npm - @sd-jwt/core - Versions diffs - 0.2.1 → 0.3.2-next.100 - Mend

@sd-jwt/core 0.2.1 → 0.3.2-next.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/LICENSE +201 -0
package/README.md +27 -82
package/dist/index.d.mts +118 -0
package/dist/index.d.ts +118 -0
package/dist/index.js +675 -0
package/dist/index.mjs +654 -0
package/package.json +62 -48
package/src/decoy.ts +15 -0
package/src/index.ts +313 -0
package/src/jwt.ts +107 -0
package/src/kbjwt.ts +61 -0
package/src/sdjwt.ts +337 -0
package/src/test/decoy.spec.ts +30 -0
package/src/test/index.spec.ts +528 -0
package/src/test/jwt.spec.ts +141 -0
package/src/test/kbjwt.spec.ts +341 -0
package/src/test/pass.spec.ts +6 -0
package/src/test/sdjwt.spec.ts +382 -0
package/test/app-e2e.spec.ts +248 -0
package/test/array_data_types.json +29 -0
package/test/array_full_sd.json +21 -0
package/test/array_in_sd.json +13 -0
package/test/array_nested_in_plain.json +20 -0
package/test/array_none_disclosed.json +17 -0
package/test/array_of_nulls.json +15 -0
package/test/array_of_objects.json +58 -0
package/test/array_of_scalars.json +15 -0
package/test/array_recursive_sd.json +35 -0
package/test/array_recursive_sd_some_disclosed.json +55 -0
package/test/complex.json +43 -0
package/test/header_mod.json +44 -0
package/test/json_serialization.json +44 -0
package/test/key_binding.json +44 -0
package/test/no_sd.json +36 -0
package/test/object_data_types.json +60 -0
package/test/recursions.json +98 -0
package/tsconfig.json +7 -0
package/vitest.config.mts +4 -0
package/build/base64url.d.ts +0 -28
package/build/base64url.js +0 -40
package/build/base64url.js.map +0 -1
package/build/hasherAlgorithm.d.ts +0 -70
package/build/hasherAlgorithm.js +0 -75
package/build/hasherAlgorithm.js.map +0 -1
package/build/index.d.ts +0 -13
package/build/index.js +0 -20
package/build/index.js.map +0 -1
package/build/jwt/compact.d.ts +0 -6
package/build/jwt/compact.js +0 -27
package/build/jwt/compact.js.map +0 -1
package/build/jwt/error.d.ts +0 -2
package/build/jwt/error.js +0 -7
package/build/jwt/error.js.map +0 -1
package/build/jwt/index.d.ts +0 -2
package/build/jwt/index.js +0 -19
package/build/jwt/index.js.map +0 -1
package/build/jwt/jwt.d.ts +0 -208
package/build/jwt/jwt.js +0 -325
package/build/jwt/jwt.js.map +0 -1
package/build/keyBinding/index.d.ts +0 -1
package/build/keyBinding/index.js +0 -18
package/build/keyBinding/index.js.map +0 -1
package/build/keyBinding/keyBinding.d.ts +0 -64
package/build/keyBinding/keyBinding.js +0 -119
package/build/keyBinding/keyBinding.js.map +0 -1
package/build/sdJwt/compact.d.ts +0 -8
package/build/sdJwt/compact.js +0 -39
package/build/sdJwt/compact.js.map +0 -1
package/build/sdJwt/decoys.d.ts +0 -3
package/build/sdJwt/decoys.js +0 -35
package/build/sdJwt/decoys.js.map +0 -1
package/build/sdJwt/disclosureFrame.d.ts +0 -8
package/build/sdJwt/disclosureFrame.js +0 -87
package/build/sdJwt/disclosureFrame.js.map +0 -1
package/build/sdJwt/disclosureMapping.d.ts +0 -43
package/build/sdJwt/disclosureMapping.js +0 -278
package/build/sdJwt/disclosureMapping.js.map +0 -1
package/build/sdJwt/disclosures.d.ts +0 -33
package/build/sdJwt/disclosures.js +0 -114
package/build/sdJwt/disclosures.js.map +0 -1
package/build/sdJwt/error.d.ts +0 -2
package/build/sdJwt/error.js +0 -7
package/build/sdJwt/error.js.map +0 -1
package/build/sdJwt/index.d.ts +0 -6
package/build/sdJwt/index.js +0 -23
package/build/sdJwt/index.js.map +0 -1
package/build/sdJwt/presentationFrame.d.ts +0 -3
package/build/sdJwt/presentationFrame.js +0 -64
package/build/sdJwt/presentationFrame.js.map +0 -1
package/build/sdJwt/sdJwt.d.ts +0 -206
package/build/sdJwt/sdJwt.js +0 -442
package/build/sdJwt/sdJwt.js.map +0 -1
package/build/sdJwt/swapClaim.d.ts +0 -2
package/build/sdJwt/swapClaim.js +0 -79
