@sd-jwt/core 0.3.0 → 2.0.2-next.26

package/src/test/sdjwt.spec.ts

@@ -0,0 +1,382 @@
+import { Disclosure } from '@sd-jwt/utils';
+import { Jwt } from '../jwt';
+import { SDJwt, listKeys, pack } from '../sdjwt';
+import Crypto from 'node:crypto';
+import { describe, test, expect } from 'vitest';
+import { DisclosureFrame, Signer } from '@sd-jwt/types';
+import { generateSalt, digest as hasher } from '@sd-jwt/crypto-nodejs';
+import { unpack, createHashMapping } from '@sd-jwt/decode';
+
+const hash = { alg: 'SHA256', hasher };
+
+describe('SD JWT', () => {
+  test('create and encode', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+    expect(sdJwt).toBeDefined();
+
+    const encoded = sdJwt.encodeSDJwt();
+    expect(encoded).toBeDefined();
+  });
+
+  test('decode', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar', _sd_alg: 'sha-256' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const encoded = sdJwt.encodeSDJwt();
+
+    const newSdJwt = await SDJwt.fromEncode(encoded, hasher);
+    expect(newSdJwt).toBeDefined();
+    const newJwt = newSdJwt.jwt;
+    expect(newJwt?.header).toEqual(jwt.header);
+    expect(newJwt?.payload).toEqual(jwt.payload);
+    expect(newJwt?.signature).toEqual(jwt.signature);
+  });
+
+  test('decode compatibilty', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const encoded = sdJwt.encodeSDJwt();
+
+    const newSdJwt = await SDJwt.fromEncode(encoded, hasher);
+    expect(newSdJwt).toBeDefined();
+    const newJwt = newSdJwt.jwt;
+    expect(newJwt?.header).toEqual(jwt.header);
+    expect(newJwt?.payload).toEqual(jwt.payload);
+    expect(newJwt?.signature).toEqual(jwt.signature);
+  });
+
+  test('keys', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const keys = await sdJwt.keys(hasher);
+    expect(keys).toBeDefined();
+    expect(keys).toEqual(['foo']);
+  });
+
+  test('presentable keys', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const keys = await sdJwt.presentableKeys(hasher);
+    expect(keys).toBeDefined();
+    expect(keys).toEqual([]);
+  });
+
+  test('claims', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const claims = await sdJwt.getClaims(hasher);
+    expect(claims).toBeDefined();
+    expect(claims).toEqual({
+      foo: 'bar',
+    });
+  });
+
+  test('pack', async () => {
+    const claim = {
+      firstname: 'John',
+      lastname: 'Doe',
+    };
+
+    const { packedClaims, disclosures } = await pack(
+      claim,
+      {
+        _sd: ['firstname'],
+      },
+      hash,
+      generateSalt,
+    );
+
+    expect(disclosures).toBeDefined();
+    expect(packedClaims).toBeDefined();
+
+    expect(disclosures.length).toEqual(1);
+    expect(disclosures[0].key).toEqual('firstname');
+    expect(disclosures[0].value).toEqual('John');
+
+    expect(packedClaims._sd).toBeDefined();
+    expect(packedClaims._sd.length).toEqual(1);
+    expect(packedClaims.lastname).toEqual('Doe');
+  });
+
+  test('list keys', () => {
+    const data = {
+      a: {
+        b: {
+          c: 1,
+        },
+        d: [
+          {
+            e: 'fasfdsa',
+            f: 1234,
+          },
+          3,
+          4,
+        ],
+      },
+      g: [['h'], 'i'],
+    };
+
+    const keys = listKeys(data);
+    expect(keys).toEqual([
+      'a',
+      'a.b',
+      'a.b.c',
+      'a.d',
+      'a.d.0',
+      'a.d.0.e',
+      'a.d.0.f',
+      'a.d.1',
+      'a.d.2',
+      'g',
+      'g.0',
+      'g.0.0',
+      'g.1',
+    ]);
+  });
+
+  test('presentable keys', async () => {
+    const claim = {
+      firstname: 'John',
+      lastname: 'Doe',
+    };
+
+    const { packedClaims, disclosures } = await pack(
+      claim,
+      {
+        _sd: ['firstname'],
+      },
+      hash,
+      generateSalt,
+    );
+
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: packedClaims,
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures,
+    });
+
+    const keys = await sdJwt.presentableKeys(hasher);
+
+    expect(keys).toBeDefined();
+    expect(keys).toEqual(['firstname']);
+  });
+
+  test('hash map', async () => {
+    const claim = {
+      firstname: 'John',
+      lastname: 'Doe',
+    };
+
+    const { disclosures } = await pack(
+      claim,
+      {
+        _sd: ['firstname'],
+      },
+      hash,
+      generateSalt,
+    );
+
+    const mapping = await createHashMapping(disclosures, hash);
+    expect(mapping).toBeDefined();
+    expect(Object.keys(mapping).length).toEqual(1);
+    expect(mapping[Object.keys(mapping)[0]]).toBeInstanceOf(Disclosure);
+  });
+
+  test('unpack', async () => {
+    const claim = {
+      firstname: 'John',
+      lastname: 'Doe',
+    };
+
+    const { packedClaims, disclosures } = await pack(
+      claim,
+      {
+        _sd: ['firstname'],
+      },
+      hash,
+      generateSalt,
+    );
+
+    const { disclosureKeymap, unpackedObj } = await unpack(
+      packedClaims,
+      disclosures,
+      hasher,
+    );
+    expect(disclosureKeymap).toBeDefined();
+    expect(unpackedObj).toBeDefined();
+    expect(unpackedObj).toEqual({
+      firstname: 'John',
+      lastname: 'Doe',
+    });
+    expect(disclosureKeymap.firstname).toBeDefined();
+    expect(typeof disclosureKeymap.firstname).toEqual('string');
+  });
+
+  test('pack and unpack', async () => {
+    const claims = {
+      firstname: 'John',
+      lastname: 'Doe',
+      ssn: '123-45-6789',
+      id: '1234',
+      data: {
+        firstname: 'John',
+        lastname: 'Doe',
+        ssn: '123-45-6789',
+        list: [{ r: '1' }, 'b', 'c'],
+      },
+      data2: {
+        hi: 'bye',
+      },
+    };
+
+    const disclosureFrame: DisclosureFrame<typeof claims> = {
+      _sd: ['firstname', 'id', 'data2'],
+      data: {
+        _sd: ['list'],
+        _sd_decoy: 2,
+        list: {
+          _sd: [0, 2],
+          _sd_decoy: 1,
+          0: {
+            _sd: ['r'],
+          },
+        },
+      },
+      data2: {
+        _sd: ['hi'],
+      },
+    };
+
+    const { packedClaims, disclosures } = await pack(
+      claims,
+      disclosureFrame,
+      hash,
+      generateSalt,
+    );
+    const { unpackedObj } = await unpack(packedClaims, disclosures, hasher);
+
+    expect(unpackedObj).toEqual(claims);
+  });
+
+  test('no disclosures', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    await jwt.sign(testSigner);
+    const sdJwt = new SDJwt({
+      jwt,
+      disclosures: [],
+    });
+
+    const credential = sdJwt.encodeSDJwt();
+    const decoded = await SDJwt.decodeSDJwt(credential, hasher);
+    expect(jwt).toEqual(decoded.jwt);
+    expect(decoded.disclosures).toEqual([]);
+  });
+});

