@sd-jwt/core 0.4.1-next.9 → 0.5.0

package/CHANGELOG.md

@@ -3,6 +3,22 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.5.0](https://github.com/openwallet-foundation-labs/sd-jwt-js/compare/v0.4.0...v0.5.0) (2024-03-11)
+
+
+### Bug Fixes
+
+* validate JWT signed other implemenation ([#158](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/158)) ([a0c1ddb](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/a0c1ddbb4c3785d03fc7302183f9c13e3c3fd955))
+
+
+### Features
+
+* make _digest value public in disclosure ([#151](https://github.com/openwallet-foundation-labs/sd-jwt-js/issues/151)) ([7a3fbd7](https://github.com/openwallet-foundation-labs/sd-jwt-js/commit/7a3fbd7db19b6501978340c972b171743d287285))
+
+
+
+
+
 # 0.4.0 (2024-03-08)
 
 

package/dist/index.d.mts

@@ -6,11 +6,13 @@ type JwtData<Header extends Record<string, unknown>, Payload extends Record<stri
     header?: Header;
     payload?: Payload;
     signature?: Base64urlString;
+    encoded?: string;
 };
 declare class Jwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> {
     header?: Header;
     payload?: Payload;
     signature?: Base64urlString;
+    private encoded?;
     constructor(data?: JwtData<Header, Payload>);
     static decodeJWT<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(jwt: string): {
         header: Header;
@@ -20,11 +22,12 @@ declare class Jwt<Header extends Record<string, unknown> = Record<string, unknow
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(encodedJwt: string): Jwt<Header, Payload>;
     setHeader(header: Header): Jwt<Header, Payload>;
     setPayload(payload: Payload): Jwt<Header, Payload>;
+    protected getUnsignedToken(): string;
     sign(signer: Signer): Promise<string>;
     encodeJwt(): string;
     verify(verifier: Verifier): Promise<{
-        payload: Payload;
-        header: Header;
+        payload: Payload | undefined;
+        header: Header | undefined;
     }>;
 }
 
@@ -92,11 +95,11 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
         kb?: undefined;
     } | {
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
         kb: {
             payload: _sd_jwt_types.kbPayload;
             header: _sd_jwt_types.kbHeader;
@@ -105,7 +108,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     private calculateSDHash;
     validate(encodedSDJwt: string): Promise<{
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
     }>;
     config(newConfig: SDJWTConfig): void;
     encode(sdJwt: SDJwt): SDJWTCompact;

package/dist/index.d.ts

@@ -6,11 +6,13 @@ type JwtData<Header extends Record<string, unknown>, Payload extends Record<stri
     header?: Header;
     payload?: Payload;
     signature?: Base64urlString;
+    encoded?: string;
 };
 declare class Jwt<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>> {
     header?: Header;
     payload?: Payload;
     signature?: Base64urlString;
+    private encoded?;
     constructor(data?: JwtData<Header, Payload>);
     static decodeJWT<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(jwt: string): {
         header: Header;
@@ -20,11 +22,12 @@ declare class Jwt<Header extends Record<string, unknown> = Record<string, unknow
     static fromEncode<Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(encodedJwt: string): Jwt<Header, Payload>;
     setHeader(header: Header): Jwt<Header, Payload>;
     setPayload(payload: Payload): Jwt<Header, Payload>;
+    protected getUnsignedToken(): string;
     sign(signer: Signer): Promise<string>;
     encodeJwt(): string;
     verify(verifier: Verifier): Promise<{
-        payload: Payload;
-        header: Header;
+        payload: Payload | undefined;
+        header: Header | undefined;
     }>;
 }
 
@@ -92,11 +95,11 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     }): Promise<SDJWTCompact>;
     verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
         kb?: undefined;
     } | {
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
         kb: {
             payload: _sd_jwt_types.kbPayload;
             header: _sd_jwt_types.kbHeader;
@@ -105,7 +108,7 @@ declare class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     private calculateSDHash;
     validate(encodedSDJwt: string): Promise<{
         payload: unknown;
-        header: Record<string, unknown>;
+        header: Record<string, unknown> | undefined;
     }>;
     config(newConfig: SDJWTConfig): void;
     encode(sdJwt: SDJwt): SDJWTCompact;

