@sd-jwt/core 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/base64url.d.ts +28 -0
- package/build/base64url.js +40 -0
- package/build/base64url.js.map +1 -0
- package/build/hasherAlgorithm.d.ts +70 -0
- package/build/hasherAlgorithm.js +75 -0
- package/build/hasherAlgorithm.js.map +1 -0
- package/build/index.d.ts +3 -3
- package/build/index.js +2 -3
- package/build/index.js.map +1 -1
- package/build/jwt/compact.d.ts +6 -0
- package/build/jwt/compact.js +27 -0
- package/build/jwt/compact.js.map +1 -0
- package/build/jwt/jwt.d.ts +4 -0
- package/build/jwt/jwt.js +1 -0
- package/build/jwt/jwt.js.map +1 -1
- package/build/keyBinding/keyBinding.d.ts +10 -2
- package/build/keyBinding/keyBinding.js +21 -2
- package/build/keyBinding/keyBinding.js.map +1 -1
- package/build/sdJwt/compact.d.ts +8 -0
- package/build/sdJwt/compact.js +39 -0
- package/build/sdJwt/compact.js.map +1 -0
- package/build/sdJwt/decoys.d.ts +2 -1
- package/build/sdJwt/decoys.js.map +1 -1
- package/build/sdJwt/disclosureFrame.d.ts +2 -1
- package/build/sdJwt/disclosureFrame.js.map +1 -1
- package/build/sdJwt/disclosureMapping.d.ts +43 -0
- package/build/sdJwt/disclosureMapping.js +278 -0
- package/build/sdJwt/disclosureMapping.js.map +1 -0
- package/build/sdJwt/disclosures.d.ts +2 -2
- package/build/sdJwt/disclosures.js.map +1 -1
- package/build/sdJwt/presentationFrame.d.ts +3 -0
- package/build/sdJwt/presentationFrame.js +64 -0
- package/build/sdJwt/presentationFrame.js.map +1 -0
- package/build/sdJwt/sdJwt.d.ts +5 -4
- package/build/sdJwt/sdJwt.js +46 -8
- package/build/sdJwt/sdJwt.js.map +1 -1
- package/build/sdJwt/swapClaim.d.ts +2 -0
- package/build/sdJwt/swapClaim.js +79 -0
- package/build/sdJwt/swapClaim.js.map +1 -0
- package/build/sdJwtVc/sdJwtVc.d.ts +1 -1
- package/build/sdJwtVc/sdJwtVc.js +4 -3
- package/build/sdJwtVc/sdJwtVc.js.map +1 -1
- package/build/types/frame.d.ts +5 -0
- package/build/types/frame.js +3 -0
- package/build/types/frame.js.map +1 -0
- package/build/types/hasher.d.ts +8 -4
- package/build/types/index.d.ts +0 -1
- package/build/types/index.js +0 -1
- package/build/types/index.js.map +1 -1
- package/build/types/present.d.ts +2 -0
- package/build/types/present.js +3 -0
- package/build/types/present.js.map +1 -0
- package/build/utils/index.d.ts +2 -0
- package/build/utils/index.js +19 -0
- package/build/utils/index.js.map +1 -0
- package/build/utils/traverse.d.ts +8 -0
- package/build/utils/traverse.js +29 -0
- package/build/utils/traverse.js.map +1 -0
- package/build/utils/utils.d.ts +8 -0
- package/build/utils/utils.js +118 -0
- package/build/utils/utils.js.map +1 -0
- package/package.json +6 -6
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
import { Buffer } from 'buffer';
|
|
3
|
+
export declare class Base64url {
|
|
4
|
+
/**
|
|
5
|
+
*
|
|
6
|
+
* Encode into base64url string
|
|
7
|
+
*
|
|
8
|
+
*/
|
|
9
|
+
static encode(input: string | Uint8Array | Buffer): string;
|
|
10
|
+
/**
|
|
11
|
+
*
|
|
12
|
+
* Encode from JSON into a base64url string
|
|
13
|
+
*
|
|
14
|
+
*/
|
|
15
|
+
static encodeFromJson(input: Record<string, unknown> | Array<unknown>): string;
|
|
16
|
+
/**
|
|
17
|
+
*
|
|
18
|
+
* Decode from base64url into JSON
|
|
19
|
+
*
|
|
20
|
+
*/
|
|
21
|
+
static decodeToJson<T extends Record<string, unknown> | Array<unknown> = Record<string, unknown>>(input: string): T;
|
|
22
|
+
/**
|
|
23
|
+
*
|
|
24
|
+
* Decode from base64url into a byte array
|
|
25
|
+
*
|
|
26
|
+
*/
|
|
27
|
+
static decode(input: string): Uint8Array;
|
|
28
|
+
}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Base64url = void 0;
|
|
4
|
+
const buffer_1 = require("buffer");
|
|
5
|
+
class Base64url {
|
|
6
|
+
/**
|
|
7
|
+
*
|
|
8
|
+
* Encode into base64url string
|
|
9
|
+
*
|
|
10
|
+
*/
|
|
11
|
+
static encode(input) {
|
|
12
|
+
return buffer_1.Buffer.from(input).toString('base64url');
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
*
|
|
16
|
+
* Encode from JSON into a base64url string
|
|
17
|
+
*
|
|
18
|
+
*/
|
|
19
|
+
static encodeFromJson(input) {
|
|
20
|
+
return buffer_1.Buffer.from(JSON.stringify(input)).toString('base64url');
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
*
|
|
24
|
+
* Decode from base64url into JSON
|
|
25
|
+
*
|
|
26
|
+
*/
|
|
27
|
+
static decodeToJson(input) {
|
|
28
|
+
return JSON.parse(buffer_1.Buffer.from(input, 'base64url').toString());
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
*
|
|
32
|
+
* Decode from base64url into a byte array
|
|
33
|
+
*
|
|
34
|
+
*/
|
|
35
|
+
static decode(input) {
|
|
36
|
+
return Uint8Array.from(buffer_1.Buffer.from(input, 'base64url'));
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
exports.Base64url = Base64url;
|
|
40
|
+
