@sd-jwt/core 0.3.2-next.98 → 0.4.0

package/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+# 0.4.0 (2024-03-08)
+
+
+### Bug Fixes
+
+* add publish config ([#93](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/93)) ([2e4c5c1](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/2e4c5c176dc88e58e49d06783b7658d8ad872313))
+* add the payload that is required ([6c53580](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/6c53580d12e4361c40435b90628302749fa32b1c))
+* change SDJwtPayload to SdJwtPayload ([9f06ef7](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/9f06ef7bd31a1dff4e9bf988e425200a5e1aa82d))
+* convert any usage into  or typed version ([#80](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/80)) ([de4df54](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/de4df54f2a0a77fdbf97e10abac555a98e70c6e0))
+* implement kbverify function ([#127](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/127)) ([e5609f2](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/e5609f26fab8c4991d3bd6c36066a95a30cfb972))
+* make sdjwt instance non abstract ([#122](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/122)) ([e85aae8](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/e85aae89910f5d9468e29ef14ef3b3d3215b86fd))
+
+
+### Features
+
+* add jwk type ([#130](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/130)) ([8ce255a](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/8ce255a64b0940e92e647aa544bf5990b48279b7))
+* add new package for sd-jwt-vc ([ed99188](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/ed99188f13184d58db64b4211e39fb67f3f78cb5))
+* Apply lerna to move src to core ([#67](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/67)) ([49e272b](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/49e272b6b51c5226e22732c469e566fd3c14c57c))
+* calcuate sd_hash in kb JWT ([#117](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/117)) ([3415550](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/3415550fbcd99f97babff442a4928cc827c5c9cc))
+* checking kb header value ([#133](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/133)) ([cd2991b](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/cd2991b88a0522e39251c5ca2b67593130baa585))
+* create kb jwt when present all ([#129](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/129)) ([72ed1ad](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/72ed1ad64b850876ba3b5d5e5df6128471fb44ac))
+* fix async handling in jwt verify ([#131](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/131)) ([76cb930](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/76cb93021dd62c241c87656975f74dd44b3766cf))
+* fixing exclude _sd_alg when no disclosure ([#120](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/120)) ([dcaf1f6](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/dcaf1f6fad3289ea7cbe0f3f410fdc15c0f77fda))

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import * as _sd_jwt_types from '@sd-jwt/types';
-import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, SDJWTCompact, Hasher, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
+import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, PresentationFrame, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
 import { Disclosure } from '@sd-jwt/utils';
 
 type JwtData<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
@@ -29,7 +29,10 @@ declare class Jwt<Header extends Record<string, unknown> = Record<string, unknow
 }
 
 declare class KBJwt<Header extends kbHeader = kbHeader, Payload extends kbPayload = kbPayload> extends Jwt<Header, Payload> {
-    verify(verifier: Verifier): Promise<{
+    verifyKB(values: {
+        verifier: KbVerifier;
+        payload: JwtPayload;
+    }): Promise<{
         payload: Payload;
         header: Header;
     }>;
@@ -52,7 +55,7 @@ declare class SDJwt<Header extends Record<string, unknown> = Record<string, unkn
         kbJwt?: KBJwt<KBHeader, KBPayload>;
     }>;
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>, KBHeader extends kbHeader = kbHeader, KBPayload extends kbPayload = kbPayload>(encodedSdJwt: SDJWTCompact, hasher: Hasher): Promise<SDJwt<Header, Payload>>;
-    present(keys: string[], hasher: Hasher): Promise<SDJWTCompact>;
+    present<T extends Record<string, unknown>>(presentFrame: PresentationFrame<T> | undefined, hasher: Hasher): Promise<SDJWTCompact>;
     encodeSDJwt(): SDJWTCompact;
     keys(hasher: Hasher): Promise<string[]>;
     presentableKeys(hasher: Hasher): Promise<string[]>;
@@ -84,7 +87,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
      * @returns
      */
     protected validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
-    present(encodedSDJwt: string, presentationKeys?: string[], options?: {
+    present<T extends Record<string, unknown>>(encodedSDJwt: string, presentationFrame?: PresentationFrame<T>, options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import * as _sd_jwt_types from '@sd-jwt/types';
-import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, SDJWTCompact, Hasher, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
+import { Base64urlString, Signer, Verifier, kbHeader, kbPayload, KbVerifier, JwtPayload, SDJWTCompact, Hasher, PresentationFrame, DisclosureFrame, HasherAndAlg, SaltGenerator, SDJWTConfig, KBOptions } from '@sd-jwt/types';
 import { Disclosure } from '@sd-jwt/utils';
 
