@sd-jwt/core 0.3.2-next.76 → 0.3.2-next.94

package/README.md

@@ -32,44 +32,7 @@ Ensure you have Node.js installed as a prerequisite.
 
 ### Usage
 
-Here's a basic example of how to use this library:
-
-```jsx
-import { DisclosureFrame } from '@sd-jwt/core';
-
-// Issuer defines the claims object with the user's information
-const claims = {
-  firstname: 'John',
-  lastname: 'Doe',
-  ssn: '123-45-6789',
-  id: '1234',
-};
-
-// Issuer defines the disclosure frame to specify which claims can be disclosed/undisclosed
-const disclosureFrame: DisclosureFrame<typeof claims> = {
-  _sd: ['firstname', 'lastname', 'ssn'],
-};
-
-// Issuer issues a signed JWT credential with the specified claims and disclosure frame
-// returns an encoded JWT
-const credential = await sdjwt.issue(claims, disclosureFrame);
-
-// Holder may validate the credential from the issuer
-const valid = await sdjwt.validate(credential);
-
-// Holder defines the presentation frame to specify which claims should be presented
-// The list of presented claims must be a subset of the disclosed claims
-const presentationFrame = ['firstname', 'ssn'];
-
-// Holder creates a presentation using the issued credential and the presentation frame
-// returns an encoded SD JWT.
-const presentation = await sdjwt.present(credential, presentationFrame);
-
-// Verifier can verify the presentation using the Issuer's public key
-const verified = await sdjwt.verify(presentation);
-```
-
-Check out more details in our [documentation](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/next/docs) or [examples](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/next/examples)
+This library can not be used on it's own, it is a dependency for other implementations like `@sd-jwt/sd-jwt-vc`.
 
 ### Dependencies
 

package/dist/index.d.mts

@@ -66,16 +66,19 @@ declare const pack: <T extends Record<string, unknown>>(claims: T, disclosureFra
 
 declare const createDecoy: (hash: HasherAndAlg, saltGenerator: SaltGenerator) => Promise<string>;
 
-declare class SDJwtInstance {
+type SdJwtPayload = Record<string, unknown>;
+declare abstract class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
+    protected abstract type: string;
     static DEFAULT_hashAlg: string;
     private userConfig;
     constructor(userConfig?: SDJWTConfig);
     private createKBJwt;
     private SignJwt;
     private VerifyJwt;
-    issue<Payload extends Record<string, unknown>>(payload: Payload, disclosureFrame?: DisclosureFrame<Payload>, options?: {
+    issue<Payload extends ExtendedPayload>(payload: Payload, disclosureFrame?: DisclosureFrame<Payload>, options?: {
         header?: object;
     }): Promise<SDJWTCompact>;
+    protected abstract validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
     present(encodedSDJwt: string, presentationKeys?: string[], options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
@@ -104,4 +107,4 @@ declare class SDJwtInstance {
     getClaims(endcodedSDJwt: SDJWTCompact): Promise<unknown>;
 }
 
-export { Jwt, type JwtData, KBJwt, SDJwt, type SDJwtData, SDJwtInstance, createDecoy, listKeys, pack };
+export { Jwt, type JwtData, KBJwt, SDJwt, type SDJwtData, SDJwtInstance, type SdJwtPayload, createDecoy, listKeys, pack };

package/dist/index.d.ts

@@ -66,16 +66,19 @@ declare const pack: <T extends Record<string, unknown>>(claims: T, disclosureFra
 
 declare const createDecoy: (hash: HasherAndAlg, saltGenerator: SaltGenerator) => Promise<string>;
 
-declare class SDJwtInstance {
+type SdJwtPayload = Record<string, unknown>;
+declare abstract class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
+    protected abstract type: string;
     static DEFAULT_hashAlg: string;
     private userConfig;
     constructor(userConfig?: SDJWTConfig);
     private createKBJwt;
     private SignJwt;
     private VerifyJwt;
-    issue<Payload extends Record<string, unknown>>(payload: Payload, disclosureFrame?: DisclosureFrame<Payload>, options?: {
+    issue<Payload extends ExtendedPayload>(payload: Payload, disclosureFrame?: DisclosureFrame<Payload>, options?: {
         header?: object;
     }): Promise<SDJWTCompact>;
+    protected abstract validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
     present(encodedSDJwt: string, presentationKeys?: string[], options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
@@ -104,4 +107,4 @@ declare class SDJwtInstance {
     getClaims(endcodedSDJwt: SDJWTCompact): Promise<unknown>;
 }
 
