@sd-jwt/core 0.2.1 → 2.0.2-next.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/dist/index.d.mts +106 -0
- package/dist/index.d.ts +106 -0
- package/dist/index.js +606 -0
- package/dist/index.mjs +586 -0
- package/package.json +60 -48
- package/src/decoy.ts +15 -0
- package/src/index.ts +235 -0
- package/src/jwt.ts +107 -0
- package/src/kbjwt.ts +45 -0
- package/src/sdjwt.ts +318 -0
- package/src/test/decoy.spec.ts +30 -0
- package/src/test/index.spec.ts +379 -0
- package/src/test/jwt.spec.ts +141 -0
- package/src/test/kbjwt.spec.ts +275 -0
- package/src/test/pass.spec.ts +6 -0
- package/src/test/sdjwt.spec.ts +382 -0
- package/test/app-e2e.spec.ts +248 -0
- package/test/array_data_types.json +29 -0
- package/test/array_full_sd.json +21 -0
- package/test/array_in_sd.json +13 -0
- package/test/array_nested_in_plain.json +20 -0
- package/test/array_none_disclosed.json +17 -0
- package/test/array_of_nulls.json +15 -0
- package/test/array_of_objects.json +58 -0
- package/test/array_of_scalars.json +15 -0
- package/test/array_recursive_sd.json +35 -0
- package/test/array_recursive_sd_some_disclosed.json +55 -0
- package/test/complex.json +43 -0
- package/test/header_mod.json +44 -0
- package/test/json_serialization.json +44 -0
- package/test/key_binding.json +44 -0
- package/test/no_sd.json +36 -0
- package/test/object_data_types.json +60 -0
- package/test/recursions.json +98 -0
- package/tsconfig.json +7 -0
- package/vitest.config.mts +4 -0
- package/README.md +0 -97
- package/build/base64url.d.ts +0 -28
- package/build/base64url.js +0 -40
- package/build/base64url.js.map +0 -1
- package/build/hasherAlgorithm.d.ts +0 -70
- package/build/hasherAlgorithm.js +0 -75
- package/build/hasherAlgorithm.js.map +0 -1
- package/build/index.d.ts +0 -13
- package/build/index.js +0 -20
- package/build/index.js.map +0 -1
- package/build/jwt/compact.d.ts +0 -6
- package/build/jwt/compact.js +0 -27
- package/build/jwt/compact.js.map +0 -1
- package/build/jwt/error.d.ts +0 -2
- package/build/jwt/error.js +0 -7
- package/build/jwt/error.js.map +0 -1
- package/build/jwt/index.d.ts +0 -2
- package/build/jwt/index.js +0 -19
- package/build/jwt/index.js.map +0 -1
- package/build/jwt/jwt.d.ts +0 -208
- package/build/jwt/jwt.js +0 -325
- package/build/jwt/jwt.js.map +0 -1
- package/build/keyBinding/index.d.ts +0 -1
- package/build/keyBinding/index.js +0 -18
- package/build/keyBinding/index.js.map +0 -1
- package/build/keyBinding/keyBinding.d.ts +0 -64
- package/build/keyBinding/keyBinding.js +0 -119
- package/build/keyBinding/keyBinding.js.map +0 -1
- package/build/sdJwt/compact.d.ts +0 -8
- package/build/sdJwt/compact.js +0 -39
- package/build/sdJwt/compact.js.map +0 -1
- package/build/sdJwt/decoys.d.ts +0 -3
- package/build/sdJwt/decoys.js +0 -35
- package/build/sdJwt/decoys.js.map +0 -1
- package/build/sdJwt/disclosureFrame.d.ts +0 -8
- package/build/sdJwt/disclosureFrame.js +0 -87
- package/build/sdJwt/disclosureFrame.js.map +0 -1
- package/build/sdJwt/disclosureMapping.d.ts +0 -43
- package/build/sdJwt/disclosureMapping.js +0 -278
- package/build/sdJwt/disclosureMapping.js.map +0 -1
- package/build/sdJwt/disclosures.d.ts +0 -33
- package/build/sdJwt/disclosures.js +0 -114
- package/build/sdJwt/disclosures.js.map +0 -1
- package/build/sdJwt/error.d.ts +0 -2
- package/build/sdJwt/error.js +0 -7
- package/build/sdJwt/error.js.map +0 -1
- package/build/sdJwt/index.d.ts +0 -6
- package/build/sdJwt/index.js +0 -23
- package/build/sdJwt/index.js.map +0 -1
- package/build/sdJwt/presentationFrame.d.ts +0 -3
- package/build/sdJwt/presentationFrame.js +0 -64
- package/build/sdJwt/presentationFrame.js.map +0 -1
- package/build/sdJwt/sdJwt.d.ts +0 -206
- package/build/sdJwt/sdJwt.js +0 -442
- package/build/sdJwt/sdJwt.js.map +0 -1
- package/build/sdJwt/swapClaim.d.ts +0 -2
- package/build/sdJwt/swapClaim.js +0 -79
- package/build/sdJwt/swapClaim.js.map +0 -1
- package/build/sdJwt/types.d.ts +0 -5
- package/build/sdJwt/types.js +0 -3
- package/build/sdJwt/types.js.map +0 -1
- package/build/sdJwtVc/error.d.ts +0 -2
- package/build/sdJwtVc/error.js +0 -7
- package/build/sdJwtVc/error.js.map +0 -1
- package/build/sdJwtVc/index.d.ts +0 -2
- package/build/sdJwtVc/index.js +0 -19
- package/build/sdJwtVc/index.js.map +0 -1
- package/build/sdJwtVc/sdJwtVc.d.ts +0 -47
- package/build/sdJwtVc/sdJwtVc.js +0 -149
- package/build/sdJwtVc/sdJwtVc.js.map +0 -1
- package/build/signatureAndEncryptionAlgorithm.d.ts +0 -105
- package/build/signatureAndEncryptionAlgorithm.js +0 -110
- package/build/signatureAndEncryptionAlgorithm.js.map +0 -1
- package/build/types/disclosure.d.ts +0 -5
- package/build/types/disclosure.js +0 -3
- package/build/types/disclosure.js.map +0 -1
- package/build/types/frame.d.ts +0 -5
- package/build/types/frame.js +0 -3
- package/build/types/frame.js.map +0 -1
- package/build/types/hasher.d.ts +0 -14
- package/build/types/hasher.js +0 -3
- package/build/types/hasher.js.map +0 -1
- package/build/types/index.d.ts +0 -5
