`;
+                }
+                throw e;
+            }
+        });
+    }
+}
+exports.KeyBinding = KeyBinding;
+//# sourceMappingURL=keyBinding.js.map

package/build/keyBinding/keyBinding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyBinding.js","sourceRoot":"","sources":["../../src/keyBinding/keyBinding.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,gCAKe;AAoCf,MAAa,UAGX,SAAQ,SAAoB;IAG1B,YACI,OAA4C,EAC5C,iBAAuD;QAEvD,KAAK,CAAC,OAAO,CAAC,CAAA;QAEd,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAwB,CAAA;IAC7D,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,OAAO,CAGnB,GAAyB;QACvB,MAAM,UAAU,GAAG,IAAI,UAAU,CAC7B;YACI,MAAM,EAAE,GAAG,CAAC,MAAkC;YAC9C,OAAO,EAAE,GAAG,CAAC,OAAqC;YAClD,SAAS,EAAE,GAAG,CAAC,SAAS;SAC3B,EACD,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CACzB,CAAA;QAED,UAAU,CAAC,wBAAwB,EAAE,CAAA;QAErC,OAAO,UAAU,CAAA;IACrB,CAAC;IAED;;;;;;;;;OASG;IACmB,MAAM,CACxB,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;;;;YAEtC,IAAI,CAAC,wBAAwB,EAAE,CAAA;YAE/B,MAAM,qBAAqB,GAAG,MAAM,OAAM,MAAM,YAC5C,eAAe,EACf,cAAc,EACd,YAAY,CACf,CAAA;YAED,OAAO,qBAAqB,CAAA;QAChC,CAAC;KAAA;IAED;;;;;;OAMG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,GAAG,GAAG,SAAG,CAAC,WAAW,CAAkB,OAAO,CAAC,CAAA;QACrD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAkB,GAAG,CAAC,CAAA;QAE3D,OAAO,UAIN,CAAA;IACL,CAAC;IAED;;;;;;OAMG;IACU,wBAAwB;;YACjC,IAAI,CAAC;gBACD,IAAI,CAAC,YAAY,EAAE,CAAA;gBACnB,IAAI,CAAC,aAAa,EAAE,CAAA;gBAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;gBAC3B,CAAC;gBAED,IAAI,CAAC,eAAe,EAAE,CAAA;gBAEtB,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;gBACzC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;gBAE/B,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBAChC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;gBAClC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;oBACrB,CAAC,CAAC,OAAO,GAAG,uDAAuD,CAAC,CAAC,OAAO,EAAE,CAAA;gBAClF,CAAC;gBAED,MAAM,CAAC,CAAA;YACX,CAAC;QACL,CAAC;KAAA;CACJ;AAvHD,gCAuHC"}

package/build/sdJwt/compact.d.ts

@@ -0,0 +1,8 @@
+import { KeyBinding } from '../keyBinding';
+import { Disclosure } from './disclosures';
+import { ExpandedJwt } from '../jwt';
+export type ExpandedSdJwt<H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>> = ExpandedJwt<H, P> & {
+    disclosures?: Array<Disclosure>;
+    keyBinding?: KeyBinding;
+};
+export declare const sdJwtFromCompact: <H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>>(compact: string) => ExpandedSdJwt<H, P>;

package/build/sdJwt/compact.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sdJwtFromCompact = void 0;
+const keyBinding_1 = require("../keyBinding");
+const disclosures_1 = require("./disclosures");
+const jwt_1 = require("../jwt");
+const sdJwtFromCompact = (compact) => {
+    const [jwtWithoutDisclosures, ...encodedDisclosures] = compact.split('~');
+    const { header, payload, signature } = (0, jwt_1.jwtFromCompact)(jwtWithoutDisclosures);
+    if (encodedDisclosures.length === 0) {
+        return {
+            header,
+            payload,
+            signature
+        };
+    }
+    const hasKeyBinding = !compact.endsWith('~');
+    // If the disclosure array ends with an `~` we do not have
+    // a key binding and `String.split` takes it as an empty string
+    // as element which we would not like to include in the disclosures.
+    if (!hasKeyBinding)
+        encodedDisclosures.pop();
+    const compactKeyBinding = hasKeyBinding
+        ? encodedDisclosures.pop()
+        : undefined;
+    const keyBinding = compactKeyBinding
+        ? keyBinding_1.KeyBinding.fromCompact(compactKeyBinding)
+        : undefined;
+    const disclosures = encodedDisclosures.map(disclosures_1.Disclosure.fromString);
+    return {
+        header,
+        payload,
+        signature,
+        keyBinding,
+        disclosures
+    };
+};
+exports.sdJwtFromCompact = sdJwtFromCompact;
+//# sourceMappingURL=compact.js.map