//# sourceMappingURL=base64url.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"base64url.js","sourceRoot":"","sources":["../src/base64url.ts"],"names":[],"mappings":";;;AAAA,mCAA+B;AAE/B,MAAa,SAAS;IAClB;;;;OAIG;IACI,MAAM,CAAC,MAAM,CAAC,KAAmC;QACpD,OAAO,eAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACnD,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,cAAc,CACxB,KAA+C;QAE/C,OAAO,eAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACnE,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,YAAY,CAKxB,KAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,eAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAM,CAAA;IACtE,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,MAAM,CAAC,KAAa;QAC9B,OAAO,UAAU,CAAC,IAAI,CAAC,eAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAA;IAC3D,CAAC;CACJ;AA3CD,8BA2CC"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
export declare enum HasherAlgorithm {
|
|
2
|
+
/**
|
|
3
|
+
* Sha-256: 256 bits. [RFC6920] (current)
|
|
4
|
+
*/
|
|
5
|
+
Sha256 = "sha-256",
|
|
6
|
+
/**
|
|
7
|
+
* Sha-256-128: 128 bits. [RFC6920] (current)
|
|
8
|
+
*/
|
|
9
|
+
Sha256_128 = "sha-256-128",
|
|
10
|
+
/**
|
|
11
|
+
* Sha-256-120: 120 bits. [RFC6920] (current)
|
|
12
|
+
*/
|
|
13
|
+
Sha256_120 = "sha-256-120",
|
|
14
|
+
/**
|
|
15
|
+
* Sha-256-96: 96 bits. [RFC6920] (current)
|
|
16
|
+
*/
|
|
17
|
+
Sha256_96 = "sha-256-96",
|
|
18
|
+
/**
|
|
19
|
+
* Sha-256-64: 64 bits. [RFC6920] (current)
|
|
20
|
+
*/
|
|
21
|
+
Sha256_64 = "sha-256-64",
|
|
22
|
+
/**
|
|
23
|
+
* Sha-256-32: 32 bits. [RFC6920] (current)
|
|
24
|
+
*/
|
|
25
|
+
Sha256_32 = "sha-256-32",
|
|
26
|
+
/**
|
|
27
|
+
* Sha-384: 384 bits. [FIPS 180-4] (current)
|
|
28
|
+
*/
|
|
29
|
+
Sha384 = "sha-384",
|
|
30
|
+
/**
|
|
31
|
+
* Sha-512: 512 bits. [FIPS 180-4] (current)
|
|
32
|
+
*/
|
|
33
|
+
Sha512 = "sha-512",
|
|
34
|
+
/**
|
|
35
|
+
* Sha3-224: 224 bits. [FIPS 202] (current)
|
|
36
|
+
*/
|
|
37
|
+
Sha3_224 = "sha3-224",
|
|
38
|
+
/**
|
|
39
|
+
* Sha3-256: 256 bits. [FIPS 202] (current)
|
|
40
|
+
*/
|
|
41
|
+
Sha3_256 = "sha3-256",
|
|
42
|
+
/**
|
|
43
|
+
* Sha3-384: 384 bits. [FIPS 202] (current)
|
|
44
|
+
*/
|
|
45
|
+
Sha3_384 = "sha3-384",
|
|
46
|
+
/**
|
|
47
|
+
* Sha3-512: 512 bits. [FIPS 202] (current)
|
|
48
|
+
*/
|
|
49
|
+
Sha3_512 = "sha3-512",
|
|
50
|
+
/**
|
|
51
|
+
* Blake2s-256: 256 bits. [RFC7693] (current)
|
|
52
|
+
*/
|
|
53
|
+
Blake2s_256 = "blake2s-256",
|
|
54
|
+
/**
|
|
55
|
+
* Blake2b-256: 256 bits. [RFC7693] (current)
|
|
56
|
+
*/
|
|
57
|
+
Blake2b_256 = "blake2b-256",
|
|
58
|
+
/**
|
|
59
|
+
* Blake2b-512: 512 bits. [RFC7693] (current)
|
|
60
|
+
*/
|
|
61
|
+
Blake2b_512 = "blake2b-512",
|
|
62
|
+
/**
|
|
63
|
+
* K12-256: 256 bits. [draft-irtf-cfrg-kangarootwelve-06] (current)
|
|
64
|
+
*/
|
|
65
|
+
K12_256 = "k12-256",
|
|
66
|
+
/**
|
|
67
|
+
* K12-512: 512 bits. [draft-irtf-cfrg-kangarootwelve-06] (current)
|
|
68
|
+
*/
|
|
69
|
+
K12_512 = "k12-512"
|
|
70
|
+
}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HasherAlgorithm = void 0;
|
|
4
|
+
var HasherAlgorithm;
|
|
5
|
+
(function (HasherAlgorithm) {
|
|
6
|
+
/**
|
|
7
|
+
* Sha-256: 256 bits. [RFC6920] (current)
|
|
8
|
+
*/
|
|
9
|
+
HasherAlgorithm["Sha256"] = "sha-256";
|
|
10
|
+
/**
|
|
11
|
+
* Sha-256-128: 128 bits. [RFC6920] (current)
|
|
12
|
+
*/
|
|
13
|
+
HasherAlgorithm["Sha256_128"] = "sha-256-128";
|
|
14
|
+
/**
|
|
15
|
+
* Sha-256-120: 120 bits. [RFC6920] (current)
|
|
16
|
+
*/
|
|
17
|
+
HasherAlgorithm["Sha256_120"] = "sha-256-120";
|
|
18
|
+
/**
|
|
19
|
+
* Sha-256-96: 96 bits. [RFC6920] (current)
|
|
20
|
+
*/
|
|
21
|
+
HasherAlgorithm["Sha256_96"] = "sha-256-96";
|
|
22
|
+
/**
|
|
23
|
+
* Sha-256-64: 64 bits. [RFC6920] (current)
|
|
24
|
+
*/
|
|
25
|
+
HasherAlgorithm["Sha256_64"] = "sha-256-64";
|
|
26
|
+
/**
|
|
27
|
+
* Sha-256-32: 32 bits. [RFC6920] (current)
|
|
28
|
+
*/
|
|
29
|
+
HasherAlgorithm["Sha256_32"] = "sha-256-32";
|
|
30
|
+
/**
|
|
31
|
+
* Sha-384: 384 bits. [FIPS 180-4] (current)
|
|
32
|
+
*/
|
|
33
|
+
HasherAlgorithm["Sha384"] = "sha-384";
|
|
34
|
+
/**
|
|
35
|
+
* Sha-512: 512 bits. [FIPS 180-4] (current)
|
|
36
|
+
*/
|
|
37
|
+
HasherAlgorithm["Sha512"] = "sha-512";
|
|
38
|
+
/**
|
|
39
|
+
* Sha3-224: 224 bits. [FIPS 202] (current)
|
|
40
|
+
*/
|
|
41
|
+
HasherAlgorithm["Sha3_224"] = "sha3-224";
|
|
42
|
+
/**
|
|
43
|
+
* Sha3-256: 256 bits. [FIPS 202] (current)
|
|
44
|
+
*/
|
|
45
|
+
HasherAlgorithm["Sha3_256"] = "sha3-256";
|
|
46
|
+
/**
|
|
47
|
+
* Sha3-384: 384 bits. [FIPS 202] (current)
|
|
48
|
+
*/
|
|
49
|
+
HasherAlgorithm["Sha3_384"] = "sha3-384";
|
|
50
|
+
/**
|
|
51
|
+
* Sha3-512: 512 bits. [FIPS 202] (current)
|
|
52
|
+
*/
|
|
53
|
+
HasherAlgorithm["Sha3_512"] = "sha3-512";
|
|
54
|
+
/**
|
|
55
|
+
* Blake2s-256: 256 bits. [RFC7693] (current)
|
|
56
|
+
*/
|
|
57
|
+
HasherAlgorithm["Blake2s_256"] = "blake2s-256";
|
|
58
|
+
/**
|
|
59
|
+
* Blake2b-256: 256 bits. [RFC7693] (current)
|
|
60
|
+
*/
|
|
61
|
+