 type JwtData<Header extends Record<string, unknown>, Payload extends Record<string, unknown>> = {
@@ -29,7 +29,10 @@ declare class Jwt<Header extends Record<string, unknown> = Record<string, unknow
 }
 
 declare class KBJwt<Header extends kbHeader = kbHeader, Payload extends kbPayload = kbPayload> extends Jwt<Header, Payload> {
-    verify(verifier: Verifier): Promise<{
+    verifyKB(values: {
+        verifier: KbVerifier;
+        payload: JwtPayload;
+    }): Promise<{
         payload: Payload;
         header: Header;
     }>;
@@ -52,7 +55,7 @@ declare class SDJwt<Header extends Record<string, unknown> = Record<string, unkn
         kbJwt?: KBJwt<KBHeader, KBPayload>;
     }>;
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>, KBHeader extends kbHeader = kbHeader, KBPayload extends kbPayload = kbPayload>(encodedSdJwt: SDJWTCompact, hasher: Hasher): Promise<SDJwt<Header, Payload>>;
-    present(keys: string[], hasher: Hasher): Promise<SDJWTCompact>;
+    present<T extends Record<string, unknown>>(presentFrame: PresentationFrame<T> | undefined, hasher: Hasher): Promise<SDJWTCompact>;
     encodeSDJwt(): SDJWTCompact;
     keys(hasher: Hasher): Promise<string[]>;
     presentableKeys(hasher: Hasher): Promise<string[]>;
@@ -84,7 +87,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
      * @returns
      */
     protected validateReservedFields<T extends ExtendedPayload>(disclosureFrame: DisclosureFrame<T>): void;
-    present(encodedSDJwt: string, presentationKeys?: string[], options?: {
+    present<T extends Record<string, unknown>>(encodedSDJwt: string, presentationFrame?: PresentationFrame<T>, options?: {
         kb?: KBOptions;
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{

package/dist/index.js

@@ -5,10 +5,8 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __reflectGet = Reflect.get;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __spreadValues = (a, b) => {
   for (var prop in b || (b = {}))
@@ -35,7 +33,6 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var __superGet = (cls, obj, key) => __reflectGet(__getProtoOf(cls), key, obj);
 var __async = (__this, __arguments, generator) => {
   return new Promise((resolve, reject) => {
     var fulfilled = (value) => {
@@ -132,7 +129,7 @@ var Jwt = class _Jwt {
       const header = (0, import_utils.Base64urlEncode)(JSON.stringify(this.header));
       const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
-      const verified = verifier(data, this.signature);
+      const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new import_utils.SDJWTException("Verify Error: Invalid JWT Signature");
       }
@@ -143,16 +140,32 @@ var Jwt = class _Jwt {
 
 // src/kbjwt.ts
 var import_utils2 = require("@sd-jwt/utils");
+var import_types = require("@sd-jwt/types");
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
-  verify(verifier) {
+  // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
+  verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
+      var _a;
+      if (!this.header || !this.payload || !this.signature) {
+        throw new import_utils2.SDJWTException("Verify Error: Invalid JWT");
+      }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== import_types.KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
         throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
       }
-      return yield __superGet(_KBJwt.prototype, this, "verify").call(this, verifier);
+      const header = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.header));
+      const payload = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.payload));
+      const data = `${header}.${payload}`;
+      const verified = yield values.verifier(
+        data,
+        this.signature,
+        values.payload
+      );
+      if (!verified) {
+        throw new import_utils2.SDJWTException("Verify Error: Invalid JWT Signature");
+      }
+      return { payload: this.payload, header: this.header };
     });
   }
   // This function is for creating KBJwt object for verify properly
@@ -180,8 +193,9 @@ var createDecoy = (hash, saltGenerator) => __async(void 0, null, function* () {
 
