@sd-jwt/core 0.3.0 → 0.3.2-next.100

package/dist/index.mjs

@@ -0,0 +1,654 @@
+var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+
+// src/index.ts
+import { SDJWTException as SDJWTException4, Uint8ArrayToBase64Url as Uint8ArrayToBase64Url2 } from "@sd-jwt/utils";
+
+// src/jwt.ts
+import { Base64urlEncode, SDJWTException } from "@sd-jwt/utils";
+import { decodeJwt } from "@sd-jwt/decode";
+var Jwt = class _Jwt {
+  constructor(data) {
+    this.header = data == null ? void 0 : data.header;
+    this.payload = data == null ? void 0 : data.payload;
+    this.signature = data == null ? void 0 : data.signature;
+  }
+  static decodeJWT(jwt) {
+    return decodeJwt(jwt);
+  }
+  static fromEncode(encodedJwt) {
+    const { header, payload, signature } = _Jwt.decodeJWT(
+      encodedJwt
+    );
+    const jwt = new _Jwt({
+      header,
+      payload,
+      signature
+    });
+    return jwt;
+  }
+  setHeader(header) {
+    this.header = header;
+    return this;
+  }
+  setPayload(payload) {
+    this.payload = payload;
+    return this;
+  }
+  sign(signer) {
+    return __async(this, null, function* () {
+      if (!this.header || !this.payload) {
+        throw new SDJWTException("Sign Error: Invalid JWT");
+      }
+      const header = Base64urlEncode(JSON.stringify(this.header));
+      const payload = Base64urlEncode(JSON.stringify(this.payload));
+      const data = `${header}.${payload}`;
+      this.signature = yield signer(data);
+      return this.encodeJwt();
+    });
+  }
+  encodeJwt() {
+    if (!this.header || !this.payload || !this.signature) {
+      throw new SDJWTException("Serialize Error: Invalid JWT");
+    }
+    const header = Base64urlEncode(JSON.stringify(this.header));
+    const payload = Base64urlEncode(JSON.stringify(this.payload));
+    const signature = this.signature;
+    const compact = `${header}.${payload}.${signature}`;
+    return compact;
+  }
+  verify(verifier) {
+    return __async(this, null, function* () {
+      if (!this.header || !this.payload || !this.signature) {
+        throw new SDJWTException("Verify Error: Invalid JWT");
+      }
+      const header = Base64urlEncode(JSON.stringify(this.header));
+      const payload = Base64urlEncode(JSON.stringify(this.payload));
+      const data = `${header}.${payload}`;
+      const verified = verifier(data, this.signature);
+      if (!verified) {
+        throw new SDJWTException("Verify Error: Invalid JWT Signature");
+      }
+      return { payload: this.payload, header: this.header };
+    });
+  }
+};
+
+// src/kbjwt.ts
+import { Base64urlEncode as Base64urlEncode2, SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+var KBJwt = class _KBJwt extends Jwt {
+  // Checking the validity of the key binding jwt
+  // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
+  verifyKB(values) {
+    return __async(this, null, function* () {
+      var _a, _b, _c, _d, _e, _f;
+      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
+      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
+        throw new SDJWTException2("Invalid Key Binding Jwt");
+      }
+      if (!this.header || !this.payload || !this.signature) {
+        throw new SDJWTException2("Verify Error: Invalid JWT");
+      }
+      const header = Base64urlEncode2(JSON.stringify(this.header));
+      const payload = Base64urlEncode2(JSON.stringify(this.payload));
+      const data = `${header}.${payload}`;
+      const verified = yield values.verifier(
+        data,
+        this.signature,
+        values.payload
+      );
+      if (!verified) {
+        throw new SDJWTException2("Verify Error: Invalid JWT Signature");
+      }
+      return { payload: this.payload, header: this.header };
+    });
+  }
+  // This function is for creating KBJwt object for verify properly
+  static fromKBEncode(encodedJwt) {
+    const { header, payload, signature } = Jwt.decodeJWT(
+      encodedJwt
+    );
+    const jwt = new _KBJwt({
+      header,
+      payload,
+      signature
+    });
+    return jwt;
