@sd-jwt/core 0.1.0

package/build/sdJwt/swapClaim.d.ts

@@ -0,0 +1,3 @@
+import { Disclosure } from './disclosures';
+import { Hasher } from '../types';
+export declare const swapClaims: (hasher: Hasher, payload: Record<string, unknown>, disclosures: Array<Disclosure>, newPayload?: Record<string, unknown>) => Promise<Record<string, unknown>>;

package/build/sdJwt/swapClaim.js

@@ -0,0 +1,90 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.swapClaims = void 0;
+const shouldInsertDisclosure = (hasher, key, value, disclosures) => __awaiter(void 0, void 0, void 0, function* () {
+    if (key !== '_sd')
+        return [];
+    if (!Array.isArray(value))
+        return [];
+    const filteredDisclosures = [];
+    for (const d of disclosures) {
+        const digest = yield d.digest(hasher);
+        if (value.includes(digest)) {
+            filteredDisclosures.push(d);
+        }
+    }
+    return filteredDisclosures;
+});
+const shouldIncludeCleartextClaim = (key, value) => key !== '_sd' && key !== '_sd_alg' && typeof value !== 'object';
+const swapClaims = (hasher, payload, disclosures, newPayload = {}) => __awaiter(void 0, void 0, void 0, function* () {
+    const entries = Object.entries(payload);
+    // Loop over de payload
+    for (let i = 0; i < entries.length; i++) {
+        const [key, value] = entries[i];
+        // See whether we have an `_sd` key with an array of disclosures.
+        const foundDisclosures = yield shouldInsertDisclosure(hasher, key, value, disclosures);
+        // Add the disclosed items to the pretty payload
+        foundDisclosures.forEach((d) => {
+            const [, disclosureKey, disclosureValue] = d.decoded;
+            newPayload[disclosureKey] = disclosureValue;
+        });
+        // Skip the rest as  `_sd` is a special case
+        if (key === '_sd') {
+            continue;
+        }
+        // Include all the primitive claims into the new payload
+        if (shouldIncludeCleartextClaim(key, value)) {
+            newPayload[key] = value;
+            continue;
+        }
+        if (typeof value === 'object' && Array.isArray(value)) {
+            newPayload[key] = yield swapClaimsInsideArray(hasher, value, disclosures);
+            continue;
+        }
+        if (typeof value === 'object' &&
+            value !== null &&
+            !Array.isArray(value)) {
+            newPayload[key] = yield (0, exports.swapClaims)(hasher, value, disclosures);
+        }
+    }
+    return newPayload;
+});
+exports.swapClaims = swapClaims;
+const swapClaimsInsideArray = (hasher, array, disclosures) => __awaiter(void 0, void 0, void 0, function* () {
+    const processedArray = [];
+    for (const el of array) {
+        if (typeof el === 'object' && el !== null && '...' in el) {
+            const hash = el['...'];
+            let disclosureFound = false;
+            let disclosureValue;
+            for (const d of disclosures) {
+                const digest = yield d.digest(hasher);
+                if (digest === hash && d.decoded[2] === undefined) {
+                    disclosureValue = d.decoded[1];
+                    disclosureFound = true;
+                    break;
+                }
+            }
+            if (disclosureFound) {
+                processedArray.push(disclosureValue);
+            }
+            else {
+                processedArray.push(el);
+            }
+        }
+        else {
+            processedArray.push(el);
+        }
+    }
+    return processedArray;
+});
+//# sourceMappingURL=swapClaim.js.map