 // src/sdjwt.ts
 var import_utils4 = require("@sd-jwt/utils");
-var import_types = require("@sd-jwt/types");
+var import_types2 = require("@sd-jwt/types");
 var import_decode2 = require("@sd-jwt/decode");
+var import_present = require("@sd-jwt/present");
 var SDJwt = class _SDJwt {
   constructor(data) {
     this.jwt = data == null ? void 0 : data.jwt;
@@ -190,7 +204,7 @@ var SDJwt = class _SDJwt {
   }
   static decodeSDJwt(sdjwt, hasher) {
     return __async(this, null, function* () {
-      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types.SD_SEPARATOR);
+      const [encodedJwt, ...encodedDisclosures] = sdjwt.split(import_types2.SD_SEPARATOR);
       const jwt = Jwt.fromEncode(encodedJwt);
       if (!jwt.payload) {
         throw new Error("Payload is undefined on the JWT. Invalid state reached");
@@ -226,7 +240,7 @@ var SDJwt = class _SDJwt {
       });
     });
   }
-  present(keys, hasher) {
+  present(presentFrame, hasher) {
     return __async(this, null, function* () {
       var _a;
       if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
@@ -240,14 +254,8 @@ var SDJwt = class _SDJwt {
         this.disclosures,
         hasher
       );
-      const presentableKeys = Object.keys(disclosureKeymap);
-      const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
-      if (missingKeys.length > 0) {
-        throw new import_utils4.SDJWTException(
-          `Invalid sd-jwt: invalid present keys: ${missingKeys.join(", ")}`
-        );
-      }
-      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+      const keys = presentFrame ? (0, import_present.transformPresentationFrame)(presentFrame) : yield this.presentableKeys(hasher);
+      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]).filter((d) => d !== void 0);
       const presentSDJwt = new _SDJwt({
         jwt: this.jwt,
         disclosures,
@@ -264,11 +272,11 @@ var SDJwt = class _SDJwt {
     const encodedJwt = this.jwt.encodeJwt();
     data.push(encodedJwt);
     if (this.disclosures && this.disclosures.length > 0) {
-      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types.SD_SEPARATOR);
+      const encodeddisclosures = this.disclosures.map((dc) => dc.encode()).join(import_types2.SD_SEPARATOR);
       data.push(encodeddisclosures);
     }
     data.push(this.kbJwt ? this.kbJwt.encodeJwt() : "");
-    return data.join(import_types.SD_SEPARATOR);
+    return data.join(import_types2.SD_SEPARATOR);
   }
   keys(hasher) {
     return __async(this, null, function* () {
@@ -325,14 +333,14 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
       disclosures: []
     };
   }
-  const sd = (_a = disclosureFrame[import_types.SD_DIGEST]) != null ? _a : [];
-  const decoyCount = (_b = disclosureFrame[import_types.SD_DECOY]) != null ? _b : 0;
+  const sd = (_a = disclosureFrame[import_types2.SD_DIGEST]) != null ? _a : [];
+  const decoyCount = (_b = disclosureFrame[import_types2.SD_DECOY]) != null ? _b : 0;
   if (Array.isArray(claims)) {
     const packedClaims2 = [];
     const disclosures2 = [];
     const recursivePackedClaims2 = {};
     for (const key in disclosureFrame) {
-      if (key !== import_types.SD_DIGEST) {
+      if (key !== import_types2.SD_DIGEST) {
         const idx = parseInt(key);
         const packed = yield pack(
           claims[idx],
@@ -350,7 +358,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
         const salt = yield saltGenerator(16);
         const disclosure = new import_utils4.Disclosure([salt, claim]);
         const digest = yield disclosure.digest(hash);
-        packedClaims2.push({ [import_types.SD_LIST_KEY]: digest });
+        packedClaims2.push({ [import_types2.SD_LIST_KEY]: digest });
         disclosures2.push(disclosure);
       } else {
         packedClaims2.push(claim);
@@ -358,7 +366,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     }
     for (let j = 0; j < decoyCount; j++) {
       const decoyDigest = yield createDecoy(hash, saltGenerator);
-      packedClaims2.push({ [import_types.SD_LIST_KEY]: decoyDigest });
+      packedClaims2.push({ [import_types2.SD_LIST_KEY]: decoyDigest });
     }
     return { packedClaims: packedClaims2, disclosures: disclosures2 };
   }
@@ -366,7 +374,7 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
   const disclosures = [];
   const recursivePackedClaims = {};
   for (const key in disclosureFrame) {
-    if (key !== import_types.SD_DIGEST) {
+    if (key !== import_types2.SD_DIGEST) {
       const packed = yield pack(
         // @ts-ignore
         claims[key],
@@ -396,13 +404,13 @@ var pack = (claims, disclosureFrame, hash, saltGenerator) => __async(void 0, nul
     _sd.push(decoyDigest);
   }
   if (_sd.length > 0) {
-    packedClaims[import_types.SD_DIGEST] = _sd.sort();
+    packedClaims[import_types2.SD_DIGEST] = _sd.sort();
   }
   return { packedClaims, disclosures };
 });
 