package/dist/index.js

@@ -76,6 +76,7 @@ var Jwt = class _Jwt {
     this.header = data == null ? void 0 : data.header;
     this.payload = data == null ? void 0 : data.payload;
     this.signature = data == null ? void 0 : data.signature;
+    this.encoded = data == null ? void 0 : data.encoded;
   }
   static decodeJWT(jwt) {
     return (0, import_decode.decodeJwt)(jwt);
@@ -87,31 +88,48 @@ var Jwt = class _Jwt {
     const jwt = new _Jwt({
       header,
       payload,
-      signature
+      signature,
+      encoded: encodedJwt
     });
     return jwt;
   }
   setHeader(header) {
     this.header = header;
+    this.encoded = void 0;
     return this;
   }
   setPayload(payload) {
     this.payload = payload;
+    this.encoded = void 0;
     return this;
   }
+  getUnsignedToken() {
+    if (!this.header || !this.payload) {
+      throw new import_utils.SDJWTException("Serialize Error: Invalid JWT");
+    }
+    if (this.encoded) {
+      const parts = this.encoded.split(".");
+      if (parts.length !== 3) {
+        throw new import_utils.SDJWTException(`Invalid JWT format: ${this.encoded}`);
+      }
+      const unsignedToken = parts.slice(0, 2).join(".");
+      return unsignedToken;
+    }
+    const header = (0, import_utils.Base64urlEncode)(JSON.stringify(this.header));
+    const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
+    return `${header}.${payload}`;
+  }
   sign(signer) {
     return __async(this, null, function* () {
-      if (!this.header || !this.payload) {
-        throw new import_utils.SDJWTException("Sign Error: Invalid JWT");
-      }
-      const header = (0, import_utils.Base64urlEncode)(JSON.stringify(this.header));
-      const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       this.signature = yield signer(data);
       return this.encodeJwt();
     });
   }
   encodeJwt() {
+    if (this.encoded) {
+      return this.encoded;
+    }
     if (!this.header || !this.payload || !this.signature) {
       throw new import_utils.SDJWTException("Serialize Error: Invalid JWT");
     }
@@ -119,16 +137,15 @@ var Jwt = class _Jwt {
     const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
     const signature = this.signature;
     const compact = `${header}.${payload}.${signature}`;
+    this.encoded = compact;
     return compact;
   }
   verify(verifier) {
     return __async(this, null, function* () {
-      if (!this.header || !this.payload || !this.signature) {
-        throw new import_utils.SDJWTException("Verify Error: Invalid JWT");
+      if (!this.signature) {
+        throw new import_utils.SDJWTException("Verify Error: no signature in JWT");
       }
-      const header = (0, import_utils.Base64urlEncode)(JSON.stringify(this.header));
-      const payload = (0, import_utils.Base64urlEncode)(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new import_utils.SDJWTException("Verify Error: Invalid JWT Signature");
@@ -154,9 +171,7 @@ var KBJwt = class _KBJwt extends Jwt {
       !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
         throw new import_utils2.SDJWTException("Invalid Key Binding Jwt");
       }
-      const header = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.header));
-      const payload = (0, import_utils2.Base64urlEncode)(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       const verified = yield values.verifier(
         data,
         this.signature,
@@ -176,7 +191,8 @@ var KBJwt = class _KBJwt extends Jwt {
     const jwt = new _KBJwt({
       header,
       payload,
-      signature
+      signature,
+      encoded: encodedJwt
     });
     return jwt;
   }

