@sd-jwt/core 0.2.1 → 2.0.2-next.26

package/build/sdJwt/presentationFrame.js

@@ -1,64 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getDisclosuresForPresentationFrame = void 0;
-const utils_1 = require("../utils");
-const error_1 = require("./error");
-const disclosureMapping_1 = require("./disclosureMapping");
-const getDisclosuresForPresentationFrame = (signedPayload, presentationFrame, prettyClaims, disclosures = []) => {
-    const requiredDisclosureDigests = new Set();
-    const disclosureMap = (0, disclosureMapping_1.getDisclosureMap)(disclosures);
-    const payloadDisclosureMapping = (0, disclosureMapping_1.getPayloadDisclosureMapping)(signedPayload, disclosureMap);
-    // No disclosures needed
-    if (payloadDisclosureMapping === null) {
-        if (disclosures.length > 0) {
-            throw new error_1.SdJwtError('Payload disclosure mapping is null, but disclosures are present.');
-        }
-        return [];
-    }
-    for (const node of (0, utils_1.traverseNodes)(presentationFrame)) {
-        // We only want to process leaf nodes here
-        if (!node.isLeaf)
-            continue;
-        if (typeof node.value !== 'boolean') {
-            throw new error_1.SdJwtError(`Expected leaf value in presentation frame to be of type boolean, but found ${typeof node.value}`);
-        }
-        // If the value is false, it means we don't want to disclose it
-        if (node.value === false)
-            continue;
-        if (!(0, utils_1.hasByPath)(prettyClaims, node.path)) {
-            throw new error_1.SdJwtError(`Path ${node.path.join('.')} from presentation frame is not present in pretty SD-JWT payload. The presentation frame may only include properties that are present in the SD-JWT payload.`);
-        }
-        let path = [...node.path];
-        while (!(0, utils_1.hasByPath)(payloadDisclosureMapping, path)) {
-            if (path.pop() === undefined)
-                break;
-        }
-        // There are no disclosures on this path, meaning the property is disclosed by default in the signed payload
-        if (path.length === 0)
-            continue;
-        const disclosure = (0, utils_1.getByPath)(payloadDisclosureMapping, path);
-        // If disclosure is string, it means it's already the digest
-        if (typeof disclosure === 'string')
-            requiredDisclosureDigests.add(disclosure);
-        // Otherwise we want to get all the child digests as well
-        else {
-            for (const nestedItem of (0, utils_1.traverseNodes)(disclosure)) {
-                if (!nestedItem.isLeaf ||
-                    typeof nestedItem.value !== 'string') {
-                    continue;
-                }
-                requiredDisclosureDigests.add(nestedItem.value);
-            }
-        }
-    }
-    for (const disclosureDigest of requiredDisclosureDigests.values()) {
-        const disclosure = disclosureMap[disclosureDigest];
-        if (!disclosure) {
-            throw new Error('disclosure not found');
-        }
-        disclosure.parentDisclosures.forEach((d) => requiredDisclosureDigests.add(d.digest));
-    }
-    return Array.from(requiredDisclosureDigests).map((digest) => disclosureMap[digest].disclosure);
-};
-exports.getDisclosuresForPresentationFrame = getDisclosuresForPresentationFrame;
-//# sourceMappingURL=presentationFrame.js.map

package/build/sdJwt/presentationFrame.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"presentationFrame.js","sourceRoot":"","sources":["../../src/sdJwt/presentationFrame.ts"],"names":[],"mappings":";;;AAAA,oCAA8D;AAE9D,mCAAoC;AAEpC,2DAG4B;AAErB,MAAM,kCAAkC,GAAG,CAG9C,aAAsB,EACtB,iBAA6C,EAC7C,YAAqB,EACrB,cAA2C,EAAE,EAClB,EAAE;IAC7B,MAAM,yBAAyB,GAAG,IAAI,GAAG,EAAU,CAAA;IACnD,MAAM,aAAa,GAAG,IAAA,oCAAgB,EAAC,WAAW,CAAC,CAAA;IACnD,MAAM,wBAAwB,GAAG,IAAA,+CAA2B,EACxD,aAAa,EACb,aAAa,CAChB,CAAA;IAED,wBAAwB;IACxB,IAAI,wBAAwB,KAAK,IAAI,EAAE,CAAC;QACpC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,kBAAU,CAChB,kEAAkE,CACrE,CAAA;QACL,CAAC;QAED,OAAO,EAAE,CAAA;IACb,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,IAAA,qBAAa,EAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,SAAQ;QAE1B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,kBAAU,CAChB,8EAA8E,OAAO,IAAI,CAAC,KAAK,EAAE,CACpG,CAAA;QACL,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK;YAAE,SAAQ;QAElC,IAAI,CAAC,IAAA,iBAAS,EAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,kBAAU,CAChB,QAAQ,IAAI,CAAC,IAAI,CAAC,IAAI,CAClB,GAAG,CACN,8JAA8J,CAClK,CAAA;QACL,CAAC;QAED,IAAI,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,OAAO,CAAC,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,GAAG,EAAE,KAAK,SAAS;gBAAE,MAAK;QACvC,CAAC;QAED,4GAA4G;QAC5G,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAE/B,MAAM,UAAU,GAAG,IAAA,iBAAS,EAAC,wBAAwB,EAAE,IAAI,CAAC,CAAA;QAC5D,4DAA4D;QAC5D,IAAI,OAAO,UAAU,KAAK,QAAQ;YAC9B,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC7C,yDAAyD;aACpD,CAAC;YACF,KAAK,MAAM,UAAU,IAAI,IAAA,qBAAa,EAAC,UAAU,CAAC,EAAE,CAAC;gBACjD,IACI,CAAC,UAAU,CAAC,MAAM;oBAClB,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EACtC,CAAC;oBACC,SAAQ;gBACZ,CAAC;gBACD,yBAAyB,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACnD,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,MAAM,gBAAgB,IAAI,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAA;QAElD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QAC3C,CAAC;QAED,UAAU,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAC1C,CAAA;IACL,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,GAAG,CAC5C,CAAC,MAAM,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,UAAU,CAC/C,CAAA;AACL,CAAC,CAAA;AAxFY,QAAA,kCAAkC,sCAwF9C"}