-export { Jwt, type JwtData, KBJwt, SDJwt, type SDJwtData, SDJwtInstance, createDecoy, listKeys, pack };
+export { Jwt, type JwtData, KBJwt, SDJwt, type SDJwtData, SDJwtInstance, type SdJwtPayload, createDecoy, listKeys, pack };

package/dist/index.js

@@ -460,6 +460,9 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!this.userConfig.signAlg) {
         throw new import_utils5.SDJWTException("sign alogrithm not specified");
       }
+      if (disclosureFrame) {
+        this.validateReservedFields(disclosureFrame);
+      }
       const hasher = this.userConfig.hasher;
       const hashAlg = (_a = this.userConfig.hashAlg) != null ? _a : _SDJwtInstance.DEFAULT_hashAlg;
       const { packedClaims, disclosures } = yield pack(
@@ -470,7 +473,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       );
       const alg = this.userConfig.signAlg;
       const OptionHeader = (_b = options == null ? void 0 : options.header) != null ? _b : {};
-      const CustomHeader = this.userConfig.omitTyp ? OptionHeader : __spreadValues({ typ: import_types2.SD_JWT_TYP }, OptionHeader);
+      const CustomHeader = this.userConfig.omitTyp ? OptionHeader : __spreadValues({ typ: this.type }, OptionHeader);
       const header = __spreadProps(__spreadValues({}, CustomHeader), { alg });
       const jwt = new Jwt({
         header,

package/dist/index.mjs

@@ -381,8 +381,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
 
 // src/index.ts
 import {
-  KB_JWT_TYP as KB_JWT_TYP2,
-  SD_JWT_TYP
+  KB_JWT_TYP as KB_JWT_TYP2
 } from "@sd-jwt/types";
 import { getSDAlgAndPayload as getSDAlgAndPayload2 } from "@sd-jwt/decode";
 var _SDJwtInstance = class _SDJwtInstance {
@@ -441,6 +440,9 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!this.userConfig.signAlg) {
         throw new SDJWTException4("sign alogrithm not specified");
       }
+      if (disclosureFrame) {
+        this.validateReservedFields(disclosureFrame);
+      }
       const hasher = this.userConfig.hasher;
       const hashAlg = (_a = this.userConfig.hashAlg) != null ? _a : _SDJwtInstance.DEFAULT_hashAlg;
       const { packedClaims, disclosures } = yield pack(
@@ -451,7 +453,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       );
       const alg = this.userConfig.signAlg;
       const OptionHeader = (_b = options == null ? void 0 : options.header) != null ? _b : {};
-      const CustomHeader = this.userConfig.omitTyp ? OptionHeader : __spreadValues({ typ: SD_JWT_TYP }, OptionHeader);
+      const CustomHeader = this.userConfig.omitTyp ? OptionHeader : __spreadValues({ typ: this.type }, OptionHeader);
       const header = __spreadProps(__spreadValues({}, CustomHeader), { alg });
       const jwt = new Jwt({
         header,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/core",
-  "version": "0.3.2-next.76+270ba1b",
+  "version": "0.3.2-next.94+32af6cf",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -39,12 +39,12 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.3.2-next.76+270ba1b"
+    "@sd-jwt/crypto-nodejs": "0.3.2-next.94+32af6cf"
   },
   "dependencies": {
-    "@sd-jwt/decode": "0.3.2-next.76+270ba1b",
-    "@sd-jwt/types": "0.3.2-next.76+270ba1b",
-    "@sd-jwt/utils": "0.3.2-next.76+270ba1b"
+    "@sd-jwt/decode": "0.3.2-next.94+32af6cf",
+    "@sd-jwt/types": "0.3.2-next.94+32af6cf",
+    "@sd-jwt/utils": "0.3.2-next.94+32af6cf"
   },
   "publishConfig": {
     "access": "public"
@@ -62,5 +62,5 @@
       "esm"
     ]
   },
-  "gitHead": "270ba1b51bde3fd8c4f2dc7d9eaf09e1225c7873"
+  "gitHead": "32af6cfa150fceb440fc9225bcaf2791a6aeee90"
 }

package/src/index.ts

@@ -9,7 +9,6 @@ import {
   KB_JWT_TYP,
   SDJWTCompact,
   SDJWTConfig,
-  SD_JWT_TYP,
 } from '@sd-jwt/types';
 import { getSDAlgAndPayload } from '@sd-jwt/decode';
 
