@sd-jwt/core 0.2.1 → 2.0.2-next.26

package/src/test/jwt.spec.ts

@@ -0,0 +1,141 @@
+import { SDJWTException } from '@sd-jwt/utils';
+import { Jwt } from '../jwt';
+import Crypto from 'node:crypto';
+import { Signer, Verifier } from '@sd-jwt/types';
+import { describe, expect, test } from 'vitest';
+
+describe('JWT', () => {
+  test('create', async () => {
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    expect(jwt.header).toEqual({ alg: 'EdDSA' });
+    expect(jwt.payload).toEqual({ foo: 'bar' });
+  });
+
+  test('returns decoded JWT when correct JWT string is provided', () => {
+    // Two objects are created separately, the first: { alg: 'HS256', typ: 'JWT' } represents a JWT Header and the second: { sub: '1234567890', name: 'John Doe' } represents a JWT Payload.
+    // These objects are turned into strings with JSON.stringify. The resulting strings are encoded with base64 encoding using Buffer.from(string).toString('base64').
+    // These base64 encoded strings are concatenated with a period (.) between them, following the structure of a JWT, which is composed of three Base64-URL strings separated by dots (header.payload.signature).
+    // A 'signature' string is added at the end to represent a JWT signature.
+    // So, the jwt variable ends up being a string with the format of a base64Url encoded Header, a period, a base64Url encoded Payload, another period, and a 'signature' string.
+    // It's important to note that the 'signature' here is just a placeholder string and not an actual cryptographic signature generated from the header and payload data.
+    const jwt = `${Buffer.from(
+      JSON.stringify({ alg: 'HS256', typ: 'JWT' }),
+    ).toString('base64')}.${Buffer.from(
+      JSON.stringify({ sub: '1234567890', name: 'John Doe' }),
+    ).toString('base64')}.signature`;
+    const result = Jwt.decodeJWT(jwt);
+    expect(result).toEqual({
+      header: { alg: 'HS256', typ: 'JWT' },
+      payload: { sub: '1234567890', name: 'John Doe' },
+      signature: 'signature',
+    });
+  });
+
+  test('throws an error when JWT string is not correctly formed', () => {
+    const jwt = 'abc.def';
+    expect(() => Jwt.decodeJWT(jwt)).toThrow('Invalid JWT as input');
+  });
+
+  test('throws an error when JWT parts are missing', () => {
+    const jwt = `${Buffer.from(
+      JSON.stringify({ alg: 'HS256', typ: 'JWT' }),
+    ).toString('base64')}`;
+    expect(() => Jwt.decodeJWT(jwt)).toThrow('Invalid JWT as input');
+  });
+
+  test('set', async () => {
+    const jwt = new Jwt();
+    jwt.setHeader({ alg: 'EdDSA' });
+    jwt.setPayload({ foo: 'bar' });
+
+    expect(jwt.header).toEqual({ alg: 'EdDSA' });
+    expect(jwt.payload).toEqual({ foo: 'bar' });
+  });
+
+  test('sign', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    const encodedJwt = await jwt.sign(testSigner);
+    expect(typeof encodedJwt).toBe('string');
+  });
+
+  test('verify', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    const encodedJwt = await jwt.sign(testSigner);
+    const newJwt = Jwt.fromEncode(encodedJwt);
+    const verified = await newJwt.verify(testVerifier);
+    expect(verified).toStrictEqual({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+    try {
+      await newJwt.verify(() => false);
+    } catch (e: unknown) {
+      expect(e).toBeInstanceOf(SDJWTException);
+    }
+  });
+
+  test('encode', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    const encodedJwt = await jwt.sign(testSigner);
+    const newJwt = Jwt.fromEncode(encodedJwt);
+    const newEncodedJwt = newJwt.encodeJwt();
+    expect(newEncodedJwt).toBe(encodedJwt);
+  });
+
+  test('decode failed', () => {
+    expect(() => Jwt.fromEncode('asfasfas')).toThrow();
+  });
+
+  test('encode failed', async () => {
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+    });
+
+    try {
+      jwt.encodeJwt();
+    } catch (e: unknown) {
+      expect(e).toBeInstanceOf(SDJWTException);
+    }
+  });
+});

package/src/test/kbjwt.spec.ts

@@ -0,0 +1,275 @@
+import { SDJWTException } from '@sd-jwt/utils';
+import { KBJwt } from '../kbjwt';
+import { KB_JWT_TYP, Signer, Verifier } from '@sd-jwt/types';
+import Crypto from 'node:crypto';
+import { describe, expect, test } from 'vitest';
+
+describe('KB JWT', () => {
+  test('create', async () => {
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+
+    expect(kbJwt.header).toEqual({
+      typ: KB_JWT_TYP,
+      alg: 'EdDSA',
+    });
+    expect(kbJwt.payload).toEqual({
+      iat: 1,
+      aud: 'aud',
+      nonce: 'nonce',
+      sd_hash: 'hash',
+    });
+  });
+
+  test('decode', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    expect(decoded.header).toEqual({
+      typ: KB_JWT_TYP,
+      alg: 'EdDSA',
+    });
+    expect(decoded.payload).toEqual({
+      iat: 1,
+      aud: 'aud',
+      nonce: 'nonce',
+      sd_hash: 'hash',
+    });
+  });
+
+  test('verify', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    const verified = await decoded.verify(testVerifier);
+    expect(verified).toStrictEqual({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+  });
+
+  test('verify failed', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: '',
+      },
+    });
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    try {
+      await decoded.verify(testVerifier);
+    } catch (e: unknown) {
+      const error = e as SDJWTException;
+      expect(error.message).toBe('Invalid Key Binding Jwt');
+    }
+  });
+
+  test('verify with custom Verifier', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    const verified = await decoded.verify(testVerifier);
+    expect(verified).toStrictEqual({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+  });
+
+  test('verify failed with custom Verifier', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: '',
+      },
+    });
+
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    try {
+      await decoded.verify(testVerifier);
+    } catch (e: unknown) {
+      const error = e as SDJWTException;
+      expect(error.message).toBe('Invalid Key Binding Jwt');
+    }
+  });
+
+  test('compatibility test for version 06', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        sd_hash: 'hash',
+      },
+    });
+
+    (kbJwt.payload as Record<string, unknown>)._sd_hash = 'hash';
+    (kbJwt.payload as Record<string, unknown>).sd_hash = undefined;
+
+    const encodedKbJwt = await kbJwt.sign(testSigner);
+    const decoded = KBJwt.fromKBEncode(encodedKbJwt);
+    const verified = await decoded.verify(testVerifier);
+    expect(verified).toStrictEqual({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: 'EdDSA',
+      },
+      payload: {
+        iat: 1,
+        aud: 'aud',
+        nonce: 'nonce',
+        _sd_hash: 'hash',
+      },
+    });
+  });
+});

package/src/test/pass.spec.ts

@@ -0,0 +1,6 @@
+import { describe, expect, test } from 'vitest';
+describe('Should always pass', () => {
+  test('adds 1 + 2 to equal 3', () => {
+    expect(1 + 2).toBe(3);
+  });
+});