@sd-jwt/decode 0.1.2-alpha.0

package/README.md

@@ -0,0 +1,97 @@
+# Selective Disclosure JWT (SD-JWT) Draft 06 & Selective Disclosure JWT VC 01
+
+## Compliant with
+
+-   [sd-jwt
+    06](https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/06/)
+-   [sd-jwt-vc
+    01](https://datatracker.ietf.org/doc/draft-ietf-oauth-sd-jwt-vc/01/)
+
+## Design decisions
+
+### Bring your own crypto
+
+This library does not provide any of the cryptographic primitives required for
+encryption, decryption, signing, verification and hashing. It is expected that
+the user of this library provides this. The main reason for this is that most
+libraries have their own library and KMS. Providing private keys to this
+library adds another layer of insecurity which should be avoided. Hashing has
+not been added for platform compatibility between node,js, browser and React
+Native. In the future a platform-independent sha2-256 may be provided.
+
+### Specification backwards compatibility
+
+Since these specifications are in early drafts, no time will be spend in
+supporting earlier versions of the specifications. This library may work for
+older versions, e.g. the addition of selectively disclosable items in an array
+does not break previous implementations. Once a non-draft specification is
+released it will stay up-to-date with that version.
+
+### Dependencies
+
+This library only has one dependency on `buffer` which makes sure this library
+works in Node.js, the browser and React Native. Buffer is used internally for
+`base64-url-no-pad` encoding.
+
+### Usage
+
+I'd highly recommend to check out the [examples folder](example) to see how
+this library can be leveraged.
+
+### Issuance API
+
+The issuance API takes an object called a `disclosureFrame`. This
+`disclosureFrame` is a Boolean Map of the payload which allows you to specify
+which attributes of the payload may be selectively disclosed. If an attribute is not provided in the `disclosureFrame`, it will be included in the clear-text payload. For example:
+
+```jsonc
+// The payload
+{
+    "iss": "https://example.org/issuer",
+    "is_age_over_21": true,
+    "is_age_over_24": true,
+    "is_age_over_65": false,
+    "date_of_birth": "1990-01-01",
+    "address": {
+        "street": "some street",
+        "house_number": 200,
+        "zipcode": "2344GH"
+    }
+}
+```
+
+```jsonc
+// The disclosure frame
+{
+    "is_age_over_21": true,
+    "is_age_over_24": true,
+    "is_age_over_65": true,
+    "date_of_birth": true,
+    "address": {
+        "street": true,
+        "house_number": true,
+        "zipcode": true
+    }
+}
+
+// or to only disclose the address as a group
+{
+    "is_age_over_21": true,
+    "is_age_over_24": true,
+    "is_age_over_65": true,
+    "date_of_birth": true,
+    "address": true
+}
+```
+
+### Presentation and verification API
+
+Since there is officially standardized way to request and present a
+presentation, [High Assurance Interoperability
+Profile](https://vcstuff.github.io/oid4vc-haip-sd-jwt-vc/draft-oid4vc-haip-sd-jwt-vc.html)
+may be used, the API is defined in a way which works in a primitive manner for
+now. For example, to present you can provide a list of indices of the
+disclosures which will be included. Examples of this can be found in the
+[examples folder](example). For verification a list of keys or required
+claims can be provided. It does not matter whether these are selectively
+disclosable claims, or if they are included inside the payload.