package/build/sdJwt/swapClaim.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"swapClaim.js","sourceRoot":"","sources":["../../src/sdJwt/swapClaim.ts"],"names":[],"mappings":";;;;;;;;;;;;AAGA,MAAM,sBAAsB,GAAG,CAC3B,MAAc,EACd,GAAW,EACX,KAAc,EACd,WAA8B,EAChC,EAAE;IACA,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,EAAE,CAAA;IAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IAEpC,MAAM,mBAAmB,GAAG,EAAE,CAAA;IAE9B,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC/B,CAAC;IACL,CAAC;IAED,OAAO,mBAAmB,CAAA;AAC9B,CAAC,CAAA,CAAA;AAED,MAAM,2BAA2B,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,EAAE,CAChE,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAA;AAE5D,MAAM,UAAU,GAAG,CACtB,MAAc,EACd,OAAgC,EAChC,WAA8B,EAC9B,aAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvC,uBAAuB;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;QAE/B,iEAAiE;QACjE,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CACjD,MAAM,EACN,GAAG,EACH,KAAK,EACL,WAAW,CACd,CAAA;QAED,gDAAgD;QAChD,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,MAAM,CAAC,EAAE,aAAa,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,CAAA;YACpD,UAAU,CAAC,aAAuB,CAAC,GAAG,eAAe,CAAA;QACzD,CAAC,CAAC,CAAA;QAEF,4CAA4C;QAC5C,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChB,SAAQ;QACZ,CAAC;QAED,wDAAwD;QACxD,IAAI,2BAA2B,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1C,UAAU,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACvB,SAAQ;QACZ,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,UAAU,CAAC,GAAG,CAAC,GAAG,MAAM,qBAAqB,CACzC,MAAM,EACN,KAAK,EACL,WAAW,CACd,CAAA;YACD,SAAQ;QACZ,CAAC;QAED,IACI,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EACvB,CAAC;YACC,UAAU,CAAC,GAAG,CAAC,GAAG,MAAM,IAAA,kBAAU,EAC9B,MAAM,EACN,KAAgC,EAChC,WAAW,CACd,CAAA;QACL,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAA;AACrB,CAAC,CAAA,CAAA;AA5DY,QAAA,UAAU,cA4DtB;AAED,MAAM,qBAAqB,GAAG,CAC1B,MAAc,EACd,KAAyC,EACzC,WAA8B,EAChC,EAAE;IACA,MAAM,cAAc,GAAG,EAAE,CAAA;IAEzB,KAAK,MAAM,EAAE,IAAI,KAAK,EAAE,CAAC;QACrB,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,IAAI,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAA;YACtB,IAAI,eAAe,GAAG,KAAK,CAAA;YAC3B,IAAI,eAAe,CAAA;YAEnB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;gBACrC,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;oBAChD,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;oBAC9B,eAAe,GAAG,IAAI,CAAA;oBACtB,MAAK;gBACT,CAAC;YACL,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBAClB,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACxC,CAAC;iBAAM,CAAC;gBACJ,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3B,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC3B,CAAC;IACL,CAAC;IAED,OAAO,cAAc,CAAA;AACzB,CAAC,CAAA,CAAA"}

package/build/sdJwt/types.d.ts

@@ -0,0 +1,5 @@
+import { MakePropertyRequired } from '../types';
+import { SdJwt } from './sdJwt';
+export type ReturnSdJwtWithHeaderAndPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'header' | 'payload'>;
+export type ReturnSdJwtWithPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'payload'>;
+export type ReturnSdJwtWithKeyBinding<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'keyBinding'>;

package/build/sdJwt/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/build/sdJwt/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sdJwt/types.ts"],"names":[],"mappings":""}

package/build/sdJwtVc/error.d.ts

@@ -0,0 +1,2 @@
+export declare class SdJwtVcError extends Error {
+}

package/build/sdJwtVc/error.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdJwtVcError = void 0;
+class SdJwtVcError extends Error {
+}
+exports.SdJwtVcError = SdJwtVcError;
+//# sourceMappingURL=error.js.map

package/build/sdJwtVc/error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/sdJwtVc/error.ts"],"names":[],"mappings":";;;AAAA,MAAa,YAAa,SAAQ,KAAK;CAAG;AAA1C,oCAA0C"}

package/build/sdJwtVc/index.d.ts

@@ -0,0 +1,2 @@
+export * from './sdJwtVc';
+export * from './error';

package/build/sdJwtVc/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./sdJwtVc"), exports);
+__exportStar(require("./error"), exports);
+//# sourceMappingURL=index.js.map

package/build/sdJwtVc/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdJwtVc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,0CAAuB"}

