@sd-jwt/core 0.2.1 → 2.0.2-next.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/dist/index.d.mts +106 -0
- package/dist/index.d.ts +106 -0
- package/dist/index.js +606 -0
- package/dist/index.mjs +586 -0
- package/package.json +60 -48
- package/src/decoy.ts +15 -0
- package/src/index.ts +235 -0
- package/src/jwt.ts +107 -0
- package/src/kbjwt.ts +45 -0
- package/src/sdjwt.ts +318 -0
- package/src/test/decoy.spec.ts +30 -0
- package/src/test/index.spec.ts +379 -0
- package/src/test/jwt.spec.ts +141 -0
- package/src/test/kbjwt.spec.ts +275 -0
- package/src/test/pass.spec.ts +6 -0
- package/src/test/sdjwt.spec.ts +382 -0
- package/test/app-e2e.spec.ts +248 -0
- package/test/array_data_types.json +29 -0
- package/test/array_full_sd.json +21 -0
- package/test/array_in_sd.json +13 -0
- package/test/array_nested_in_plain.json +20 -0
- package/test/array_none_disclosed.json +17 -0
- package/test/array_of_nulls.json +15 -0
- package/test/array_of_objects.json +58 -0
- package/test/array_of_scalars.json +15 -0
- package/test/array_recursive_sd.json +35 -0
- package/test/array_recursive_sd_some_disclosed.json +55 -0
- package/test/complex.json +43 -0
- package/test/header_mod.json +44 -0
- package/test/json_serialization.json +44 -0
- package/test/key_binding.json +44 -0
- package/test/no_sd.json +36 -0
- package/test/object_data_types.json +60 -0
- package/test/recursions.json +98 -0
- package/tsconfig.json +7 -0
- package/vitest.config.mts +4 -0
- package/README.md +0 -97
- package/build/base64url.d.ts +0 -28
- package/build/base64url.js +0 -40
- package/build/base64url.js.map +0 -1
- package/build/hasherAlgorithm.d.ts +0 -70
- package/build/hasherAlgorithm.js +0 -75
- package/build/hasherAlgorithm.js.map +0 -1
- package/build/index.d.ts +0 -13
- package/build/index.js +0 -20
- package/build/index.js.map +0 -1
- package/build/jwt/compact.d.ts +0 -6
- package/build/jwt/compact.js +0 -27
- package/build/jwt/compact.js.map +0 -1
- package/build/jwt/error.d.ts +0 -2
- package/build/jwt/error.js +0 -7
- package/build/jwt/error.js.map +0 -1
- package/build/jwt/index.d.ts +0 -2
- package/build/jwt/index.js +0 -19
- package/build/jwt/index.js.map +0 -1
- package/build/jwt/jwt.d.ts +0 -208
- package/build/jwt/jwt.js +0 -325
- package/build/jwt/jwt.js.map +0 -1
- package/build/keyBinding/index.d.ts +0 -1
- package/build/keyBinding/index.js +0 -18
- package/build/keyBinding/index.js.map +0 -1
- package/build/keyBinding/keyBinding.d.ts +0 -64
- package/build/keyBinding/keyBinding.js +0 -119
- package/build/keyBinding/keyBinding.js.map +0 -1
- package/build/sdJwt/compact.d.ts +0 -8
- package/build/sdJwt/compact.js +0 -39
- package/build/sdJwt/compact.js.map +0 -1
- package/build/sdJwt/decoys.d.ts +0 -3
- package/build/sdJwt/decoys.js +0 -35
- package/build/sdJwt/decoys.js.map +0 -1
- package/build/sdJwt/disclosureFrame.d.ts +0 -8
- package/build/sdJwt/disclosureFrame.js +0 -87
- package/build/sdJwt/disclosureFrame.js.map +0 -1
- package/build/sdJwt/disclosureMapping.d.ts +0 -43
- package/build/sdJwt/disclosureMapping.js +0 -278
- package/build/sdJwt/disclosureMapping.js.map +0 -1
- package/build/sdJwt/disclosures.d.ts +0 -33
- package/build/sdJwt/disclosures.js +0 -114
- package/build/sdJwt/disclosures.js.map +0 -1
- package/build/sdJwt/error.d.ts +0 -2
- package/build/sdJwt/error.js +0 -7
- package/build/sdJwt/error.js.map +0 -1
- package/build/sdJwt/index.d.ts +0 -6
- package/build/sdJwt/index.js +0 -23
- package/build/sdJwt/index.js.map +0 -1
- package/build/sdJwt/presentationFrame.d.ts +0 -3
- package/build/sdJwt/presentationFrame.js +0 -64
- package/build/sdJwt/presentationFrame.js.map +0 -1
- package/build/sdJwt/sdJwt.d.ts +0 -206
- package/build/sdJwt/sdJwt.js +0 -442
- package/build/sdJwt/sdJwt.js.map +0 -1
- package/build/sdJwt/swapClaim.d.ts +0 -2
- package/build/sdJwt/swapClaim.js +0 -79
- package/build/sdJwt/swapClaim.js.map +0 -1
- package/build/sdJwt/types.d.ts +0 -5
- package/build/sdJwt/types.js +0 -3
- package/build/sdJwt/types.js.map +0 -1
- package/build/sdJwtVc/error.d.ts +0 -2
- package/build/sdJwtVc/error.js +0 -7
- package/build/sdJwtVc/error.js.map +0 -1
- package/build/sdJwtVc/index.d.ts +0 -2
- package/build/sdJwtVc/index.js +0 -19
- package/build/sdJwtVc/index.js.map +0 -1
- package/build/sdJwtVc/sdJwtVc.d.ts +0 -47
- package/build/sdJwtVc/sdJwtVc.js +0 -149
- package/build/sdJwtVc/sdJwtVc.js.map +0 -1
- package/build/signatureAndEncryptionAlgorithm.d.ts +0 -105
- package/build/signatureAndEncryptionAlgorithm.js +0 -110
- package/build/signatureAndEncryptionAlgorithm.js.map +0 -1
- package/build/types/disclosure.d.ts +0 -5
- package/build/types/disclosure.js +0 -3
- package/build/types/disclosure.js.map +0 -1
- package/build/types/frame.d.ts +0 -5
- package/build/types/frame.js +0 -3
- package/build/types/frame.js.map +0 -1
- package/build/types/hasher.d.ts +0 -14
- package/build/types/hasher.js +0 -3
- package/build/types/hasher.js.map +0 -1
- package/build/types/index.d.ts +0 -5
- package/build/types/index.js +0 -22
- package/build/types/index.js.map +0 -1
- package/build/types/present.d.ts +0 -2
- package/build/types/present.js +0 -3
- package/build/types/present.js.map +0 -1
- package/build/types/saltGenerator.d.ts +0 -17
- package/build/types/saltGenerator.js +0 -3
- package/build/types/saltGenerator.js.map +0 -1
- package/build/types/signer.d.ts +0 -2
- package/build/types/signer.js +0 -3
- package/build/types/signer.js.map +0 -1
- package/build/types/utils.d.ts +0 -2
- package/build/types/utils.js +0 -3
- package/build/types/utils.js.map +0 -1
- package/build/types/verifier.d.ts +0 -14