package/build/disclosures/calculateDigest.d.ts

@@ -0,0 +1,5 @@
+import type { AsyncHasher, Hasher } from '@sd-jwt/types';
+import type { Disclosure, DisclosureWithDigest } from '@sd-jwt/types';
+import { HasherAlgorithm } from '@sd-jwt/utils';
+export type CalculateDigestReturnType<HasherImplementation extends Hasher | AsyncHasher> = ReturnType<HasherImplementation> extends Promise<any> ? Promise<DisclosureWithDigest> : DisclosureWithDigest;
+export declare const disclosureCalculateDigest: <HI extends Hasher | AsyncHasher>(disclosure: Disclosure, algorithm: HasherAlgorithm, hasher: HI) => CalculateDigestReturnType<HI>;

package/build/disclosures/calculateDigest.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.disclosureCalculateDigest = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const toArray_1 = require("./toArray");
+const disclosureCalculateDigest = (disclosure, algorithm, hasher) => {
+    const encoded = utils_1.Base64url.encodeFromJson((0, toArray_1.disclosureToArray)(disclosure));
+    const digest = hasher(encoded, algorithm);
+    return ((0, utils_1.isPromise)(digest)
+        ? digest.then(utils_1.Base64url.encode)
+        : utils_1.Base64url.encode(digest));
+};
+exports.disclosureCalculateDigest = disclosureCalculateDigest;
+//# sourceMappingURL=calculateDigest.js.map

package/build/disclosures/calculateDigest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"calculateDigest.js","sourceRoot":"","sources":["../../src/disclosures/calculateDigest.ts"],"names":[],"mappings":";;;AAEA,yCAAqE;AACrE,uCAA6C;AAQtC,MAAM,yBAAyB,GAAG,CACrC,UAAsB,EACtB,SAA0B,EAC1B,MAAU,EACmB,EAAE;IAC/B,MAAM,OAAO,GAAG,iBAAS,CAAC,cAAc,CAAC,IAAA,2BAAiB,EAAC,UAAU,CAAC,CAAC,CAAA;IACvE,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,CAAA;IAEzC,OAAO,CACH,IAAA,iBAAS,EAAC,MAAM,CAAC;QACb,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAS,CAAC,MAAM,CAAC;QAC/B,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CACA,CAAA;AACtC,CAAC,CAAA;AAbY,QAAA,yBAAyB,6BAarC"}

package/build/disclosures/fromArray.d.ts

@@ -0,0 +1,2 @@
+import { Disclosure, DisclosureArray } from '@sd-jwt/types';
+export declare const disclosureFromArray: (a: DisclosureArray) => Disclosure;

package/build/disclosures/fromArray.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.disclosureFromArray = void 0;
+const disclosureFromArray = (a) => a[2]
+    ? { salt: a[0], key: a[1], value: a[2] }
+    : { salt: a[0], value: a[1] };
+exports.disclosureFromArray = disclosureFromArray;
+//# sourceMappingURL=fromArray.js.map

package/build/disclosures/fromArray.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromArray.js","sourceRoot":"","sources":["../../src/disclosures/fromArray.ts"],"names":[],"mappings":";;;AAEO,MAAM,mBAAmB,GAAG,CAAC,CAAkB,EAAc,EAAE,CAClE,CAAC,CAAC,CAAC,CAAC;IACA,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAW,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE;IAClD,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;AAHxB,QAAA,mBAAmB,uBAGK"}

package/build/disclosures/fromString.d.ts

@@ -0,0 +1,2 @@
+import type { Disclosure } from '@sd-jwt/types';
+export declare const disclosureFromString: (s: string) => Disclosure;

package/build/disclosures/fromString.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.disclosureFromString = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const fromArray_1 = require("./fromArray");
+const disclosureFromString = (s) => {
+    const item = utils_1.Base64url.decodeToJson(s);
+    return (0, fromArray_1.disclosureFromArray)(item);
+};
+exports.disclosureFromString = disclosureFromString;
+//# sourceMappingURL=fromString.js.map

package/build/disclosures/fromString.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromString.js","sourceRoot":"","sources":["../../src/disclosures/fromString.ts"],"names":[],"mappings":";;;AACA,yCAAyC;AACzC,2CAAiD;AAE1C,MAAM,oBAAoB,GAAG,CAAC,CAAS,EAAc,EAAE;IAC1D,MAAM,IAAI,GAAG,iBAAS,CAAC,YAAY,CAAkB,CAAC,CAAC,CAAA;IACvD,OAAO,IAAA,+BAAmB,EAAC,IAAI,CAAC,CAAA;AACpC,CAAC,CAAA;AAHY,QAAA,oBAAoB,wBAGhC"}