 // src/index.ts
-var import_types2 = require("@sd-jwt/types");
+var import_types3 = require("@sd-jwt/types");
 var import_decode3 = require("@sd-jwt/decode");
 var _SDJwtInstance = class _SDJwtInstance {
   constructor(userConfig) {
@@ -422,7 +430,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       const { payload } = options;
       const kbJwt = new KBJwt({
         header: {
-          typ: import_types2.KB_JWT_TYP,
+          typ: import_types3.KB_JWT_TYP,
           alg: this.userConfig.kbSignAlg
         },
         payload: __spreadProps(__spreadValues({}, payload), { sd_hash: sdHash })
@@ -497,11 +505,9 @@ var _SDJwtInstance = class _SDJwtInstance {
   validateReservedFields(disclosureFrame) {
     return;
   }
-  present(encodedSDJwt, presentationKeys, options) {
+  present(encodedSDJwt, presentationFrame, options) {
     return __async(this, null, function* () {
       var _a;
-      if (!presentationKeys)
-        return encodedSDJwt;
       if (!this.userConfig.hasher) {
         throw new import_utils5.SDJWTException("Hasher not found");
       }
@@ -510,7 +516,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!((_a = sdjwt.jwt) == null ? void 0 : _a.payload))
         throw new import_utils5.SDJWTException("Payload not found");
       const presentSdJwtWithoutKb = yield sdjwt.present(
-        presentationKeys.sort(),
+        presentationFrame,
         hasher
       );
       if (!(options == null ? void 0 : options.kb)) {
@@ -522,7 +528,7 @@ var _SDJwtInstance = class _SDJwtInstance {
         hasher
       );
       sdjwt.kbJwt = yield this.createKBJwt(options.kb, sdHashStr);
-      return sdjwt.present(presentationKeys.sort(), hasher);
+      return sdjwt.present(presentationFrame, hasher);
     });
   }
   // This function is for verifying the SD JWT
@@ -557,7 +563,13 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!this.userConfig.kbVerifier) {
         throw new import_utils5.SDJWTException("Key Binding Verifier not found");
       }
-      const kb = yield sdjwt.kbJwt.verify(this.userConfig.kbVerifier);
+      const kb = yield sdjwt.kbJwt.verifyKB({
+        verifier: this.userConfig.kbVerifier,
+        payload
+      });
+      if (!kb) {
+        throw new Error("signature is not valid");
+      }
       const sdHashfromKb = kb.payload.sd_hash;
       const sdjwtWithoutKb = new SDJwt({
         jwt: sdjwt.jwt,

