@sd-jwt/core 0.7.2 → 0.8.0

package/src/flattenJSON.ts

@@ -0,0 +1,90 @@
+import { SDJWTException } from '@sd-jwt/utils';
+import { splitSdJwt } from '@sd-jwt/decode';
+import { SD_SEPARATOR } from '@sd-jwt/types';
+
+export type FlattenJSONData = {
+  jwtData: {
+    protected: string;
+    payload: string;
+    signature: string;
+  };
+  disclosures: Array<string>;
+  kb_jwt?: string;
+};
+
+export type FlattenJSONSerialized = {
+  payload: string;
+  signature: string;
+  protected: string;
+  header: {
+    disclosures: Array<string>;
+    kb_jwt?: string;
+  };
+};
+
+export class FlattenJSON {
+  public disclosures: Array<string>;
+  public kb_jwt?: string;
+
+  public payload: string;
+  public signature: string;
+  public protected: string;
+
+  constructor(data: FlattenJSONData) {
+    this.disclosures = data.disclosures;
+    this.kb_jwt = data.kb_jwt;
+    this.payload = data.jwtData.payload;
+    this.signature = data.jwtData.signature;
+    this.protected = data.jwtData.protected;
+  }
+
+  public static fromEncode(encodedSdJwt: string) {
+    const { jwt, disclosures, kbJwt } = splitSdJwt(encodedSdJwt);
+
+    const { 0: protectedHeader, 1: payload, 2: signature } = jwt.split('.');
+    if (!protectedHeader || !payload || !signature) {
+      throw new SDJWTException('Invalid JWT');
+    }
+
+    return new FlattenJSON({
+      jwtData: {
+        protected: protectedHeader,
+        payload,
+        signature,
+      },
+      disclosures,
+      kb_jwt: kbJwt,
+    });
+  }
+
+  public static fromSerialized(json: FlattenJSONSerialized) {
+    return new FlattenJSON({
+      jwtData: {
+        protected: json.protected,
+        payload: json.payload,
+        signature: json.signature,
+      },
+      disclosures: json.header.disclosures,
+      kb_jwt: json.header.kb_jwt,
+    });
+  }
+
+  public toJson(): FlattenJSONSerialized {
+    return {
+      payload: this.payload,
+      signature: this.signature,
+      protected: this.protected,
+      header: {
+        disclosures: this.disclosures,
+        kb_jwt: this.kb_jwt,
+      },
+    };
+  }
+
+  public toEncoded() {
+    const jwt = `${this.protected}.${this.payload}.${this.signature}`;
+    const disclosures = this.disclosures.join(SD_SEPARATOR);
+    const kb_jwt = this.kb_jwt ?? '';
+    return [jwt, disclosures, kb_jwt].join(SD_SEPARATOR);
+  }
+}