package/test/app-e2e.spec.ts

@@ -0,0 +1,248 @@
+import Crypto from 'node:crypto';
+import { SDJwtInstance } from '../src';
+import { DisclosureFrame, Signer, Verifier } from '@sd-jwt/types';
+import fs from 'fs';
+import path from 'path';
+import { describe, expect, test } from 'vitest';
+import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
+
+export const createSignerVerifier = () => {
+  const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+  const signer: Signer = async (data: string) => {
+    const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+    return Buffer.from(sig).toString('base64url');
+  };
+  const verifier: Verifier = async (data: string, sig: string) => {
+    return Crypto.verify(
+      null,
+      Buffer.from(data),
+      publicKey,
+      Buffer.from(sig, 'base64url'),
+    );
+  };
+  return { signer, verifier };
+};
+
+describe('App', () => {
+  test('Example', async () => {
+    const { signer, verifier } = createSignerVerifier();
+    const sdjwt = new SDJwtInstance({
+      signer,
+      signAlg: 'EdDSA',
+      verifier,
+      hasher: digest,
+      hashAlg: 'SHA-256',
+      saltGenerator: generateSalt,
+    });
+
+    const claims = {
+      firstname: 'John',
+      lastname: 'Doe',
+      ssn: '123-45-6789',
+      id: '1234',
+      data: {
+        firstname: 'John',
+        lastname: 'Doe',
+        ssn: '123-45-6789',
+        list: [{ r: '1' }, 'b', 'c'],
+      },
+      data2: {
+        hi: 'bye',
+      },
+    };
+    const disclosureFrame: DisclosureFrame<typeof claims> = {
+      _sd: ['firstname', 'id', 'data2'],
+      data: {
+        _sd: ['list'],
+        _sd_decoy: 2,
+        list: {
+          _sd: [0, 2],
+          _sd_decoy: 1,
+          0: {
+            _sd: ['r'],
+          },
+        },
+      },
+      data2: {
+        _sd: ['hi'],
+      },
+    };
+    const encodedSdjwt = await sdjwt.issue(claims, disclosureFrame);
+    expect(encodedSdjwt).toBeDefined();
+    const validated = await sdjwt.validate(encodedSdjwt);
+    expect(validated).toBeDefined();
+
+    const decoded = await sdjwt.decode(encodedSdjwt);
+    const keys = await decoded.keys(digest);
+    expect(keys).toEqual([
+      'data',
+      'data.firstname',
+      'data.lastname',
+      'data.list',
+      'data.list.0',
+      'data.list.0.r',
+      'data.list.1',
+      'data.list.2',
+      'data.ssn',
+      'data2',
+      'data2.hi',
+      'firstname',
+      'id',
+      'lastname',
+      'ssn',
+    ]);
+    const payloads = await decoded.getClaims(digest);
+    expect(payloads).toEqual(claims);
+    const presentableKeys = await decoded.presentableKeys(digest);
+    expect(presentableKeys).toEqual([
+      'data.list',
+      'data.list.0',
+      'data.list.0.r',
+      'data.list.2',
+      'data2',
+      'data2.hi',
+      'firstname',
+      'id',
+    ]);
+
+    const presentationFrame = ['firstname', 'id'];
+    const presentedSDJwt = await sdjwt.present(encodedSdjwt, presentationFrame);
+    expect(presentedSDJwt).toBeDefined();
+
+    const presentationClaims = await sdjwt.getClaims(presentedSDJwt);
+    expect(presentationClaims).toBeDefined();
+    expect(presentationClaims).toEqual({
+      lastname: 'Doe',
+      ssn: '123-45-6789',
+      data: { firstname: 'John', lastname: 'Doe', ssn: '123-45-6789' },
+      id: '1234',
+      firstname: 'John',
+    });
+
+    const requiredClaimKeys = ['firstname', 'id', 'data.ssn'];