+  }
+};
+
+// src/decoy.ts
+import { Uint8ArrayToBase64Url } from "@sd-jwt/utils";
+var createDecoy = (hash, saltGenerator) => __async(void 0, null, function* () {
+  const { hasher, alg } = hash;
+  const salt = yield saltGenerator(16);
+  const decoy = yield hasher(salt, alg);
+  return Uint8ArrayToBase64Url(decoy);
+});
+
+// src/sdjwt.ts
+import { SDJWTException as SDJWTException3, Disclosure } from "@sd-jwt/utils";
+import {
+  SD_DECOY,
+  SD_DIGEST,
+  SD_LIST_KEY,
+  SD_SEPARATOR
+} from "@sd-jwt/types";
+import { createHashMapping, getSDAlgAndPayload, unpack } from "@sd-jwt/decode";
+var SDJwt = class _SDJwt {
+  constructor(data) {
+    this.jwt = data == null ? void 0 : data.jwt;
+    this.disclosures = data == null ? void 0 : data.disclosures;
+    this.kbJwt = data == null ? void 0 : data.kbJwt;
+  }
+  static decodeSDJwt(sdjwt, hasher) {
+    return __async(this, null, function* () {
+      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+      const jwt = Jwt.fromEncode(encodedJwt);
+      if (!jwt.payload) {
+        throw new Error("Payload is undefined on the JWT. Invalid state reached");
+      }
+      if (encodedDisclosures.length === 0) {
+        return {
+          jwt,
+          disclosures: []
+        };
+      }
+      const encodedKeyBindingJwt = encodedDisclosures.pop();
+      const kbJwt = encodedKeyBindingJwt ? KBJwt.fromKBEncode(encodedKeyBindingJwt) : void 0;
+      const { _sd_alg } = getSDAlgAndPayload(jwt.payload);
+      const disclosures = yield Promise.all(
+        encodedDisclosures.map(
+          (ed) => Disclosure.fromEncode(ed, { alg: _sd_alg, hasher })
+        )
+      );
+      return {
+        jwt,
+        disclosures,
+        kbJwt
+      };
+    });
+  }
+  static fromEncode(encodedSdJwt, hasher) {
+    return __async(this, null, function* () {
+      const { jwt, disclosures, kbJwt } = yield _SDJwt.decodeSDJwt(encodedSdJwt, hasher);
+      return new _SDJwt({
+        jwt,
+        disclosures,
+        kbJwt
+      });
+    });
+  }
+  present(keys, hasher) {
+    return __async(this, null, function* () {
+      var _a;
+      if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
+        throw new SDJWTException3("Invalid sd-jwt: jwt or disclosures is missing");
+      }
+      const { _sd_alg: alg } = getSDAlgAndPayload(this.jwt.payload);
+      const hash = { alg, hasher };
+      const hashmap = yield createHashMapping(this.disclosures, hash);
+      const { disclosureKeymap } = yield unpack(
+        this.jwt.payload,
+        this.disclosures,
+        hasher
+      );
+      const presentableKeys = Object.keys(disclosureKeymap);
+      const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
+      if (missingKeys.length > 0) {
+        throw new SDJWTException3(
+          `Invalid sd-jwt: invalid present keys: ${missingKeys.join(", ")}`
+        );
+      }
+      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+      const presentSDJwt = new _SDJwt({
+        jwt: this.jwt,
+        disclosures,
+        kbJwt: this.kbJwt
+      });
+      return presentSDJwt.encodeSDJwt();
+    });
+  }
+  encodeSDJwt() {
+    const data = [];
+    if (!this.jwt) {
+      throw new SDJWTException3("Invalid sd-jwt: jwt is missing");
+    }
+    const encodedJwt = this.jwt.encodeJwt();
+    data.push(encodedJwt);
+    if (this.disclosures && this.disclosures.length > 0) {
+      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(SD_SEPARATOR);
+      data.push(encodeddisclosures);
+    }
+    data.push(this.kbJwt ? this.kbJwt.encodeJwt() : "");
+    return data.join(SD_SEPARATOR);
+  }
+  keys(hasher) {
+    return __async(this, null, function* () {
+      return listKeys(yield this.getClaims(hasher)).sort();
+    });
+  }
+  presentableKeys(hasher) {
+    return __async(this, null, function* () {
+      var _a, _b;
+      if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
+        throw new SDJWTException3("Invalid sd-jwt: jwt or disclosures is missing");
+      }