- package/build/types/index.js +0 -22
- package/build/types/index.js.map +0 -1
- package/build/types/present.d.ts +0 -2
- package/build/types/present.js +0 -3
- package/build/types/present.js.map +0 -1
- package/build/types/saltGenerator.d.ts +0 -17
- package/build/types/saltGenerator.js +0 -3
- package/build/types/saltGenerator.js.map +0 -1
- package/build/types/signer.d.ts +0 -2
- package/build/types/signer.js +0 -3
- package/build/types/signer.js.map +0 -1
- package/build/types/utils.d.ts +0 -2
- package/build/types/utils.js +0 -3
- package/build/types/utils.js.map +0 -1
- package/build/types/verifier.d.ts +0 -14
- package/build/types/verifier.js +0 -3
- package/build/types/verifier.js.map +0 -1
- package/build/utils/index.d.ts +0 -2
- package/build/utils/index.js +0 -19
- package/build/utils/index.js.map +0 -1
- package/build/utils/traverse.d.ts +0 -8
- package/build/utils/traverse.js +0 -29
- package/build/utils/traverse.js.map +0 -1
- package/build/utils/utils.d.ts +0 -8
- package/build/utils/utils.js +0 -118
- package/build/utils/utils.js.map +0 -1
package/build/jwt/jwt.js
DELETED
|
@@ -1,325 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.Jwt = void 0;
|
|
13
|
-
const utils_1 = require("@sd-jwt/utils");
|
|
14
|
-
const error_1 = require("./error");
|
|
15
|
-
const utils_2 = require("@sd-jwt/utils");
|
|
16
|
-
const decode_1 = require("@sd-jwt/decode");
|
|
17
|
-
class Jwt {
|
|
18
|
-
constructor(options, additionalOptions) {
|
|
19
|
-
this.header = options === null || options === void 0 ? void 0 : options.header;
|
|
20
|
-
this.payload = options === null || options === void 0 ? void 0 : options.payload;
|
|
21
|
-
this.signature = options === null || options === void 0 ? void 0 : options.signature;
|
|
22
|
-
this.signer = additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer;
|
|
23
|
-
}
|
|
24
|
-
/**
|
|
25
|
-
*
|
|
26
|
-
* Instantiate a JWT from a compact format.
|
|
27
|
-
*
|
|
28
|
-
* Two generics may be supplied for typing on the Header and Payload. These are not enforced.
|
|
29
|
-
*
|
|
30
|
-
* Defined in: {@link https://datatracker.ietf.org/doc/html/rfc7519#section-3 | RFC 7519 }
|
|
31
|
-
*
|
|
32
|
-
*/
|
|
33
|
-
static fromCompact(compact) {
|
|
34
|
-
const { header, payload, signature } = (0, decode_1.jwtFromCompact)(compact);
|
|
35
|
-
const jwt = new Jwt({
|
|
36
|
-
header,
|
|
37
|
-
payload,
|
|
38
|
-
signature
|
|
39
|
-
});
|
|
40
|
-
jwt.compact = compact;
|
|
41
|
-
return jwt;
|
|
42
|
-
}
|
|
43
|
-
/**
|
|
44
|
-
*
|
|
45
|
-
* Replaces the current Header a new one.
|
|
46
|
-
*
|
|
47
|
-
*/
|
|
48
|
-
withHeader(header) {
|
|
49
|
-
this.header = header;
|
|
50
|
-
return this;
|
|
51
|
-
}
|
|
52
|
-
/**
|
|
53
|
-
*
|
|
54
|
-
* Add a new claim to the Header, overriding the old one if it already is on there.
|
|
55
|
-
*
|
|
56
|
-
*/
|
|
57
|
-
addHeaderClaim(item, value) {
|
|
58
|
-
var _a;
|
|
59
|
-
(_a = this.header) !== null && _a !== void 0 ? _a : (this.header = {});
|
|
60
|
-
if (value !== undefined && item !== null) {
|
|
61
|
-
this.header = Object.assign(Object.assign({}, this.header), { [item]: value });
|
|
62
|
-
}
|
|
63
|
-
return this;
|
|
64
|
-
}
|
|
65
|
-
/**
|
|
66
|
-
*
|
|
67
|
-
* Replaces the current Payload a new one.
|
|
68
|
-
*
|
|
69
|
-
*/
|
|
70
|
-
withPayload(payload) {
|
|
71
|
-
this.payload = payload;
|
|
72
|
-
return this;
|
|
73
|
-
}
|
|
74
|
-
/**
|
|
75
|
-
*
|
|
76
|
-
* Add a new claim to the Payload, overriding the old one if it already is on there.
|
|
77
|
-
*
|
|
78
|
-
*/
|
|
79
|
-
addPayloadClaim(item, value) {
|
|
80
|
-
var _a;
|
|
81
|
-
(_a = this.payload) !== null && _a !== void 0 ? _a : (this.payload = {});
|
|
82
|
-
if (value !== undefined && item !== null) {
|
|
83
|
-
this.payload = Object.assign(Object.assign({}, this.payload), { [item]: value });
|
|
84
|
-
}
|
|
85
|
-
return this;
|
|
86
|
-
}
|
|
87
|
-
/**
|
|
88
|
-
*
|
|
89
|
-
* Manually append a signature to the JWT. This signature is not validated.
|
|
90
|
-
*
|
|
91
|
-
* @note Only use this if the supplying a signing callback does not fit your use case.
|
|
92
|
-
*
|
|
93
|
-
*/
|
|
94
|
-
withSignature(signature) {
|
|
95
|
-
this.signature = signature;
|
|
96
|
-
return this;
|
|
97
|
-
}
|
|
98
|
-
/**
|
|
99
|
-
*
|
|
100
|
-
* Add a signing callback to the JWT that will be used for creating the signature.
|
|
101
|
-
*
|
|
102
|
-
*/
|
|
103
|
-
withSigner(signer) {
|
|
104
|
-
this.signer = signer;
|
|
105
|
-
return this;
|
|
106
|
-
}
|
|
107
|
-
/**
|
|
108
|
-
*
|
|
109
|
-
* Assert that there is a Header on the JWT.
|
|
110
|
-
*
|
|
111
|
-
* @throws when the Header is not defined
|
|
112
|
-
*
|
|
113
|
-
*/
|
|
114
|
-
assertHeader() {
|
|
115
|
-
if (this.header)
|
|
116
|
-
return;
|
|
117
|
-
throw new error_1.JwtError('Header must be defined');
|
|
118
|
-
}
|
|
119
|
-
/**
|
|
120
|
-
*
|
|
121
|
-
* Assert that there is a Payload on the JWT.