- package/build/types/verifier.js +0 -3
- package/build/types/verifier.js.map +0 -1
- package/build/utils/index.d.ts +0 -2
- package/build/utils/index.js +0 -19
- package/build/utils/index.js.map +0 -1
- package/build/utils/traverse.d.ts +0 -8
- package/build/utils/traverse.js +0 -29
- package/build/utils/traverse.js.map +0 -1
- package/build/utils/utils.d.ts +0 -8
- package/build/utils/utils.js +0 -118
- package/build/utils/utils.js.map +0 -1
package/build/sdJwt/sdJwt.js
DELETED
|
@@ -1,442 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.SdJwt = void 0;
|
|
13
|
-
const decode_1 = require("@sd-jwt/decode");
|
|
14
|
-
const present_1 = require("@sd-jwt/present");
|
|
15
|
-
const utils_1 = require("@sd-jwt/utils");
|
|
16
|
-
const jwt_1 = require("../jwt/jwt");
|
|
17
|
-
const keyBinding_1 = require("../keyBinding");
|
|
18
|
-
const disclosureFrame_1 = require("./disclosureFrame");
|
|
19
|
-
const disclosures_1 = require("./disclosures");
|
|
20
|
-
const error_1 = require("./error");
|
|
21
|
-
class SdJwt extends jwt_1.Jwt {
|
|
22
|
-
constructor(options, additionalOptions) {
|
|
23
|
-
super(options, additionalOptions);
|
|
24
|
-
this.header = options === null || options === void 0 ? void 0 : options.header;
|
|
25
|
-
this.payload = options === null || options === void 0 ? void 0 : options.payload;
|
|
26
|
-
this.signature = options === null || options === void 0 ? void 0 : options.signature;
|
|
27
|
-
this.disclosures = options === null || options === void 0 ? void 0 : options.disclosures;
|
|
28
|
-
this.keyBinding = options === null || options === void 0 ? void 0 : options.keyBinding;
|
|
29
|
-
if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.hasherAndAlgorithm) {
|
|
30
|
-
this.withHasher(additionalOptions.hasherAndAlgorithm);
|
|
31
|
-
}
|
|
32
|
-
if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.saltGenerator) {
|
|
33
|
-
this.withSaltGenerator(additionalOptions.saltGenerator);
|
|
34
|
-
}
|
|
35
|
-
if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.disclosureFrame) {
|
|
36
|
-
this.withDisclosureFrame(additionalOptions.disclosureFrame);
|
|
37
|
-
}
|
|
38
|
-
if (additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.signer) {
|
|
39
|
-
this.withSigner(additionalOptions.signer);
|
|
40
|
-
}
|
|
41
|
-
}
|
|
42
|
-
/**
|
|
43
|
-
*
|
|
44
|
-
* Create an sd-jwt from a compact format. This will succeed for a normal jwt as well.
|
|
45
|
-
*
|
|
46
|
-
*/
|
|
47
|
-
static fromCompact(compact) {
|
|
48
|
-
const { disclosures: d, keyBinding: kb, signature, payload, header } = (0, decode_1.sdJwtFromCompact)(compact);
|
|
49
|
-
const disclosures = d === null || d === void 0 ? void 0 : d.map((disclosure) => new disclosures_1.Disclosure(disclosure.salt, disclosure.value, disclosure.key));
|
|
50
|
-
const keyBinding = kb
|
|
51
|
-
? new keyBinding_1.KeyBinding()
|
|
52
|
-
.withHeader(kb.header)
|
|
53
|
-
.withPayload(kb.payload)
|
|
54
|
-
.withSignature(kb.signature)
|
|
55
|
-
: undefined;
|
|
56
|
-
const sdJwt = new SdJwt({
|
|
57
|
-
header,
|
|
58
|
-
payload,
|
|
59
|
-
signature,
|
|
60
|
-
disclosures,
|
|
61
|
-
keyBinding
|
|
62
|
-
});
|
|
63
|
-
sdJwt.compact = compact;
|
|
64
|
-
return sdJwt;
|
|
65
|
-
}
|
|
66
|
-
/**
|
|
67
|
-
*
|
|
68
|
-
* Add a salt generator.
|
|
69
|
-
*
|
|
70
|
-
* Recommended size is 128 bits (i.e. 16 bytes).
|
|
71
|
-
*
|
|
72
|
-
* Salts will not be seeded and a new one will be used for each claim.
|
|
73
|
-
*
|
|
74
|
-
* @example
|
|
75
|
-
*
|
|
76
|
-
* Node.js: `crypto.randomBytes(128 / 8)`
|
|
77
|
-
*
|
|
78
|
-
* React Native: `expo-standard-web-crypto`
|
|
79
|
-
*
|
|
80
|
-
* Browser: `crypto.getRandomValues(new Uint8Array(128 / 8))`
|
|
81
|
-
*
|
|
82
|
-
*/
|
|
83
|
-
withSaltGenerator(saltGenerator) {
|
|
84
|
-
this.saltGenerator = saltGenerator;
|
|
85
|
-
return this;
|
|
86
|
-
}
|
|
87
|
-
/**
|
|
88
|
-
*
|
|
89
|
-
* Add a hasher that will be used to hash the disclosures.
|
|
90
|
-
*
|
|
91
|
-
* @note Make sure to return a base64url encoded version of the hash.
|
|
92
|
-
*
|
|
93
|
-
* @example
|
|
94
|
-
*
|
|
95
|
-
* Node.js: `createHash('sha256').update(input).digest().toString('base64url')`
|
|
96
|
-
*
|
|
97
|
-
*/
|
|
98
|
-
withHasher(hasherAndAlgorithm) {
|
|
99
|
-
this.hasherAndAlgorithm = hasherAndAlgorithm;
|
|
100
|
-
return this;
|
|
101
|
-
}
|
|
102
|
-
/**
|
|
103
|
-
*
|
|
104
|
-
* Adds the algorithm of the hasher to the payload.
|
|
105
|
-
*
|
|
106
|
-
* For convience, this also allows you to set the hasher.
|
|
107
|
-
*
|
|
108
|
-
* @throws when the hasher and algorithm are not set.
|
|
109
|
-
*
|
|
110
|
-
*/
|
|
111
|
-
addHasherAlgorithmToPayload(hasherAndAlgorithm) {
|
|
112
|
-
if (hasherAndAlgorithm)
|
|
113
|
-
this.withHasher(hasherAndAlgorithm);
|
|
114
|
-
this.assertHashAndAlgorithm();
|
|
115
|
-
this.addPayloadClaim('_sd_alg', this.hasherAndAlgorithm.algorithm);
|
|
116
|
-
return this;
|
|
117
|
-
}
|
|
118
|
-
/**
|
|
119
|
-
*
|
|
120
|
-
* Set the `KeyBinding` jwt.
|
|
121
|
-
*
|
|
122
|
-
* This can be done as a holder to provide proof of possession of key material
|
|
123
|
-
*
|
|
124
|
-
*/
|
|
125
|
-
withKeyBinding(keyBinding) {
|
|
126
|
-
const kb = typeof keyBinding === 'string'
|
|
127
|
-
? keyBinding_1.KeyBinding.fromCompact(keyBinding)
|
|
128
|
-
: keyBinding instanceof keyBinding_1.KeyBinding
|
|
129
|
-
? keyBinding
|
|
130
|
-
: keyBinding_1.KeyBinding.fromJwt(keyBinding);
|
|
131
|
-
this.keyBinding = kb;
|
|
132
|
-
return this;
|
|
133
|
-
}
|
|
134
|
-
/**
|
|
135
|
-
*
|
|
136
|
-
* Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called.