package/build/sdJwtVc/sdJwtVc.d.ts

@@ -0,0 +1,47 @@
+import { ReturnSdJwtWithHeaderAndPayload } from '../sdJwt';
+import { SdJwt, SdJwtVerificationResult } from '../sdJwt';
+import { Verifier } from '../types';
+export type SdJwtVcVerificationResult = SdJwtVerificationResult & {
+    containsExpectedKeyBinding: boolean;
+    containsRequiredVcProperties: boolean;
+};
+export declare class SdJwtVc<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends SdJwt<Header, Payload> {
+    assertNonSelectivelyDisclosableClaims(): void;
+    private validateSdJwtVc;
+    /**
+     *
+     * Instantiate a sd-jwt-vc from a compact format.
+     *
+     * @throws when the compact sd-jwt-vc is not a valid sd-jwt-vc
+     *
+     */
+    static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnSdJwtWithHeaderAndPayload<Header, Payload, SdJwtVc<Header, Payload>>;
+    /**
+     *
+     * Verify the sd-jwt-vc.
+     *
+     * It validates the following properties:
+     *   - sd-jwt issuer signature
+     *   - Optionally, the required claims
+     *   - The `nbf` and `exp` claims
+     *   - Whether the key binding is valid
+     *   - Whether the expected key binding is used
+     *   - Whether the required sd-jwt-vc properties are included
+     *
+     */
+    verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>, expectedCnfClaim?: Record<string, unknown>): Promise<SdJwtVcVerificationResult>;
+    /**
+     *
+     * Create a compact format of the sd-jwt-vc.
+     *
+     * This will
+     *   - Apply the disclosure frame
+     *   - Add a signature if there is none
+     *
+     * @throws when the sd-jwt-vc is not conformant to the specification
+     * @throws When the signature and signer are not defined
+     * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
+     *
+     */
+    toCompact(): Promise<string>;
+}

package/build/sdJwtVc/sdJwtVc.js

@@ -0,0 +1,125 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdJwtVc = void 0;
+const sdJwt_1 = require("../sdJwt");
+const sdJwt_2 = require("../sdJwt");
+const jwt_1 = require("../jwt");
+class SdJwtVc extends sdJwt_2.SdJwt {
+    assertNonSelectivelyDisclosableClaims() {
+        if (!this.disclosureFrame)
+            return;
+        ['iss', 'vct', 'iat', 'cnf'].forEach(this.assertNonSelectivelyDisclosableClaim);
+    }
+    validateSdJwtVc(expectedCnfClaim) {
+        try {
+            this.assertNonSelectivelyDisclosableClaims();
+            this.assertHeader();
+            this.assertPayload();
+            this.assertClaimInHeader('typ', 'vc+sd-jwt');
+            this.assertClaimInHeader('alg');
+            this.assertClaimInPayload('iss');
+            this.assertClaimInPayload('vct');
+            this.assertClaimInPayload('iat');
+            this.assertClaimInPayload('cnf', expectedCnfClaim);
+        }
+        catch (e) {
+            if (e instanceof Error) {
+                e.message = `jwt is not valid for usage with sd-jwt-vc. Error: ${e.message}`;
+            }
+            throw e;
+        }
+    }
+    /**
+     *
+     * Instantiate a sd-jwt-vc from a compact format.
+     *
+     * @throws when the compact sd-jwt-vc is not a valid sd-jwt-vc
+     *
+     */
+    static fromCompact(compact) {
+        const { disclosures, keyBinding, signature, payload, header } = (0, sdJwt_1.sdJwtFromCompact)(compact);
+        const sdJwtVc = new SdJwtVc({
+            header,
+            payload,
+            signature,
+            disclosures,
+            keyBinding
+        });
+        sdJwtVc.validateSdJwtVc();
+        return sdJwtVc;
+    }
+    /**
+     *
+     * Verify the sd-jwt-vc.
+     *
+     * It validates the following properties:
+     *   - sd-jwt issuer signature
+     *   - Optionally, the required claims
+     *   - The `nbf` and `exp` claims
+     *   - Whether the key binding is valid
+     *   - Whether the expected key binding is used
+     *   - Whether the required sd-jwt-vc properties are included
+     *
+     */
+    verify(verifier, requiredClaimKeys, expectedCnfClaim) {
+        const _super = Object.create(null, {
+            verify: { get: () => super.verify }
+        });
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            const publicKeyJwk = (_b = (_a = this.payload) === null || _a === void 0 ? void 0 : _a.cnf) === null || _b === void 0 ? void 0 : _b.jwk;
+            const sdJwtVerificationResult = (yield _super.verify.call(this, verifier, requiredClaimKeys, publicKeyJwk));
+            try {
+                sdJwtVerificationResult.containsRequiredVcProperties = true;
+                this.validateSdJwtVc(expectedCnfClaim);
+                if (expectedCnfClaim) {
+                    sdJwtVerificationResult.containsExpectedKeyBinding = true;
+                }
+            }
+            catch (e) {
+                if (e instanceof jwt_1.JwtError &&
+                    e.message ==
+                        "jwt is not valid for usage with sd-jwt-vc. Error: Claim key 'cnf' was found, but values did not match within the payload") {
+                    sdJwtVerificationResult.containsExpectedKeyBinding = false;
+                }
+                else {
+                    sdJwtVerificationResult.containsRequiredVcProperties = false;
+                }
+            }
+            return sdJwtVerificationResult;
+        });
+    }
+    /**
+     *
+     * Create a compact format of the sd-jwt-vc.
+     *
+     * This will
+     *   - Apply the disclosure frame
+     *   - Add a signature if there is none
+     *
+     * @throws when the sd-jwt-vc is not conformant to the specification
+     * @throws When the signature and signer are not defined
+     * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
+     *
+     */
+    toCompact() {
+        const _super = Object.create(null, {
+            toCompact: { get: () => super.toCompact }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            this.validateSdJwtVc();
+            return yield _super.toCompact.call(this);
+        });
+    }
+}
+exports.SdJwtVc = SdJwtVc;
+//# sourceMappingURL=sdJwtVc.js.map