|
|
122
|
-
*
|
|
123
|
-
* @throws when the Payload is not defined
|
|
124
|
-
*
|
|
125
|
-
*/
|
|
126
|
-
assertPayload() {
|
|
127
|
-
if (this.payload)
|
|
128
|
-
return;
|
|
129
|
-
throw new error_1.JwtError('Payload must be defined');
|
|
130
|
-
}
|
|
131
|
-
/**
|
|
132
|
-
*
|
|
133
|
-
* Assert that there is a Signature on the JWT.
|
|
134
|
-
*
|
|
135
|
-
* @throws when the Signature is not defined
|
|
136
|
-
*
|
|
137
|
-
*/
|
|
138
|
-
assertSignature() {
|
|
139
|
-
if (this.signature)
|
|
140
|
-
return;
|
|
141
|
-
throw new error_1.JwtError('Signature must be defined');
|
|
142
|
-
}
|
|
143
|
-
/**
|
|
144
|
-
*
|
|
145
|
-
* Assert that there is a Signing callback on the JWT.
|
|
146
|
-
*
|
|
147
|
-
* @throws when the Signer is not defined
|
|
148
|
-
*
|
|
149
|
-
*/
|
|
150
|
-
assertSigner() {
|
|
151
|
-
if (this.signer)
|
|
152
|
-
return;
|
|
153
|
-
throw new error_1.JwtError('A signer must be provided to create a signature. You can set it with this.withSigner()');
|
|
154
|
-
}
|
|
155
|
-
/**
|
|
156
|
-
*
|
|
157
|
-
* Assert that there is a specific claim, possibly with value, in the Header.
|
|
158
|
-
*
|
|
159
|
-
*/
|
|
160
|
-
assertClaimInHeader(claimKey, claimValue) {
|
|
161
|
-
this.assertHeader();
|
|
162
|
-
try {
|
|
163
|
-
this.assertClaimInObject(this.header, claimKey, claimValue);
|
|
164
|
-
}
|
|
165
|
-
catch (e) {
|
|
166
|
-
if (e instanceof error_1.JwtError) {
|
|
167
|
-
e.message += ' within the header';
|
|
168
|
-
}
|
|
169
|
-
throw e;
|
|
170
|
-
}
|
|
171
|
-
}
|
|
172
|
-
/**
|
|
173
|
-
*
|
|
174
|
-
* Assert that there is a specific claim, possibly with value, in the Payload.
|
|
175
|
-
*
|
|
176
|
-
*/
|
|
177
|
-
assertClaimInPayload(claimKey, claimValue) {
|
|
178
|
-
this.assertPayload();
|
|
179
|
-
try {
|
|
180
|
-
this.assertClaimInObject(this.payload, claimKey, claimValue);
|
|
181
|
-
}
|
|
182
|
-
catch (e) {
|
|
183
|
-
if (e instanceof error_1.JwtError) {
|
|
184
|
-
e.message += ' within the payload';
|
|
185
|
-
}
|
|
186
|
-
throw e;
|
|
187
|
-
}
|
|
188
|
-
}
|
|
189
|
-
assertClaimInObject(object, claimKey, claimValue) {
|
|
190
|
-
const value = (0, utils_2.getValueByKeyAnyLevel)(object, claimKey);
|
|
191
|
-
if (!value) {
|
|
192
|
-
throw new error_1.JwtError(`Claim key '${claimKey}' not found in any level`);
|
|
193
|
-
}
|
|
194
|
-
if (claimValue && !(0, utils_2.simpleDeepEqual)(value, claimValue)) {
|
|
195
|
-
throw new error_1.JwtError(`Claim key '${claimKey}' was found, but values did not match`);
|
|
196
|
-
}
|
|
197
|
-
}
|
|
198
|
-
/**
|
|
199
|
-
*
|
|
200
|
-
* Get a claim within the payload.
|
|
201
|
-
*
|
|
202
|
-
* @throws when the payload is not defined
|
|
203
|
-
* @throws when the claim could not be found at any level
|
|
204
|
-
*
|
|
205
|
-
*/
|
|
206
|
-
getClaimInPayload(claimKey) {
|
|
207
|
-
this.assertPayload();
|
|
208
|
-
return this.getClaimInObject(this.payload, claimKey);
|
|
209
|
-
}
|
|
210
|
-
/**
|
|
211
|
-
*
|
|
212
|
-
* Get a claim within the payload.
|
|
213
|
-
*
|
|
214
|
-
* @throws when the payload is not defined
|
|
215
|
-
* @throws when the claim could not be found at any level
|
|
216
|
-
*
|
|
217
|
-
*/
|
|
218
|
-
getClaimInHeader(claimKey) {
|
|
219
|
-
this.assertHeader();
|
|
220
|
-
return this.getClaimInObject(this.header, claimKey);
|
|
221
|
-
}
|
|
222
|
-
getClaimInObject(object, claimKey) {
|
|
223
|
-
const value = (0, utils_2.getValueByKeyAnyLevel)(object, claimKey);
|
|
224
|
-
if (!value) {
|
|
225
|
-
throw new error_1.JwtError(`Claim key '${claimKey}' not found in any level`);
|
|
226
|
-
}
|
|
227
|
-
return value;
|
|
228
|
-
}
|
|
229
|
-
/**
|
|
230
|
-
*
|
|
231
|
-
* Returns a string of what needs to be signed.
|
|
232
|
-
*
|
|
233
|
-
* Defined in: {@link https://datatracker.ietf.org/doc/html/rfc7519#section-3 | RFC 7519}
|
|
234
|
-
*
|
|
235
|
-
*/
|
|
236
|
-
get signableInput() {
|
|
237
|
-
this.assertHeader();
|
|
238
|
-
this.assertPayload();
|
|
239
|
-
return `${this.compactHeader}.${this.compactPayload}`;
|
|
240
|
-
}
|
|
241
|
-
/**
|
|
242
|
-
*
|
|
243
|
-
* Sign the Header and Payload and append the signature to the JWT.