package/dist/index.mjs

@@ -2,10 +2,8 @@ var __defProp = Object.defineProperty;
 var __defProps = Object.defineProperties;
 var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
 var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __reflectGet = Reflect.get;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __spreadValues = (a, b) => {
   for (var prop in b || (b = {}))
@@ -19,7 +17,6 @@ var __spreadValues = (a, b) => {
   return a;
 };
 var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
-var __superGet = (cls, obj, key) => __reflectGet(__getProtoOf(cls), key, obj);
 var __async = (__this, __arguments, generator) => {
   return new Promise((resolve, reject) => {
     var fulfilled = (value) => {
@@ -105,7 +102,7 @@ var Jwt = class _Jwt {
       const header = Base64urlEncode(JSON.stringify(this.header));
       const payload = Base64urlEncode(JSON.stringify(this.payload));
       const data = `${header}.${payload}`;
-      const verified = verifier(data, this.signature);
+      const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new SDJWTException("Verify Error: Invalid JWT Signature");
       }
@@ -115,17 +112,35 @@ var Jwt = class _Jwt {
 };
 
 // src/kbjwt.ts
-import { SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+import { Base64urlEncode as Base64urlEncode2, SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+import {
+  KB_JWT_TYP
+} from "@sd-jwt/types";
 var KBJwt = class _KBJwt extends Jwt {
   // Checking the validity of the key binding jwt
-  verify(verifier) {
+  // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
+  verifyKB(values) {
     return __async(this, null, function* () {
-      var _a, _b, _c, _d, _e, _f;
-      if (!((_a = this.header) == null ? void 0 : _a.alg) || !this.header.typ || !((_b = this.payload) == null ? void 0 : _b.iat) || !((_c = this.payload) == null ? void 0 : _c.aud) || !((_d = this.payload) == null ? void 0 : _d.nonce) || // this is for backward compatibility with version 06
-      !(((_e = this.payload) == null ? void 0 : _e.sd_hash) || ((_f = this.payload) == null ? void 0 : _f._sd_hash))) {
+      var _a;
+      if (!this.header || !this.payload || !this.signature) {
+        throw new SDJWTException2("Verify Error: Invalid JWT");
+      }
+      if (!this.header.alg || this.header.alg === "none" || !this.header.typ || this.header.typ !== KB_JWT_TYP || !this.payload.iat || !this.payload.aud || !this.payload.nonce || // this is for backward compatibility with version 06
+      !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
         throw new SDJWTException2("Invalid Key Binding Jwt");
       }
-      return yield __superGet(_KBJwt.prototype, this, "verify").call(this, verifier);
+      const header = Base64urlEncode2(JSON.stringify(this.header));
+      const payload = Base64urlEncode2(JSON.stringify(this.payload));
+      const data = `${header}.${payload}`;
+      const verified = yield values.verifier(
+        data,
+        this.signature,
+        values.payload
+      );
+      if (!verified) {
+        throw new SDJWTException2("Verify Error: Invalid JWT Signature");
+      }
+      return { payload: this.payload, header: this.header };
     });
   }
   // This function is for creating KBJwt object for verify properly
@@ -160,6 +175,7 @@ import {
   SD_SEPARATOR
 } from "@sd-jwt/types";
 import { createHashMapping, getSDAlgAndPayload, unpack } from "@sd-jwt/decode";
+import { transformPresentationFrame } from "@sd-jwt/present";
 var SDJwt = class _SDJwt {
   constructor(data) {
     this.jwt = data == null ? void 0 : data.jwt;
@@ -204,7 +220,7 @@ var SDJwt = class _SDJwt {
       });
     });
   }
-  present(keys, hasher) {
+  present(presentFrame, hasher) {
     return __async(this, null, function* () {
       var _a;