+      const { disclosureKeymap } = yield unpack(
+        (_b = this.jwt) == null ? void 0 : _b.payload,
+        this.disclosures,
+        hasher
+      );
+      return Object.keys(disclosureKeymap).sort();
+    });
+  }
+  getClaims(hasher) {
+    return __async(this, null, function* () {
+      var _a;
+      if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
+        throw new SDJWTException3("Invalid sd-jwt: jwt or disclosures is missing");
+      }
+      const { unpackedObj } = yield unpack(
+        this.jwt.payload,
+        this.disclosures,
+        hasher
+      );
+      return unpackedObj;
+    });
+  }
+};
+var listKeys = (obj, prefix = "") => {
+  const keys = [];
+  for (const key in obj) {
+    if (obj[key] === void 0)
+      continue;
+    const newKey = prefix ? `${prefix}.${key}` : key;
+    keys.push(newKey);
+    if (obj[key] && typeof obj[key] === "object" && obj[key] !== null) {
+      keys.push(...listKeys(obj[key], newKey));
+    }
+  }
+  return keys;
+};
+var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, null, function* () {
+  var _a, _b;
+  if (!disclosureFrame) {
+    return {
+      packedClaims: claims,
+      disclosures: []
+    };
+  }
+  const sd = (_a = disclosureFrame[SD_DIGEST]) != null ? _a : [];
+  const decoyCount = (_b = disclosureFrame[SD_DECOY]) != null ? _b : 0;
+  if (Array.isArray(claims)) {
+    const packedClaims2 = [];
+    const disclosures2 = [];
+    const recursivePackedClaims2 = {};
+    for (const key in disclosureFrame) {
+      if (key !== SD_DIGEST) {
+        const idx = parseInt(key);
+        const packed = yield pack(
+          claims[idx],
+          disclosureFrame[idx],
+          hash,
+          saltGenerator
+        );
+        recursivePackedClaims2[idx] = packed.packedClaims;
+        disclosures2.push(...packed.disclosures);
+      }
+    }
+    for (let i = 0; i < claims.length; i++) {
+      const claim = recursivePackedClaims2[i] ? recursivePackedClaims2[i] : claims[i];
+      if (sd.includes(i)) {
+        const salt = yield saltGenerator(16);
+        const disclosure = new Disclosure([salt, claim]);
+        const digest = yield disclosure.digest(hash);
+        packedClaims2.push({ [SD_LIST_KEY]: digest });
+        disclosures2.push(disclosure);
+      } else {
+        packedClaims2.push(claim);
+      }
+    }
+    for (let j = 0; j < decoyCount; j++) {
+      const decoyDigest = yield createDecoy(hash, saltGenerator);
+      packedClaims2.push({ [SD_LIST_KEY]: decoyDigest });
+    }
+    return { packedClaims: packedClaims2, disclosures: disclosures2 };
+  }
+  const packedClaims = {};
+  const disclosures = [];
+  const recursivePackedClaims = {};
+  for (const key in disclosureFrame) {
+    if (key !== SD_DIGEST) {
+      const packed = yield pack(
+        // @ts-ignore
+        claims[key],
+        disclosureFrame[key],
+        hash,
+        saltGenerator
+      );
+      recursivePackedClaims[key] = packed.packedClaims;
+      disclosures.push(...packed.disclosures);
+    }
+  }
+  const _sd = [];
+  for (const key in claims) {
+    const claim = recursivePackedClaims[key] ? recursivePackedClaims[key] : claims[key];
+    if (sd.includes(key)) {
+      const salt = yield saltGenerator(16);
+      const disclosure = new Disclosure([salt, key, claim]);
+      const digest = yield disclosure.digest(hash);
+      _sd.push(digest);
+      disclosures.push(disclosure);
+    } else {
+      packedClaims[key] = claim;
+    }
+  }
+  for (let j = 0; j < decoyCount; j++) {
+    const decoyDigest = yield createDecoy(hash, saltGenerator);
+    _sd.push(decoyDigest);
+  }
+  if (_sd.length > 0) {
+    packedClaims[SD_DIGEST] = _sd.sort();
+  }
+  return { packedClaims, disclosures };
+});
+
+// src/index.ts
+import {
+  KB_JWT_TYP as KB_JWT_TYP2
+} from "@sd-jwt/types";
+import { getSDAlgAndPayload as getSDAlgAndPayload2 } from "@sd-jwt/decode";
+var _SDJwtInstance = class _SDJwtInstance {
+  constructor(userConfig) {
+    this.userConfig = {};
+    if (userConfig) {
+      this.userConfig = userConfig;