@@ -18,7 +17,12 @@ export * from './kbjwt';
 export * from './jwt';
 export * from './decoy';
 
-export class SDJwtInstance {
+export type SdJwtPayload = Record<string, unknown>;
+
+export abstract class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
+  //header type
+  protected abstract type: string;
+
   public static DEFAULT_hashAlg = 'sha-256';
 
   private userConfig: SDJWTConfig = {};
@@ -68,7 +72,7 @@ export class SDJwtInstance {
     return jwt.verify(this.userConfig.verifier);
   }
 
-  public async issue<Payload extends Record<string, unknown>>(
+  public async issue<Payload extends ExtendedPayload>(
     payload: Payload,
     disclosureFrame?: DisclosureFrame<Payload>,
     options?: {
@@ -87,6 +91,10 @@ export class SDJwtInstance {
       throw new SDJWTException('sign alogrithm not specified');
     }
 
+    if (disclosureFrame) {
+      this.validateReservedFields<Payload>(disclosureFrame);
+    }
+
     const hasher = this.userConfig.hasher;
     const hashAlg = this.userConfig.hashAlg ?? SDJwtInstance.DEFAULT_hashAlg;
 
@@ -100,7 +108,7 @@ export class SDJwtInstance {
     const OptionHeader = options?.header ?? {};
     const CustomHeader = this.userConfig.omitTyp
       ? OptionHeader
-      : { typ: SD_JWT_TYP, ...OptionHeader };
+      : { typ: this.type, ...OptionHeader };
     const header = { ...CustomHeader, alg };
     const jwt = new Jwt({
       header,
@@ -119,6 +127,10 @@ export class SDJwtInstance {
     return sdJwt.encodeSDJwt();
   }
 
+  protected abstract validateReservedFields<T extends ExtendedPayload>(
+    disclosureFrame: DisclosureFrame<T>,
+  ): void;
+
   public async present(
     encodedSDJwt: string,
     presentationKeys?: string[],

package/src/test/index.spec.ts

@@ -1,9 +1,19 @@
-import { SDJwtInstance } from '../index';
-import { Signer, Verifier } from '@sd-jwt/types';
+import { SDJwtInstance, SdJwtPayload } from '../index';
+import { DisclosureFrame, Signer, Verifier } from '@sd-jwt/types';
 import Crypto from 'node:crypto';
 import { describe, expect, test } from 'vitest';
 import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
 
+export class TestInstance extends SDJwtInstance<SdJwtPayload> {
+  protected type = 'sd-jwt';
+
+  protected validateReservedFields(
+    disclosureFrame: DisclosureFrame<SdJwtPayload>,
+  ): void {
+    return;
+  }
+}
+
 export const createSignerVerifier = () => {
   const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
   const signer: Signer = async (data: string) => {
@@ -23,13 +33,13 @@ export const createSignerVerifier = () => {
 
 describe('index', () => {
   test('create', async () => {
-    const sdjwt = new SDJwtInstance();
+    const sdjwt = new TestInstance();
     expect(sdjwt).toBeDefined();
   });
 
   test('kbJwt', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier,
@@ -41,6 +51,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -64,7 +77,7 @@ describe('index', () => {
 
   test('issue', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier,
@@ -74,6 +87,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -95,7 +111,7 @@ describe('index', () => {
       );
     };
 
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier: failedverifier,
@@ -106,6 +122,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -130,7 +149,7 @@ describe('index', () => {
         Buffer.from(sig, 'base64url'),
       );
     };
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier,
@@ -144,6 +163,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -169,7 +191,7 @@ describe('index', () => {
 
   test('verify with kbJwt', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier,
@@ -183,6 +205,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -204,11 +229,14 @@ describe('index', () => {
   });
 
   test('Hasher not found', async () => {
-    const sdjwt = new SDJwtInstance({});
+    const sdjwt = new TestInstance({});
     try {
       const credential = await sdjwt.issue(
         {
           foo: 'bar',
+          iss: 'Issuer',
+          iat: new Date().getTime(),
+          vct: '',
         },
         {
           _sd: ['foo'],
@@ -222,13 +250,16 @@ describe('index', () => {
   });
 