|
|
137
|
-
*
|
|
138
|
-
*/
|
|
139
|
-
withDisclosureFrame(disclosureFrame) {
|
|
140
|
-
this.disclosureFrame = disclosureFrame;
|
|
141
|
-
return this;
|
|
142
|
-
}
|
|
143
|
-
/**
|
|
144
|
-
*
|
|
145
|
-
* Apply the disclosure frame.
|
|
146
|
-
*
|
|
147
|
-
* @throws when the salt generator is not set
|
|
148
|
-
* @throws when the hasher and algorithm is not set
|
|
149
|
-
* @throws when the payload is not set
|
|
150
|
-
* @throws when no disclosure frame is set
|
|
151
|
-
* @throws when disclosures are included and a signature is set, but no signer is provided `*`
|
|
152
|
-
* @throws when the disclosure frame is inconsistent with the payload
|
|
153
|
-
*
|
|
154
|
-
* * This is done as removing items from the payload alters the signature and it has to be resigned.
|
|
155
|
-
*
|
|
156
|
-
*/
|
|
157
|
-
applyDisclosureFrame() {
|
|
158
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
159
|
-
this.assertSaltGenerator();
|
|
160
|
-
this.assertHashAndAlgorithm();
|
|
161
|
-
this.assertPayload();
|
|
162
|
-
this.assertDisclosureFrame();
|
|
163
|
-
if (this.disclosures &&
|
|
164
|
-
this.disclosures.length > 0 &&
|
|
165
|
-
this.signature &&
|
|
166
|
-
!this.signer) {
|
|
167
|
-
throw new error_1.SdJwtError('Signature is already set by the user when selectively disclosable items still have to be removed. This will invalidate the signature. Try to provide a signer on SdJwt.withSigner and SdJwt.toCompact will call it at the correct time.');
|
|
168
|
-
}
|
|
169
|
-
const { payload: framedPayload, disclosures } = yield (0, disclosureFrame_1.applyDisclosureFrame)(this.saltGenerator, this.hasherAndAlgorithm, this.addHasherAlgorithmToPayload().payload, this.disclosureFrame);
|
|
170
|
-
this.disclosures = disclosures;
|
|
171
|
-
this.payload = framedPayload;
|
|
172
|
-
});
|
|
173
|
-
}
|
|
174
|
-
disclosuresWithDigest() {
|
|
175
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
176
|
-
this.assertHashAndAlgorithm();
|
|
177
|
-
if (!this.disclosures && this.disclosureFrame) {
|
|
178
|
-
yield this.applyDisclosureFrame();
|
|
179
|
-
}
|
|
180
|
-
if (!this.disclosures)
|
|
181
|
-
return undefined;
|
|
182
|
-
return Promise.all(this.disclosures.map((d) => d.withCalculateDigest(this.hasherAndAlgorithm)));
|
|
183
|
-
});
|
|
184
|
-
}
|
|
185
|
-
/**
|
|
186
|
-
*
|
|
187
|
-
* Assert that the disclosure frame is set.
|
|
188
|
-
*
|
|
189
|
-
*/
|
|
190
|
-
assertDisclosureFrame() {
|
|
191
|
-
if (this.disclosureFrame)
|
|
192
|
-
return;
|
|
193
|
-
throw new error_1.SdJwtError('Disclosureframe must be defined');
|
|
194
|
-
}
|
|
195
|
-
/**
|
|
196
|
-
*
|
|
197
|
-
* Assert that the salt generator is set.
|
|
198
|
-
*
|
|
199
|
-
*/
|
|
200
|
-
assertSaltGenerator() {
|
|
201
|
-
if (!this.saltGenerator) {
|
|
202
|
-
throw new error_1.SdJwtError('Cannot create a disclosure without a salt generator. You can set it with this.withSaltGenerator()');
|
|
203
|
-
}
|
|
204
|
-
}
|
|
205
|
-
/**
|
|
206
|
-
*
|
|
207
|
-
* Assert that the hasher and algorithm is set.
|
|
208
|
-
*
|
|
209
|
-
*/
|
|
210
|
-
assertHashAndAlgorithm() {
|
|
211
|
-
if (!this.hasherAndAlgorithm) {
|
|
212
|
-
throw new error_1.SdJwtError('A hasher and algorithm must be set in order to create a digests for disclosures or integrity protection of a kb-jwt. You can set it with this.withHasher()');
|
|
213
|
-
}
|
|
214
|
-
}
|
|
215
|
-
/**
|
|
216
|
-
*
|
|
217
|
-
* Assert that a certain claim is included in the disclosure frame.
|
|
218
|
-
*
|
|
219
|
-
* @throws when the disclosure frame is not set
|
|
220
|
-
*
|
|
221
|
-
*/
|
|
222
|
-
assertClaimInDisclosureFrame(claimKey) {
|
|
223
|
-
this.assertDisclosureFrame();
|
|
224
|
-
const value = (0, utils_1.getValueByKeyAnyLevel)(this.disclosureFrame, claimKey);
|
|
225
|
-
if (!value) {
|
|
226
|
-
throw new error_1.SdJwtError(`Claim key '${claimKey}' not found in any level of the disclosureFrame`);
|
|
227
|
-
}
|
|
228
|
-
}
|
|
229
|
-
/**
|
|
230
|
-
* This function creates a presentation of an SD-JWT, based on the presentation frame. The
|
|
231
|
-
* presentation frame is similar to the disclosure frame, and allows you to present a subset
|
|
232
|
-
* of the disclosures.
|
|
233
|
-
*
|
|
234
|
-
* If no `presentationFrame` is passed, the entire SD-JWT will be presented.
|
|
235
|
-
* To create a presentation without any of the disclosures, pass an empty object as the `presentationFrame`.
|
|
236
|
-
*
|
|
237
|
-
* @example
|
|
238
|
-
* The following example will expose `name`, `a.nested`, and `orderItems[0]` and `orderItems[2]`.
|
|
239
|
-
* Based on the disclosures it will also expose the parent and child disclosures when needed.
|
|
240
|
-
* E.g. if `a` can only be disclosed as a whole, disclosing `a.nested` will also disclose `a`.
|
|
241
|
-
* The same is true for child disclosures. If you expose `name`, and it potentially contains recursive
|
|
242
|
-
* disclosures, all disclosures under name will be disclosed as well.
|
|
243
|
-
* ```ts
|
|
244
|
-
* await sdJwt.present({
|
|
245
|
-
* name: true,
|
|
246
|
-
* a: {
|
|
247
|
-
* nested: 'property'
|
|
248
|
-
* }
|
|
249
|
-
* orderItems: [true, false, true]
|
|
250
|
-
* })
|
|
251
|
-
* ```
|
|
252
|
-
*
|
|
253
|
-
* @throws when the presentation frame does not match the decoded/pretty payload of the sd-jwt
|
|
254
|
-
* @throws when the presentation frame contains fields other than object, array or boolean
|
|
255
|
-
*
|
|
256
|
-
*/
|
|
257
|
-
present(presentationFrame) {
|
|
258
|
-
var _a;
|
|
259
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
260
|
-
if (!this.disclosures && this.disclosureFrame) {
|
|
261
|
-
yield this.applyDisclosureFrame();
|
|
262
|
-
}
|
|
263
|
-
// TODO: wouldn't it be easier if this returned the value so we don't have to use !