package/src/generalJSON.ts

@@ -0,0 +1,140 @@
+import { base64urlEncode, SDJWTException } from '@sd-jwt/utils';
+import { splitSdJwt } from '@sd-jwt/decode';
+import { SD_SEPARATOR, type Signer } from '@sd-jwt/types';
+
+export type GeneralJSONData = {
+  payload: string;
+  disclosures: Array<string>;
+  kb_jwt?: string;
+  signatures: Array<{
+    protected: string;
+    signature: string;
+    kid?: string;
+  }>;
+};
+
+export type GeneralJSONSerialized = {
+  payload: string;
+  signatures: Array<{
+    header: {
+      disclosures?: Array<string>;
+      kid?: string;
+      kb_jwt?: string;
+    };
+    protected: string;
+    signature: string;
+  }>;
+};
+
+export class GeneralJSON {
+  public payload: string;
+  public disclosures: Array<string>;
+  public kb_jwt?: string;
+  public signatures: Array<{
+    protected: string;
+    signature: string;
+    kid?: string;
+  }>;
+
+  constructor(data: GeneralJSONData) {
+    this.payload = data.payload;
+    this.disclosures = data.disclosures;
+    this.kb_jwt = data.kb_jwt;
+    this.signatures = data.signatures;
+  }
+
+  public static fromEncode(encodedSdJwt: string) {
+    const { jwt, disclosures, kbJwt } = splitSdJwt(encodedSdJwt);
+
+    const { 0: protectedHeader, 1: payload, 2: signature } = jwt.split('.');
+    if (!protectedHeader || !payload || !signature) {
+      throw new SDJWTException('Invalid JWT');
+    }
+
+    return new GeneralJSON({
+      payload,
+      disclosures,
+      kb_jwt: kbJwt,
+      signatures: [
+        {
+          protected: protectedHeader,
+          signature,
+        },
+      ],
+    });
+  }
+
+  public static fromSerialized(json: GeneralJSONSerialized) {
+    if (!json.signatures[0]) {
+      throw new SDJWTException('Invalid JSON');
+    }
+    const disclosures = json.signatures[0].header?.disclosures ?? [];
+    const kb_jwt = json.signatures[0].header?.kb_jwt;
+    return new GeneralJSON({
+      payload: json.payload,
+      disclosures,
+      kb_jwt,
+      signatures: json.signatures.map((s) => {
+        return {
+          protected: s.protected,
+          signature: s.signature,
+          kid: s.header?.kid,
+        };
+      }),
+    });
+  }
+
+  public toJson() {
+    return {
+      payload: this.payload,
+      signatures: this.signatures.map((s, i) => {
+        if (i !== 0) {
+          // If present, disclosures and kb_jwt, MUST be included in the first unprotected header and
+          // MUST NOT be present in any following unprotected headers.
+          return {
+            header: {
+              kid: s.kid,
+            },
+            protected: s.protected,
+            signature: s.signature,
+          };
+        }
+        return {
+          header: {
+            disclosures: this.disclosures,
+            kid: s.kid,
+            kb_jwt: this.kb_jwt,
+          },
+          protected: s.protected,
+          signature: s.signature,
+        };
+      }),
+    };
+  }
+
+  public toEncoded(index: number) {
+    if (index < 0 || index >= this.signatures.length) {
+      throw new SDJWTException('Index out of bounds');
+    }
+
+    const { protected: protectedHeader, signature } = this.signatures[index];
+    const disclosures = this.disclosures.join(SD_SEPARATOR);
+    const kb_jwt = this.kb_jwt ?? '';
+    const jwt = `${protectedHeader}.${this.payload}.${signature}`;
+    return [jwt, disclosures, kb_jwt].join(SD_SEPARATOR);
+  }
+
+  public async addSignature(
+    protectedHeader: Record<string, unknown>,
+    signer: Signer,
+    kid?: string,
+  ) {
+    const header = base64urlEncode(JSON.stringify(protectedHeader));
+    const signature = await signer(`${header}.${this.payload}`);
+    this.signatures.push({
+      protected: header,
+      signature,
+      kid,
+    });
+  }
+}

package/src/index.ts

@@ -1,4 +1,9 @@
-import { SDJWTException, uint8ArrayToBase64Url } from '@sd-jwt/utils';
+import {
+  base64urlDecode,
+  base64urlEncode,
+  SDJWTException,
+  uint8ArrayToBase64Url,
+} from '@sd-jwt/utils';
 import { Jwt } from './jwt';
 import { KBJwt } from './kbjwt';
 import { SDJwt, pack } from './sdjwt';
@@ -10,14 +15,19 @@ import {
   type PresentationFrame,
   type SDJWTCompact,
   type SDJWTConfig,
+  type JwtPayload,
+  type Signer,
 } from '@sd-jwt/types';
 import { getSDAlgAndPayload } from '@sd-jwt/decode';
-import type { JwtPayload } from '@sd-jwt/types';
+import { FlattenJSON } from './flattenJSON';
+import { GeneralJSON } from './generalJSON';
 
 export * from './sdjwt';
 export * from './kbjwt';
 export * from './jwt';
 export * from './decoy';
+export * from './flattenJSON';
+export * from './generalJSON';
 
 export type SdJwtPayload = Record<string, unknown>;
 
@@ -25,7 +35,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
   //header type
   protected type?: string;
 
-  public static DEFAULT_hashAlg = 'sha-256';
+  public static readonly DEFAULT_hashAlg = 'sha-256';
 
   protected userConfig: SDJWTConfig = {};
 
