@sd-jwt/core 0.3.2-next.107 → 0.3.2-next.109

package/dist/index.js

@@ -140,19 +140,20 @@ var Jwt = class _Jwt {
 
 // src/kbjwt.ts
 var import_utils2 = require("@sd-jwt/utils");
+var import_types = require("@sd-jwt/types");
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
-        throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
-      }
+      var _a;
       if (!this.header || !this.payload || !this.signature) {
         throw new import_utils2.SDJWTException("Verify Error: Invalid JWT");
       }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== import_types.KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
+        throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
+      }
       const header = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.header));
       const payload = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
@@ -192,7 +193,7 @@ var createDecoy = (hash, saltGenerator) => __async(void 0, null, function* () {
 
 // src/sdjwt.ts
 var import_utils4 = require("@sd-jwt/utils");
-var import_types = require("@sd-jwt/types");
+var import_types2 = require("@sd-jwt/types");
 var import_decode2 = require("@sd-jwt/decode");
 var SDJwt = class _SDJwt {
   constructor(data) {
@@ -202,7 +203,7 @@ var SDJwt = class _SDJwt {
   }
   static decodeSDJwt(sdjwt, hasher) {
     return __async(this, null, function* () {
-      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types.SD_SEPARATOR);
+      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types2.SD_SEPARATOR);
       const jwt = Jwt.fromEncode(encodedJwt);
       if (!jwt.payload) {
         throw new Error("Payload is undefined on the JWT. Invalid state reached");
@@ -276,11 +277,11 @@ var SDJwt = class _SDJwt {
     const encodedJwt = this.jwt.encodeJwt();
     data.push(encodedJwt);
     if (this.disclosures && this.disclosures.length > 0) {
-      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types.SD_SEPARATOR);
+      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types2.SD_SEPARATOR);
       data.push(encodeddisclosures);
     }
     data.push(this.kbJwt ? this.kbJwt.encodeJwt() : "");
-    return data.join(import_types.SD_SEPARATOR);
+    return data.join(import_types2.SD_SEPARATOR);
   }
   keys(hasher) {
     return __async(this, null, function* () {
@@ -337,14 +338,14 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
       disclosures: []
     };
   }
-  const sd = (_a = disclosureFrame[import_types.SD_DIGEST]) != null ? _a : [];
-  const decoyCount = (_b = disclosureFrame[import_types.SD_DECOY]) != null ? _b : 0;
+  const sd = (_a = disclosureFrame[import_types2.SD_DIGEST]) != null ? _a : [];
+  const decoyCount = (_b = disclosureFrame[import_types2.SD_DECOY]) != null ? _b : 0;
   if (Array.isArray(claims)) {
     const packedClaims2 = [];
     const disclosures2 = [];
     const recursivePackedClaims2 = {};
     for (const key in disclosureFrame) {
-      if (key !== import_types.SD_DIGEST) {
+      if (key !== import_types2.SD_DIGEST) {
         const idx = parseInt(key);
         const packed = yield pack(
           claims[idx],
@@ -362,7 +363,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
         const salt = yield saltGenerator(16);
         const disclosure = new import_utils4.Disclosure([salt, claim]);
         const digest = yield disclosure.digest(hash);
-        packedClaims2.push({ [import_types.SD_LIST_KEY]: digest });
+        packedClaims2.push({ [import_types2.SD_LIST_KEY]: digest });
         disclosures2.push(disclosure);
       } else {
         packedClaims2.push(claim);
@@ -370,7 +371,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     }
     for (let j = 0; j < decoyCount; j++) {
       const decoyDigest = yield createDecoy(hash, saltGenerator);
-      packedClaims2.push({ [import_types.SD_LIST_KEY]: decoyDigest });
+      packedClaims2.push({ [import_types2.SD_LIST_KEY]: decoyDigest });
     }
     return { packedClaims: packedClaims2, disclosures: disclosures2 };
   }
@@ -378,7 +379,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
   const disclosures = [];
   const recursivePackedClaims = {};
   for (const key in disclosureFrame) {
-    if (key !== import_types.SD_DIGEST) {
+    if (key !== import_types2.SD_DIGEST) {
       const packed = yield pack(
         // @ts-ignore
         claims[key],
@@ -408,13 +409,13 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     _sd.push(decoyDigest);
   }
   if (_sd.length > 0) {
-    packedClaims[import_types.SD_DIGEST] = _sd.sort();
+    packedClaims[import_types2.SD_DIGEST] = _sd.sort();
   }
   return { packedClaims, disclosures };
 });
 