package/build/sdJwtVc/sdJwtVc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sdJwtVc.js","sourceRoot":"","sources":["../../src/sdJwtVc/sdJwtVc.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oCAA4E;AAC5E,oCAAyD;AACzD,gCAAiC;AAQjC,MAAa,OAGX,SAAQ,aAAsB;IACrB,qCAAqC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAC1B;QAAA,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CACjC,IAAI,CAAC,oCAAoC,CAC5C,CAAA;IACL,CAAC;IAEO,eAAe,CAAC,gBAA0C;QAC9D,IAAI,CAAC;YACD,IAAI,CAAC,qCAAqC,EAAE,CAAA;YAC5C,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAA;YAC5C,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;YAE/B,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;YAChC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;YAChC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;YAChC,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAA;QACtD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;gBACrB,CAAC,CAAC,OAAO,GAAG,qDAAqD,CAAC,CAAC,OAAO,EAAE,CAAA;YAChF,CAAC;YAED,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,GACzD,IAAA,wBAAgB,EAAkB,OAAO,CAAC,CAAA;QAE9C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAkB;YACzC,MAAM;YACN,OAAO;YACP,SAAS;YACT,WAAW;YACX,UAAU;SACb,CAAC,CAAA;QAEF,OAAO,CAAC,eAAe,EAAE,CAAA;QAEzB,OAAO,OAIN,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;OAYG;IACmB,MAAM,CACxB,QAA0B,EAC1B,iBAAiD,EACjD,gBAA0C;;;;;;YAE1C,MAAM,YAAY,GAAG,MACjB,MAAA,IAAI,CAAC,OAAO,0CAAE,GACjB,0CAAE,GAA0C,CAAA;YAE7C,MAAM,uBAAuB,GAAG,CAAC,MAAM,OAAM,MAAM,YAC/C,QAAQ,EACR,iBAAiB,EACjB,YAAY,CACf,CAA8B,CAAA;YAE/B,IAAI,CAAC;gBACD,uBAAuB,CAAC,4BAA4B,GAAG,IAAI,CAAA;gBAC3D,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAA;gBAEtC,IAAI,gBAAgB,EAAE,CAAC;oBACnB,uBAAuB,CAAC,0BAA0B,GAAG,IAAI,CAAA;gBAC7D,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IACI,CAAC,YAAY,cAAQ;oBACrB,CAAC,CAAC,OAAO;wBACL,0HAA0H,EAChI,CAAC;oBACC,uBAAuB,CAAC,0BAA0B,GAAG,KAAK,CAAA;gBAC9D,CAAC;qBAAM,CAAC;oBACJ,uBAAuB,CAAC,4BAA4B,GAAG,KAAK,CAAA;gBAChE,CAAC;YACL,CAAC;YAED,OAAO,uBAAuB,CAAA;;KACjC;IAED;;;;;;;;;;;;OAYG;IACY,SAAS;;;;;YACpB,IAAI,CAAC,eAAe,EAAE,CAAA;YACtB,OAAO,MAAM,OAAM,SAAS,WAAE,CAAA;QAClC,CAAC;KAAA;CACJ;AAnID,0BAmIC"}