|
|
244
|
-
*
|
|
245
|
-
*/
|
|
246
|
-
signAndAdd() {
|
|
247
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
248
|
-
this.assertSigner();
|
|
249
|
-
const signature = yield this.signer(this.signableInput, this.header);
|
|
250
|
-
this.withSignature(signature);
|
|
251
|
-
return this;
|
|
252
|
-
});
|
|
253
|
-
}
|
|
254
|
-
get compactHeader() {
|
|
255
|
-
this.assertHeader();
|
|
256
|
-
return utils_1.Base64url.encodeFromJson(this.header);
|
|
257
|
-
}
|
|
258
|
-
get compactPayload() {
|
|
259
|
-
this.assertPayload();
|
|
260
|
-
return utils_1.Base64url.encodeFromJson(this.payload);
|
|
261
|
-
}
|
|
262
|
-
/**
|
|
263
|
-
*
|
|
264
|
-
* Create a compact format of the JWT.
|
|
265
|
-
*
|
|
266
|
-
* This will add a signature if there is none.
|
|
267
|
-
*
|
|
268
|
-
* @throws When the signature and signer are not defined
|
|
269
|
-
*
|
|
270
|
-
*/
|
|
271
|
-
toCompact() {
|
|
272
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
273
|
-
this.assertHeader();
|
|
274
|
-
this.assertPayload();
|
|
275
|
-
if (!this.signature) {
|
|
276
|
-
yield this.signAndAdd();
|
|
277
|
-
}
|
|
278
|
-
const encodedSignature = utils_1.Base64url.encode(this.signature);
|
|
279
|
-
return `${this.compactHeader}.${this.compactPayload}.${encodedSignature}`;
|
|
280
|
-
});
|
|
281
|
-
}
|
|
282
|
-
/**
|
|
283
|
-
*
|
|
284
|
-
* Verify the JWT.
|
|
285
|
-
*
|
|
286
|
-
* - Check the nbf claim with `now`
|
|
287
|
-
* - Check the exp claim with `now`
|
|
288
|
-
* - Additionally validate any required claims
|
|
289
|
-
* - Additionally pass in a specific publicKeyJwk to validate the signature
|
|
290
|
-
*
|
|
291
|
-
*/
|
|
292
|
-
verify(verifySignature, requiredClaims, publicKeyJwk) {
|
|
293
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
294
|
-
this.assertHeader();
|
|
295
|
-
this.assertPayload();
|
|
296
|
-
this.assertSignature();
|
|
297
|
-
const ret = {};
|
|
298
|
-
ret.isSignatureValid = yield verifySignature({
|
|
299
|
-
header: this.header,
|
|
300
|
-
signature: this.signature,
|
|
301
|
-
message: this.signableInput,
|
|
302
|
-
publicKeyJwk
|
|
303
|
-
});
|
|
304
|
-
if ('nbf' in this.payload) {
|
|
305
|
-
const now = new Date();
|
|
306
|
-
const notBefore = new Date(this.payload.nbf * 1000);
|
|
307
|
-
ret.isNotBeforeValid = notBefore < now;
|
|
308
|
-
}
|
|
309
|
-
if ('exp' in this.payload) {
|
|
310
|
-
const now = new Date();
|
|
311
|
-
const expiryTime = new Date(this.payload.exp * 1000);
|
|
312
|
-
ret.isExpiryTimeValid = expiryTime > now;
|
|
313
|
-
}
|
|
314
|
-
if (requiredClaims) {
|
|
315
|
-
ret.areRequiredClaimsIncluded = requiredClaims.every((claim) => claim in this.payload);
|
|
316
|
-
}
|
|
317
|
-
ret.isValid = Object.values(ret)
|
|
318
|
-
.filter((i) => typeof i === 'boolean')
|
|
319
|
-
.every((i) => !!i);
|
|
320
|
-
return ret;
|
|
321
|
-
});
|
|
322
|
-
}
|
|
323
|
-
}
|
|
324
|
-
exports.Jwt = Jwt;
|
|
325
|
-
//# sourceMappingURL=jwt.js.map
|
package/build/jwt/jwt.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/jwt/jwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAyC;AACzC,mCAAkC;AAGlC,yCAAsE;AACtE,2CAA+C;AAiD/C,MAAa,GAAG;IA2CZ,YACI,OAAqC,EACrC,iBAAwC;QAExC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QAEnC,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,CAAA;IAC3C,CAAC;IAED;;;;;;;;OAQG;IACI,MAAM,CAAC,WAAW,CAGvB,OAAe;QACb,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,uBAAc,EACjD,OAAO,CACV,CAAA;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAkB;YACjC,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAC,CAAA;QAEF,GAAG,CAAC,OAAO,GAAG,OAAO,CAAA;QAErB,OAAO,GAAiE,CAAA;IAC5E,CAAC;IAED;;;;OAIG;IACI,UAAU,CACb,MAAc;QAEd,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,cAAc,CACjB,IAA2B,EAC3B,KAAoC;;QAEpC,MAAA,IAAI,CAAC,MAAM,oCAAX,IAAI,CAAC,MAAM,GAAK,EAAY,EAAA;QAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,mCAAQ,IAAI,CAAC,MAAM,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACnD,CAAC;QACD,OAAO,IAAkD,CAAA;IAC7D,CAAC;IAED;;;;OAIG;IACI,WAAW,CACd,OAAgB;QAEhB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;OAIG;IACI,eAAe,CAClB,IAA4B,EAC5B,KAAqC;;QAErC,MAAA,IAAI,CAAC,OAAO,oCAAZ,IAAI,CAAC,OAAO,GAAK,EAAa,EAAA;QAC9B,IAAI,KAAK,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YACvC,IAAI,CAAC,OAAO,mCAAQ,IAAI,CAAC,OAAO,KAAE,CAAC,IAAI,CAAC,EAAE,KAAK,GAAE,CAAA;QACrD,CAAC;QACD,OAAO,IAAmD,CAAA;IAC9D,CAAC;IAED;;;;;;OAMG;IACI,aAAa,CAChB,SAAqB;QAErB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAAc;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CAAC,wBAAwB,CAAC,CAAA;IAChD,CAAC;IAED;;;;;;OAMG;IACI,aAAa;QAChB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAM;QAExB,MAAM,IAAI,gBAAQ,CAAC,yBAAyB,CAAC,CAAA;IACjD,CAAC;IAED;;;;;;OAMG;IACI,eAAe;QAClB,IAAI,IAAI,CAAC,SAAS;YAAE,OAAM;QAE1B,MAAM,IAAI,gBAAQ,CAAC,2BAA2B,CAAC,CAAA;IACnD,CAAC;IAED;;;;;;OAMG;IACI,YAAY;QACf,IAAI,IAAI,CAAC,MAAM;YAAE,OAAM;QAEvB,MAAM,IAAI,gBAAQ,CACd,wFAAwF,CAC3F,CAAA;IACL,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CACtB,QAA+B,EAC/B,UAA8C;QAE9C,IAAI,CAAC,YAAY,EAAE,CAAA;QAEnB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,MAAO,EACZ,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,oBAAoB,CAAA;YACrC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,oBAAoB,CACvB,QAAgC,EAChC,UAA+C;QAE/C,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