package/build/disclosures/index.d.ts

@@ -0,0 +1,4 @@
+export * from './toArray';
+export * from './fromArray';
+export * from './fromString';
+export * from './calculateDigest';

package/build/disclosures/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./toArray"), exports);
+__exportStar(require("./fromArray"), exports);
+__exportStar(require("./fromString"), exports);
+__exportStar(require("./calculateDigest"), exports);
+//# sourceMappingURL=index.js.map

package/build/disclosures/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/disclosures/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,8CAA2B;AAC3B,+CAA4B;AAC5B,oDAAiC"}

package/build/disclosures/toArray.d.ts

@@ -0,0 +1,2 @@
+import { Disclosure, DisclosureArray } from '@sd-jwt/types';
+export declare const disclosureToArray: (d: Disclosure) => DisclosureArray;

package/build/disclosures/toArray.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.disclosureToArray = void 0;
+const disclosureToArray = (d) => d.key ? [d.salt, d.key, d.value] : [d.salt, d.value];
+exports.disclosureToArray = disclosureToArray;
+//# sourceMappingURL=toArray.js.map

package/build/disclosures/toArray.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toArray.js","sourceRoot":"","sources":["../../src/disclosures/toArray.ts"],"names":[],"mappings":";;;AAEO,MAAM,iBAAiB,GAAG,CAAC,CAAa,EAAmB,EAAE,CAChE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAA;AAD3C,QAAA,iBAAiB,qBAC0B"}

package/build/index.d.ts

@@ -0,0 +1,5 @@
+export { jwtFromCompact } from './jwt';
+export { sdJwtFromCompact } from './sdJwt';
+export { decodeSdJwtVc, sdJwtVcFromCompact } from './sdJwtVc';
+export { keyBindingFromCompact } from './keyBinding';
+export { disclosureCalculateDigest, disclosureToArray, disclosureFromArray, disclosureFromString } from './disclosures';

package/build/index.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.disclosureFromString = exports.disclosureFromArray = exports.disclosureToArray = exports.disclosureCalculateDigest = exports.keyBindingFromCompact = exports.sdJwtVcFromCompact = exports.decodeSdJwtVc = exports.sdJwtFromCompact = exports.jwtFromCompact = void 0;
+var jwt_1 = require("./jwt");
+Object.defineProperty(exports, "jwtFromCompact", { enumerable: true, get: function () { return jwt_1.jwtFromCompact; } });
+var sdJwt_1 = require("./sdJwt");
+Object.defineProperty(exports, "sdJwtFromCompact", { enumerable: true, get: function () { return sdJwt_1.sdJwtFromCompact; } });
+var sdJwtVc_1 = require("./sdJwtVc");
+Object.defineProperty(exports, "decodeSdJwtVc", { enumerable: true, get: function () { return sdJwtVc_1.decodeSdJwtVc; } });
+Object.defineProperty(exports, "sdJwtVcFromCompact", { enumerable: true, get: function () { return sdJwtVc_1.sdJwtVcFromCompact; } });
+var keyBinding_1 = require("./keyBinding");
+Object.defineProperty(exports, "keyBindingFromCompact", { enumerable: true, get: function () { return keyBinding_1.keyBindingFromCompact; } });
+var disclosures_1 = require("./disclosures");
+Object.defineProperty(exports, "disclosureCalculateDigest", { enumerable: true, get: function () { return disclosures_1.disclosureCalculateDigest; } });
+Object.defineProperty(exports, "disclosureToArray", { enumerable: true, get: function () { return disclosures_1.disclosureToArray; } });
+Object.defineProperty(exports, "disclosureFromArray", { enumerable: true, get: function () { return disclosures_1.disclosureFromArray; } });
+Object.defineProperty(exports, "disclosureFromString", { enumerable: true, get: function () { return disclosures_1.disclosureFromString; } });
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6BAAsC;AAA7B,qGAAA,cAAc,OAAA;AACvB,iCAA0C;AAAjC,yGAAA,gBAAgB,OAAA;AACzB,qCAA6D;AAApD,wGAAA,aAAa,OAAA;AAAE,6GAAA,kBAAkB,OAAA;AAC1C,2CAAoD;AAA3C,mHAAA,qBAAqB,OAAA;AAE9B,6CAKsB;AAJlB,wHAAA,yBAAyB,OAAA;AACzB,gHAAA,iBAAiB,OAAA;AACjB,kHAAA,mBAAmB,OAAA;AACnB,mHAAA,oBAAoB,OAAA"}