HasherAlgorithm["Blake2b_256"] = "blake2b-256";
|
|
62
|
+
/**
|
|
63
|
+
* Blake2b-512: 512 bits. [RFC7693] (current)
|
|
64
|
+
*/
|
|
65
|
+
HasherAlgorithm["Blake2b_512"] = "blake2b-512";
|
|
66
|
+
/**
|
|
67
|
+
* K12-256: 256 bits. [draft-irtf-cfrg-kangarootwelve-06] (current)
|
|
68
|
+
*/
|
|
69
|
+
HasherAlgorithm["K12_256"] = "k12-256";
|
|
70
|
+
/**
|
|
71
|
+
* K12-512: 512 bits. [draft-irtf-cfrg-kangarootwelve-06] (current)
|
|
72
|
+
*/
|
|
73
|
+
HasherAlgorithm["K12_512"] = "k12-512";
|
|
74
|
+
})(HasherAlgorithm || (exports.HasherAlgorithm = HasherAlgorithm = {}));
|
|
75
|
+
//# sourceMappingURL=hasherAlgorithm.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hasherAlgorithm.js","sourceRoot":"","sources":["../src/hasherAlgorithm.ts"],"names":[],"mappings":";;;AAAA,IAAY,eAqEX;AArED,WAAY,eAAe;IACvB;;OAEG;IACH,qCAAkB,CAAA;IAClB;;OAEG;IACH,6CAA0B,CAAA;IAC1B;;OAEG;IACH,6CAA0B,CAAA;IAC1B;;OAEG;IACH,2CAAwB,CAAA;IACxB;;OAEG;IACH,2CAAwB,CAAA;IACxB;;OAEG;IACH,2CAAwB,CAAA;IACxB;;OAEG;IACH,qCAAkB,CAAA;IAClB;;OAEG;IACH,qCAAkB,CAAA;IAClB;;OAEG;IACH,wCAAqB,CAAA;IACrB;;OAEG;IACH,wCAAqB,CAAA;IACrB;;OAEG;IACH,wCAAqB,CAAA;IACrB;;OAEG;IACH,wCAAqB,CAAA;IACrB;;OAEG;IACH,8CAA2B,CAAA;IAC3B;;OAEG;IACH,8CAA2B,CAAA;IAC3B;;OAEG;IACH,8CAA2B,CAAA;IAC3B;;OAEG;IACH,sCAAmB,CAAA;IACnB;;OAEG;IACH,sCAAmB,CAAA;AACvB,CAAC,EArEW,eAAe,+BAAf,eAAe,QAqE1B"}
|
package/build/index.d.ts
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
export type { SdJwtOptions, SdJwtAdditionalOptions, SdJwtVerificationResult } from './sdJwt';
|
|
2
2
|
export type { KeyBindingHeader, KeyBindingPayload, KeyBindingOptions, KeyBindingAdditionalOptions, KeyBindingVerificationResult } from './keyBinding';
|
|
3
3
|
export type { JwtOptions, JwtAdditionalOptions, JwtVerificationResult } from './jwt';
|
|
4
|
-
export type { Signer, Verifier, VerifyOptions, SaltGenerator, DisclosureItem, DisclosureFrame
|
|
4
|
+
export type { Signer, Verifier, VerifyOptions, SaltGenerator, DisclosureItem, DisclosureFrame } from './types';
|
|
5
5
|
export type { SdJwtVcVerificationResult } from './sdJwtVc';
|
|
6
6
|
export { SignatureAndEncryptionAlgorithm } from './signatureAndEncryptionAlgorithm';
|
|
7
7
|
export { SdJwt, Disclosure, SdJwtError } from './sdJwt';
|
|
8
8
|
export { KeyBinding } from './keyBinding';
|
|
9
9
|
export { Jwt, JwtError } from './jwt';
|
|
10
10
|
export { SdJwtVc, SdJwtVcError } from './sdJwtVc';
|
|
11
|
-
export {
|
|
12
|
-
export
|
|
11
|
+
export type { Hasher, AsyncHasher, HasherAndAlgorithm } from '@sd-jwt/types';
|
|
12
|
+
export { HasherAlgorithm } from '@sd-jwt/types';
|
|
13
13
|
export type { PresentationFrame } from '@sd-jwt/present';
|
package/build/index.js
CHANGED
|
@@ -15,7 +15,6 @@ Object.defineProperty(exports, "JwtError", { enumerable: true, get: function ()
|
|
|
15
15
|
var sdJwtVc_1 = require("./sdJwtVc");
|
|
16
16
|
Object.defineProperty(exports, "SdJwtVc", { enumerable: true, get: function () { return sdJwtVc_1.SdJwtVc; } });
|
|
17
17
|
Object.defineProperty(exports, "SdJwtVcError", { enumerable: true, get: function () { return sdJwtVc_1.SdJwtVcError; } });
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
Object.defineProperty(exports, "HasherAlgorithm", { enumerable: true, get: function () { return utils_1.HasherAlgorithm; } });
|
|
18
|
+
var types_1 = require("@sd-jwt/types");
|
|
19
|
+
Object.defineProperty(exports, "HasherAlgorithm", { enumerable: true, get: function () { return types_1.HasherAlgorithm; } });
|
|
21
20
|
//# sourceMappingURL=index.js.map
|
package/build/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AA+BA,qFAAmF;AAA1E,kJAAA,+BAA+B,OAAA;AAExC,iCAAuD;AAA9C,8FAAA,KAAK,OAAA;AAAE,mGAAA,UAAU,OAAA;AAAE,mGAAA,UAAU,OAAA;AACtC,2CAAyC;AAAhC,wGAAA,UAAU,OAAA;AACnB,6BAAqC;AAA5B,0FAAA,GAAG,OAAA;AAAE,+FAAA,QAAQ,OAAA;AACtB,qCAAiD;AAAxC,kGAAA,OAAO,OAAA;AAAE,uGAAA,YAAY,OAAA;AAI9B,uCAA+C;AAAtC,wGAAA,eAAe,OAAA"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export type ExpandedJwt<H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>> = {
|
|
2
|
+
header: H;
|
|
3
|
+
payload: P;
|
|
4
|
+
signature: Uint8Array;
|
|
5
|
+
};
|
|
6
|
+
export declare const jwtFromCompact: <H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>>(compact: string) => ExpandedJwt<H, P>;
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.jwtFromCompact = void 0;
|
|
4
|
+
const base64url_1 = require("../base64url");
|
|
5
|
+
const error_1 = require("./error");
|
|
6
|
+
const jwtFromCompact = (compact) => {
|
|
7
|
+
if (compact.includes('~')) {
|
|
8
|
+
throw new error_1.JwtError('compact JWT includes `~` which is only allowed in an sd-jwt. Please use sdJwtFromCompact() instead.');
|
|
9
|
+
}
|
|
10
|
+
if ((compact.match(/\./g) || []).length !== 2) {
|
|
11
|
+
throw new error_1.JwtError('compact JWT must include two periods (.)');
|
|
12
|
+
}
|
|
13
|
+
const [compactHeader, compactPayload, encodedSignature] = compact.split('.');