package/build/sdJwt/sdJwt.d.ts

@@ -1,206 +0,0 @@
-import { PresentationFrame } from '@sd-jwt/present';
-import { Jwt, JwtAdditionalOptions, JwtVerificationResult } from '../jwt/jwt';
-import { KeyBinding } from '../keyBinding';
-import { DisclosureFrame, SaltGenerator, Verifier } from '../types';
-import { Disclosure, DisclosureWithDigest } from './disclosures';
-import { ReturnSdJwtWithHeaderAndPayload, ReturnSdJwtWithKeyBinding, ReturnSdJwtWithPayload } from './types';
-import { HasherAlgorithm, HasherAndAlgorithm } from '@sd-jwt/types';
-export type SdJwtToCompactOptions<DisclosablePayload extends Record<string, unknown>> = {
-    disclosureFrame?: DisclosureFrame<DisclosablePayload>;
-    shouldApplyFrame?: boolean;
-};
-export type SdJwtOptions<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
-    header?: Header;
-    payload?: Payload;
-    signature?: Uint8Array;
-    keyBinding?: KeyBinding;
-    disclosures?: Array<Disclosure>;
-};
-export type SdJwtAdditionalOptions<Payload extends Record<string, unknown>> = JwtAdditionalOptions & {
-    hasherAndAlgorithm?: HasherAndAlgorithm;
-    saltGenerator?: SaltGenerator;
-    disclosureFrame?: DisclosureFrame<Payload>;
-};
-export type SdJwtVerificationResult = JwtVerificationResult & {
-    isKeyBindingValid?: boolean;
-};
-export declare class SdJwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends Jwt<Header, Payload> {
-    disclosures?: Array<Disclosure>;
-    keyBinding?: KeyBinding;
-    private saltGenerator?;
-    private hasherAndAlgorithm?;
-    disclosureFrame?: DisclosureFrame<Payload>;
-    constructor(options?: SdJwtOptions<Header, Payload>, additionalOptions?: SdJwtAdditionalOptions<Payload>);
-    /**
-     *
-     * Create an sd-jwt from a compact format. This will succeed for a normal jwt as well.
-     *
-     */
-    static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnSdJwtWithHeaderAndPayload<Header, Payload, SdJwt<Header, Payload>>;
-    /**
-     *
-     * Add a salt generator.
-     *
-     * Recommended size is 128 bits (i.e. 16 bytes).
-     *
-     * Salts will not be seeded and a new one will be used for each claim.
-     *
-     * @example
-     *
-     * Node.js: `crypto.randomBytes(128 / 8)`
-     *
-     * React Native: `expo-standard-web-crypto`
-     *
-     * Browser: `crypto.getRandomValues(new Uint8Array(128 / 8))`
-     *
-     */
-    withSaltGenerator(saltGenerator: SaltGenerator): this;
-    /**
-     *
-     * Add a hasher that will be used to hash the disclosures.
-     *
-     * @note Make sure to return a base64url encoded version of the hash.
-     *
-     * @example
-     *
-     * Node.js: `createHash('sha256').update(input).digest().toString('base64url')`
-     *
-     */
-    withHasher(hasherAndAlgorithm: HasherAndAlgorithm): ReturnSdJwtWithPayload<Header, Payload, this>;
-    /**
-     *
-     * Adds the algorithm of the hasher to the payload.
-     *
-     * For convience, this also allows you to set the hasher.
-     *
-     * @throws when the hasher and algorithm are not set.
-     *
-     */
-    addHasherAlgorithmToPayload(hasherAndAlgorithm?: HasherAndAlgorithm): ReturnSdJwtWithPayload<Header, Payload, this>;
-    /**
-     *
-     * Set the `KeyBinding` jwt.
-     *
-     * This can be done as a holder to provide proof of possession of key material
-     *
-     */
-    withKeyBinding(keyBinding: Jwt | KeyBinding<any, any> | string): ReturnSdJwtWithKeyBinding<Header, Payload, this>;
-    /**
-     *
-     * Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called.
-     *
-     */
-    withDisclosureFrame(disclosureFrame: DisclosureFrame<Payload>): this;
-    /**
-     *
-     * Apply the disclosure frame.
-     *
-     * @throws when the salt generator is not set
-     * @throws when the hasher and algorithm is not set
-     * @throws when the payload is not set