package/build/jwt/fromCompact.d.ts

@@ -0,0 +1,5 @@
+export declare const jwtFromCompact: <Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string) => {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+};

package/build/jwt/fromCompact.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.jwtFromCompact = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const jwtFromCompact = (compact) => {
+    if (compact.includes('~')) {
+        throw new Error('compact JWT includes `~` which is only allowed in an sd-jwt. Please use sdJwtFromCompact() instead.');
+    }
+    if ((compact.match(/\./g) || []).length !== 2) {
+        throw new Error('compact JWT must include two periods (.)');
+    }
+    const [compactHeader, compactPayload, encodedSignature] = compact.split('.');
+    if (!encodedSignature || encodedSignature.length === 0) {
+        throw new Error('A signature must be provided within the context of sd-jwt');
+    }
+    const header = utils_1.Base64url.decodeToJson(compactHeader);
+    const payload = utils_1.Base64url.decodeToJson(compactPayload);
+    const signature = utils_1.Base64url.decode(encodedSignature);
+    return {
+        header,
+        payload,
+        signature
+    };
+};
+exports.jwtFromCompact = jwtFromCompact;
+//# sourceMappingURL=fromCompact.js.map

package/build/jwt/fromCompact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromCompact.js","sourceRoot":"","sources":["../../src/jwt/fromCompact.ts"],"names":[],"mappings":";;;AAAA,yCAAyC;AAElC,MAAM,cAAc,GAAG,CAI1B,OAAe,EACjB,EAAE;IACA,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CACX,qGAAqG,CACxG,CAAA;IACL,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC/D,CAAC;IAED,MAAM,CAAC,aAAa,EAAE,cAAc,EAAE,gBAAgB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAE5E,IAAI,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CACX,2DAA2D,CAC9D,CAAA;IACL,CAAC;IAED,MAAM,MAAM,GAAG,iBAAS,CAAC,YAAY,CAAS,aAAa,CAAC,CAAA;IAC5D,MAAM,OAAO,GAAG,iBAAS,CAAC,YAAY,CAAU,cAAc,CAAC,CAAA;IAC/D,MAAM,SAAS,GAAG,iBAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;IAEpD,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;KACZ,CAAA;AACL,CAAC,CAAA;AAjCY,QAAA,cAAc,kBAiC1B"}

package/build/jwt/index.d.ts

@@ -0,0 +1 @@
+export * from './fromCompact';

package/build/jwt/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./fromCompact"), exports);
+//# sourceMappingURL=index.js.map

package/build/jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA6B"}

package/build/keyBinding/assertValid.js

@@ -0,0 +1,2 @@
+"use strict";
+//# sourceMappingURL=assertValid.js.map

package/build/keyBinding/assertValid.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assertValid.js","sourceRoot":"","sources":["../../src/keyBinding/assertValid.ts"],"names":[],"mappings":""}

package/build/keyBinding/fromCompact.d.ts

@@ -0,0 +1,5 @@
+export declare const keyBindingFromCompact: <Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string) => {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+};