|
|
14
|
+
if (!encodedSignature || encodedSignature.length === 0) {
|
|
15
|
+
throw new error_1.JwtError('A signature must be provided within the context of sd-jwt');
|
|
16
|
+
}
|
|
17
|
+
const header = base64url_1.Base64url.decodeToJson(compactHeader);
|
|
18
|
+
const payload = base64url_1.Base64url.decodeToJson(compactPayload);
|
|
19
|
+
const signature = base64url_1.Base64url.decode(encodedSignature);
|
|
20
|
+
return {
|
|
21
|
+
header,
|
|
22
|
+
payload,
|
|
23
|
+
signature
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
exports.jwtFromCompact = jwtFromCompact;
|
|
27
|
+
//# sourceMappingURL=compact.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compact.js","sourceRoot":"","sources":["../../src/jwt/compact.ts"],"names":[],"mappings":";;;AAAA,4CAAwC;AACxC,mCAAkC;AAW3B,MAAM,cAAc,GAAG,CAI1B,OAAe,EACE,EAAE;IACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,gBAAQ,CACd,qGAAqG,CACxG,CAAA;IACL,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,gBAAQ,CAAC,0CAA0C,CAAC,CAAA;IAClE,CAAC;IAED,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,gBAAgB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAE5E,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,gBAAQ,CACd,2DAA2D,CAC9D,CAAA;IACL,CAAC;IAED,MAAM,MAAM,GAAG,qBAAS,CAAC,YAAY,CAAI,aAAa,CAAC,CAAA;IACvD,MAAM,OAAO,GAAG,qBAAS,CAAC,YAAY,CAAI,cAAc,CAAC,CAAA;IACzD,MAAM,SAAS,GAAG,qBAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;IAEpD,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;KACZ,CAAA;AACL,CAAC,CAAA;AAjCY,QAAA,cAAc,kBAiC1B"}
|
package/build/jwt/jwt.d.ts
CHANGED
|
@@ -44,6 +44,10 @@ export declare class Jwt<Header extends Record<string, unknown> = Record<string,
|
|
|
44
44
|
*
|
|
45
45
|
*/
|
|
46
46
|
signature?: Uint8Array;
|
|
47
|
+
/**
|
|
48
|
+
* When the JWT was initialized from it's compact variant we store the compact version, so we can use it when needing the encoded version.
|
|
49
|
+
*/
|
|
50
|
+
compact?: string;
|
|
47
51
|
/**
|
|
48
52
|
*
|
|
49
53
|
* Callback that will be used when creating a signature over the JWT.
|
package/build/jwt/jwt.js
CHANGED
package/build/jwt/jwt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/jwt/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAyC;AACzC,mCAAkC;AAGlC,yCAAsE;AACtE,2CAA+C;AAiD/C,MAAa,GAAG;
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/jwt/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAyC;AACzC,mCAAkC;AAGlC,yCAAsE;AACtE,2CAA+C;AAiD/C,MAAa,GAAG;IA2CZ,YACI,OAAqC,EACrC,iBAAwC;QAExC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QAEnC,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,CAAA;IAC3C,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,WAAW,CAGvB,OAAe;QACb,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,uBAAc,EACjD,OAAO,CACV,CAAA;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAkB;YACjC,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAC,CAAA;QAEF,GAAG,CAAC,OAAO,GAAG,OAAO,CAAA;QAErB,OAAO,GAAiE,CAAA;IAC5E,CAAC;IAED;;;;OAIG;IACI,UAAU,CACb,MAAc;QAEd,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,cAAc,CACjB,IAA2B,EAC3B,KAAoC;;QAEpC,MAAA,IAAI,CAAC,MAAM,oCAAX,IAAI,CAAC,MAAM,GAAK,EAAY,EAAA;QAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,mCAAQ,IAAI,CAAC,MAAM,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACnD,CAAC;QACD,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,WAAW,CACd,OAAgB;QAEhB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;OAIG;IACI,eAAe,CAClB,IAA4B,EAC5B,KAAqC;;QAErC,MAAA,IAAI,CAAC,OAAO,oCAAZ,IAAI,CAAC,OAAO,GAAK,EAAa,EAAA;QAC9B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,OAAO,mCAAQ,IAAI,CAAC,OAAO,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACrD,CAAC;QACD,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;;;OAMG;IACI,aAAa,CAChB,SAAqB;QAErB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAAc;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CAAC,wBAAwB,CAAC,CAAA;IAChD,CAAC;IAED;;;;;;OAMG;IACI,aAAa;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAM;QAExB,MAAM,IAAI,gBAAQ,CAAC,yBAAyB,CAAC,CAAA;IACjD,CAAC;IAED;;;;;;OAMG;IACI,eAAe;QAClB,IAAI,IAAI,CAAC,SAAS;YAAE,OAAM;QAE1B,MAAM,IAAI,gBAAQ,CAAC,2BAA2B,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CACd,wFAAwF,CAC3F,CAAA;IACL,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CACtB,QAA+B,EAC/B,UAA8C;QAE9C,IAAI,CAAC,YAAY,EAAE,CAAA;QAEnB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,MAAO,EACZ,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,oBAAoB,CAAA;YACrC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,oBAAoB,CACvB,QAAgC,EAChC,UAA+C;QAE/C,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,OAAQ,EACb,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,qBAAqB,CAAA;YACtC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAEO,mBAAmB,CACvB,MAA+B,EAC/B,QAAgB,EAChB,UAAoB;QAEpB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,IAAI