+    const verified = await sdjwt.verify(encodedSdjwt, requiredClaimKeys);
+    expect(verified).toBeDefined();
+  });
+
+  test('From JSON (complex)', async () => {
+    await JSONtest('./complex.json');
+  });
+
+  test('From JSON (array_data_types)', async () => {
+    await JSONtest('./array_data_types.json');
+  });
+
+  test('From JSON (array_full_sd)', async () => {
+    await JSONtest('./array_full_sd.json');
+  });
+
+  test('From JSON (array_in_sd)', async () => {
+    await JSONtest('./array_in_sd.json');
+  });
+
+  test('From JSON (array_recursive_sd_some_disclosed)', async () => {
+    await JSONtest('./array_recursive_sd_some_disclosed.json');
+  });
+
+  test('From JSON (header_mod)', async () => {
+    await JSONtest('./header_mod.json');
+  });
+
+  test('From JSON (json_serialization)', async () => {
+    await JSONtest('./json_serialization.json');
+  });
+
+  test('From JSON (key_binding)', async () => {
+    await JSONtest('./key_binding.json');
+  });
+
+  test('From JSON (no_sd)', async () => {
+    await JSONtest('./no_sd.json');
+  });
+
+  test('From JSON (object_data_types)', async () => {
+    await JSONtest('./object_data_types.json');
+  });
+
+  test('From JSON (recursions)', async () => {
+    await JSONtest('./recursions.json');
+  });
+
+  test('From JSON (array_recursive_sd)', async () => {
+    await JSONtest('./array_recursive_sd.json');
+  });
+
+  test('From JSON (array_of_scalars)', async () => {
+    await JSONtest('./array_of_scalars.json');
+  });
+
+  test('From JSON (array_of_objects)', async () => {
+    await JSONtest('./array_of_objects.json');
+  });
+
+  test('From JSON (array_of_nulls)', async () => {
+    await JSONtest('./array_of_nulls.json');
+  });
+
+  test('From JSON (array_nested_in_plain)', async () => {
+    await JSONtest('./array_nested_in_plain.json');
+  });
+});
+
+async function JSONtest(filename: string) {
+  const test = loadTestJsonFile(filename);
+  const { signer, verifier } = createSignerVerifier();
+  const sdjwt = new SDJwtInstance({
+    signer,
+    signAlg: 'EdDSA',
+    verifier,
+    hasher: digest,
+    hashAlg: 'SHA-256',
+    saltGenerator: generateSalt,
+  });
+
+  const encodedSdjwt = await sdjwt.issue(test.claims, test.disclosureFrame);
+
+  expect(encodedSdjwt).toBeDefined();
+
+  const validated = await sdjwt.validate(encodedSdjwt);
+
+  expect(validated).toBeDefined();
+  expect(validated).toStrictEqual({
+    header: { alg: 'EdDSA', typ: 'sd-jwt' },
+    payload: test.claims,
+  });
+
+  const presentedSDJwt = await sdjwt.present(
+    encodedSdjwt,
+    test.presentationKeys,
+  );
+
+  expect(presentedSDJwt).toBeDefined();
+
+  const presentationClaims = await sdjwt.getClaims(presentedSDJwt);
+
+  expect(presentationClaims).toEqual(test.presenatedClaims);
+
+  const verified = await sdjwt.verify(encodedSdjwt, test.requiredClaimKeys);
+
+  expect(verified).toBeDefined();
+  expect(verified).toStrictEqual({
+    header: { alg: 'EdDSA', typ: 'sd-jwt' },
+    payload: test.claims,
+  });
+}
+
+type TestJson = {
+  claims: object;
+  disclosureFrame: DisclosureFrame<object>;
+  presentationKeys: string[];
+  presenatedClaims: object;
+  requiredClaimKeys: string[];
+};
+
+function loadTestJsonFile(filename: string) {
+  const filepath = path.join(__dirname, filename);
+  const fileContents = fs.readFileSync(filepath, 'utf8');
+  return JSON.parse(fileContents) as TestJson;
+}