package/dist/index.mjs

@@ -49,6 +49,7 @@ var Jwt = class _Jwt {
     this.header = data == null ? void 0 : data.header;
     this.payload = data == null ? void 0 : data.payload;
     this.signature = data == null ? void 0 : data.signature;
+    this.encoded = data == null ? void 0 : data.encoded;
   }
   static decodeJWT(jwt) {
     return decodeJwt(jwt);
@@ -60,31 +61,48 @@ var Jwt = class _Jwt {
     const jwt = new _Jwt({
       header,
       payload,
-      signature
+      signature,
+      encoded: encodedJwt
     });
     return jwt;
   }
   setHeader(header) {
     this.header = header;
+    this.encoded = void 0;
     return this;
   }
   setPayload(payload) {
     this.payload = payload;
+    this.encoded = void 0;
     return this;
   }
+  getUnsignedToken() {
+    if (!this.header || !this.payload) {
+      throw new SDJWTException("Serialize Error: Invalid JWT");
+    }
+    if (this.encoded) {
+      const parts = this.encoded.split(".");
+      if (parts.length !== 3) {
+        throw new SDJWTException(`Invalid JWT format: ${this.encoded}`);
+      }
+      const unsignedToken = parts.slice(0, 2).join(".");
+      return unsignedToken;
+    }
+    const header = Base64urlEncode(JSON.stringify(this.header));
+    const payload = Base64urlEncode(JSON.stringify(this.payload));
+    return `${header}.${payload}`;
+  }
   sign(signer) {
     return __async(this, null, function* () {
-      if (!this.header || !this.payload) {
-        throw new SDJWTException("Sign Error: Invalid JWT");
-      }
-      const header = Base64urlEncode(JSON.stringify(this.header));
-      const payload = Base64urlEncode(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       this.signature = yield signer(data);
       return this.encodeJwt();
     });
   }
   encodeJwt() {
+    if (this.encoded) {
+      return this.encoded;
+    }
     if (!this.header || !this.payload || !this.signature) {
       throw new SDJWTException("Serialize Error: Invalid JWT");
     }
@@ -92,16 +110,15 @@ var Jwt = class _Jwt {
     const payload = Base64urlEncode(JSON.stringify(this.payload));
     const signature = this.signature;
     const compact = `${header}.${payload}.${signature}`;
+    this.encoded = compact;
     return compact;
   }
   verify(verifier) {
     return __async(this, null, function* () {
-      if (!this.header || !this.payload || !this.signature) {
-        throw new SDJWTException("Verify Error: Invalid JWT");
+      if (!this.signature) {
+        throw new SDJWTException("Verify Error: no signature in JWT");
       }
-      const header = Base64urlEncode(JSON.stringify(this.header));
-      const payload = Base64urlEncode(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       const verified = yield verifier(data, this.signature);
       if (!verified) {
         throw new SDJWTException("Verify Error: Invalid JWT Signature");
@@ -112,7 +129,7 @@ var Jwt = class _Jwt {
 };
 
 // src/kbjwt.ts
-import { Base64urlEncode as Base64urlEncode2, SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
+import { SDJWTException as SDJWTException2 } from "@sd-jwt/utils";
 import {
   KB_JWT_TYP
 } from "@sd-jwt/types";
@@ -129,9 +146,7 @@ var KBJwt = class _KBJwt extends Jwt {
       !(this.payload.sd_hash || ((_a = this.payload) == null ? void 0 : _a._sd_hash))) {
         throw new SDJWTException2("Invalid Key Binding Jwt");
       }
-      const header = Base64urlEncode2(JSON.stringify(this.header));
-      const payload = Base64urlEncode2(JSON.stringify(this.payload));
-      const data = `${header}.${payload}`;
+      const data = this.getUnsignedToken();
       const verified = yield values.verifier(
         data,
         this.signature,
@@ -151,7 +166,8 @@ var KBJwt = class _KBJwt extends Jwt {
     const jwt = new _KBJwt({
       header,
       payload,
-      signature
+      signature,
+      encoded: encodedJwt
     });
     return jwt;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/core",
-  "version": "0.4.1-next.9+9231fe0",
+  "version": "0.5.0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -38,13 +38,13 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.4.1-next.9+9231fe0"
+    "@sd-jwt/crypto-nodejs": "0.5.0"
   },
   "dependencies": {
-    "@sd-jwt/decode": "0.4.1-next.9+9231fe0",
-    "@sd-jwt/present": "0.4.1-next.9+9231fe0",
-    "@sd-jwt/types": "0.4.1-next.9+9231fe0",
-    "@sd-jwt/utils": "0.4.1-next.9+9231fe0"
+    "@sd-jwt/decode": "0.5.0",
+    "@sd-jwt/present": "0.5.0",
+    "@sd-jwt/types": "0.5.0",
+    "@sd-jwt/utils": "0.5.0"
   },
   "publishConfig": {
     "access": "public"
@@ -62,5 +62,5 @@
       "esm"
     ]
   },
-  "gitHead": "9231fe047072630b85b5ce11ff66686d9e9ac70d"
+  "gitHead": "513e36a23c96953368c050f5b82a43da2dcace65"
 }

package/src/jwt.ts

@@ -9,6 +9,7 @@ export type JwtData<
   header?: Header;
   payload?: Payload;
   signature?: Base64urlString;
+  encoded?: string;
 };
 