package/build/signatureAndEncryptionAlgorithm.d.ts

@@ -0,0 +1,105 @@
+/**
+ * Enumeration representing various JSON Web Token (JWT) algorithms for digital signatures and encryption.
+ */
+export declare enum SignatureAndEncryptionAlgorithm {
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-256
+     */
+    RS256 = "RS256",
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-384
+     */
+    RS384 = "RS384",
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-512
+     */
+    RS512 = "RS512",
+    /**
+     * ECDSA using P-256 and SHA-256
+     */
+    ES256 = "ES256",
+    /**
+     * ECDSA using P-384 and SHA-384
+     */
+    ES384 = "ES384",
+    /**
+     * ECDSA using P-521 and SHA-512
+     */
+    ES512 = "ES512",
+    /**
+     * RSA-PSS using SHA-256
+     */
+    PS256 = "PS256",
+    /**
+     * RSA-PSS using SHA-384
+     */
+    PS384 = "PS384",
+    /**
+     * RSA-PSS using SHA-512
+     */
+    PS512 = "PS512",
+    /**
+     * No digital signature or MAC performed
+     */
+    none = "none",
+    /**
+     * RSAES-PKCS1-v1_5
+     */
+    RSA1_5 = "RSA1_5",
+    /**
+     * RSAES OAEP
+     */
+    RSA_OAEP = "RSA-OAEP",
+    /**
+     * RSAES OAEP using SHA-256
+     */
+    RSA_OAEP_256 = "RSA-OAEP-256",
+    /**
+     * AES Key Wrap using 128-bit key
+     */
+    A128KW = "A128KW",
+    /**
+     * AES Key Wrap using 192-bit key
+     */
+    A192KW = "A192KW",
+    /**
+     * AES Key Wrap using 256-bit key
+     */
+    A256KW = "A256KW",
+    /**
+     * Direct use of a shared symmetric key
+     */
+    dir = "dir",
+    /**
+     * ECDH-ES using Concat KDF
+     */
+    ECDH_ES = "ECDH-ES",
+    /**
+     * EdDSA signature algorithms
+     */
+    EdDSA = "EdDSA",
+    /**
+     * ECDH-ES using Concat KDF and "A128KW" wrapping
+     */
+    ECDH_ES_A128KW = "ECDH-ES+A128KW",
+    /**
+     * ECDH-ES using Concat KDF and "A192KW" wrapping
+     */
+    ECDH_ES_A192KW = "ECDH-ES+A192KW",
+    /**
+     * ECDH-ES using Concat KDF and "A256KW" wrapping
+     */
+    ECDH_ES_A256KW = "ECDH-ES+A256KW",
+    /**
+     * Key wrapping with AES GCM using 128-bit key
+     */
+    A128GCMKW = "A128GCMKW",
+    /**
+     * Key wrapping with AES GCM using 192-bit key
+     */
+    A192GCMKW = "A192GCMKW",
+    /**
+     * Key wrapping with AES GCM using 256-bit key
+     */
+    A256GCMKW = "A256GCMKW"
+}