@@ -310,4 +320,341 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
     const sdjwt = await SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
     return sdjwt.getClaims(this.userConfig.hasher);
   }
+
+  public toFlattenJSON(endcodedSDJwt: SDJWTCompact) {
+    return FlattenJSON.fromEncode(endcodedSDJwt);
+  }
+
+  public toGeneralJSON(endcodedSDJwt: SDJWTCompact) {
+    return GeneralJSON.fromEncode(endcodedSDJwt);
+  }
+}
+
+export class SDJwtGeneralJSONInstance<ExtendedPayload extends SdJwtPayload> {
+  //header type
+  protected type?: string;
+
+  public static readonly DEFAULT_hashAlg = 'sha-256';
+
+  protected userConfig: SDJWTConfig = {};
+
+  constructor(userConfig?: SDJWTConfig) {
+    if (userConfig) {
+      this.userConfig = userConfig;
+    }
+  }
+
+  private async createKBJwt(
+    options: KBOptions,
+    sdHash: string,
+  ): Promise<KBJwt> {
+    if (!this.userConfig.kbSigner) {
+      throw new SDJWTException('Key Binding Signer not found');
+    }
+    if (!this.userConfig.kbSignAlg) {
+      throw new SDJWTException('Key Binding sign algorithm not specified');
+    }
+
+    const { payload } = options;
+    const kbJwt = new KBJwt({
+      header: {
+        typ: KB_JWT_TYP,
+        alg: this.userConfig.kbSignAlg,
+      },
+      payload: { ...payload, sd_hash: sdHash },
+    });
+
+    await kbJwt.sign(this.userConfig.kbSigner);
+    return kbJwt;
+  }
+
+  private encodeObj(obj: Record<string, unknown>): string {
+    return base64urlEncode(JSON.stringify(obj));
+  }
+
+  public async issue<Payload extends ExtendedPayload>(
+    payload: Payload,
+    disclosureFrame: DisclosureFrame<Payload> | undefined,
+    options: {
+      sigs: Array<{
+        signer: Signer;
+        alg: string;
+        kid: string;
+        header?: Record<string, unknown>;
+      }>; // multiple signers for the credential
+    },
+  ): Promise<GeneralJSON> {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+
+    if (!this.userConfig.saltGenerator) {
+      throw new SDJWTException('SaltGenerator not found');
+    }
+
+    if (disclosureFrame) {
+      this.validateReservedFields<Payload>(disclosureFrame);
+    }
+
+    const hasher = this.userConfig.hasher;
+    const hashAlg = this.userConfig.hashAlg ?? SDJwtInstance.DEFAULT_hashAlg;
+
+    const { packedClaims, disclosures } = await pack(
+      payload,
+      disclosureFrame,
+      { hasher, alg: hashAlg },
+      this.userConfig.saltGenerator,
+    );
+
+    const encodedDisclosures = disclosures.map((d) => d.encode());
+    const encodedSDJwtPayload = this.encodeObj({
+      ...packedClaims,
+      _sd_alg: disclosureFrame ? hashAlg : undefined,
+    });
+
+    const signatures = await Promise.all(
+      options.sigs.map(async (s) => {
+        const { signer, alg, kid, header } = s;
+        const protectedHeader = { typ: this.type, alg, kid, ...header };
+        const encodedProtectedHeader = this.encodeObj(protectedHeader);
+        const signature = await signer(
+          `${encodedProtectedHeader}.${encodedSDJwtPayload}`,
+        );
+
+        return {
+          protected: encodedProtectedHeader,
+          kid,
+          signature,
+        };
+      }),
+    );
+
+    const generalJson = new GeneralJSON({
+      payload: encodedSDJwtPayload,
+      disclosures: encodedDisclosures,
+      signatures,
+    });
+
+    return generalJson;
+  }
+
+  /**
+   * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
+   * @param disclosureFrame
+   * @returns
+   */
+  protected validateReservedFields<T extends ExtendedPayload>(
+    disclosureFrame: DisclosureFrame<T>,
+  ) {
+    return;
+  }
+
+  public async present<T extends Record<string, unknown>>(
+    generalJSON: GeneralJSON,
+    presentationFrame?: PresentationFrame<T>,
+    options?: {
+      kb?: KBOptions;
+    },
+  ): Promise<GeneralJSON> {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    const hasher = this.userConfig.hasher;
+    const encodedSDJwt = generalJSON.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(encodedSDJwt, hasher);
+
+    if (!sdjwt.jwt?.payload) throw new SDJWTException('Payload not found');
+    const disclosures = await sdjwt.getPresentDisclosures(
+      presentationFrame,
+      hasher,
+    );
+    const encodedDisclosures = disclosures.map((d) => d.encode());
+    const presentedGeneralJSON = new GeneralJSON({
+      payload: generalJSON.payload,
+      disclosures: encodedDisclosures,
+      signatures: generalJSON.signatures,
+    });
+
+    if (!options?.kb) {
+      return presentedGeneralJSON;
+    }
+
+    const presentSdJwtWithoutKb = await sdjwt.present(
+      presentationFrame,
+      hasher,
+    );
+
+    const sdHashStr = await this.calculateSDHash(
+      presentSdJwtWithoutKb,
+      sdjwt,
+      hasher,
+    );
+
+    const kbJwt = await this.createKBJwt(options.kb, sdHashStr);
+    const encodedKbJwt = kbJwt.encodeJwt();
+    presentedGeneralJSON.kb_jwt = encodedKbJwt;
+    return presentedGeneralJSON;
+  }
+