   test('SaltGenerator not found', async () => {
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       hasher: digest,
     });
     try {
       const credential = await sdjwt.issue(
         {
           foo: 'bar',
+          iss: 'Issuer',
+          iat: new Date().getTime(),
+          vct: '',
         },
         {
           _sd: ['foo'],
@@ -242,7 +273,7 @@ describe('index', () => {
   });
 
   test('Signer not found', async () => {
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       hasher: digest,
       saltGenerator: generateSalt,
     });
@@ -250,6 +281,9 @@ describe('index', () => {
       const credential = await sdjwt.issue(
         {
           foo: 'bar',
+          iss: 'Issuer',
+          iat: new Date().getTime(),
+          vct: '',
         },
         {
           _sd: ['foo'],
@@ -264,7 +298,7 @@ describe('index', () => {
 
   test('Verifier not found', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       hasher: digest,
       saltGenerator: generateSalt,
@@ -277,6 +311,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -301,7 +338,7 @@ describe('index', () => {
 
   test('kbSigner not found', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       verifier,
       hasher: digest,
@@ -314,6 +351,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -336,7 +376,7 @@ describe('index', () => {
 
   test('kbVerifier not found', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       verifier,
       hasher: digest,
@@ -349,6 +389,9 @@ describe('index', () => {
     const credential = await sdjwt.issue(
       {
         foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
       },
       {
         _sd: ['foo'],
@@ -370,4 +413,47 @@ describe('index', () => {
       expect(e).toBeDefined();
     }
   });
+
+  test('kbSignAlg not found', async () => {
+    const { signer, verifier } = createSignerVerifier();
+    const sdjwt = new TestInstance({
+      signer,
+      verifier,
+      hasher: digest,
+      saltGenerator: generateSalt,
+      kbSigner: signer,
+      signAlg: 'EdDSA',
+    });
+
+    const credential = await sdjwt.issue(
+      {
+        foo: 'bar',
+        iss: 'Issuer',
+        iat: new Date().getTime(),
+        vct: '',
+      },
+      {
+        _sd: ['foo'],
+      },
+    );
+
+    const presentation = sdjwt.present(credential, ['foo'], {
+      kb: {
+        payload: {
+          sd_hash: 'sha-256',
+          aud: '1',
+          iat: 1,
+          nonce: '342',
+        },
+      },
+    });
+    expect(presentation).rejects.toThrow(
+      'Key Binding sign algorithm not specified',
+    );
+  });
+
+  test('hasher is not found', () => {
+    const sdjwt = new TestInstance({});
+    expect(sdjwt.keys('')).rejects.toThrow('Hasher not found');
+  });
 });

package/test/app-e2e.spec.ts

@@ -1,10 +1,11 @@
 import Crypto from 'node:crypto';
-import { SDJwtInstance } from '../src';
-import { DisclosureFrame, Signer, Verifier } from '@sd-jwt/types';
+import { SdJwtPayload } from '../src';
+import { DisclosureFrame, SD, Signer, Verifier } from '@sd-jwt/types';
 import fs from 'fs';
 import path from 'path';
 import { describe, expect, test } from 'vitest';
 import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
+import { TestInstance } from '../src/test/index.spec';
 
 export const createSignerVerifier = () => {
   const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
@@ -26,7 +27,7 @@ export const createSignerVerifier = () => {
 describe('App', () => {
   test('Example', async () => {
     const { signer, verifier } = createSignerVerifier();
-    const sdjwt = new SDJwtInstance({
+    const sdjwt = new TestInstance({
       signer,
       signAlg: 'EdDSA',
       verifier,
@@ -192,7 +193,7 @@ describe('App', () => {
 async function JSONtest(filename: string) {
   const test = loadTestJsonFile(filename);
   const { signer, verifier } = createSignerVerifier();
-  const sdjwt = new SDJwtInstance({
+  const sdjwt = new TestInstance({
     signer,
     signAlg: 'EdDSA',
     verifier,
@@ -234,8 +235,8 @@ async function JSONtest(filename: string) {
 }
 
 type TestJson = {
-  claims: object;
-  disclosureFrame: DisclosureFrame<object>;
+  claims: SdJwtPayload;
+  disclosureFrame: DisclosureFrame<SdJwtPayload>;
   presentationKeys: string[];
   presenatedClaims: object;
   requiredClaimKeys: string[];