,UAAU,IAAI,CAAC,IAAA,uBAAe,EAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,gBAAQ,CACd,cAAc,QAAQ,uCAAuC,CAChE,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACI,iBAAiB,CAAI,QAAgC;QACxD,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,OAAQ,EAAE,QAAkB,CAAC,CAAA;IACtE,CAAC;IAED;;;;;;;OAOG;IACI,gBAAgB,CAAI,QAA+B;QACtD,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,MAAO,EAAE,QAAkB,CAAC,CAAA;IACrE,CAAC;IAEO,gBAAgB,CACpB,MAA+B,EAC/B,QAAgB;QAEhB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAI,MAAM,EAAE,QAAQ,CAAC,CAAA;QAExD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,OAAO,KAAK,CAAA;IAChB,CAAC;IAED;;;;;;OAMG;IACH,IAAW,aAAa;QACpB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,EAAE,CAAA;IACzD,CAAC;IAED;;;;OAIG;IACU,UAAU;;YAGnB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAO,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAO,CAAC,CAAA;YACtE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YAE7B,OAAO,IAAqD,CAAA;QAChE,CAAC;KAAA;IAED,IAAY,aAAa;QACrB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,iBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAO,CAAC,CAAA;IACjD,CAAC;IAED,IAAY,cAAc;QACtB,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,iBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAQ,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;;;OAQG;IACU,SAAS;;YAClB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,gBAAgB,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAA;YAE1D,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,IAAI,gBAAgB,EAAE,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,MAAM,CACf,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;YAEtC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,MAAM,GAAG,GAAmC,EAAE,CAAA;YAE9C,GAAG,CAAC,gBAAgB,GAAG,MAAM,eAAe,CAAC;gBACzC,MAAM,EAAE,IAAI,CAAC,MAAO;gBACpB,SAAS,EAAE,IAAI,CAAC,SAAU;gBAC1B,OAAO,EAAE,IAAI,CAAC,aAAa;gBAC3B,YAAY;aACf,CAAC,CAAA;YAEF,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEhE,GAAG,CAAC,gBAAgB,GAAG,SAAS,GAAG,GAAG,CAAA;YAC1C,CAAC;YAED,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEjE,GAAG,CAAC,iBAAiB,GAAG,UAAU,GAAG,GAAG,CAAA;YAC5C,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACjB,GAAG,CAAC,yBAAyB,GAAG,cAAc,CAAC,KAAK,CAChD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,OAAQ,CACpC,CAAA;YACL,CAAC;YAED,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;iBAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;iBACrC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEtB,OAAO,GAA4B,CAAA;QACvC,CAAC;KAAA;CACJ;AAtbD,kBAsbC"}
|
|
@@ -11,11 +11,17 @@ export type KeyBindingPayload<P extends Record<string, unknown> = Record<string,
|
|
|
11
11
|
aud: string;
|
|
12
12
|
nonce: string;
|
|
13
13
|
};
|
|
14
|
-
export type KeyBindingOptions<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> = JwtOptions<KeyBindingHeader<Header>, KeyBindingPayload<Payload
|
|
14
|
+
export type KeyBindingOptions<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> = JwtOptions<KeyBindingHeader<Header>, KeyBindingPayload<Payload>> & {
|
|
15
|
+
/**
|
|
16
|
+
* The compact SD-JWT over which the key binding should provide integrity
|
|
17
|
+
*/
|
|
18
|
+
compactSdJwt?: string;
|
|
19
|
+
};
|
|
15
20
|
export type KeyBindingAdditionalOptions<Header extends Record<string, unknown> = Record<string, unknown>> = JwtAdditionalOptions<KeyBindingHeader<Header>>;
|
|
16
21
|
export type KeyBindingVerificationResult = JwtVerificationResult;
|
|
17
22
|
export declare class KeyBinding<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends Jwt<Header, Payload> {
|
|
18
23
|
signer?: Signer<Header>;
|
|
24
|
+
expectedSdHash?: string;
|
|
19
25
|
constructor(options?: KeyBindingOptions<Header, Payload>, additionalOptions?: KeyBindingAdditionalOptions<Header>);
|
|
20
26
|
/**
|
|
21
27
|
*
|
|
@@ -44,6 +50,8 @@ export declare class KeyBinding<Header extends Record<string, unknown> = Record<
|
|
|
44
50
|
*
|
|
45
51
|
*/
|
|
46
52
|
static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnKeyBindingWithHeaderAndPayload<Header, Payload, KeyBinding<Header, Payload>>;
|
|
53
|
+
withSdHashClaim(sdHash: string): this;
|
|
54
|
+
withExpectedSdHash(expectedSdHash: string): this;
|
|
47
55
|
/**
|
|
48
56
|
*
|
|
49
57
|
* Asserts the required properties for valid key binding.
|
|
@@ -51,6 +59,6 @@ export declare class KeyBinding<Header extends Record<string, unknown> = Record<
|
|
|
51
59
|
* @throws when a claim in the header, or payload, is invalid
|
|
52
60
|
*
|
|
53
61
|
*/
|
|
54
|
-
assertValidForKeyBinding(): Promise<void>;
|
|
62
|
+
assertValidForKeyBinding(expectedSdHash?: string): Promise<void>;
|
|
55
63
|
}
|
|
56
64
|
export {};
|
|
@@ -48,7 +48,12 @@ class KeyBinding extends jwt_1.Jwt {
|
|
|
48
48
|
verify: { get: () => super.verify }
|
|
49
49
|
});
|
|
50
50
|
return __awaiter(this, void 0, void 0, function* () {
|
|
51
|
-
this.