+  // This function is for verifying the SD JWT
+  // If requiredClaimKeys is provided, it will check if the required claim keys are presentation in the SD JWT
+  // If requireKeyBindings is true, it will check if the key binding JWT is presentation and verify it
+  public async verify(
+    generalJSON: GeneralJSON,
+    requiredClaimKeys?: string[],
+    requireKeyBindings?: boolean,
+  ) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    const hasher = this.userConfig.hasher;
+
+    const { payload, headers } = await this.validate(generalJSON);
+
+    const encodedSDJwt = generalJSON.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(encodedSDJwt, hasher);
+    if (!sdjwt.jwt || !sdjwt.jwt.payload) {
+      throw new SDJWTException('Invalid SD JWT');
+    }
+
+    if (requiredClaimKeys) {
+      const keys = await sdjwt.keys(hasher);
+      const missingKeys = requiredClaimKeys.filter((k) => !keys.includes(k));
+      if (missingKeys.length > 0) {
+        throw new SDJWTException(
+          `Missing required claim keys: ${missingKeys.join(', ')}`,
+        );
+      }
+    }
+
+    if (!requireKeyBindings) {
+      return { payload, headers };
+    }
+
+    if (!sdjwt.kbJwt) {
+      throw new SDJWTException('Key Binding JWT not exist');
+    }
+    if (!this.userConfig.kbVerifier) {
+      throw new SDJWTException('Key Binding Verifier not found');
+    }
+    const kb = await sdjwt.kbJwt.verifyKB({
+      verifier: this.userConfig.kbVerifier,
+      payload: payload as JwtPayload,
+    });
+    if (!kb) {
+      throw new Error('signature is not valid');
+    }
+    const sdHashfromKb = kb.payload.sd_hash;
+    const sdjwtWithoutKb = new SDJwt({
+      jwt: sdjwt.jwt,
+      disclosures: sdjwt.disclosures,
+    });
+
+    const presentSdJwtWithoutKb = sdjwtWithoutKb.encodeSDJwt();
+    const sdHashStr = await this.calculateSDHash(
+      presentSdJwtWithoutKb,
+      sdjwt,
+      hasher,
+    );
+
+    if (sdHashStr !== sdHashfromKb) {
+      throw new SDJWTException('Invalid sd_hash in Key Binding JWT');
+    }
+
+    return { payload, headers, kb };
+  }
+
+  private async calculateSDHash(
+    presentSdJwtWithoutKb: string,
+    sdjwt: SDJwt,
+    hasher: Hasher,
+  ) {
+    if (!sdjwt.jwt || !sdjwt.jwt.payload) {
+      throw new SDJWTException('Invalid SD JWT');
+    }
+    const { _sd_alg } = getSDAlgAndPayload(sdjwt.jwt.payload);
+    const sdHash = await hasher(presentSdJwtWithoutKb, _sd_alg);
+    const sdHashStr = uint8ArrayToBase64Url(sdHash);
+    return sdHashStr;
+  }
+
+  // This function is for validating the SD JWT
+  // Just checking signature and return its the claims
+  public async validate(generalJSON: GeneralJSON) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    if (!this.userConfig.verifier) {
+      throw new SDJWTException('Verifier not found');
+    }
+    const hasher = this.userConfig.hasher;
+    const verifier = this.userConfig.verifier;
+
+    const { payload, signatures } = generalJSON;
+
+    const results = await Promise.all(
+      signatures.map(async (s) => {
+        const { protected: encodedHeader, signature } = s;
+        const verified = await verifier(
+          `${encodedHeader}.${payload}`,
+          signature,
+        );
+        const header = JSON.parse(base64urlDecode(encodedHeader));
+        return { verified, header };
+      }),
+    );
+
+    const verified = results.every((r) => r.verified);
+    if (!verified) {
+      throw new SDJWTException('Signature is not valid');
+    }
+
+    const encodedSDJwt = generalJSON.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(encodedSDJwt, hasher);
+    if (!sdjwt.jwt) {
+      throw new SDJWTException('Invalid SD JWT');
+    }
+
+    const claims = await sdjwt.getClaims(hasher);
+    return { payload: claims, headers: results.map((r) => r.header) };
+  }
+
+  public config(newConfig: SDJWTConfig) {
+    this.userConfig = { ...this.userConfig, ...newConfig };
+  }
+
+  public encode(sdJwt: GeneralJSON, index: number): SDJWTCompact {
+    return sdJwt.toEncoded(index);
+  }
+
+  public decode(endcodedSDJwt: SDJWTCompact) {
+    return GeneralJSON.fromEncode(endcodedSDJwt);
+  }
+
+  public async keys(generalSdjwt: GeneralJSON) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    const endcodedSDJwt = generalSdjwt.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+    return sdjwt.keys(this.userConfig.hasher);
+  }
+
+  public async presentableKeys(generalSdjwt: GeneralJSON) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    const endcodedSDJwt = generalSdjwt.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+    return sdjwt.presentableKeys(this.userConfig.hasher);
+  }
+
+  public async getClaims(generalSdjwt: GeneralJSON) {
+    if (!this.userConfig.hasher) {
+      throw new SDJWTException('Hasher not found');
+    }
+    const endcodedSDJwt = generalSdjwt.toEncoded(0);
+    const sdjwt = await SDJwt.fromEncode(endcodedSDJwt, this.userConfig.hasher);
+    return sdjwt.getClaims(this.userConfig.hasher);
+  }
 }