package/build/sdJwt/compact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compact.js","sourceRoot":"","sources":["../../src/sdJwt/compact.ts"],"names":[],"mappings":";;;AAAA,8CAA0C;AAC1C,+CAA0C;AAC1C,gCAAoD;AAU7C,MAAM,gBAAgB,GAAG,CAI5B,OAAe,EACI,EAAE;IACrB,MAAM,CAAC,qBAAqB,EAAE,GAAG,kBAAkB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEzE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAc,EACjD,qBAAqB,CACxB,CAAA;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACH,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAA;IACL,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAE5C,0DAA0D;IAC1D,+DAA+D;IAC/D,oEAAoE;IACpE,IAAI,CAAC,aAAa;QAAE,kBAAkB,CAAC,GAAG,EAAE,CAAA;IAE5C,MAAM,iBAAiB,GAAG,aAAa;QACnC,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE;QAC1B,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,UAAU,GAAG,iBAAiB;QAChC,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC;QAC3C,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,wBAAU,CAAC,UAAU,CAAC,CAAA;IAEjE,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;QACT,UAAU;QACV,WAAW;KACd,CAAA;AACL,CAAC,CAAA;AA5CY,QAAA,gBAAgB,oBA4C5B"}

package/build/sdJwt/decoys.d.ts

@@ -0,0 +1,2 @@
+import { SaltGenerator, Hasher } from '../types';
+export declare const createDecoys: (count: number, saltGenerator: SaltGenerator, hasher: Hasher) => Promise<string[]>;

package/build/sdJwt/decoys.js

@@ -0,0 +1,35 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDecoys = void 0;
+const error_1 = require("./error");
+const base64url_1 = require("../base64url");
+const createDecoys = (count, saltGenerator, hasher) => __awaiter(void 0, void 0, void 0, function* () {
+    if (count < 0) {
+        throw new error_1.SdJwtError(`Negative count of ${count} is not allowed.`);
+    }
+    if (isNaN(count)) {
+        throw new error_1.SdJwtError(`NaN is not allowed for count.`);
+    }
+    if (!isFinite(count)) {
+        throw new error_1.SdJwtError(`Infinite is not allopwed for count.`);
+    }
+    const decoys = [];
+    for (let i = 0; i < count; i++) {
+        const salt = yield saltGenerator();
+        const decoy = yield hasher(salt);
+        const encodedDecoy = base64url_1.Base64url.encode(decoy);
+        decoys.push(encodedDecoy);
+    }
+    return decoys;
+});
+exports.createDecoys = createDecoys;
+//# sourceMappingURL=decoys.js.map

package/build/sdJwt/decoys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decoys.js","sourceRoot":"","sources":["../../src/sdJwt/decoys.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,mCAAoC;AACpC,4CAAwC;AAEjC,MAAM,YAAY,GAAG,CACxB,KAAa,EACb,aAA4B,EAC5B,MAAc,EAChB,EAAE;IACA,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACZ,MAAM,IAAI,kBAAU,CAAC,qBAAqB,KAAK,kBAAkB,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACf,MAAM,IAAI,kBAAU,CAAC,+BAA+B,CAAC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,kBAAU,CAAC,qCAAqC,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,MAAM,GAAkB,EAAE,CAAA;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAA;QAChC,MAAM,YAAY,GAAG,qBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAC7B,CAAC;IACD,OAAO,MAAM,CAAA;AACjB,CAAC,CAAA,CAAA;AAzBY,QAAA,YAAY,gBAyBxB"}

package/build/sdJwt/disclosureFrame.d.ts

@@ -0,0 +1,7 @@
+import { DisclosureFrame } from '../types';
+import { Disclosure } from './disclosures';
+import { SaltGenerator, Hasher } from '../types';
+export declare const applyDisclosureFrame: <Payload extends Record<string, unknown> = Record<string, unknown>>(saltGenerator: SaltGenerator, hasher: Hasher, payload: Payload, frame: DisclosureFrame<Payload>, keys?: Array<string>, cleanup?: Array<Array<string>>, disclosures?: Array<Disclosure>) => Promise<{
+    payload: Record<string, unknown>;
+    disclosures: Array<Disclosure>;
+}>;