 // src/index.ts
-var import_types2 = require("@sd-jwt/types");
+var import_types3 = require("@sd-jwt/types");
 var import_decode3 = require("@sd-jwt/decode");
 var _SDJwtInstance = class _SDJwtInstance {
   constructor(userConfig) {
@@ -434,7 +435,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       const { payload } = options;
       const kbJwt = new KBJwt({
         header: {
-          typ: import_types2.KB_JWT_TYP,
+          typ: import_types3.KB_JWT_TYP,
           alg: this.userConfig.kbSignAlg
         },
         payload: __spreadProps(__spreadValues({}, payload), { sd_hash: sdHash })

package/dist/index.mjs

@@ -113,19 +113,22 @@ var Jwt = class _Jwt {
 
 // src/kbjwt.ts
 import { Base64urlEncode as Base64urlEncode2, SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+import {
+  KB_JWT_TYP
+} from "@sd-jwt/types";
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
-        throw new SDJWTException2("Invalid Key Binding Jwt");
-      }
+      var _a;
       if (!this.header || !this.payload || !this.signature) {
         throw new SDJWTException2("Verify Error: Invalid JWT");
       }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
+        throw new SDJWTException2("Invalid Key Binding Jwt");
+      }
       const header = Base64urlEncode2(JSON.stringify(this.header));
       const payload = Base64urlEncode2(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
@@ -393,7 +396,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
 
 // src/index.ts
 import {
-  KB_JWT_TYP as KB_JWT_TYP2
+  KB_JWT_TYP as KB_JWT_TYP3
 } from "@sd-jwt/types";
 import { getSDAlgAndPayload as getSDAlgAndPayload2 } from "@sd-jwt/decode";
 var _SDJwtInstance = class _SDJwtInstance {
@@ -414,7 +417,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       const { payload } = options;
       const kbJwt = new KBJwt({
         header: {
-          typ: KB_JWT_TYP2,
+          typ: KB_JWT_TYP3,
           alg: this.userConfig.kbSignAlg
         },
         payload: __spreadProps(__spreadValues({}, payload), { sd_hash: sdHash })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/core",
-  "version": "0.3.2-next.107+7b8a217",
+  "version": "0.3.2-next.109+f02d6b0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -38,12 +38,12 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.3.2-next.107+7b8a217"
+    "@sd-jwt/crypto-nodejs": "0.3.2-next.109+f02d6b0"
   },
   "dependencies": {
-    "@sd-jwt/decode": "0.3.2-next.107+7b8a217",
-    "@sd-jwt/types": "0.3.2-next.107+7b8a217",
-    "@sd-jwt/utils": "0.3.2-next.107+7b8a217"
+    "@sd-jwt/decode": "0.3.2-next.109+f02d6b0",
+    "@sd-jwt/types": "0.3.2-next.109+f02d6b0",
+    "@sd-jwt/utils": "0.3.2-next.109+f02d6b0"
   },
   "publishConfig": {
     "access": "public"
@@ -61,5 +61,5 @@
       "esm"
     ]
   },
-  "gitHead": "7b8a217fbe9eb3c14b0893e247f47a6f224e83ec"
+  "gitHead": "f02d6b093dd8105560ba327c23c0f383e92d31c7"
 }

package/src/kbjwt.ts

@@ -1,6 +1,12 @@
 import { Base64urlEncode, SDJWTException } from '@sd-jwt/utils';
 import { Jwt } from './jwt';
-import { JwtPayload, kbHeader, kbPayload, KbVerifier } from '@sd-jwt/types';
+import {
+  JwtPayload,
+  KB_JWT_TYP,
+  kbHeader,
+  kbPayload,
+  KbVerifier,
+} from '@sd-jwt/types';
 
 export class KBJwt<
   Header extends kbHeader = kbHeader,
@@ -9,23 +15,26 @@ export class KBJwt<
   // Checking the validity of the key binding jwt
   // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
   public async verifyKB(values: { verifier: KbVerifier; payload: JwtPayload }) {
+    if (!this.header || !this.payload || !this.signature) {
+      throw new SDJWTException('Verify Error: Invalid JWT');
+    }
+
     if (
-      !this.header?.alg ||
+      !this.header.alg ||
+      this.header.alg === 'none' ||
       !this.header.typ ||
-      !this.payload?.iat ||
-      !this.payload?.aud ||
-      !this.payload?.nonce ||
+      this.header.typ !== KB_JWT_TYP ||
+      !this.payload.iat ||
+      !this.payload.aud ||
+      !this.payload.nonce ||
       // this is for backward compatibility with version 06
       !(
-        this.payload?.sd_hash ||
+        this.payload.sd_hash ||
         (this.payload as Record<string, unknown> | undefined)?._sd_hash
       )
     ) {
       throw new SDJWTException('Invalid Key Binding Jwt');
     }
-    if (!this.header || !this.payload || !this.signature) {
-      throw new SDJWTException('Verify Error: Invalid JWT');
-    }
 
     const header = Base64urlEncode(JSON.stringify(this.header));
     const payload = Base64urlEncode(JSON.stringify(this.payload));