       if (!((_a = this.jwt) == null ? void 0 : _a.payload) || !this.disclosures) {
@@ -218,14 +234,8 @@ var SDJwt = class _SDJwt {
         this.disclosures,
         hasher
       );
-      const presentableKeys = Object.keys(disclosureKeymap);
-      const missingKeys = keys.filter((k) => !presentableKeys.includes(k));
-      if (missingKeys.length > 0) {
-        throw new SDJWTException3(
-          `Invalid sd-jwt: invalid present keys: ${missingKeys.join(", ")}`
-        );
-      }
-      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]);
+      const keys = presentFrame ? transformPresentationFrame(presentFrame) : yield this.presentableKeys(hasher);
+      const disclosures = keys.map((k) => hashmap[disclosureKeymap[k]]).filter((d) => d !== void 0);
       const presentSDJwt = new _SDJwt({
         jwt: this.jwt,
         disclosures,
@@ -477,11 +487,9 @@ var _SDJwtInstance = class _SDJwtInstance {
   validateReservedFields(disclosureFrame) {
     return;
   }
-  present(encodedSDJwt, presentationKeys, options) {
+  present(encodedSDJwt, presentationFrame, options) {
     return __async(this, null, function* () {
       var _a;
-      if (!presentationKeys)
-        return encodedSDJwt;
       if (!this.userConfig.hasher) {
         throw new SDJWTException4("Hasher not found");
       }
@@ -490,7 +498,7 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!((_a = sdjwt.jwt) == null ? void 0 : _a.payload))
         throw new SDJWTException4("Payload not found");
       const presentSdJwtWithoutKb = yield sdjwt.present(
-        presentationKeys.sort(),
+        presentationFrame,
         hasher
       );
       if (!(options == null ? void 0 : options.kb)) {
@@ -502,7 +510,7 @@ var _SDJwtInstance = class _SDJwtInstance {
         hasher
       );
       sdjwt.kbJwt = yield this.createKBJwt(options.kb, sdHashStr);
-      return sdjwt.present(presentationKeys.sort(), hasher);
+      return sdjwt.present(presentationFrame, hasher);
     });
   }
   // This function is for verifying the SD JWT
@@ -537,7 +545,13 @@ var _SDJwtInstance = class _SDJwtInstance {
       if (!this.userConfig.kbVerifier) {
         throw new SDJWTException4("Key Binding Verifier not found");
       }
-      const kb = yield sdjwt.kbJwt.verify(this.userConfig.kbVerifier);
+      const kb = yield sdjwt.kbJwt.verifyKB({
+        verifier: this.userConfig.kbVerifier,
+        payload
+      });
+      if (!kb) {
+        throw new Error("signature is not valid");
+      }
       const sdHashfromKb = kb.payload.sd_hash;
       const sdjwtWithoutKb = new SDJwt({
         jwt: sdjwt.jwt,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/core",
-  "version": "0.3.2-next.98+03e028f",
+  "version": "0.4.0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -38,12 +38,13 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.3.2-next.98+03e028f"
+    "@sd-jwt/crypto-nodejs": "0.4.0"
   },
   "dependencies": {
-    "@sd-jwt/decode": "0.3.2-next.98+03e028f",
-    "@sd-jwt/types": "0.3.2-next.98+03e028f",
-    "@sd-jwt/utils": "0.3.2-next.98+03e028f"
+    "@sd-jwt/decode": "0.4.0",
+    "@sd-jwt/present": "0.4.0",
+    "@sd-jwt/types": "0.4.0",
+    "@sd-jwt/utils": "0.4.0"
   },
   "publishConfig": {
     "access": "public"
@@ -61,5 +62,5 @@
       "esm"
     ]
   },
-  "gitHead": "03e028fb452bacb445b35dcc2fb0cc9ef6d53874"
+  "gitHead": "391a36550a66833b3d393ff0deb699b1b72cca59"
 }

package/src/index.ts

@@ -7,10 +7,12 @@ import {
   Hasher,
   KBOptions,
   KB_JWT_TYP,
+  PresentationFrame,
   SDJWTCompact,
   SDJWTConfig,
 } from '@sd-jwt/types';
 import { getSDAlgAndPayload } from '@sd-jwt/decode';
+import { JwtPayload } from '@sd-jwt/types';
 
 export * from './sdjwt';
 export * from './kbjwt';
@@ -138,14 +140,13 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     return;
   }
 