package/src/sdjwt.ts

@@ -120,6 +120,19 @@ export class SDJwt<
     presentFrame: PresentationFrame<T> | undefined,
     hasher: Hasher,
   ): Promise<SDJWTCompact> {
+    const disclosures = await this.getPresentDisclosures(presentFrame, hasher);
+    const presentSDJwt = new SDJwt({
+      jwt: this.jwt,
+      disclosures,
+      kbJwt: this.kbJwt,
+    });
+    return presentSDJwt.encodeSDJwt();
+  }
+
+  public async getPresentDisclosures<T extends Record<string, unknown>>(
+    presentFrame: PresentationFrame<T> | undefined,
+    hasher: Hasher,
+  ): Promise<Disclosure<unknown>[]> {
     if (!this.jwt?.payload || !this.disclosures) {
       throw new SDJWTException('Invalid sd-jwt: jwt or disclosures is missing');
     }
@@ -138,12 +151,7 @@ export class SDJwt<
     const disclosures = keys
       .map((k) => hashmap[disclosureKeymap[k]])
       .filter((d) => d !== undefined);
-    const presentSDJwt = new SDJwt({
-      jwt: this.jwt,
-      disclosures,
-      kbJwt: this.kbJwt,
-    });
-    return presentSDJwt.encodeSDJwt();
+    return disclosures;
   }
 