package/build/sdJwt/swapClaim.js.map +0 -1
package/build/sdJwt/types.d.ts +0 -5
package/build/sdJwt/types.js +0 -3
package/build/sdJwt/types.js.map +0 -1
package/build/sdJwtVc/error.d.ts +0 -2
package/build/sdJwtVc/error.js +0 -7
package/build/sdJwtVc/error.js.map +0 -1
package/build/sdJwtVc/index.d.ts +0 -2
package/build/sdJwtVc/index.js +0 -19
package/build/sdJwtVc/index.js.map +0 -1
package/build/sdJwtVc/sdJwtVc.d.ts +0 -47
package/build/sdJwtVc/sdJwtVc.js +0 -149
package/build/sdJwtVc/sdJwtVc.js.map +0 -1
package/build/signatureAndEncryptionAlgorithm.d.ts +0 -105
package/build/signatureAndEncryptionAlgorithm.js +0 -110
package/build/signatureAndEncryptionAlgorithm.js.map +0 -1
package/build/types/disclosure.d.ts +0 -5
package/build/types/disclosure.js +0 -3
package/build/types/disclosure.js.map +0 -1
package/build/types/frame.d.ts +0 -5
package/build/types/frame.js +0 -3
package/build/types/frame.js.map +0 -1
package/build/types/hasher.d.ts +0 -14
package/build/types/hasher.js +0 -3
package/build/types/hasher.js.map +0 -1
package/build/types/index.d.ts +0 -5
package/build/types/index.js +0 -22
package/build/types/index.js.map +0 -1
package/build/types/present.d.ts +0 -2
package/build/types/present.js +0 -3
package/build/types/present.js.map +0 -1
package/build/types/saltGenerator.d.ts +0 -17
package/build/types/saltGenerator.js +0 -3
package/build/types/saltGenerator.js.map +0 -1
package/build/types/signer.d.ts +0 -2
package/build/types/signer.js +0 -3
package/build/types/signer.js.map +0 -1
package/build/types/utils.d.ts +0 -2
package/build/types/utils.js +0 -3
package/build/types/utils.js.map +0 -1
package/build/types/verifier.d.ts +0 -14
package/build/types/verifier.js +0 -3
package/build/types/verifier.js.map +0 -1
package/build/utils/index.d.ts +0 -2
package/build/utils/index.js +0 -19
package/build/utils/index.js.map +0 -1
package/build/utils/traverse.d.ts +0 -8
package/build/utils/traverse.js +0 -29
package/build/utils/traverse.js.map +0 -1
package/build/utils/utils.d.ts +0 -8
package/build/utils/utils.js +0 -118
package/build/utils/utils.js.map +0 -1

package/src/test/kbjwt.spec.ts ADDED Viewed

@@ -0,0 +1,341 @@
+import { SDJWTException } from '@sd-jwt/utils';
+import { KBJwt } from '../kbjwt';
+import {
+  JwtPayload,
+  KB_JWT_TYP,
+  KbVerifier,
+  Signer,
+  Verifier,
+} from '@sd-jwt/types';
+import Crypto, { KeyLike } from 'node:crypto';
+import { describe, expect, test } from 'vitest';
+import { JWK, exportJWK, importJWK } from 'jose';
+describe('KB JWT', () => {
+  test('create', async () => {
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    expect(kbJwt.header).toEqual({
+      typ: KB_JWT_TYP,
+      alg: 'EdDSA',
+    });
+    expect(kbJwt.payload).toEqual({
+      iat: 1,
+      aud: 'aud',
+      nonce: 'nonce',
+      sd_hash: 'hash',
+    });
+  });
+  test('decode', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    expect(decoded.header).toEqual({
+      typ: KB_JWT_TYP,
+      alg: 'EdDSA',
+    });
+    expect(decoded.payload).toEqual({
+      iat: 1,
+      aud: 'aud',
+      nonce: 'nonce',
+      sd_hash: 'hash',
+    });
+  });
+  test('verify', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const payload = {
+      cnf: {
+        jwk: await exportJWK(publicKey),
+      },
+    };
+    const testVerifier: KbVerifier = async (
+      data: string,
+      sig: string,
+      payload: JwtPayload,
+    ) => {
+      expect(payload).toStrictEqual(payload);
+      expect(payload.cnf?.jwk).toBeDefined();
+      const publicKey = payload.cnf?.jwk;
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        (await importJWK(publicKey as JWK, 'EdDSA')) as KeyLike,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    const verified = await decoded.verifyKB({
+      verifier: testVerifier,