-  public async present(
+  public async present<T extends Record<string, unknown>>(
     encodedSDJwt: string,
-    presentationKeys?: string[],
+    presentationFrame?: PresentationFrame<T>,
     options?: {
       kb?: KBOptions;
     },
   ): Promise<SDJWTCompact> {
-    if (!presentationKeys) return encodedSDJwt;
     if (!this.userConfig.hasher) {
       throw new SDJWTException('Hasher not found');
     }
@@ -155,7 +156,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
 
     if (!sdjwt.jwt?.payload) throw new SDJWTException('Payload not found');
     const presentSdJwtWithoutKb = await sdjwt.present(
-      presentationKeys.sort(),
+      presentationFrame,
       hasher,
     );
 
@@ -170,7 +171,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     );
 
     sdjwt.kbJwt = await this.createKBJwt(options.kb, sdHashStr);
-    return sdjwt.present(presentationKeys.sort(), hasher);
+    return sdjwt.present(presentationFrame, hasher);
   }
 
   // This function is for verifying the SD JWT
@@ -212,7 +213,13 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     if (!this.userConfig.kbVerifier) {
       throw new SDJWTException('Key Binding Verifier not found');
     }
-    const kb = await sdjwt.kbJwt.verify(this.userConfig.kbVerifier);
+    const kb = await sdjwt.kbJwt.verifyKB({
+      verifier: this.userConfig.kbVerifier,
+      payload: payload as JwtPayload,
+    });
+    if (!kb) {
+      throw new Error('signature is not valid');
+    }
     const sdHashfromKb = kb.payload.sd_hash;
     const sdjwtWithoutKb = new SDJwt({
       jwt: sdjwt.jwt,

package/src/jwt.ts

@@ -98,7 +98,7 @@ export class Jwt<
     const payload = Base64urlEncode(JSON.stringify(this.payload));
     const data = `${header}.${payload}`;
 
-    const verified = verifier(data, this.signature);
+    const verified = await verifier(data, this.signature);
     if (!verified) {
       throw new SDJWTException('Verify Error: Invalid JWT Signature');
     }

package/src/kbjwt.ts

@@ -1,28 +1,53 @@
-import { SDJWTException } from '@sd-jwt/utils';
+import { Base64urlEncode, SDJWTException } from '@sd-jwt/utils';
 import { Jwt } from './jwt';
-import { Verifier, kbHeader, kbPayload } from '@sd-jwt/types';
+import {
+  JwtPayload,
+  KB_JWT_TYP,
+  kbHeader,
+  kbPayload,
+  KbVerifier,
+} from '@sd-jwt/types';
 
 export class KBJwt<
   Header extends kbHeader = kbHeader,
   Payload extends kbPayload = kbPayload,
 > extends Jwt<Header, Payload> {
   // Checking the validity of the key binding jwt
-  public async verify(verifier: Verifier) {
+  // the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
+  public async verifyKB(values: { verifier: KbVerifier; payload: JwtPayload }) {
+    if (!this.header || !this.payload || !this.signature) {
+      throw new SDJWTException('Verify Error: Invalid JWT');
+    }
+
     if (
-      !this.header?.alg ||
+      !this.header.alg ||
+      this.header.alg === 'none' ||
       !this.header.typ ||
-      !this.payload?.iat ||
-      !this.payload?.aud ||
-      !this.payload?.nonce ||
+      this.header.typ !== KB_JWT_TYP ||
+      !this.payload.iat ||
+      !this.payload.aud ||
+      !this.payload.nonce ||
       // this is for backward compatibility with version 06
       !(
-        this.payload?.sd_hash ||
+        this.payload.sd_hash ||
         (this.payload as Record<string, unknown> | undefined)?._sd_hash
       )
     ) {
       throw new SDJWTException('Invalid Key Binding Jwt');
     }
-    return await super.verify(verifier);
+
+    const header = Base64urlEncode(JSON.stringify(this.header));
+    const payload = Base64urlEncode(JSON.stringify(this.payload));
+    const data = `${header}.${payload}`;
+    const verified = await values.verifier(
+      data,
+      this.signature,
+      values.payload,
+    );
+    if (!verified) {
+      throw new SDJWTException('Verify Error: Invalid JWT Signature');
+    }
+    return { payload: this.payload, header: this.header };
   }
 
   // This function is for creating KBJwt object for verify properly