|
|
264
|
-
this.assertHashAndAlgorithm();
|
|
265
|
-
this.assertPayload();
|
|
266
|
-
// If no presentationFrame is passed, we want to disclose everything
|
|
267
|
-
if (!presentationFrame) {
|
|
268
|
-
return yield this.__toCompact(this.disclosures, false);
|
|
269
|
-
}
|
|
270
|
-
if ((Object.keys(presentationFrame).length > 0 && !this.disclosures) ||
|
|
271
|
-
((_a = this.disclosures) === null || _a === void 0 ? void 0 : _a.length) === 0) {
|
|
272
|
-
throw new error_1.SdJwtError('Cannot create a presentation with disclosures while no disclosures are on the sd-jwt');
|
|
273
|
-
}
|
|
274
|
-
// Calculate the digests for all disclosures
|
|
275
|
-
const disclosuresWithDigest = yield this.disclosuresWithDigest();
|
|
276
|
-
const requiredDisclosures = (0, present_1.getDisclosuresForPresentationFrame)(this.payload, presentationFrame, yield this.getPrettyClaims(), disclosuresWithDigest === null || disclosuresWithDigest === void 0 ? void 0 : disclosuresWithDigest.map((d) => d.asJson()));
|
|
277
|
-
return yield this.__toCompact(requiredDisclosures.map((d) => disclosures_1.Disclosure.fromJson(d)), false);
|
|
278
|
-
});
|
|
279
|
-
}
|
|
280
|
-
/**
|
|
281
|
-
*
|
|
282
|
-
* Verify the sd-jwt.
|
|
283
|
-
*
|
|
284
|
-
* It validates the following properties:
|
|
285
|
-
* - sd-jwt issuer signature
|
|
286
|
-
* - Optionally, the required claims
|
|
287
|
-
* - The `nbf` and `exp` claims
|
|
288
|
-
* - Whether the key binding is valid
|
|
289
|
-
*
|
|
290
|
-
*/
|
|
291
|
-
verify(verifier, requiredClaimKeys, kbJwtPublicKeyJwk, issuerPublicKeyJwk) {
|
|
292
|
-
const _super = Object.create(null, {
|
|
293
|
-
verify: { get: () => super.verify }
|
|
294
|
-
});
|
|
295
|
-
var _a;
|
|
296
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
297
|
-
this.assertSignature();
|
|
298
|
-
if (this.keyBinding) {
|
|
299
|
-
this.assertHashAndAlgorithm();
|
|
300
|
-
}
|
|
301
|
-
const jwtVerificationResult = (yield _super.verify.call(this, verifier, requiredClaimKeys, issuerPublicKeyJwk));
|
|
302
|
-
if (this.keyBinding) {
|
|
303
|
-
if (!this.keyBinding.expectedSdHash) {
|
|
304
|
-
// Calculate and set expected _sd_hash
|
|
305
|
-
const sdHash = yield this.calculateSdHash();
|
|
306
|
-
this.keyBinding.withExpectedSdHash(sdHash);
|
|
307
|
-
}
|
|
308
|
-
const { isValid } = yield this.keyBinding.verify(verifier, [], kbJwtPublicKeyJwk);
|
|
309
|
-
jwtVerificationResult.isKeyBindingValid = isValid;
|
|
310
|
-
}
|
|
311
|
-
const claimKeys = (0, utils_1.getAllKeys)(this.payload).concat(((_a = this.disclosures) !== null && _a !== void 0 ? _a : []).map((d) => d.decoded[1]));
|
|
312
|
-
if (requiredClaimKeys) {
|
|
313
|
-
jwtVerificationResult.areRequiredClaimsIncluded =
|
|
314
|
-
requiredClaimKeys.every((key) => claimKeys.includes(key));
|
|
315
|
-
}
|
|
316
|
-
return Object.assign(Object.assign({}, jwtVerificationResult), { isValid: Object.entries(jwtVerificationResult)
|
|
317
|
-
.filter(([key, value]) => typeof value === 'boolean' && key !== 'isValid')
|
|
318
|
-
.every(([, value]) => !!value) });
|
|
319
|
-
});
|
|
320
|
-
}
|
|
321
|
-
/**
|
|
322
|
-
*
|
|
323
|
-
* Utility method to check whether the expected hasher algorithm is used.
|
|
324
|
-
*
|
|
325
|
-
*/
|
|
326
|
-
checkHasher(expectedHasher) {
|
|
327
|
-
try {
|
|
328
|
-
this.assertPayload();
|
|
329
|
-
this.assertClaimInPayload('_sd_alg', expectedHasher.toString());
|
|
330
|
-
return true;
|
|
331
|
-
}
|
|
332
|
-
catch (e) {
|
|
333
|
-
console.error(e);
|
|
334
|
-
return false;
|
|
335
|
-
}
|
|
336
|
-
}
|
|
337
|
-
assertNonSelectivelyDisclosableClaim(claimKey) {
|
|
338
|
-
try {
|
|
339
|
-
this.assertClaimInDisclosureFrame(claimKey);
|
|
340
|
-
}
|
|
341
|
-
catch (error) {
|
|
342
|
-
// Check if it's an SdJwtError (to prevent other errors making the method not throw)
|
|
343
|
-
if (error instanceof error_1.SdJwtError)
|
|
344
|
-
return;
|
|
345
|
-
}
|
|
346
|
-
throw new error_1.SdJwtError(`Claim key '${claimKey}' was found in the disclosure frame. This claim is not allowed to be selectively disclosed`);
|
|
347
|
-
}
|
|
348
|
-
assertNonSelectivelyDisclosableClaims() {
|
|
349
|
-
if (!this.disclosureFrame)
|
|
350
|
-
return;
|
|
351
|
-
// NOTE: we don't include any properties here as it is a SHOULD
|
|
352
|
-
// in the spec, and not a MUST
|
|
353
|
-
for (const claimKey of ['_sd', '_sd_alg', '...']) {
|
|
354
|
-
this.assertNonSelectivelyDisclosableClaim(claimKey);
|
|
355
|
-
}
|
|
356
|
-
}
|
|
357
|
-
/**
|
|
358
|
-
*
|
|
359
|
-
* Return all claims from the payload and the disclosures on their original place.
|
|
360
|
-
*
|
|
361
|
-
*/
|
|
362
|
-
getPrettyClaims() {
|
|
363
|
-
var _a;
|
|
364
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
365
|
-
this.assertPayload();
|
|
366
|
-
this.assertHashAndAlgorithm();
|
|
367
|
-
const disclosuresWithDigest = yield this.disclosuresWithDigest();
|
|
368
|
-
const newPayload = (0, decode_1.decodeDisclosuresInPayload)(this.payload, (_a = disclosuresWithDigest === null || disclosuresWithDigest === void 0 ? void 0 : disclosuresWithDigest.map((d) => d.asJson())) !== null && _a !== void 0 ? _a : []);
|
|
369
|
-
return newPayload;
|
|
370
|
-
});
|
|
371
|
-
}
|
|
372
|
-
/**
|
|
373
|
-
*
|
|
374
|
-
* Create a compact format of the sd-jwt.