   public encodeSDJwt(): SDJWTCompact {

package/src/test/flattenJSON.spec.ts

@@ -0,0 +1,56 @@
+import { describe, expect, test } from 'vitest';
+import { FlattenJSON } from '..';
+
+describe('FlattenJSON', () => {
+  test('fromEncode', () => {
+    const compact =
+      'eyJ0eXAiOiJzZCtqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpZCI6IjEyMzQiLCJfc2QiOlsiYkRUUnZtNS1Zbi1IRzdjcXBWUjVPVlJJWHNTYUJrNTdKZ2lPcV9qMVZJNCIsImV0M1VmUnlsd1ZyZlhkUEt6Zzc5aGNqRDFJdHpvUTlvQm9YUkd0TW9zRmsiLCJ6V2ZaTlMxOUF0YlJTVGJvN3NKUm4wQlpRdldSZGNob0M3VVphYkZyalk4Il0sIl9zZF9hbGciOiJzaGEtMjU2In0.n27NCtnuwytlBYtUNjgkesDP_7gN7bhaLhWNL4SWT6MaHsOjZ2ZMp987GgQRL6ZkLbJ7Cd3hlePHS84GBXPuvg~WyI1ZWI4Yzg2MjM0MDJjZjJlIiwiZmlyc3RuYW1lIiwiSm9obiJd~WyJjNWMzMWY2ZWYzNTg4MWJjIiwibGFzdG5hbWUiLCJEb2UiXQ~WyJmYTlkYTUzZWJjOTk3OThlIiwic3NuIiwiMTIzLTQ1LTY3ODkiXQ~eyJ0eXAiOiJrYitqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MTAwNjk3MjIsImF1ZCI6ImRpZDpleGFtcGxlOjEyMyIsIm5vbmNlIjoiazh2ZGYwbmQ2Iiwic2RfaGFzaCI6Il8tTmJWSzNmczl3VzNHaDNOUktSNEt1NmZDMUwzN0R2MFFfalBXd0ppRkUifQ.pqw2OB5IA5ya9Mxf60hE3nr2gsJEIoIlnuCa4qIisijHbwg3WzTDFmW2SuNvK_ORN0WU6RoGbJx5uYZh8k4EbA';
+    const flattenJSON = FlattenJSON.fromEncode(compact);
+    expect(flattenJSON).toBeDefined();
+
+    const result = {
+      payload:
+        'eyJpZCI6IjEyMzQiLCJfc2QiOlsiYkRUUnZtNS1Zbi1IRzdjcXBWUjVPVlJJWHNTYUJrNTdKZ2lPcV9qMVZJNCIsImV0M1VmUnlsd1ZyZlhkUEt6Zzc5aGNqRDFJdHpvUTlvQm9YUkd0TW9zRmsiLCJ6V2ZaTlMxOUF0YlJTVGJvN3NKUm4wQlpRdldSZGNob0M3VVphYkZyalk4Il0sIl9zZF9hbGciOiJzaGEtMjU2In0',
+      signature:
+        'n27NCtnuwytlBYtUNjgkesDP_7gN7bhaLhWNL4SWT6MaHsOjZ2ZMp987GgQRL6ZkLbJ7Cd3hlePHS84GBXPuvg',
+      protected: 'eyJ0eXAiOiJzZCtqd3QiLCJhbGciOiJFUzI1NiJ9',
+      header: {
+        disclosures: [
+          'WyI1ZWI4Yzg2MjM0MDJjZjJlIiwiZmlyc3RuYW1lIiwiSm9obiJd',
+          'WyJjNWMzMWY2ZWYzNTg4MWJjIiwibGFzdG5hbWUiLCJEb2UiXQ',
+          'WyJmYTlkYTUzZWJjOTk3OThlIiwic3NuIiwiMTIzLTQ1LTY3ODkiXQ',
+        ],
+        kb_jwt:
+          'eyJ0eXAiOiJrYitqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MTAwNjk3MjIsImF1ZCI6ImRpZDpleGFtcGxlOjEyMyIsIm5vbmNlIjoiazh2ZGYwbmQ2Iiwic2RfaGFzaCI6Il8tTmJWSzNmczl3VzNHaDNOUktSNEt1NmZDMUwzN0R2MFFfalBXd0ppRkUifQ.pqw2OB5IA5ya9Mxf60hE3nr2gsJEIoIlnuCa4qIisijHbwg3WzTDFmW2SuNvK_ORN0WU6RoGbJx5uYZh8k4EbA',