+    }
+  }
+  createKBJwt(options, sdHash) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.kbSigner) {
+        throw new SDJWTException4("Key Binding Signer not found");
+      }
+      if (!this.userConfig.kbSignAlg) {
+        throw new SDJWTException4("Key Binding sign algorithm not specified");
+      }
+      const { payload } = options;
+      const kbJwt = new KBJwt({
+        header: {
+          typ: KB_JWT_TYP2,
+          alg: this.userConfig.kbSignAlg
+        },
+        payload: __spreadProps(__spreadValues({}, payload), { sd_hash: sdHash })
+      });
+      yield kbJwt.sign(this.userConfig.kbSigner);
+      return kbJwt;
+    });
+  }
+  SignJwt(jwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.signer) {
+        throw new SDJWTException4("Signer not found");
+      }
+      yield jwt.sign(this.userConfig.signer);
+      return jwt;
+    });
+  }
+  VerifyJwt(jwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.verifier) {
+        throw new SDJWTException4("Verifier not found");
+      }
+      return jwt.verify(this.userConfig.verifier);
+    });
+  }
+  issue(payload, disclosureFrame, options) {
+    return __async(this, null, function* () {
+      var _a, _b;
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      if (!this.userConfig.saltGenerator) {
+        throw new SDJWTException4("SaltGenerator not found");
+      }
+      if (!this.userConfig.signAlg) {
+        throw new SDJWTException4("sign alogrithm not specified");
+      }
+      if (disclosureFrame) {
+        this.validateReservedFields(disclosureFrame);
+      }
+      const hasher = this.userConfig.hasher;
+      const hashAlg = (_a = this.userConfig.hashAlg) != null ? _a : _SDJwtInstance.DEFAULT_hashAlg;
+      const { packedClaims, disclosures } = yield pack(
+        payload,
+        disclosureFrame,
+        { hasher, alg: hashAlg },
+        this.userConfig.saltGenerator
+      );
+      const alg = this.userConfig.signAlg;
+      const OptionHeader = (_b = options == null ? void 0 : options.header) != null ? _b : {};
+      const CustomHeader = this.userConfig.omitTyp ? OptionHeader : __spreadValues({ typ: this.type }, OptionHeader);
+      const header = __spreadProps(__spreadValues({}, CustomHeader), { alg });
+      const jwt = new Jwt({
+        header,
+        payload: __spreadProps(__spreadValues({}, packedClaims), {
+          _sd_alg: disclosureFrame ? hashAlg : void 0
+        })
+      });
+      yield this.SignJwt(jwt);
+      const sdJwt = new SDJwt({
+        jwt,
+        disclosures
+      });
+      return sdJwt.encodeSDJwt();
+    });
+  }
+  /**
+   * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
+   * @param disclosureFrame
+   * @returns
+   */
+  validateReservedFields(disclosureFrame) {
+    return;
+  }
+  present(encodedSDJwt, presentationKeys, options) {
+    return __async(this, null, function* () {
+      var _a;
+      if (!presentationKeys)
+        return encodedSDJwt;
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const hasher = this.userConfig.hasher;
+      const sdjwt = yield SDJwt.fromEncode(encodedSDJwt, hasher);
+      if (!((_a = sdjwt.jwt) == null ? void 0 : _a.payload))
+        throw new SDJWTException4("Payload not found");
+      const presentSdJwtWithoutKb = yield sdjwt.present(
+        presentationKeys.sort(),
+        hasher
+      );
+      if (!(options == null ? void 0 : options.kb)) {
+        return presentSdJwtWithoutKb;
+      }
+      const sdHashStr = yield this.calculateSDHash(
+        presentSdJwtWithoutKb,
+        sdjwt,
+        hasher
+      );
+      sdjwt.kbJwt = yield this.createKBJwt(options.kb, sdHashStr);
+      return sdjwt.present(presentationKeys.sort(), hasher);
+    });
+  }
+  // This function is for verifying the SD JWT
+  // If requiredClaimKeys is provided, it will check if the required claim keys are presentation in the SD JWT
+  // If requireKeyBindings is true, it will check if the key binding JWT is presentation and verify it