,IAAI,CAAC;YACD,IAAI,CAAC,mBAAmB,CACpB,IAAI,CAAC,OAAQ,EACb,QAAkB,EAClB,UAAU,CACb,CAAA;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,IAAI,CAAC,YAAY,gBAAQ,EAAE,CAAC;gBACxB,CAAC,CAAC,OAAO,IAAI,qBAAqB,CAAA;YACtC,CAAC;YACD,MAAM,CAAC,CAAA;QACX,CAAC;IACL,CAAC;IAEO,mBAAmB,CACvB,MAA+B,EAC/B,QAAgB,EAChB,UAAoB;QAEpB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,IAAI,UAAU,IAAI,CAAC,IAAA,uBAAe,EAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,gBAAQ,CACd,cAAc,QAAQ,uCAAuC,CAChE,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACI,iBAAiB,CAAI,QAAgC;QACxD,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,OAAQ,EAAE,QAAkB,CAAC,CAAA;IACtE,CAAC;IAED;;;;;;;OAOG;IACI,gBAAgB,CAAI,QAA+B;QACtD,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,IAAI,CAAC,gBAAgB,CAAI,IAAI,CAAC,MAAO,EAAE,QAAkB,CAAC,CAAA;IACrE,CAAC;IAEO,gBAAgB,CACpB,MAA+B,EAC/B,QAAgB;QAEhB,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAI,MAAM,EAAE,QAAQ,CAAC,CAAA;QAExD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,gBAAQ,CAAC,cAAc,QAAQ,0BAA0B,CAAC,CAAA;QACxE,CAAC;QAED,OAAO,KAAK,CAAA;IAChB,CAAC;IAED;;;;;;OAMG;IACH,IAAW,aAAa;QACpB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,IAAI,CAAC,aAAa,EAAE,CAAA;QAEpB,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,EAAE,CAAA;IACzD,CAAC;IAED;;;;OAIG;IACU,UAAU;;YAGnB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAO,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,MAAO,CAAC,CAAA;YACtE,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YAE7B,OAAO,IAAqD,CAAA;QAChE,CAAC;KAAA;IAED,IAAY,aAAa;QACrB,IAAI,CAAC,YAAY,EAAE,CAAA;QACnB,OAAO,iBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAO,CAAC,CAAA;IACjD,CAAC;IAED,IAAY,cAAc;QACtB,IAAI,CAAC,aAAa,EAAE,CAAA;QACpB,OAAO,iBAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAQ,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;;;OAQG;IACU,SAAS;;YAClB,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,gBAAgB,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC,CAAA;YAE1D,OAAO,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,cAAc,IAAI,gBAAgB,EAAE,CAAA;QAC7E,CAAC;KAAA;IAED;;;;;;;;;OASG;IACU,MAAM,CACf,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;YAEtC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,MAAM,GAAG,GAAmC,EAAE,CAAA;YAE9C,GAAG,CAAC,gBAAgB,GAAG,MAAM,eAAe,CAAC;gBACzC,MAAM,EAAE,IAAI,CAAC,MAAO;gBACpB,SAAS,EAAE,IAAI,CAAC,SAAU;gBAC1B,OAAO,EAAE,IAAI,CAAC,aAAa;gBAC3B,YAAY;aACf,CAAC,CAAA;YAEF,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEhE,GAAG,CAAC,gBAAgB,GAAG,SAAS,GAAG,GAAG,CAAA;YAC1C,CAAC;YAED,IAAI,KAAK,IAAI,IAAI,CAAC,OAAQ,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;gBACtB,MAAM,UAAU,GAAG,IAAI,IAAI,CAAE,IAAI,CAAC,OAAQ,CAAC,GAAc,GAAG,IAAI,CAAC,CAAA;gBAEjE,GAAG,CAAC,iBAAiB,GAAG,UAAU,GAAG,GAAG,CAAA;YAC5C,CAAC;YAED,IAAI,cAAc,EAAE,CAAC;gBACjB,GAAG,CAAC,yBAAyB,GAAG,cAAc,CAAC,KAAK,CAChD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,OAAQ,CACpC,CAAA;YACL,CAAC;YAED,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;iBAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;iBACrC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YAEtB,OAAO,GAA4B,CAAA;QACvC,CAAC;KAAA;CACJ;AAtbD,kBAsbC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export * from './keyBinding';
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./keyBinding"), exports);
|
|
18
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keyBinding/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA4B"}
|
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
import { Jwt, JwtAdditionalOptions, JwtOptions, JwtVerificationResult } from '../jwt';
|
|
2
|
-
import { SignatureAndEncryptionAlgorithm } from '../signatureAndEncryptionAlgorithm';
|
|
3
|
-
import { MakePropertyRequired, Signer, Verifier } from '../types';
|
|
4
|
-
type ReturnKeyBindingWithHeaderAndPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends KeyBinding<H, P>> = MakePropertyRequired<T, 'header' | 'payload'>;
|
|
5
|
-
export type KeyBindingHeader<H extends Record<string, unknown> = Record<string, unknown>> = H & {
|
|
6
|
-
typ: 'kb+jwt';
|
|
7
|
-
alg: SignatureAndEncryptionAlgorithm | string;
|
|
8
|
-
};
|
|
9
|
-
export type KeyBindingPayload<P extends Record<string, unknown> = Record<string, unknown>> = P & {
|
|
10
|
-
iat: number;
|
|
11
|
-
aud: string;
|
|
12
|
-
nonce: string;
|
|
13
|
-
};
|
|
14
|
-
export type KeyBindingOptions<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> = JwtOptions<KeyBindingHeader<Header>, KeyBindingPayload<Payload>> & {
|
|
15
|
-
/**
|
|
16
|
-
* The compact SD-JWT over which the key binding should provide integrity
|
|
17
|
-
*/
|
|
18
|
-
compactSdJwt?: string;
|
|
19
|
-
};
|
|
20
|
-
export type KeyBindingAdditionalOptions<Header extends Record<string, unknown> = Record<string, unknown>> = JwtAdditionalOptions<KeyBindingHeader<Header>>;
|
|
21
|
-
export type KeyBindingVerificationResult = JwtVerificationResult;
|
|
22
|
-
export declare class KeyBinding<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends Jwt<Header, Payload> {
|
|
23
|
-
signer?: Signer<Header>;
|
|
24
|
-
expectedSdHash?: string;
|
|
25
|
-
constructor(options?: KeyBindingOptions<Header, Payload>, additionalOptions?: KeyBindingAdditionalOptions<Header>);
|
|
26
|
-
/**
|
|
27
|
-
*
|
|
28
|
-
* Convert a standard `JWT` to an instance of `KeyBinding`.