|
|
51
|
+
if (!this.expectedSdHash) {
|
|
52
|
+
throw new Error('Expected sd hash is required for verification of key binding JWT');
|
|
53
|
+
}
|
|
54
|
+
// TODO: should _sd_hash also be a verification property (true/false)
|
|
55
|
+
// or should it throw?
|
|
56
|
+
yield this.assertValidForKeyBinding(this.expectedSdHash);
|
|
52
57
|
const jwtVerificationResult = yield _super.verify.call(this, verifySignature, requiredClaims, publicKeyJwk);
|
|
53
58
|
return jwtVerificationResult;
|
|
54
59
|
});
|
|
@@ -65,6 +70,14 @@ class KeyBinding extends jwt_1.Jwt {
|
|
|
65
70
|
const keyBinding = new KeyBinding({ header, payload, signature });
|
|
66
71
|
return keyBinding;
|
|
67
72
|
}
|
|
73
|
+
withSdHashClaim(sdHash) {
|
|
74
|
+
this.addPayloadClaim('_sd_hash', sdHash);
|
|
75
|
+
return this;
|
|
76
|
+
}
|
|
77
|
+
withExpectedSdHash(expectedSdHash) {
|
|
78
|
+
this.expectedSdHash = expectedSdHash;
|
|
79
|
+
return this;
|
|
80
|
+
}
|
|
68
81
|
/**
|
|
69
82
|
*
|
|
70
83
|
* Asserts the required properties for valid key binding.
|
|
@@ -72,7 +85,7 @@ class KeyBinding extends jwt_1.Jwt {
|
|
|
72
85
|
* @throws when a claim in the header, or payload, is invalid
|
|
73
86
|
*
|
|
74
87
|
*/
|
|
75
|
-
assertValidForKeyBinding() {
|
|
88
|
+
assertValidForKeyBinding(expectedSdHash) {
|
|
76
89
|
return __awaiter(this, void 0, void 0, function* () {
|
|
77
90
|
try {
|
|
78
91
|
this.assertHeader();
|
|
@@ -86,6 +99,12 @@ class KeyBinding extends jwt_1.Jwt {
|
|
|
86
99
|
this.assertClaimInPayload('iat');
|
|
87
100
|
this.assertClaimInPayload('nonce');
|
|
88
101
|
this.assertClaimInPayload('aud');
|
|
102
|
+
if (expectedSdHash !== null && expectedSdHash !== void 0 ? expectedSdHash : this.expectedSdHash) {
|
|
103
|
+
this.assertClaimInPayload('_sd_hash', expectedSdHash !== null && expectedSdHash !== void 0 ? expectedSdHash : this.expectedSdHash);
|
|
104
|
+
}
|
|
105
|
+
else {
|
|
106
|
+
this.assertClaimInPayload('_sd_hash');
|
|
107
|
+
}
|
|
89
108
|
}
|
|
90
109
|
catch (e) {
|
|
91
110
|
if (e instanceof Error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keyBinding.js","sourceRoot":"","sources":["../../src/keyBinding/keyBinding.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,gCAKe;
|
|
1
|
+
{"version":3,"file":"keyBinding.js","sourceRoot":"","sources":["../../src/keyBinding/keyBinding.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,gCAKe;AAyCf,MAAa,UAGX,SAAQ,SAAoB;IAK1B,YACI,OAA4C,EAC5C,iBAAuD;QAEvD,KAAK,CAAC,OAAO,CAAC,CAAA;QAEd,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAwB,CAAA;IAC7D,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,OAAO,CAGnB,GAAyB;QACvB,MAAM,UAAU,GAAG,IAAI,UAAU,CAC7B;YACI,MAAM,EAAE,GAAG,CAAC,MAAkC;YAC9C,OAAO,EAAE,GAAG,CAAC,OAAqC;YAClD,SAAS,EAAE,GAAG,CAAC,SAAS;SAC3B,EACD,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CACzB,CAAA;QAED,UAAU,CAAC,wBAAwB,EAAE,CAAA;QAErC,OAAO,UAAU,CAAA;IACrB,CAAC;IAED;;;;;;;;;OASG;IACmB,MAAM,CACxB,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;;;;YAEtC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACX,kEAAkE,CACrE,CAAA;YACL,CAAC;YAED,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;YAExD,MAAM,qBAAqB,GAAG,MAAM,OAAM,MAAM,YAC5C,eAAe,EACf,cAAc,EACd,YAAY,CACf,CAAA;YAED,OAAO,qBAAqB,CAAA;QAChC,CAAC;KAAA;IAED;;;;;;OAMG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,8BAAqB,EAG1D,OAAO,CAAC,CAAA;QAEV,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAA;QAEjE,OAAO,UAIN,CAAA;IACL,CAAC;IAEM,eAAe,CAAC,MAAc;QACjC,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;QAExC,OAAO,IAAI,CAAA;IACf,CAAC;IAEM,kBAAkB,CAAC,cAAsB;QAC5C,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QAEpC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;OAMG;IACU,wBAAwB,CAAC,cAAuB;;YACzD,IAAI,CAAC;gBACD,IAAI,CAAC,YAAY,EAAE,CAAA;gBACnB,IAAI,CAAC,aAAa,EAAE,CAAA;gBAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;gBAC3B,CAAC;gBAED,IAAI,CAAC,eAAe,EAAE,CAAA;gBAEtB,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;gBACzC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;gBAE/B,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBAChC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;gBAClC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBAEhC,IAAI,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxC,IAAI,CAAC,oBAAoB,CACrB,UAAU,EACV,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,IAAI,CAAC,cAAc,CACxC,CAAA;gBACL,CAAC;qBAAM,CAAC;oBACJ,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;gBACzC,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;oBACrB,CAAC,CAAC,OAAO,GAAG,uDAAuD,CAAC,CAAC,OAAO,EAAE,CAAA;gBAClF,CAAC;gBAED,MAAM,CAAC,CAAA;YACX,CAAC;QACL,CAAC;KAAA;CACJ;AA1JD,gCA0JC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { KeyBinding } from '../keyBinding';
|
|
2
|
+
import { Disclosure } from './disclosures';
|
|
3
|
+
import { ExpandedJwt } from '../jwt';
|
|
4
|
+
export type ExpandedSdJwt<H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>> = ExpandedJwt<H, P> & {
|
|
5
|
+
disclosures?: Array<Disclosure>;
|
|
6
|
+
keyBinding?: KeyBinding;
|
|
7
|
+
};
|
|
8
|
+
export declare const sdJwtFromCompact: <H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>>(compact: string) => any;
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.sdJwtFromCompact = void 0;
|
|
4
|
+
const keyBinding_1 = require("../keyBinding");
|
|
5
|
+
const disclosures_1 = require("./disclosures");
|
|
6
|
+
const jwt_1 = require("../jwt");
|
|
7
|
+
const sdJwtFromCompact = (compact) => {
|
|
8
|
+
const [jwtWithoutDisclosures, ...encodedDisclosures] = compact.split('~');
|
|
9
|
+
const { header, payload, signature } = (0, jwt_1.jwtFromCompact)(jwtWithoutDisclosures);
|
|
10
|
+
if (encodedDisclosures.length === 0) {
|
|
11
|
+
return {
|
|
12
|
+
header,
|
|
13
|
+
payload,
|
|
14
|
+
signature
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
const hasKeyBinding = !compact.endsWith('~');
|
|
18
|
+
// If the disclosure array ends with an `~` we do not have
|
|
19
|
+
// a key binding and `String.split` takes it as an empty string
|
|
20
|
+
// as element which we would not like to include in the disclosures.