|
|
375
|
-
*
|
|
376
|
-
* This will
|
|
377
|
-
* - Apply the disclosure frame
|
|
378
|
-
* - Add a signature if there is none
|
|
379
|
-
*
|
|
380
|
-
* @throws When the signature and signer are not defined
|
|
381
|
-
* @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
|
|
382
|
-
*
|
|
383
|
-
*/
|
|
384
|
-
toCompact() {
|
|
385
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
386
|
-
return this.__toCompact();
|
|
387
|
-
});
|
|
388
|
-
}
|
|
389
|
-
__toCompact(disclosures = this.disclosures, shouldApplyFrame = true) {
|
|
390
|
-
var _a, _b, _c, _d, _e;
|
|
391
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
392
|
-
this.assertHeader();
|
|
393
|
-
this.assertPayload();
|
|
394
|
-
if (this.keyBinding && !this.keyBinding.expectedSdHash) {
|
|
395
|
-
this.assertHashAndAlgorithm();
|
|
396
|
-
}
|
|
397
|
-
if (this.disclosureFrame && shouldApplyFrame) {
|
|
398
|
-
yield this.applyDisclosureFrame();
|
|
399
|
-
}
|
|
400
|
-
disclosures !== null && disclosures !== void 0 ? disclosures : (disclosures = this.disclosures);
|
|
401
|
-
const compactHeader = utils_1.Base64url.encode(JSON.stringify(this.header));
|
|
402
|
-
const compactPayload = utils_1.Base64url.encode(JSON.stringify(this.payload));
|
|
403
|
-
const sSignature = this.signature
|
|
404
|
-
? utils_1.Base64url.encode(this.signature)
|
|
405
|
-
: utils_1.Base64url.encode((yield this.signAndAdd()).signature);
|
|
406
|
-
const sDisclosures = disclosures && disclosures.length > 0
|
|
407
|
-
? `~${disclosures.join('~')}~`
|
|
408
|
-
: '~';
|
|
409
|
-
const sdJwtWithoutKb = `${compactHeader}.${compactPayload}.${sSignature}${sDisclosures}`;
|
|
410
|
-
if (this.keyBinding) {
|
|
411
|
-
const sdHash = (_a = this.keyBinding.expectedSdHash) !== null && _a !== void 0 ? _a : (yield this.calculateSdHash(sdJwtWithoutKb));
|
|
412
|
-
if (this.keyBinding.signature &&
|
|
413
|
-
!((_b = this.keyBinding.payload) === null || _b === void 0 ? void 0 : _b._sd_hash)) {
|
|
414
|
-
throw new error_1.SdJwtError("Key binding is already signed, but missing _sd_hash. If you're manually signing the kb-jwt, make sure the correct _sd_hash is set.");
|
|
415
|
-
}
|
|
416
|
-
// If the signature is already set we don't want to add the _sd_hash ourselves
|
|
417
|
-
// Also the signature won't be re-calculated if it's already set -- this seems like a security issue to me
|
|
418
|
-
if (!this.keyBinding.signature &&
|
|
419
|
-
!((_c = this.keyBinding.payload) === null || _c === void 0 ? void 0 : _c._sd_hash)) {
|
|
420
|
-
this.keyBinding.withSdHashClaim(sdHash);
|
|
421
|
-
}
|
|
422
|
-
// Make sure the sd_hash is valid. If there's already a signature set
|
|
423
|
-
// this will ensure the signature was made with the correct _sd_hash
|
|
424
|
-
yield this.keyBinding.assertValidForKeyBinding(sdHash);
|
|
425
|
-
}
|
|
426
|
-
const kb = (_e = (yield ((_d = this.keyBinding) === null || _d === void 0 ? void 0 : _d.toCompact()))) !== null && _e !== void 0 ? _e : '';
|
|
427
|
-
return sdJwtWithoutKb + kb;
|
|
428
|
-
});
|
|
429
|
-
}
|
|
430
|
-
calculateSdHash(compact) {
|
|
431
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
432
|
-
this.assertHashAndAlgorithm();
|
|
433
|
-
const c = compact !== null && compact !== void 0 ? compact : this.compact;
|
|
434
|
-
if (!c) {
|
|
435
|
-
throw new error_1.SdJwtError("Unable to calculate _sd_hash for sd-jwt, without 'compact' variant to compare _sd_hash. Use `fromCompact`, or call `sdJwt.keyBinding.withExpectedSdHash` to set the expected _sd_hash.");
|
|
436
|
-
}
|
|
437
|
-
return (0, decode_1.calculateSdHash)(c, this.hasherAndAlgorithm);
|
|
438
|
-
});
|
|
439
|
-
}
|
|
440
|
-
}
|
|
441
|
-
exports.SdJwt = SdJwt;
|
|
442
|
-
//# sourceMappingURL=sdJwt.js.map
|
package/build/sdJwt/sdJwt.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sdJwt.js","sourceRoot":"","sources":["../../src/sdJwt/sdJwt.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAIuB;AACvB,6CAGwB;AACxB,yCAA4E;AAC5E,oCAA6E;AAC7E,8CAA0C;AAE1C,uDAAwD;AACxD,+CAAgE;AAChE,mCAAoC;AAqCpC,MAAa,KAGX,SAAQ,SAAoB;IAQ1B,YACI,OAAuC,EACvC,iBAAmD;QAEnD,KAAK,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAA;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QACnC,IAAI,CAAC,WAAW,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAA;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,CAAA;QAErC,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,kBAAkB,EAAE,CAAC;YACxC,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAA;QACzD,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,aAAa,EAAE,CAAC;YACnC,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,eAAe,EAAE,CAAC;YACrC,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,MAAM,EAAE,CAAC;YAC5B,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAA;QAC7C,CAAC;IACL,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAU,WAAW,CAGhC,OAAe;QACb,MAAM,EACF,WAAW,EAAE,CAAC,EACd,UAAU,EAAE,EAAE,EACd,SAAS,EACT,OAAO,EACP,MAAM,EACT,GAAG,IAAA,yBAAgB,EAAkB,OAAO,CAAC,CAAA;QAE9C,MAAM,WAAW,GAAG,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CACtB,CAAC,UAAU,EAAE,EAAE,CACX,IAAI,wBAAU,CACV,UAAU,CAAC,IAAI,EACf,UAAU,CAAC,KAAK,EAChB,UAAU,CAAC,GAAG,CACjB,CACR,CAAA;QAED,MAAM,UAAU,GAAG,EAAE;YACjB,CAAC,CAAC,IAAI,uBAAU,EAAE;iBACX,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC;iBACrB,WAAW,CAAC,EAAE,CAAC,OAAO,CAAC;iBACvB,aAAa,CAAC,EAAE,CAAC,SAAS,CAAC;YAClC,CAAC,CAAC,SAAS,CAAA;QAEf,MAAM,KAAK,GAAG,IAAI,KAAK,CAAkB;YACrC,MAAM;YACN,OAAO;YACP,SAAS;YACT,WAAW;YACX,UAAU;SACb,CAAC,CAAA;QAEF,KAAK,CAAC,OAAO,GAAG,OAAO,CAAA;QACvB,OAAO,KAIN,CAAA;IACL,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,iBAAiB,CAAC,aAA4B;QACjD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;QAClC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