+      },
+    };
+
+    expect(flattenJSON.toJson()).toEqual(result);
+  });
+
+  test('fromSerialized', () => {
+    const flattenJSON = {
+      payload:
+        'eyJpZCI6IjEyMzQiLCJfc2QiOlsiYkRUUnZtNS1Zbi1IRzdjcXBWUjVPVlJJWHNTYUJrNTdKZ2lPcV9qMVZJNCIsImV0M1VmUnlsd1ZyZlhkUEt6Zzc5aGNqRDFJdHpvUTlvQm9YUkd0TW9zRmsiLCJ6V2ZaTlMxOUF0YlJTVGJvN3NKUm4wQlpRdldSZGNob0M3VVphYkZyalk4Il0sIl9zZF9hbGciOiJzaGEtMjU2In0',
+      signature:
+        'n27NCtnuwytlBYtUNjgkesDP_7gN7bhaLhWNL4SWT6MaHsOjZ2ZMp987GgQRL6ZkLbJ7Cd3hlePHS84GBXPuvg',
+      protected: 'eyJ0eXAiOiJzZCtqd3QiLCJhbGciOiJFUzI1NiJ9',
+      header: {
+        disclosures: [
+          'WyI1ZWI4Yzg2MjM0MDJjZjJlIiwiZmlyc3RuYW1lIiwiSm9obiJd',
+          'WyJjNWMzMWY2ZWYzNTg4MWJjIiwibGFzdG5hbWUiLCJEb2UiXQ',
+          'WyJmYTlkYTUzZWJjOTk3OThlIiwic3NuIiwiMTIzLTQ1LTY3ODkiXQ',
+        ],
+        kb_jwt:
+          'eyJ0eXAiOiJrYitqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MTAwNjk3MjIsImF1ZCI6ImRpZDpleGFtcGxlOjEyMyIsIm5vbmNlIjoiazh2ZGYwbmQ2Iiwic2RfaGFzaCI6Il8tTmJWSzNmczl3VzNHaDNOUktSNEt1NmZDMUwzN0R2MFFfalBXd0ppRkUifQ.pqw2OB5IA5ya9Mxf60hE3nr2gsJEIoIlnuCa4qIisijHbwg3WzTDFmW2SuNvK_ORN0WU6RoGbJx5uYZh8k4EbA',
+      },
+    };
+
+    const result = FlattenJSON.fromSerialized(flattenJSON);
+    expect(result).toBeDefined();
+    const compact =
+      'eyJ0eXAiOiJzZCtqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpZCI6IjEyMzQiLCJfc2QiOlsiYkRUUnZtNS1Zbi1IRzdjcXBWUjVPVlJJWHNTYUJrNTdKZ2lPcV9qMVZJNCIsImV0M1VmUnlsd1ZyZlhkUEt6Zzc5aGNqRDFJdHpvUTlvQm9YUkd0TW9zRmsiLCJ6V2ZaTlMxOUF0YlJTVGJvN3NKUm4wQlpRdldSZGNob0M3VVphYkZyalk4Il0sIl9zZF9hbGciOiJzaGEtMjU2In0.n27NCtnuwytlBYtUNjgkesDP_7gN7bhaLhWNL4SWT6MaHsOjZ2ZMp987GgQRL6ZkLbJ7Cd3hlePHS84GBXPuvg~WyI1ZWI4Yzg2MjM0MDJjZjJlIiwiZmlyc3RuYW1lIiwiSm9obiJd~WyJjNWMzMWY2ZWYzNTg4MWJjIiwibGFzdG5hbWUiLCJEb2UiXQ~WyJmYTlkYTUzZWJjOTk3OThlIiwic3NuIiwiMTIzLTQ1LTY3ODkiXQ~eyJ0eXAiOiJrYitqd3QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MTAwNjk3MjIsImF1ZCI6ImRpZDpleGFtcGxlOjEyMyIsIm5vbmNlIjoiazh2ZGYwbmQ2Iiwic2RfaGFzaCI6Il8tTmJWSzNmczl3VzNHaDNOUktSNEt1NmZDMUwzN0R2MFFfalBXd0ppRkUifQ.pqw2OB5IA5ya9Mxf60hE3nr2gsJEIoIlnuCa4qIisijHbwg3WzTDFmW2SuNvK_ORN0WU6RoGbJx5uYZh8k4EbA';
+
+    expect(result.toEncoded()).toEqual(compact);
+  });
+});