|
|
29
|
-
*
|
|
30
|
-
* @throws when the claims are not valid for key binding
|
|
31
|
-
*
|
|
32
|
-
*/
|
|
33
|
-
static fromJwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(jwt: Jwt<Header, Payload>): KeyBinding<Header, Payload>;
|
|
34
|
-
/**
|
|
35
|
-
*
|
|
36
|
-
* Verify the jwt as a valid `KeyBinding` jwt.
|
|
37
|
-
*
|
|
38
|
-
* Invalid when:
|
|
39
|
-
* - The required claims for key binding are not included
|
|
40
|
-
* - The signature is invalid
|
|
41
|
-
* - The optional required additional claims are not included
|
|
42
|
-
*
|
|
43
|
-
*/
|
|
44
|
-
verify(verifySignature: Verifier<Header>, requiredClaims?: Array<keyof Payload | string>, publicKeyJwk?: Record<string, unknown>): Promise<KeyBindingVerificationResult>;
|
|
45
|
-
/**
|
|
46
|
-
*
|
|
47
|
-
* Convert a compact `JWT` into an instance of `KeyBinding`.
|
|
48
|
-
*
|
|
49
|
-
* @throws when the claims are not valid for key binding
|
|
50
|
-
*
|
|
51
|
-
*/
|
|
52
|
-
static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnKeyBindingWithHeaderAndPayload<Header, Payload, KeyBinding<Header, Payload>>;
|
|
53
|
-
withSdHashClaim(sdHash: string): this;
|
|
54
|
-
withExpectedSdHash(expectedSdHash: string): this;
|
|
55
|
-
/**
|
|
56
|
-
*
|
|
57
|
-
* Asserts the required properties for valid key binding.
|
|
58
|
-
*
|
|
59
|
-
* @throws when a claim in the header, or payload, is invalid
|
|
60
|
-
*
|
|
61
|
-
*/
|
|
62
|
-
assertValidForKeyBinding(expectedSdHash?: string): Promise<void>;
|
|
63
|
-
}
|
|
64
|
-
export {};
|
|
@@ -1,119 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.KeyBinding = void 0;
|
|
13
|
-
const decode_1 = require("@sd-jwt/decode");
|
|
14
|
-
const jwt_1 = require("../jwt");
|
|
15
|
-
class KeyBinding extends jwt_1.Jwt {
|
|
16
|
-
constructor(options, additionalOptions) {
|
|
17
|
-
super(options);
|
|
18
|
-
this.signer = additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer;
|
|
19
|
-
}
|
|
20
|
-
/**
|
|
21
|
-
*
|
|
22
|
-
* Convert a standard `JWT` to an instance of `KeyBinding`.
|
|
23
|
-
*
|
|
24
|
-
* @throws when the claims are not valid for key binding
|
|
25
|
-
*
|
|
26
|
-
*/
|
|
27
|
-
static fromJwt(jwt) {
|
|
28
|
-
const keyBinding = new KeyBinding({
|
|
29
|
-
header: jwt.header,
|
|
30
|
-
payload: jwt.payload,
|
|
31
|
-
signature: jwt.signature
|
|
32
|
-
}, { signer: jwt.signer });
|
|
33
|
-
keyBinding.assertValidForKeyBinding();
|
|
34
|
-
return keyBinding;
|
|
35
|
-
}
|
|
36
|
-
/**
|
|
37
|
-
*
|
|
38
|
-
* Verify the jwt as a valid `KeyBinding` jwt.
|
|
39
|
-
*
|
|
40
|
-
* Invalid when:
|
|
41
|
-
* - The required claims for key binding are not included
|
|
42
|
-
* - The signature is invalid
|
|
43
|
-
* - The optional required additional claims are not included
|
|
44
|
-
*
|
|
45
|
-
*/
|
|
46
|
-
verify(verifySignature, requiredClaims, publicKeyJwk) {
|
|
47
|
-
const _super = Object.create(null, {
|
|
48
|
-
verify: { get: () => super.verify }
|
|
49
|
-
});
|
|
50
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
51
|
-
if (!this.expectedSdHash) {
|
|
52
|
-
throw new Error('Expected sd hash is required for verification of key binding JWT');
|
|
53
|
-
}
|
|
54
|
-
// TODO: should _sd_hash also be a verification property (true/false)
|
|
55
|
-
// or should it throw?
|
|
56
|
-
yield this.assertValidForKeyBinding(this.expectedSdHash);
|
|
57
|
-
const jwtVerificationResult = yield _super.verify.call(this, verifySignature, requiredClaims, publicKeyJwk);
|
|
58
|
-
return jwtVerificationResult;
|
|
59
|
-
});
|
|
60
|
-
}
|
|
61
|
-
/**
|
|
62
|
-
*
|
|
63
|
-
* Convert a compact `JWT` into an instance of `KeyBinding`.
|
|
64
|
-
*
|
|
65
|
-
* @throws when the claims are not valid for key binding
|
|
66
|
-
*
|
|
67
|
-
*/
|
|
68
|
-
static fromCompact(compact) {
|
|
69
|
-
const { header, payload, signature } = (0, decode_1.keyBindingFromCompact)(compact);
|
|
70
|
-
const keyBinding = new KeyBinding({ header, payload, signature });
|
|
71
|
-
return keyBinding;
|
|
72
|
-
}
|
|
73
|
-
withSdHashClaim(sdHash) {
|
|
74
|
-
this.addPayloadClaim('_sd_hash', sdHash);
|
|
75
|
-
return this;
|
|
76
|
-
}
|
|
77
|
-
withExpectedSdHash(expectedSdHash) {
|
|
78
|
-
this.expectedSdHash = expectedSdHash;
|
|
79
|
-
return this;
|
|
80
|
-
}
|
|
81
|
-
/**
|
|
82
|
-
*
|
|
83
|
-
* Asserts the required properties for valid key binding.