+      payload,
+    });
+    expect(verified).toStrictEqual({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+  });
+  test('verify failed', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const payload = {
+      cnf: {
+        jwk: await exportJWK(publicKey),
+      },
+    };
+    const testVerifier: KbVerifier = async (
+      data: string,
+      sig: string,
+      payload: JwtPayload,
+    ) => {
+      expect(payload).toStrictEqual(payload);
+      expect(payload.cnf?.jwk).toBeDefined();
+      const publicKey = payload.cnf?.jwk;
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        (await importJWK(publicKey as JWK, 'EdDSA')) as KeyLike,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: '',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    try {
+      await decoded.verifyKB({ verifier: testVerifier, payload });
+    } catch (e: unknown) {
+      const error = e as SDJWTException;
+      expect(error.message).toBe('Invalid Key Binding Jwt');
+    }
+  });
+  test('verify failed with verifier return false', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const payload = {
+      cnf: {
+        jwk: await exportJWK(publicKey),
+      },
+    };
+    const testVerifier: KbVerifier = async (
+      data: string,
+      sig: string,
+      payload: JwtPayload,
+    ) => {
+      expect(payload).toStrictEqual(payload);
+      expect(payload.cnf?.jwk).toBeDefined();
+      return false;
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    try {
+      await decoded.verifyKB({ verifier: testVerifier, payload });
+    } catch (e: unknown) {
+      const error = e as SDJWTException;
+      expect(error.message).toBe('Verify Error: Invalid JWT Signature');
+    }
+  });
+  test('verify failed with invalid jwt', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const payload = {
+      cnf: {
+        jwk: await exportJWK(publicKey),
+      },
+    };
+    const testVerifier: KbVerifier = async (
+      data: string,
+      sig: string,
+      payload: JwtPayload,
+    ) => {
+      expect(payload).toStrictEqual(payload);
+      expect(payload.cnf?.jwk).toBeDefined();
+      return false;
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    decoded.signature = undefined;
+    try {
+      await decoded.verifyKB({ verifier: testVerifier, payload });
+    } catch (e: unknown) {
+      const error = e as SDJWTException;
+      expect(error.message).toBe('Verify Error: Invalid JWT');
+    }
+  });
+  test('compatibility test for version 06', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const payload = {
+      cnf: {
+        jwk: await exportJWK(publicKey),
+      },
+    };
+    const testVerifier: KbVerifier = async (
+      data: string,
+      sig: string,
+      payload: JwtPayload,
+    ) => {
+      expect(payload).toStrictEqual(payload);
+      expect(payload.cnf?.jwk).toBeDefined();
+      const publicKey = payload.cnf?.jwk;
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        (await importJWK(publicKey as JWK, 'EdDSA')) as KeyLike,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    (kbJwt.payload as Record<string, unknown>)._sd_hash = 'hash';
+    (kbJwt.payload as Record<string, unknown>).sd_hash = undefined;
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    const verified = await decoded.verifyKB({
+      verifier: testVerifier,
+      payload,
+    });
+    expect(verified).toStrictEqual({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        _sd_hash: 'hash',
+      },
+    });
+  });
+});

package/src/test/pass.spec.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { describe, expect, test } from 'vitest';
+describe('Should always pass', () => {
+  test('adds 1 + 2 to equal 3', () => {
+    expect(1 + 2).toBe(3);
+  });
+});