+  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const hasher = this.userConfig.hasher;
+      const sdjwt = yield SDJwt.fromEncode(encodedSDJwt, hasher);
+      if (!sdjwt.jwt || !sdjwt.jwt.payload) {
+        throw new SDJWTException4("Invalid SD JWT");
+      }
+      const { payload, header } = yield this.validate(encodedSDJwt);
+      if (requiredClaimKeys) {
+        const keys = yield sdjwt.keys(hasher);
+        const missingKeys = requiredClaimKeys.filter((k) => !keys.includes(k));
+        if (missingKeys.length > 0) {
+          throw new SDJWTException4(
+            `Missing required claim keys: ${missingKeys.join(", ")}`
+          );
+        }
+      }
+      if (!requireKeyBindings) {
+        return { payload, header };
+      }
+      if (!sdjwt.kbJwt) {
+        throw new SDJWTException4("Key Binding JWT not exist");
+      }
+      if (!this.userConfig.kbVerifier) {
+        throw new SDJWTException4("Key Binding Verifier not found");
+      }
+      const kb = yield sdjwt.kbJwt.verifyKB({
+        verifier: this.userConfig.kbVerifier,
+        payload
+      });
+      if (!kb) {
+        throw new Error("signature is not valid");
+      }
+      const sdHashfromKb = kb.payload.sd_hash;
+      const sdjwtWithoutKb = new SDJwt({
+        jwt: sdjwt.jwt,
+        disclosures: sdjwt.disclosures
+      });
+      const presentSdJwtWithoutKb = sdjwtWithoutKb.encodeSDJwt();
+      const sdHashStr = yield this.calculateSDHash(
+        presentSdJwtWithoutKb,
+        sdjwt,
+        hasher
+      );
+      if (sdHashStr !== sdHashfromKb) {
+        throw new SDJWTException4("Invalid sd_hash in Key Binding JWT");
+      }
+      return { payload, header, kb };
+    });
+  }
+  calculateSDHash(presentSdJwtWithoutKb, sdjwt, hasher) {
+    return __async(this, null, function* () {
+      if (!sdjwt.jwt || !sdjwt.jwt.payload) {
+        throw new SDJWTException4("Invalid SD JWT");
+      }
+      const { _sd_alg } = getSDAlgAndPayload2(sdjwt.jwt.payload);
+      const sdHash = yield hasher(presentSdJwtWithoutKb, _sd_alg);
+      const sdHashStr = Uint8ArrayToBase64Url2(sdHash);
+      return sdHashStr;
+    });
+  }
+  // This function is for validating the SD JWT
+  // Just checking signature and return its the claims
+  validate(encodedSDJwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const hasher = this.userConfig.hasher;
+      const sdjwt = yield SDJwt.fromEncode(encodedSDJwt, hasher);
+      if (!sdjwt.jwt) {
+        throw new SDJWTException4("Invalid SD JWT");
+      }
+      const verifiedPayloads = yield this.VerifyJwt(sdjwt.jwt);
+      const claims = yield sdjwt.getClaims(hasher);
+      return { payload: claims, header: verifiedPayloads.header };
+    });
+  }
+  config(newConfig) {
+    this.userConfig = __spreadValues(__spreadValues({}, this.userConfig), newConfig);
+  }
+  encode(sdJwt) {
+    return sdJwt.encodeSDJwt();
+  }
+  decode(endcodedSDJwt) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException4("Hasher not found");
+    }
+    return SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+  }
+  keys(endcodedSDJwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const sdjwt = yield SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+      return sdjwt.keys(this.userConfig.hasher);
+    });
+  }
+  presentableKeys(endcodedSDJwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const sdjwt = yield SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+      return sdjwt.presentableKeys(this.userConfig.hasher);
+    });
+  }
+  getClaims(endcodedSDJwt) {
+    return __async(this, null, function* () {
+      if (!this.userConfig.hasher) {
+        throw new SDJWTException4("Hasher not found");
+      }
+      const sdjwt = yield SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+      return sdjwt.getClaims(this.userConfig.hasher);
+    });
+  }
+};
+_SDJwtInstance.DEFAULT_hashAlg = "sha-256";
+var SDJwtInstance = _SDJwtInstance;
+export {
+  Jwt,
+  KBJwt,
+  SDJwt,
+  SDJwtInstance,
+  createDecoy,
+  listKeys,
+  pack
+};