-     * @throws when no disclosure frame is set
-     * @throws when disclosures are included and a signature is set, but no signer is provided `*`
-     * @throws when the disclosure frame is inconsistent with the payload
-     *
-     * * This is done as removing items from the payload alters the signature and it has to be resigned.
-     *
-     */
-    applyDisclosureFrame(): Promise<void>;
-    disclosuresWithDigest(): Promise<DisclosureWithDigest[] | undefined>;
-    /**
-     *
-     * Assert that the disclosure frame is set.
-     *
-     */
-    assertDisclosureFrame(): void;
-    /**
-     *
-     * Assert that the salt generator is set.
-     *
-     */
-    private assertSaltGenerator;
-    /**
-     *
-     * Assert that the hasher and algorithm is set.
-     *
-     */
-    private assertHashAndAlgorithm;
-    /**
-     *
-     * Assert that a certain claim is included in the disclosure frame.
-     *
-     * @throws when the disclosure frame is not set
-     *
-     */
-    assertClaimInDisclosureFrame(claimKey: string): void;
-    /**
-     * This function creates a presentation of an SD-JWT, based on the presentation frame. The
-     * presentation frame is similar to the disclosure frame, and allows you to present a subset
-     * of the disclosures.
-     *
-     * If no `presentationFrame` is passed, the entire SD-JWT will be presented.
-     * To create a presentation without any of the disclosures, pass an empty object as the `presentationFrame`.
-     *
-     * @example
-     * The following example will expose `name`, `a.nested`, and `orderItems[0]` and `orderItems[2]`.
-     * Based on the disclosures it will also expose the parent and child disclosures when needed.
-     * E.g. if `a` can only be disclosed as a whole, disclosing `a.nested` will also disclose `a`.
-     * The same is true for child disclosures. If you expose `name`, and it potentially contains recursive
-     * disclosures, all disclosures under name will be disclosed as well.
-     * ```ts
-     * await sdJwt.present({
-     *   name: true,
-     *   a: {
-     *     nested: 'property'
-     *   }
-     *   orderItems: [true, false, true]
-     * })
-     * ```
-     *
-     * @throws when the presentation frame does not match the decoded/pretty payload of the sd-jwt
-     * @throws when the presentation frame contains fields other than object, array or boolean
-     *
-     */
-    present(presentationFrame?: PresentationFrame<Payload>): Promise<string>;
-    /**
-     *
-     * Verify the sd-jwt.
-     *
-     * It validates the following properties:
-     *   - sd-jwt issuer signature
-     *   - Optionally, the required claims
-     *   - The `nbf` and `exp` claims
-     *   - Whether the key binding is valid
-     *
-     */
-    verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>, kbJwtPublicKeyJwk?: Record<string, unknown>, issuerPublicKeyJwk?: Record<string, unknown>): Promise<SdJwtVerificationResult>;
-    /**
-     *
-     * Utility method to check whether the expected hasher algorithm is used.
-     *
-     */
-    checkHasher(expectedHasher: HasherAlgorithm | string): boolean;
-    assertNonSelectivelyDisclosableClaim(claimKey: string): void;
-    assertNonSelectivelyDisclosableClaims(): void;
-    /**
-     *
-     * Return all claims from the payload and the disclosures on their original place.
-     *
-     */
-    getPrettyClaims<Claims extends Record<string, unknown> = Payload>(): Promise<Claims>;
-    /**
-     *
-     * Create a compact format of the sd-jwt.
-     *
-     * This will
-     *   - Apply the disclosure frame
-     *   - Add a signature if there is none
-     *
-     * @throws When the signature and signer are not defined
-     * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
-     *
-     */
-    toCompact(): Promise<string>;
-    private __toCompact;
-    private calculateSdHash;
-}