|
|
84
|
-
*
|
|
85
|
-
* @throws when a claim in the header, or payload, is invalid
|
|
86
|
-
*
|
|
87
|
-
*/
|
|
88
|
-
assertValidForKeyBinding(expectedSdHash) {
|
|
89
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
90
|
-
try {
|
|
91
|
-
this.assertHeader();
|
|
92
|
-
this.assertPayload();
|
|
93
|
-
if (!this.signature) {
|
|
94
|
-
yield this.signAndAdd();
|
|
95
|
-
}
|
|
96
|
-
this.assertSignature();
|
|
97
|
-
this.assertClaimInHeader('typ', 'kb+jwt');
|
|
98
|
-
this.assertClaimInHeader('alg');
|
|
99
|
-
this.assertClaimInPayload('iat');
|
|
100
|
-
this.assertClaimInPayload('nonce');
|
|
101
|
-
this.assertClaimInPayload('aud');
|
|
102
|
-
if (expectedSdHash !== null && expectedSdHash !== void 0 ? expectedSdHash : this.expectedSdHash) {
|
|
103
|
-
this.assertClaimInPayload('_sd_hash', expectedSdHash !== null && expectedSdHash !== void 0 ? expectedSdHash : this.expectedSdHash);
|
|
104
|
-
}
|
|
105
|
-
else {
|
|
106
|
-
this.assertClaimInPayload('_sd_hash');
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
|
-
catch (e) {
|
|
110
|
-
if (e instanceof Error) {
|
|
111
|
-
e.message = `jwt is not valid for usage with key binding. Error: ${e.message}`;
|
|
112
|
-
}
|
|
113
|
-
throw e;
|
|
114
|
-
}
|
|
115
|
-
});
|
|
116
|
-
}
|
|
117
|
-
}
|
|
118
|
-
exports.KeyBinding = KeyBinding;
|
|
119
|
-
//# sourceMappingURL=keyBinding.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"keyBinding.js","sourceRoot":"","sources":["../../src/keyBinding/keyBinding.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,gCAKe;AAyCf,MAAa,UAGX,SAAQ,SAAoB;IAK1B,YACI,OAA4C,EAC5C,iBAAuD;QAEvD,KAAK,CAAC,OAAO,CAAC,CAAA;QAEd,IAAI,CAAC,MAAM,GAAG,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAwB,CAAA;IAC7D,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,OAAO,CAGnB,GAAyB;QACvB,MAAM,UAAU,GAAG,IAAI,UAAU,CAC7B;YACI,MAAM,EAAE,GAAG,CAAC,MAAkC;YAC9C,OAAO,EAAE,GAAG,CAAC,OAAqC;YAClD,SAAS,EAAE,GAAG,CAAC,SAAS;SAC3B,EACD,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CACzB,CAAA;QAED,UAAU,CAAC,wBAAwB,EAAE,CAAA;QAErC,OAAO,UAAU,CAAA;IACrB,CAAC;IAED;;;;;;;;;OASG;IACmB,MAAM,CACxB,eAAiC,EACjC,cAA8C,EAC9C,YAAsC;;;;;YAEtC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACX,kEAAkE,CACrE,CAAA;YACL,CAAC;YAED,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;YAExD,MAAM,qBAAqB,GAAG,MAAM,OAAM,MAAM,YAC5C,eAAe,EACf,cAAc,EACd,YAAY,CACf,CAAA;YAED,OAAO,qBAAqB,CAAA;QAChC,CAAC;KAAA;IAED;;;;;;OAMG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,8BAAqB,EAG1D,OAAO,CAAC,CAAA;QAEV,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAA;QAEjE,OAAO,UAIN,CAAA;IACL,CAAC;IAEM,eAAe,CAAC,MAAc;QACjC,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;QAExC,OAAO,IAAI,CAAA;IACf,CAAC;IAEM,kBAAkB,CAAC,cAAsB;QAC5C,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QAEpC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;OAMG;IACU,wBAAwB,CAAC,cAAuB;;YACzD,IAAI,CAAC;gBACD,IAAI,CAAC,YAAY,EAAE,CAAA;gBACnB,IAAI,CAAC,aAAa,EAAE,CAAA;gBAEpB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAA;gBAC3B,CAAC;gBAED,IAAI,CAAC,eAAe,EAAE,CAAA;gBAEtB,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;gBACzC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;gBAE/B,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBAChC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAA;gBAClC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBAEhC,IAAI,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,IAAI,CAAC,cAAc,EAAE,CAAC;oBACxC,IAAI,CAAC,oBAAoB,CACrB,UAAU,EACV,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,IAAI,CAAC,cAAc,CACxC,CAAA;gBACL,CAAC;qBAAM,CAAC;oBACJ,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAA;gBACzC,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;oBACrB,CAAC,CAAC,OAAO,GAAG,uDAAuD,CAAC,CAAC,OAAO,EAAE,CAAA;gBAClF,CAAC;gBAED,MAAM,CAAC,CAAA;YACX,CAAC;QACL,CAAC;KAAA;CACJ;AA1JD,gCA0JC"}
|
package/build/sdJwt/compact.d.ts
DELETED
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
import { KeyBinding } from '../keyBinding';
|
|
2
|
-
import { Disclosure } from './disclosures';
|
|
3
|
-
import { ExpandedJwt } from '../jwt';
|
|
4
|
-
export type ExpandedSdJwt<H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>> = ExpandedJwt<H, P> & {
|
|
5
|
-
disclosures?: Array<Disclosure>;
|
|
6
|
-
keyBinding?: KeyBinding;
|
|
7
|
-
};
|
|
8
|
-
export declare const sdJwtFromCompact: <H extends Record<string, unknown> = Record<string, unknown>, P extends Record<string, unknown> = Record<string, unknown>>(compact: string) => any;
|
package/build/sdJwt/compact.js
DELETED
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.sdJwtFromCompact = void 0;
|
|
4
|
-
const keyBinding_1 = require("../keyBinding");
|
|
5
|
-
const disclosures_1 = require("./disclosures");
|
|
6
|
-
const jwt_1 = require("../jwt");
|
|
7
|
-
const sdJwtFromCompact = (compact) => {
|
|
8
|
-
const [jwtWithoutDisclosures, ...encodedDisclosures] = compact.split('~');
|
|
9
|
-
const { header, payload, signature } = (0, jwt_1.jwtFromCompact)(jwtWithoutDisclosures);
|
|
10
|
-
if (encodedDisclosures.length === 0) {
|
|
11
|
-
return {
|
|
12
|
-
header,
|
|
13
|
-
payload,
|
|
14
|
-
signature
|
|
15
|
-
};
|
|
16
|
-
}
|
|
17
|
-
const hasKeyBinding = !compact.endsWith('~');
|
|
18
|
-
// If the disclosure array ends with an `~` we do not have
|
|
19
|
-
// a key binding and `String.split` takes it as an empty string
|
|
20
|
-
// as element which we would not like to include in the disclosures.