;OAUG;IACI,UAAU,CAAC,kBAAsC;QACpD,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAE5C,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;;;OAQG;IACI,2BAA2B,CAC9B,kBAAuC;QAEvC,IAAI,kBAAkB;YAAE,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAA;QAC3D,IAAI,CAAC,sBAAsB,EAAE,CAAA;QAE7B,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAmB,CAAC,SAAS,CAAC,CAAA;QAEnE,OAAO,IAAqD,CAAA;IAChE,CAAC;IAED;;;;;;OAMG;IACI,cAAc,CACjB,UAA+C;QAE/C,MAAM,EAAE,GACJ,OAAO,UAAU,KAAK,QAAQ;YAC1B,CAAC,CAAC,uBAAU,CAAC,WAAW,CAAC,UAAU,CAAC;YACpC,CAAC,CAAC,UAAU,YAAY,uBAAU;gBAChC,CAAC,CAAC,UAAU;gBACZ,CAAC,CAAC,uBAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAE1C,IAAI,CAAC,UAAU,GAAG,EAAE,CAAA;QACpB,OAAO,IAAwD,CAAA;IACnE,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,eAAyC;QAChE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,OAAO,IAAI,CAAA;IACf,CAAC;IAED;;;;;;;;;;;;;OAaG;IACU,oBAAoB;;YAC7B,IAAI,CAAC,mBAAmB,EAAE,CAAA;YAC1B,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAE5B,IACI,IAAI,CAAC,WAAW;gBAChB,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBAC3B,IAAI,CAAC,SAAS;gBACd,CAAC,IAAI,CAAC,MAAM,EACd,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,yOAAyO,CAC5O,CAAA;YACL,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,GACzC,MAAM,IAAA,sCAAoB,EACtB,IAAI,CAAC,aAAc,EACnB,IAAI,CAAC,kBAAmB,EACxB,IAAI,CAAC,2BAA2B,EAAE,CAAC,OAAQ,EAC3C,IAAI,CAAC,eAAgB,CACxB,CAAA;YAEL,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;YAC9B,IAAI,CAAC,OAAO,GAAG,aAAwB,CAAA;QAC3C,CAAC;KAAA;IAEY,qBAAqB;;YAG9B,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAE7B,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,WAAW;gBAAE,OAAO,SAAS,CAAA;YAEvC,OAAO,OAAO,CAAC,GAAG,CACd,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACvB,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,kBAAmB,CAAC,CAClD,CACJ,CAAA;QACL,CAAC;KAAA;IAED;;;;OAIG;IACI,qBAAqB;QACxB,IAAI,IAAI,CAAC,eAAe;YAAE,OAAM;QAEhC,MAAM,IAAI,kBAAU,CAAC,iCAAiC,CAAC,CAAA;IAC3D,CAAC;IAED;;;;OAIG;IACK,mBAAmB;QACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,IAAI,kBAAU,CAChB,mGAAmG,CACtG,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,sBAAsB;QAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAU,CAChB,4JAA4J,CAC/J,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACI,4BAA4B,CAAC,QAAgB;QAChD,IAAI,CAAC,qBAAqB,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,IAAI,CAAC,eAAgB,EAAE,QAAQ,CAAC,CAAA;QAEpE,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,iDAAiD,CAC1E,CAAA;QACL,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACU,OAAO,CAAC,iBAA8C;;;YAC/D,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,mFAAmF;YACnF,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,oEAAoE;YACpE,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACrB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;YAC1D,CAAC;YAED,IACI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBAChE,CAAA,MAAA,IAAI,CAAC,WAAW,0CAAE,MAAM,MAAK,CAAC,EAChC,CAAC;gBACC,MAAM,IAAI,kBAAU,CAChB,sFAAsF,CACzF,CAAA;YACL,CAAC;YAED,4CAA4C;YAC5C,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAEhE,MAAM,mBAAmB,GAAG,IAAA,4CAAkC,EAC1D,IAAI,CAAC,OAAQ,EACb,iBAAiB,EACjB,MAAM,IAAI,CAAC,eAAe,EAAE,EAC5B,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAChD,CAAA;YAED,OAAO,MAAM,IAAI,CAAC,WAAW,CACzB,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,wBAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EACtD,KAAK,CACR,CAAA;;KACJ;IAED;;;;;;;;;;OAUG;IACU,MAAM,CACf,QAA0B,EAC1B,iBAAiD,EACjD,iBAA2C,EAC3C,kBAA4C;;;;;;YAE5C,IAAI,CAAC,eAAe,EAAE,CAAA;YAEtB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,sBAAsB,EAAE,CAAA;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,CAAC,MAAM,OAAM,MAAM,YAC7C,QAAQ,EACR,iBAAiB,EACjB,kBAAkB,CACrB,CAA4B,CAAA;YAE7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;oBAClC,sCAAsC;oBACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAA;oBAC3C,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;gBAC9C,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAC5C,QAAoB,EACpB,EAAE,EACF,iBAAiB,CACpB,CAAA;gBAED,qBAAqB,CAAC,iBAAiB,GAAG,OAAO,CAAA;YACrD,CAAC;YAED,MAAM,SAAS,GAAG,IAAA,kBAAU,EAAC,IAAI,CAAC,OAAQ,CAAC,CAAC,MAAM,CAC9C,CAAC,MAAA,IAAI,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAW,CAAC,CAC9D,CAAA;YAED,IAAI,iBAAiB,EAAE,CAAC;gBACpB,qBAAqB,CAAC,yBAAyB;oBAC3C,iBAAiB,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5B,SAAS,CAAC,QAAQ,CAAC,GAAa,CAAC,CACpC,CAAA;YACT,CAAC;YAED,uCACO,qBAAqB,KACxB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC;qBACzC,MAAM,CACH,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACb,OAAO,KAAK,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CACtD;qBACA,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IACrC;;KACJ;IAED;;;;OAIG;IACI,WAAW,CAAC,cAAwC;QACvD,IAAI,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC/D,OAAO,IAAI,CAAA;QACf,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAChB,OAAO,KAAK,CAAA;QAChB,CAAC;IACL,CAAC;IAEM,oCAAoC,CAAC,QAAgB;QACxD,IAAI,CAAC;YACD,IAAI,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,oFAAoF;YACpF,IAAI,KAAK,YAAY,kBAAU;gBAAE,OAAM;QAC3C,CAAC;QACD,MAAM,IAAI,kBAAU,CAChB,cAAc,QAAQ,4FAA4F,CACrH,CAAA;IACL,CAAC;IAEM,qCAAqC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAM;QAEjC,+DAA+D;QAC/D,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,oCAAoC,CAAC,QAAQ,CAAC,CAAA;QACvD,CAAC;IACL,CAAC;IAED;;;;OAIG;IACU,eAAe;;;YAGxB,IAAI,CAAC,aAAa,EAAE,CAAA;YACpB,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAE7B,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAA;YAChE,MAAM,UAAU,GAAG,IAAA,mCAA0B,EACzC,IAAI,CAAC,OAAQ,EACb,MAAA,qBAAqB,aAArB,qBAAqB,uBAArB,qBAAqB,CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,mCAAI,EAAE,CACtD,CAAA;YAED,OAAO,UAAoB,CAAA;;KAC9B;IAED;;;;;;;;;;;OAWG;IACU,SAAS;;YAClB,OAAO,IAAI,CAAC,WAAW,EAAE,CAAA;QAC7B,CAAC;KAAA;IAEa,WAAW,CACrB,cAA6C,IAAI,CAAC,WAAW,EAC7D,mBAA4B,IAAI;;;YAEhC,IAAI,CAAC,YAAY,EAAE,CAAA;YACnB,IAAI,CAAC,aAAa,EAAE,CAAA;YAEpB,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;gBACrD,IAAI,CAAC,sBAAsB,EAAE,CAAA;YACjC,CAAC;YAED,IAAI,IAAI,CAAC,eAAe,IAAI,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAA;YACrC,CAAC;YAED,WAAW,aAAX,WAAW,cAAX,WAAW,IAAX,WAAW,GAAK,IAAI,CAAC,WAAW,EAAA;YAEhC,MAAM,aAAa,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;YACnE,MAAM,cAAc,GAAG,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAErE,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS;gBAC7B,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBAClC,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,SAAU,CAAC,CAAA;YAE5D,MAAM,YAAY,GACd,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG;gBAC9B,CAAC,CAAC,GAAG,CAAA;YAEb,MAAM,cAAc,GAAG,GAAG,aAAa,IAAI,cAAc,IAAI,UAAU,GAAG,YAAY,EAAE,CAAA;YAExF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,MAAM,MAAM,GACR,MAAA,IAAI,CAAC,UAAU,CAAC,cAAc,mCAC9B,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAA;gBAEhD,IACI,IAAI,CAAC,UAAU,CAAC,SAAS;oBACzB,CAAC,CAAA,MAAA,IAAI,CAAC,UAAU,CAAC,OAAO,0CAAE,QAAQ,CAAA,EACpC,CAAC;oBACC,MAAM,IAAI,kBAAU,CAChB,oIAAoI,CACvI,CAAA;gBACL,CAAC;gBAED,8EAA8E;gBAC9E,0GAA0G;gBAC1G,IACI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS;oBAC1B,CAAC,CAAA,MAAA,IAAI,CAAC,UAAU,CAAC,OAAO,0CAAE,QAAQ,CAAA,EACpC,CAAC;oBACC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;gBAC3C,CAAC;gBAED,qEAAqE;gBACrE,oEAAoE;gBACpE,MAAM,IAAI,CAAC,UAAU,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,EAAE,GAAG,MAAA,CAAC,MAAM,CAAA,MAAA,IAAI,CAAC,UAAU,0CAAE,SAAS,EAAE,CAAA,CAAC,mCAAI,EAAE,CAAA;YACrD,OAAO,cAAc,GAAG,EAAE,CAAA;;KAC7B;IAEa,eAAe,CAAC,OAAgB;;YAC1C,IAAI,CAAC,sBAAsB,EAAE,CAAA;YAC7B,MAAM,CAAC,GAAG,OAAO,aAAP,OAAO,cAAP,OAAO,GAAI,IAAI,CAAC,OAAO,CAAA;YAEjC,IAAI,CAAC,CAAC,EAAE,CAAC;gBACL,MAAM,IAAI,kBAAU,CAChB,wLAAwL,CAC3L,CAAA;YACL,CAAC;YAED,OAAO,IAAA,wBAAe,EAAC,CAAC,EAAE,IAAI,CAAC,kBAAmB,CAAC,CAAA;QACvD,CAAC;KAAA;CACJ;AAlkBD,sBAkkBC"}
|
package/build/sdJwt/swapClaim.js
DELETED
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.swapClaims = void 0;
|
|
4
|
-
const shouldInsertDisclosure = (key, value, disclosures) => {
|
|
5
|
-
if (key !== '_sd')
|
|
6
|
-
return [];
|
|
7
|
-
if (!Array.isArray(value))
|
|
8
|
-
return [];
|
|
9
|
-
const filteredDisclosures = [];
|
|
10
|
-
for (const d of disclosures) {
|
|
11
|
-
if (value.includes(d.digest)) {
|
|
12
|
-
filteredDisclosures.push(d);
|
|
13
|
-
}
|
|
14
|
-
}
|
|
15
|
-
return filteredDisclosures;
|
|
16
|
-
};
|
|
17
|
-
const shouldIncludeCleartextClaim = (key, value) => key !== '_sd' && key !== '_sd_alg' && typeof value !== 'object';
|
|
18
|
-
const swapClaims = (payload, disclosures, newPayload = {}) => {
|
|
19
|
-
const entries = Object.entries(payload);
|
|
20
|
-
// Loop over de payload
|
|
21
|
-
for (let i = 0; i < entries.length; i++) {
|
|
22
|
-
const [key, value] = entries[i];
|
|
23
|
-
// See whether we have an `_sd` key with an array of disclosures.
|
|
24
|
-
const foundDisclosures = shouldInsertDisclosure(key, value, disclosures);
|
|
25
|
-
// Add the disclosed items to the pretty payload
|
|
26
|
-
foundDisclosures.forEach((d) => {
|
|
27
|
-
const [, disclosureKey, disclosureValue] = d.decoded;
|
|
28
|
-
newPayload[disclosureKey] = disclosureValue;
|
|
29
|
-
});
|
|
30
|
-
// Skip the rest as `_sd` is a special case
|
|
31
|
-
if (key === '_sd') {
|
|
32
|
-
continue;
|
|
33
|
-
}
|
|
34
|
-
// Include all the primitive claims into the new payload
|
|
35
|
-
if (shouldIncludeCleartextClaim(key, value)) {
|
|
36
|
-
newPayload[key] = value;
|
|
37
|
-
continue;
|
|
38
|
-
}
|
|
39
|
-
if (typeof value === 'object' && Array.isArray(value)) {
|
|
40
|
-
newPayload[key] = swapClaimsInsideArray(value, disclosures);
|
|
41
|
-
continue;
|
|
42
|
-
}
|
|
43
|
-
if (typeof value === 'object' &&
|
|
44
|
-
value !== null &&
|
|
45
|
-
!Array.isArray(value)) {
|
|
46
|
-
newPayload[key] = (0, exports.swapClaims)(value, disclosures);
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
return newPayload;
|
|
50
|
-
};
|
|
51
|
-
exports.swapClaims = swapClaims;
|
|
52
|
-
const swapClaimsInsideArray = (array, disclosures) => {
|
|
53
|
-
const processedArray = [];
|
|
54
|
-
for (const el of array) {
|
|
55
|
-
if (typeof el === 'object' && el !== null && '...' in el) {
|
|
56
|
-
const hash = el['...'];
|
|
57
|
-
let disclosureFound = false;
|
|
58
|
-
let disclosureValue;
|
|
59
|
-
for (const d of disclosures) {
|
|
60
|
-
if (d.digest === hash && d.decoded[2] === undefined) {
|
|
61
|
-
disclosureValue = d.decoded[1];
|
|
62
|
-
disclosureFound = true;
|
|
63
|
-
break;
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
if (disclosureFound) {
|
|
67
|
-
processedArray.push(disclosureValue);
|
|
68
|
-
}
|
|
69
|
-
else {
|
|
70
|
-
processedArray.push(el);
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
else {
|
|
74
|
-
processedArray.push(el);
|
|
75
|
-
}
|
|
76
|
-
}
|
|
77
|
-
return processedArray;
|
|
78
|
-
};
|
|
79
|
-