 // This class is used to create and verify JWT
@@ -20,11 +21,13 @@ export class Jwt<
   public header?: Header;
   public payload?: Payload;
   public signature?: Base64urlString;
+  private encoded?: string;
 
   constructor(data?: JwtData<Header, Payload>) {
     this.header = data?.header;
     this.payload = data?.payload;
     this.signature = data?.signature;
+    this.encoded = data?.encoded;
   }
 
   public static decodeJWT<
@@ -48,6 +51,7 @@ export class Jwt<
       header,
       payload,
       signature,
+      encoded: encodedJwt,
     });
 
     return jwt;
@@ -55,28 +59,47 @@ export class Jwt<
 
   public setHeader(header: Header): Jwt<Header, Payload> {
     this.header = header;
+    this.encoded = undefined;
     return this;
   }
 
   public setPayload(payload: Payload): Jwt<Header, Payload> {
     this.payload = payload;
+    this.encoded = undefined;
     return this;
   }
 
-  public async sign(signer: Signer) {
+  protected getUnsignedToken() {
     if (!this.header || !this.payload) {
-      throw new SDJWTException('Sign Error: Invalid JWT');
+      throw new SDJWTException('Serialize Error: Invalid JWT');
+    }
+
+    if (this.encoded) {
+      const parts = this.encoded.split('.');
+      if (parts.length !== 3) {
+        throw new SDJWTException(`Invalid JWT format: ${this.encoded}`);
+      }
+      const unsignedToken = parts.slice(0, 2).join('.');
+      return unsignedToken;
     }
 
     const header = Base64urlEncode(JSON.stringify(this.header));
     const payload = Base64urlEncode(JSON.stringify(this.payload));
-    const data = `${header}.${payload}`;
+    return `${header}.${payload}`;
+  }
+
+  public async sign(signer: Signer) {
+    const data = this.getUnsignedToken();
     this.signature = await signer(data);
 
     return this.encodeJwt();
   }
 
   public encodeJwt(): string {
+    if (this.encoded) {
+      return this.encoded;
+    }
+
     if (!this.header || !this.payload || !this.signature) {
       throw new SDJWTException('Serialize Error: Invalid JWT');
     }
@@ -85,18 +108,16 @@ export class Jwt<
     const payload = Base64urlEncode(JSON.stringify(this.payload));
     const signature = this.signature;
     const compact = `${header}.${payload}.${signature}`;
+    this.encoded = compact;
 
     return compact;
   }
 
   public async verify(verifier: Verifier) {
-    if (!this.header || !this.payload || !this.signature) {
-      throw new SDJWTException('Verify Error: Invalid JWT');
+    if (!this.signature) {
+      throw new SDJWTException('Verify Error: no signature in JWT');
     }
-
-    const header = Base64urlEncode(JSON.stringify(this.header));
-    const payload = Base64urlEncode(JSON.stringify(this.payload));
-    const data = `${header}.${payload}`;
+    const data = this.getUnsignedToken();
 
     const verified = await verifier(data, this.signature);
     if (!verified) {

package/src/kbjwt.ts

@@ -36,9 +36,7 @@ export class KBJwt<
       throw new SDJWTException('Invalid Key Binding Jwt');
     }
 
-    const header = Base64urlEncode(JSON.stringify(this.header));
-    const payload = Base64urlEncode(JSON.stringify(this.payload));
-    const data = `${header}.${payload}`;
+    const data = this.getUnsignedToken();
     const verified = await values.verifier(
       data,
       this.signature,
@@ -63,6 +61,7 @@ export class KBJwt<
       header,
       payload,
       signature,
+      encoded: encodedJwt,
     });
 
     return jwt;

package/src/test/index.spec.ts

@@ -2,9 +2,15 @@ import { SDJwtInstance, type SdJwtPayload } from '../index';
 import type { Signer, Verifier, KbVerifier, JwtPayload } from '@sd-jwt/types';
 import Crypto, { type KeyLike } from 'node:crypto';
 import { describe, expect, test } from 'vitest';
-import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
+import { digest, generateSalt, ES256 } from '@sd-jwt/crypto-nodejs';
 import { importJWK, exportJWK, type JWK } from 'jose';
 