|
|
21
|
-
if (!hasKeyBinding)
|
|
22
|
-
encodedDisclosures.pop();
|
|
23
|
-
const compactKeyBinding = hasKeyBinding
|
|
24
|
-
? encodedDisclosures.pop()
|
|
25
|
-
: undefined;
|
|
26
|
-
const keyBinding = compactKeyBinding
|
|
27
|
-
? keyBinding_1.KeyBinding.fromCompact(compactKeyBinding)
|
|
28
|
-
: undefined;
|
|
29
|
-
const disclosures = encodedDisclosures.map(disclosures_1.Disclosure.fromString);
|
|
30
|
-
return {
|
|
31
|
-
header,
|
|
32
|
-
payload,
|
|
33
|
-
signature,
|
|
34
|
-
keyBinding,
|
|
35
|
-
disclosures
|
|
36
|
-
};
|
|
37
|
-
};
|
|
38
|
-
exports.sdJwtFromCompact = sdJwtFromCompact;
|
|
39
|
-
//# sourceMappingURL=compact.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"compact.js","sourceRoot":"","sources":["../../src/sdJwt/compact.ts"],"names":[],"mappings":";;;AAAA,8CAA0C;AAC1C,+CAA0C;AAC1C,gCAAoD;AAU7C,MAAM,gBAAgB,GAAG,CAI5B,OAAe,EACI,EAAE;IACrB,MAAM,CAAC,qBAAqB,EAAE,GAAG,kBAAkB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEzE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAc,EACjD,qBAAqB,CACxB,CAAA;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACH,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAA;IACL,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAE5C,0DAA0D;IAC1D,+DAA+D;IAC/D,oEAAoE;IACpE,IAAI,CAAC,aAAa;QAAE,kBAAkB,CAAC,GAAG,EAAE,CAAA;IAE5C,MAAM,iBAAiB,GAAG,aAAa;QACnC,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE;QAC1B,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,UAAU,GAAG,iBAAiB;QAChC,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC;QAC3C,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,wBAAU,CAAC,UAAU,CAAC,CAAA;IAEjE,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;QACT,UAAU;QACV,WAAW;KACd,CAAA;AACL,CAAC,CAAA;AA5CY,QAAA,gBAAgB,oBA4C5B"}
|
package/build/sdJwt/decoys.d.ts
DELETED
package/build/sdJwt/decoys.js
DELETED
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.createDecoys = void 0;
|
|
13
|
-
const error_1 = require("./error");
|
|
14
|
-
const utils_1 = require("@sd-jwt/utils");
|
|
15
|
-
const createDecoys = (count, saltGenerator, hasherAndAlgorithm) => __awaiter(void 0, void 0, void 0, function* () {
|
|
16
|
-
if (count < 0) {
|
|
17
|
-
throw new error_1.SdJwtError(`Negative count of ${count} is not allowed.`);
|
|
18
|
-
}
|
|
19
|
-
if (isNaN(count)) {
|
|
20
|
-
throw new error_1.SdJwtError(`NaN is not allowed for count.`);
|
|
21
|
-
}
|
|
22
|
-
if (!isFinite(count)) {
|
|
23
|
-
throw new error_1.SdJwtError(`Infinite is not allopwed for count.`);
|
|
24
|
-
}
|
|
25
|
-
const decoys = [];
|
|
26
|
-
for (let i = 0; i < count; i++) {
|
|
27
|
-
const salt = yield saltGenerator();
|
|
28
|
-
const decoy = yield hasherAndAlgorithm.hasher(salt, hasherAndAlgorithm.algorithm);
|
|
29
|
-
const encodedDecoy = utils_1.Base64url.encode(decoy);
|
|
30
|
-
decoys.push(encodedDecoy);
|
|
31
|
-
}
|
|
32
|
-
return decoys;
|
|
33
|
-
});
|
|
34
|
-
exports.createDecoys = createDecoys;
|
|
35
|
-
//# sourceMappingURL=decoys.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"decoys.js","sourceRoot":"","sources":["../../src/sdJwt/decoys.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,mCAAoC;AACpC,yCAAyC;AAElC,MAAM,YAAY,GAAG,CACxB,KAAa,EACb,aAA4B,EAC5B,kBAAsC,EACxC,EAAE;IACA,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACZ,MAAM,IAAI,kBAAU,CAAC,qBAAqB,KAAK,kBAAkB,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QACf,MAAM,IAAI,kBAAU,CAAC,+BAA+B,CAAC,CAAA;IACzD,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,kBAAU,CAAC,qCAAqC,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,MAAM,GAAkB,EAAE,CAAA;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,aAAa,EAAE,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,MAAM,CACzC,IAAI,EACJ,kBAAkB,CAAC,SAAS,CAC/B,CAAA;QACD,MAAM,YAAY,GAAG,iBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAC7B,CAAC;IACD,OAAO,MAAM,CAAA;AACjB,CAAC,CAAA,CAAA;AA5BY,QAAA,YAAY,gBA4BxB"}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
import { DisclosureFrame } from '../types';
|
|
2
|
-
import { DisclosureWithDigest } from './disclosures';
|
|
3
|
-
import { SaltGenerator } from '../types';
|
|
4
|
-
import type { HasherAndAlgorithm } from '@sd-jwt/types';
|
|
5
|
-
export declare const applyDisclosureFrame: <Payload extends Record<string, unknown> = Record<string, unknown>>(saltGenerator: SaltGenerator, hasherAndAlgorithm: HasherAndAlgorithm, payload: Payload, frame: DisclosureFrame<Payload>, keys?: Array<string>, cleanup?: Array<Array<string>>, disclosures?: Array<DisclosureWithDigest>) => Promise<{
|
|
6
|
-
payload: Record<string, unknown>;
|
|
7
|
-
disclosures: Array<DisclosureWithDigest>;
|
|
8
|
-
}>;
|