|
|
21
|
+
if (!hasKeyBinding)
|
|
22
|
+
encodedDisclosures.pop();
|
|
23
|
+
const compactKeyBinding = hasKeyBinding
|
|
24
|
+
? encodedDisclosures.pop()
|
|
25
|
+
: undefined;
|
|
26
|
+
const keyBinding = compactKeyBinding
|
|
27
|
+
? keyBinding_1.KeyBinding.fromCompact(compactKeyBinding)
|
|
28
|
+
: undefined;
|
|
29
|
+
const disclosures = encodedDisclosures.map(disclosures_1.Disclosure.fromString);
|
|
30
|
+
return {
|
|
31
|
+
header,
|
|
32
|
+
payload,
|
|
33
|
+
signature,
|
|
34
|
+
keyBinding,
|
|
35
|
+
disclosures
|
|
36
|
+
};
|
|
37
|
+
};
|
|
38
|
+
exports.sdJwtFromCompact = sdJwtFromCompact;
|
|
39
|
+
//# sourceMappingURL=compact.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"compact.js","sourceRoot":"","sources":["../../src/sdJwt/compact.ts"],"names":[],"mappings":";;;AAAA,8CAA0C;AAC1C,+CAA0C;AAC1C,gCAAoD;AAU7C,MAAM,gBAAgB,GAAG,CAI5B,OAAe,EACI,EAAE;IACrB,MAAM,CAAC,qBAAqB,EAAE,GAAG,kBAAkB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEzE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAc,EACjD,qBAAqB,CACxB,CAAA;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACH,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAA;IACL,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAE5C,0DAA0D;IAC1D,+DAA+D;IAC/D,oEAAoE;IACpE,IAAI,CAAC,aAAa;QAAE,kBAAkB,CAAC,GAAG,EAAE,CAAA;IAE5C,MAAM,iBAAiB,GAAG,aAAa;QACnC,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE;QAC1B,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,UAAU,GAAG,iBAAiB;QAChC,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC;QAC3C,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,wBAAU,CAAC,UAAU,CAAC,CAAA;IAEjE,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;QACT,UAAU;QACV,WAAW;KACd,CAAA;AACL,CAAC,CAAA;AA5CY,QAAA,gBAAgB,oBA4C5B"}
|
package/build/sdJwt/decoys.d.ts
CHANGED
|
@@ -1,2 +1,3 @@
|
|
|
1
|
-
import { HasherAndAlgorithm
|
|
1
|
+
import type { HasherAndAlgorithm } from '@sd-jwt/types';
|
|
2
|
+
import { SaltGenerator } from '../types';
|
|
2
3
|
export declare const createDecoys: (count: number, saltGenerator: SaltGenerator, hasherAndAlgorithm: HasherAndAlgorithm) => Promise<string[]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decoys.js","sourceRoot":"","sources":["../../src/sdJwt/decoys.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"decoys.js","sourceRoot":"","sources":["../../src/sdJwt/decoys.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,mCAAoC;AACpC,yCAAyC;AAElC,MAAM,YAAY,GAAG,CACxB,KAAa,EACb,aAA4B,EAC5B,kBAAsC,EACxC,EAAE;IACA,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACZ,MAAM,IAAI,kBAAU,CAAC,qBAAqB,KAAK,kBAAkB,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACf,MAAM,IAAI,kBAAU,CAAC,+BAA+B,CAAC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,kBAAU,CAAC,qCAAqC,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,MAAM,GAAkB,EAAE,CAAA;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,CACzC,IAAI,EACJ,kBAAkB,CAAC,SAAS,CAC/B,CAAA;QACD,MAAM,YAAY,GAAG,iBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAC7B,CAAC;IACD,OAAO,MAAM,CAAA;AACjB,CAAC,CAAA,CAAA;AA5BY,QAAA,YAAY,gBA4BxB"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import { DisclosureFrame
|
|
1
|
+
import { DisclosureFrame } from '../types';
|
|
2
2
|
import { DisclosureWithDigest } from './disclosures';
|
|
3
3
|
import { SaltGenerator } from '../types';
|
|
4
|
+
import type { HasherAndAlgorithm } from '@sd-jwt/types';
|
|
4
5
|
export declare const applyDisclosureFrame: <Payload extends Record<string, unknown> = Record<string, unknown>>(saltGenerator: SaltGenerator, hasherAndAlgorithm: HasherAndAlgorithm, payload: Payload, frame: DisclosureFrame<Payload>, keys?: Array<string>, cleanup?: Array<Array<string>>, disclosures?: Array<DisclosureWithDigest>) => Promise<{
|
|
5
6
|
payload: Record<string, unknown>;
|
|
6
7
|
disclosures: Array<DisclosureWithDigest>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"disclosureFrame.js","sourceRoot":"","sources":["../../src/sdJwt/disclosureFrame.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,yCAA4C;AAC5C,qCAAuC;AACvC,+CAAgE;AAChE,mCAAoC;
|
|
1
|
+