package/build/signatureAndEncryptionAlgorithm.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignatureAndEncryptionAlgorithm = void 0;
+/**
+ * Enumeration representing various JSON Web Token (JWT) algorithms for digital signatures and encryption.
+ */
+var SignatureAndEncryptionAlgorithm;
+(function (SignatureAndEncryptionAlgorithm) {
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-256
+     */
+    SignatureAndEncryptionAlgorithm["RS256"] = "RS256";
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-384
+     */
+    SignatureAndEncryptionAlgorithm["RS384"] = "RS384";
+    /**
+     * RSASSA-PKCS1-v1_5 using SHA-512
+     */
+    SignatureAndEncryptionAlgorithm["RS512"] = "RS512";
+    /**
+     * ECDSA using P-256 and SHA-256
+     */
+    SignatureAndEncryptionAlgorithm["ES256"] = "ES256";
+    /**
+     * ECDSA using P-384 and SHA-384
+     */
+    SignatureAndEncryptionAlgorithm["ES384"] = "ES384";
+    /**
+     * ECDSA using P-521 and SHA-512
+     */
+    SignatureAndEncryptionAlgorithm["ES512"] = "ES512";
+    /**
+     * RSA-PSS using SHA-256
+     */
+    SignatureAndEncryptionAlgorithm["PS256"] = "PS256";
+    /**
+     * RSA-PSS using SHA-384
+     */
+    SignatureAndEncryptionAlgorithm["PS384"] = "PS384";
+    /**
+     * RSA-PSS using SHA-512
+     */
+    SignatureAndEncryptionAlgorithm["PS512"] = "PS512";
+    /**
+     * No digital signature or MAC performed
+     */
+    SignatureAndEncryptionAlgorithm["none"] = "none";
+    /**
+     * RSAES-PKCS1-v1_5
+     */
+    SignatureAndEncryptionAlgorithm["RSA1_5"] = "RSA1_5";
+    /**
+     * RSAES OAEP
+     */
+    SignatureAndEncryptionAlgorithm["RSA_OAEP"] = "RSA-OAEP";
+    /**
+     * RSAES OAEP using SHA-256
+     */
+    SignatureAndEncryptionAlgorithm["RSA_OAEP_256"] = "RSA-OAEP-256";
+    /**
+     * AES Key Wrap using 128-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A128KW"] = "A128KW";
+    /**
+     * AES Key Wrap using 192-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A192KW"] = "A192KW";
+    /**
+     * AES Key Wrap using 256-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A256KW"] = "A256KW";
+    /**
+     * Direct use of a shared symmetric key
+     */
+    SignatureAndEncryptionAlgorithm["dir"] = "dir";
+    /**
+     * ECDH-ES using Concat KDF
+     */
+    SignatureAndEncryptionAlgorithm["ECDH_ES"] = "ECDH-ES";
+    /**
+     * EdDSA signature algorithms
+     */
+    SignatureAndEncryptionAlgorithm["EdDSA"] = "EdDSA";
+    /**
+     * ECDH-ES using Concat KDF and "A128KW" wrapping
+     */
+    SignatureAndEncryptionAlgorithm["ECDH_ES_A128KW"] = "ECDH-ES+A128KW";
+    /**
+     * ECDH-ES using Concat KDF and "A192KW" wrapping
+     */
+    SignatureAndEncryptionAlgorithm["ECDH_ES_A192KW"] = "ECDH-ES+A192KW";
+    /**
+     * ECDH-ES using Concat KDF and "A256KW" wrapping
+     */
+    SignatureAndEncryptionAlgorithm["ECDH_ES_A256KW"] = "ECDH-ES+A256KW";
+    /**
+     * Key wrapping with AES GCM using 128-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A128GCMKW"] = "A128GCMKW";
+    /**
+     * Key wrapping with AES GCM using 192-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A192GCMKW"] = "A192GCMKW";
+    /**
+     * Key wrapping with AES GCM using 256-bit key
+     */
+    SignatureAndEncryptionAlgorithm["A256GCMKW"] = "A256GCMKW";
+})(SignatureAndEncryptionAlgorithm || (exports.SignatureAndEncryptionAlgorithm = SignatureAndEncryptionAlgorithm = {}));
+//# sourceMappingURL=signatureAndEncryptionAlgorithm.js.map