+// Extract the major version as a number
+const nodeVersionMajor = Number.parseInt(
+  process.version.split('.')[0].substring(1),
+  10,
+);
+
 export const createSignerVerifier = () => {
   const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
   const signer: Signer = async (data: string) => {
@@ -590,4 +596,33 @@ describe('index', () => {
     expect(decoded.disclosures).toBeDefined();
     expect(decoded.kbJwt).toBeDefined();
   });
+
+  (nodeVersionMajor < 20 ? test.skip : test)(
+    'validate sd-jwt that created in other implemenation',
+    async () => {
+      const publicKeyExampleJwt: JsonWebKey = {
+        kty: 'EC',
+        crv: 'P-256',
+        x: 'b28d4MwZMjw8-00CG4xfnn9SLMVMM19SlqZpVb_uNtQ',
+        y: 'Xv5zWwuoaTgdS6hV43yI6gBwTnjukmFQQnJ_kCxzqk8',
+      };
+      const kbPubkey: JsonWebKey = {
+        kty: 'EC',
+        crv: 'P-256',
+        x: 'TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc',
+        y: 'ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ',
+      };
+      const encodedJwt =
+        'eyJhbGciOiAiRVMyNTYiLCAidHlwIjogInZjK3NkLWp3dCIsICJraWQiOiAiZG9jLXNpZ25lci0wNS0yNS0yMDIyIn0.eyJfc2QiOiBbIjA5dktySk1PbHlUV00wc2pwdV9wZE9CVkJRMk0xeTNLaHBINTE1blhrcFkiLCAiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsICJFa084ZGhXMGRIRUpidlVIbEVfVkNldUM5dVJFTE9pZUxaaGg3WGJVVHRBIiwgIklsRHpJS2VpWmREd3BxcEs2WmZieXBoRnZ6NUZnbldhLXNONndxUVhDaXciLCAiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSIsICJQb3JGYnBLdVZ1Nnh5bUphZ3ZrRnNGWEFiUm9jMkpHbEFVQTJCQTRvN2NJIiwgIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCAiamRyVEU4WWNiWTRFaWZ1Z2loaUFlX0JQZWt4SlFaSUNlaVVRd1k5UXF4SSIsICJqc3U5eVZ1bHdRUWxoRmxNXzNKbHpNYVNGemdsaFFHMERwZmF5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.QXgzrePAdq_WZVGCwDxP-l8h0iyckrHBNidxVqGtKJ0LMzObqgaXUD1cgGEf7d9TexPkBcgQYqjuzlfbeCxxuA~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgImF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MDk5OTYxODUsICJzZF9oYXNoIjogIjc4cFFEazJOblNEM1dKQm5SN015aWpmeUVqcGJ5a01yRnlpb2ZYSjlsN0kifQ.7k4goAlxM4a3tHnvCBCe70j_I-BCwtzhBRXQNk9cWJnQWxxt2kIqCyzcwzzUc0gTwtbGWVQoeWCiL5K6y3a4VQ';
+
+      const sdjwt = new SDJwtInstance({
+        hasher: digest,
+        verifier: await ES256.getVerifier(publicKeyExampleJwt),
+        kbVerifier: await ES256.getVerifier(kbPubkey),
+      });
+
+      const decode = await sdjwt.verify(encodedJwt, undefined, true);
+      expect(decode).toBeDefined();
+    },
+  );
 });

package/src/test/jwt.spec.ts

@@ -138,4 +138,65 @@ describe('JWT', () => {
       expect(e).toBeInstanceOf(SDJWTException);
     }
   });
+
+  test('getUnsignedToken failed', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+    });
+
+    try {
+      await jwt.sign(testSigner);
+    } catch (e: unknown) {
+      expect(e).toBeInstanceOf(SDJWTException);
+    }
+  });
+
+  test('wrong encoded field', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+      encoded: 'asfasfafaf.dfasfafafasf', // it has to be 3 parts
+    });
+
+    try {
+      await jwt.sign(testSigner);
+    } catch (e: unknown) {
+      expect(e).toBeInstanceOf(SDJWTException);
+    }
+  });
+
+  test('verify failed no signature', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const testVerifier: Verifier = async (data: string, sig: string) => {
+      return Crypto.verify(
+        null,
+        Buffer.from(data),
+        publicKey,
+        Buffer.from(sig, 'base64url'),
+      );
+    };
+
+    const jwt = new Jwt({
+      header: { alg: 'EdDSA' },
+      payload: { foo: 'bar' },
+    });
+
+    try {
+      await jwt.verify(testVerifier);
+    } catch (e: unknown) {
+      expect(e).toBeInstanceOf(SDJWTException);
+    }
+  });
 });

package/src/test/sdjwt.spec.ts

@@ -376,7 +376,9 @@ describe('SD JWT', () => {
 
     const credential = sdJwt.encodeSDJwt();
     const decoded = await SDJwt.decodeSDJwt(credential, hasher);
-    expect(jwt).toEqual(decoded.jwt);
+    expect(jwt.header).toEqual(decoded.jwt.header);
+    expect(jwt.payload).toEqual(decoded.jwt.payload);
+    expect(jwt.signature).toEqual(decoded.jwt.signature);
     expect(decoded.disclosures).toEqual([]);
   });
 });