{"version":3,"file":"disclosureFrame.js","sourceRoot":"","sources":["../../src/sdJwt/disclosureFrame.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,yCAA4C;AAC5C,qCAAuC;AACvC,+CAAgE;AAChE,mCAAoC;AAI7B,MAAM,oBAAoB,GAAG,CAGhC,aAA4B,EAC5B,kBAAsC,EACtC,OAAgB,EAChB,KAA+B,EAC/B,OAAsB,EAAE,EACxB,UAAgC,EAAE,EAClC,cAA2C,EAAE,EAI9C,EAAE;;IACD,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;QAE9B,IAAI,GAAG,KAAK,cAAc,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC3D,MAAM,EAAE,GAAkB,KAAK,CAAC,IAAI,CAChC,MAAC,OAAO,CAAC,GAAgB,mCAAI,EAAE,CAClC,CAAA;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAY,EAC7B,UAAU,EACV,aAAa,EACb,kBAAkB,CACrB,CAAA;YACD,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;YAE3C,aAAa;YACb,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,EAAE,CAAA;QAC3B,CAAC;aAAM,IAAI,OAAO,UAAU,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,CAAC;oBACpB,MAAM,IAAI,kBAAU,CAChB,QAAQ,GAAG,gCAAgC,IAAI,CAAC,SAAS,CACrD,OAAO,CACV,0CAA0C,CAC9C,CAAA;gBACL,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAA;gBAClC,MAAM,UAAU,GAAG,MAAM,IAAI,wBAAU,CACnC,IAAI,EACJ,OAAO,CAAC,GAAG,CAAC,EACZ,GAAG,CACN,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAA;gBACzC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAE5B,MAAM,EAAE,GAAkB,KAAK,CAAC,IAAI,CAChC,MAAC,OAAO,CAAC,GAAgB,mCAAI,EAAE,CAClC,CAAA;gBACD,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAE1B,YAAY;gBACZ,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,EAAE,CAAA;gBAEvB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACzB,CAAC;QACL,CAAC;aAAM,IACH,OAAO,UAAU,KAAK,QAAQ;YAC9B,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAC5B,CAAC;YACC,MAAM,IAAA,4BAAoB,EACtB,aAAa,EACb,kBAAkB,EAClB,OAAO,CAAC,GAAG,CAAY,EACvB,UAAsC,EACtC,OAAO,EACP,OAAO,EACP,WAAW,CACd,CAAA;QACL,CAAC;aAAM,IACH,OAAO,UAAU,KAAK,QAAQ;YAC9B,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAC3B,CAAC;YACC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAmB,CAAA;YACnD,MAAM,eAAe,GAAG,UAA4B,CAAA;YAEpD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,kBAAU,CAChB,sCAAsC,OAAO,OAAO,CAChD,GAAG,CACN,aAAa,GAAG,IAAI,CACxB,CAAA;YACL,CAAC;YAED,IAAI,eAAe,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,IAAI,kBAAU,CAChB,oDAAoD,GAAG,EAAE,CAC5D,CAAA;YACL,CAAC;YAED,uFAAuF;YACvF,IAAI,YAAY,CAAC,MAAM,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC;gBAC/C,YAAY,CAAC,OAAO,CAChB,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,WAAC,OAAA,OAAC,eAAe,CAAC,KAAK,qCAArB,eAAe,CAAC,KAAK,IAAM,KAAK,EAAC,CAAA,EAAA,CACnD,CAAA;YACL,CAAC;YAED,MAAM,eAAe,GAAuC,EAAE,CAAA;YAE9D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAA;gBAErC,IAAI,UAAU,EAAE,CAAC;oBACb,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAA;oBAClC,MAAM,UAAU,GAAG,MAAM,IAAI,wBAAU,CACnC,IAAI,EACJ,YAAY,CACf,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAA;oBACzC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;oBAE5B,eAAe,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;gBACtD,CAAC;qBAAM,CAAC;oBACJ,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;gBACtC,CAAC;YACL,CAAC;YAED,aAAa;YACb,OAAO,CAAC,GAAG,CAAC,GAAG,eAAe,CAAA;QAClC,CAAC;aAAM,CAAC;YACJ,MAAM,IAAI,kBAAU,CAChB,mCAAmC,GAAG,eAAe,OAAO,UAAU,2EAA2E,CACpJ,CAAA;QACL,CAAC;IACL,CAAC;IAED,MAAM,YAAY,qBAAQ,OAAO,CAAE,CAAA;IACnC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,oBAAY,EAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAA;IAE3D,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,CAAA;AACjD,CAAC,CAAA,CAAA;AArIY,QAAA,oBAAoB,wBAqIhC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { DisclosureWithDigest } from './disclosures';
|
|
2
|
+
/**
|
|
3
|
+
* Mapping from a digest to the corresponding disclosure and its parent disclosures.
|
|
4
|
+
*/
|
|
5
|
+
export type DisclosureMap = {
|
|
6
|
+
[digest: string]: {
|
|
7
|
+
disclosure: DisclosureWithDigest;
|
|
8
|
+
parentDisclosures: DisclosureWithDigest[];
|
|
9
|
+
};
|
|
10
|
+
};
|
|
11
|
+
/**
|
|
12
|
+
* Get a mapping in the structure of the pretty payload, to indicate which digests should be disclosed for a
|
|
13
|
+
* given entry.
|
|
14
|
+
*
|
|
15
|
+
* For example if you call this method with the following payload:
|
|
16
|
+
* ```ts
|
|
17
|
+
* {
|
|
18
|
+
* _sd: ['iss_digest', 'nested_field_digest'],
|
|
19
|
+
* }
|
|
20
|
+
* ```
|
|
21
|
+
*
|
|
22
|
+
* It can return the following mapping:
|
|
23
|
+
* ```ts
|
|
24
|
+
* {
|
|
25
|
+
* iss: 'iss_digest',
|
|
26
|
+
* nested_field: {
|
|
27
|
+
* __digest: 'nested_field_digest',
|
|
28
|
+
* more_nested_field: {
|
|
29
|
+
* // index 1 is null, as it's always in the payload, so doesn't need to be disclosed
|
|
30
|
+
* // separately
|
|
31
|
+
* a: ['a_0_digest', null, 'a_2_digest'],
|
|
32
|
+
* }
|
|
33
|
+
* }
|
|
34
|
+
* }
|
|
35
|
+
* ```
|
|
36
|
+
*
|
|
37
|
+
* This method will recursively call itself and `getArrayPayloadDisclosureMapping` if the value of a property is an object or array.
|
|
38
|
+
*/
|
|
39
|
+
export declare function getPayloadDisclosureMapping(payload: any, map: DisclosureMap): any[] | Record<string, unknown> | null;
|
|
40
|
+
/**
|
|
41
|
+
* Get a mapping from a digest to the corresponding disclosure and its parent disclosures.
|
|
42
|
+
*/
|
|
43
|
+
export declare const getDisclosureMap: (disclosures: DisclosureWithDigest[]) => DisclosureMap;
|