package/build/signatureAndEncryptionAlgorithm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signatureAndEncryptionAlgorithm.js","sourceRoot":"","sources":["../src/signatureAndEncryptionAlgorithm.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,IAAY,+BA6HX;AA7HD,WAAY,+BAA+B;IACvC;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,gDAAa,CAAA;IAEb;;OAEG;IACH,oDAAiB,CAAA;IAEjB;;OAEG;IACH,wDAAqB,CAAA;IAErB;;OAEG;IACH,gEAA6B,CAAA;IAE7B;;OAEG;IACH,oDAAiB,CAAA;IAEjB;;OAEG;IACH,oDAAiB,CAAA;IAEjB;;OAEG;IACH,oDAAiB,CAAA;IAEjB;;OAEG;IACH,8CAAW,CAAA;IAEX;;OAEG;IACH,sDAAmB,CAAA;IAEnB;;OAEG;IACH,kDAAe,CAAA;IAEf;;OAEG;IACH,oEAAiC,CAAA;IAEjC;;OAEG;IACH,oEAAiC,CAAA;IAEjC;;OAEG;IACH,oEAAiC,CAAA;IAEjC;;OAEG;IACH,0DAAuB,CAAA;IAEvB;;OAEG;IACH,0DAAuB,CAAA;IAEvB;;OAEG;IACH,0DAAuB,CAAA;AAC3B,CAAC,EA7HW,+BAA+B,+CAA/B,+BAA+B,QA6H1C"}

package/build/types/disclosure.d.ts

@@ -0,0 +1,5 @@
+import { BaseFrame } from './frame';
+export type DisclosureItem = [string, string, unknown] | [string, unknown];
+export type DisclosureFrame<T> = BaseFrame<T, {
+    __decoyCount?: number;
+}>;

package/build/types/disclosure.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=disclosure.js.map

package/build/types/disclosure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"disclosure.js","sourceRoot":"","sources":["../../src/types/disclosure.ts"],"names":[],"mappings":""}

package/build/types/frame.d.ts

@@ -0,0 +1,5 @@
+export type BaseFrame<Payload, ExtraProperties> = Payload extends Array<unknown> ? {
+    [K in keyof Payload]?: Payload[K] extends Record<string | number, unknown> ? BaseFrame<Payload[K], ExtraProperties> | boolean : boolean;
+} : Payload extends Record<string, unknown> ? {
+    [K in keyof Payload]?: Payload[K] extends Array<unknown> ? BaseFrame<Payload[K], ExtraProperties> | boolean : Payload[K] extends Record<string, unknown> ? (ExtraProperties & BaseFrame<Payload[K], ExtraProperties>) | boolean : boolean;
+} & ExtraProperties & Record<string, unknown> : boolean;

package/build/types/frame.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=frame.js.map

package/build/types/frame.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"frame.js","sourceRoot":"","sources":["../../src/types/frame.ts"],"names":[],"mappings":""}

package/build/types/hasher.d.ts

@@ -0,0 +1,14 @@
+import { OrPromise } from './utils';
+import { HasherAlgorithm } from '../hasherAlgorithm';
+/**
+ * A simple hash function that takes the base64url encoded variant of the disclosure and returns the digest as a byte array
+ */
+export type Hasher = (input: string) => OrPromise<Uint8Array>;
+/**
+ * hasher: A simple hash function that takes the base64url encoded variant of the disclosure and returns the digest as a byte array
+ * algorithm: IANA defined string for the hashing algorithm used
+ */
+export type HasherAndAlgorithm = {
+    hasher: Hasher;
+    algorithm: string | HasherAlgorithm;
+};

package/build/types/hasher.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=hasher.js.map

package/build/types/hasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../../src/types/hasher.ts"],"names":[],"mappings":""}

package/build/types/index.d.ts

@@ -0,0 +1,6 @@
+export * from './utils';
+export * from './hasher';
+export * from './signer';
+export * from './verifier';
+export * from './disclosure';
+export * from './saltGenerator';

package/build/types/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./utils"), exports);
+__exportStar(require("./hasher"), exports);
+__exportStar(require("./signer"), exports);
+__exportStar(require("./verifier"), exports);
+__exportStar(require("./disclosure"), exports);
+__exportStar(require("./saltGenerator"), exports);
+//# sourceMappingURL=index.js.map

package/build/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAuB;AACvB,2CAAwB;AACxB,2CAAwB;AACxB,6CAA0B;AAC1B,+CAA4B;AAC5B,kDAA+B"}

package/build/types/present.d.ts

@@ -0,0 +1,2 @@
+import { BaseFrame } from './frame';
+export type PresentationFrame<T> = BaseFrame<T, {}>;