package/test/array_data_types.json

@@ -0,0 +1,29 @@
+{
+  "claims": {
+    "data_types": [null, 42, 3.14, "foo", ["Test"], { "foo": "bar" }]
+  },
+  "disclosureFrame": {
+    "data_types": {
+      "_sd": [0, 1, 2, 3, 4, 5]
+    }
+  },
+  "presentationKeys": [
+    "data_types.0",
+    "data_types.1",
+    "data_types.2",
+    "data_types.3",
+    "data_types.4",
+    "data_types.5"
+  ],
+  "presenatedClaims": {
+    "data_types": [null, 42, 3.14, "foo", ["Test"], { "foo": "bar" }]
+  },
+  "requiredClaimKeys": [
+    "data_types.0",
+    "data_types.1",
+    "data_types.2",
+    "data_types.3",
+    "data_types.4",
+    "data_types.5"
+  ]
+}

package/test/array_full_sd.json

@@ -0,0 +1,21 @@
+{
+  "claims": {
+    "is_over": {
+      "13": true,
+      "18": false,
+      "21": false
+    }
+  },
+  "disclosureFrame": {
+    "is_over": {
+      "_sd": ["13", "18", "21"]
+    }
+  },
+  "presentationKeys": ["is_over.18"],
+  "presenatedClaims": {
+    "is_over": {
+      "18": false
+    }
+  },
+  "requiredClaimKeys": ["is_over.18"]
+}

package/test/array_in_sd.json

@@ -0,0 +1,13 @@
+{
+  "claims": {
+    "sd_array": ["32", "23"]
+  },
+  "disclosureFrame": {
+    "_sd": ["sd_array"]
+  },
+  "presentationKeys": ["sd_array"],
+  "presenatedClaims": {
+    "sd_array": ["32", "23"]
+  },
+  "requiredClaimKeys": ["sd_array"]
+}

package/test/array_nested_in_plain.json

@@ -0,0 +1,20 @@
+{
+  "claims": {
+    "nested_array": [["foo", "bar"], ["baz", "qux"]]
+  },
+  "disclosureFrame": {
+    "nested_array": {
+      "0": {
+        "_sd": [0, 1]
+      },
+      "1": {
+        "_sd": [0, 1]
+      }
+    }
+  },
+  "presentationKeys": ["nested_array.0.0", "nested_array.1.1"],
+  "presenatedClaims": {
+    "nested_array": [["foo"], ["qux"]]
+  },
+  "requiredClaimKeys": ["nested_array.0.0", "nested_array.1.0"]
+}