//# sourceMappingURL=swapClaim.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"swapClaim.js","sourceRoot":"","sources":["../../src/sdJwt/swapClaim.ts"],"names":[],"mappings":";;;AAEA,MAAM,sBAAsB,GAAG,CAC3B,GAAW,EACX,KAAc,EACd,WAAmC,EACrC,EAAE;IACA,IAAI,GAAG,KAAK,KAAK;QAAE,OAAO,EAAE,CAAA;IAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAA;IAEpC,MAAM,mBAAmB,GAAG,EAAE,CAAA;IAE9B,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC1B,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC/B,CAAC;IACL,CAAC;IAED,OAAO,mBAAmB,CAAA;AAC9B,CAAC,CAAA;AAED,MAAM,2BAA2B,GAAG,CAAC,GAAW,EAAE,KAAc,EAAE,EAAE,CAChE,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAA;AAE5D,MAAM,UAAU,GAAG,CACtB,OAAgC,EAChC,WAAmC,EACnC,aAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvC,uBAAuB;IACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;QAE/B,iEAAiE;QACjE,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,CAAC,CAAA;QAExE,gDAAgD;QAChD,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,MAAM,CAAC,EAAE,aAAa,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,CAAA;YACpD,UAAU,CAAC,aAAuB,CAAC,GAAG,eAAe,CAAA;QACzD,CAAC,CAAC,CAAA;QAEF,4CAA4C;QAC5C,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChB,SAAQ;QACZ,CAAC;QAED,wDAAwD;QACxD,IAAI,2BAA2B,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1C,UAAU,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;YACvB,SAAQ;QACZ,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,UAAU,CAAC,GAAG,CAAC,GAAG,qBAAqB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAA;YAC3D,SAAQ;QACZ,CAAC;QAED,IACI,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI;YACd,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EACvB,CAAC;YACC,UAAU,CAAC,GAAG,CAAC,GAAG,IAAA,kBAAU,EACxB,KAAgC,EAChC,WAAW,CACd,CAAA;QACL,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAA;AACrB,CAAC,CAAA;AAjDY,QAAA,UAAU,cAiDtB;AAED,MAAM,qBAAqB,GAAG,CAC1B,KAAyC,EACzC,WAAmC,EACrC,EAAE;IACA,MAAM,cAAc,GAAG,EAAE,CAAA;IAEzB,KAAK,MAAM,EAAE,IAAI,KAAK,EAAE,CAAC;QACrB,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,IAAI,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAA;YACtB,IAAI,eAAe,GAAG,KAAK,CAAA;YAC3B,IAAI,eAAe,CAAA;YAEnB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC1B,IAAI,CAAC,CAAC,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;oBAClD,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;oBAC9B,eAAe,GAAG,IAAI,CAAA;oBACtB,MAAK;gBACT,CAAC;YACL,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBAClB,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACxC,CAAC;iBAAM,CAAC;gBACJ,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC3B,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC3B,CAAC;IACL,CAAC;IAED,OAAO,cAAc,CAAA;AACzB,CAAC,CAAA"}
|
package/build/sdJwt/types.d.ts
DELETED
|
@@ -1,5 +0,0 @@
|
|
|
1
|
-
import { MakePropertyRequired } from '../types';
|
|
2
|
-
import { SdJwt } from './sdJwt';
|
|
3
|
-
export type ReturnSdJwtWithHeaderAndPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'header' | 'payload'>;
|
|
4
|
-
export type ReturnSdJwtWithPayload<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'payload'>;
|
|
5
|
-
export type ReturnSdJwtWithKeyBinding<H extends Record<string, unknown>, P extends Record<string, unknown>, T extends SdJwt<H, P>> = MakePropertyRequired<T, 'keyBinding'>;
|
package/build/sdJwt/types.js
DELETED
package/build/sdJwt/types.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/sdJwt/types.ts"],"names":[],"mappings":""}
|
package/build/sdJwtVc/error.d.ts
DELETED
package/build/sdJwtVc/error.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/sdJwtVc/error.ts"],"names":[],"mappings":";;;AAAA,MAAa,YAAa,SAAQ,KAAK;CAAG;AAA1C,oCAA0C"}
|
package/build/sdJwtVc/index.d.ts
DELETED
package/build/sdJwtVc/index.js
DELETED
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./sdJwtVc"), exports);
|
|
18
|
-
__exportStar(require("./error"), exports);
|
|
19
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdJwtVc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,0CAAuB"}
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
import { ReturnSdJwtWithHeaderAndPayload } from '../sdJwt';
|
|
2
|
-
import { SdJwt, SdJwtVerificationResult } from '../sdJwt';
|
|
3
|
-
import { Verifier } from '../types';
|
|
4
|
-
export type SdJwtVcVerificationResult = SdJwtVerificationResult & {
|
|
5
|
-
containsExpectedKeyBinding?: boolean;
|
|
6
|
-
containsRequiredVcProperties: boolean;
|
|
7
|
-
};
|
|
8
|
-
export declare class SdJwtVc<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> extends SdJwt<Header, Payload> {
|
|
9
|
-
assertNonSelectivelyDisclosableClaims(): void;
|
|
10
|
-
private validateSdJwtVc;
|
|
11
|
-
/**
|
|
12
|
-
*
|
|
13
|
-
* Instantiate a sd-jwt-vc from a compact format.
|
|
14
|
-
*
|
|
15
|
-
* @throws when the compact sd-jwt-vc is not a valid sd-jwt-vc
|
|
16
|
-
*
|
|
17
|
-
*/
|
|
18
|
-
static fromCompact<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string): ReturnSdJwtWithHeaderAndPayload<Header, Payload, SdJwtVc<Header, Payload>>;
|
|
19
|
-
/**
|
|
20
|
-
*
|
|
21
|
-
* Verify the sd-jwt-vc.
|
|
22
|
-
*
|
|
23
|
-
* It validates the following properties:
|
|
24
|
-
* - sd-jwt issuer signature
|
|
25
|
-
* - Optionally, the required claims
|
|
26
|
-
* - The `nbf` and `exp` claims
|
|
27
|
-
* - Whether the key binding is valid
|
|
28
|
-
* - Whether the expected key binding is used
|
|
29
|
-
* - Whether the required sd-jwt-vc properties are included
|
|
30
|
-
*
|
|
31
|
-
*/
|
|
32
|
-
verify(verifier: Verifier<Header>, requiredClaimKeys?: Array<keyof Payload | string>, expectedCnfClaim?: Record<string, unknown>, kbJwtPublicKeyJwk?: Record<string, unknown>, issuerPublicKeyJwk?: Record<string, unknown>): Promise<SdJwtVcVerificationResult>;
|
|
33
|
-
/**
|
|
34
|
-
*
|
|
35
|
-
* Create a compact format of the sd-jwt-vc.
|
|
36
|
-
*
|
|
37
|
-
* This will
|
|
38
|
-
* - Apply the disclosure frame
|
|
39
|
-
* - Add a signature if there is none
|
|
40
|
-
*
|
|
41
|
-
* @throws when the sd-jwt-vc is not conformant to the specification
|
|
42
|
-
* @throws When the signature and signer are not defined
|
|
43
|
-
* @throws When a claim is requested to be selectively disclosable, but it was not found in the payload
|
|
44
|
-
*
|
|
45
|
-
*/
|
|
46
|
-
toCompact(): Promise<string>;
|
|
47
|
-
}
|