package/build/keyBinding/fromCompact.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.keyBindingFromCompact = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const jwt_1 = require("../jwt");
+const keyBindingFromCompact = (compact) => {
+    const jwt = (0, jwt_1.jwtFromCompact)(compact);
+    try {
+        (0, utils_1.assertClaimInObject)(jwt.header, 'typ', 'kb+jwt');
+        (0, utils_1.assertClaimInObject)(jwt.header, 'alg');
+        (0, utils_1.assertClaimInObject)(jwt.payload, 'iat');
+        (0, utils_1.assertClaimInObject)(jwt.payload, 'nonce');
+        (0, utils_1.assertClaimInObject)(jwt.payload, 'aud');
+    }
+    catch (e) {
+        if (e instanceof Error) {
+            e.message = `jwt is not valid for usage with key binding. Error: ${e.message}`;
+        }
+        throw e;
+    }
+    return jwt;
+};
+exports.keyBindingFromCompact = keyBindingFromCompact;
+//# sourceMappingURL=fromCompact.js.map

package/build/keyBinding/fromCompact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromCompact.js","sourceRoot":"","sources":["../../src/keyBinding/fromCompact.ts"],"names":[],"mappings":";;;AAAA,yCAAmD;AACnD,gCAAuC;AAEhC,MAAM,qBAAqB,GAAG,CAIjC,OAAe,EACjB,EAAE;IACA,MAAM,GAAG,GAAG,IAAA,oBAAc,EAAkB,OAAO,CAAC,CAAA;IAEpD,IAAI,CAAC;QACD,IAAA,2BAAmB,EAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;QAChD,IAAA,2BAAmB,EAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAEtC,IAAA,2BAAmB,EAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvC,IAAA,2BAAmB,EAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QACzC,IAAA,2BAAmB,EAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAC3C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,OAAO,GAAG,uDAAuD,CAAC,CAAC,OAAO,EAAE,CAAA;QAClF,CAAC;QAED,MAAM,CAAC,CAAA;IACX,CAAC;IAED,OAAO,GAAG,CAAA;AACd,CAAC,CAAA;AAxBY,QAAA,qBAAqB,yBAwBjC"}

package/build/keyBinding/index.d.ts

@@ -0,0 +1 @@
+export * from './fromCompact';

package/build/keyBinding/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./fromCompact"), exports);
+//# sourceMappingURL=index.js.map

package/build/keyBinding/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keyBinding/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA6B"}

package/build/sdJwt/fromCompact.d.ts

@@ -0,0 +1,17 @@
+export declare const sdJwtFromCompact: <Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string) => {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+    keyBinding?: undefined;
+    disclosures?: undefined;
+} | {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+    keyBinding: {
+        header: Record<string, unknown>;
+        payload: Record<string, unknown>;
+        signature: Uint8Array;
+    } | undefined;
+    disclosures: import("@sd-jwt/types").Disclosure[];
+};

package/build/sdJwt/fromCompact.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sdJwtFromCompact = void 0;
+const fromString_1 = require("../disclosures/fromString");
+const jwt_1 = require("../jwt");
+const keyBinding_1 = require("../keyBinding");
+const sdJwtFromCompact = (compact) => {
+    const [jwtWithoutDisclosures, ...encodedDisclosures] = compact.split('~');
+    const { header, payload, signature } = (0, jwt_1.jwtFromCompact)(jwtWithoutDisclosures);
+    if (encodedDisclosures.length === 0) {
+        return {
+            header,
+            payload,
+            signature
+        };
+    }
+    const hasKeyBinding = !compact.endsWith('~');
+    // If the disclosure array ends with an `~` we do not have
+    // a key binding and `String.split` takes it as an empty string
+    // as element which we would not like to include in the disclosures.
+    if (!hasKeyBinding)
+        encodedDisclosures.pop();
+    const compactKeyBinding = hasKeyBinding
+        ? encodedDisclosures.pop()
+        : undefined;
+    const keyBinding = compactKeyBinding
+        ? (0, keyBinding_1.keyBindingFromCompact)(compactKeyBinding)
+        : undefined;
+    const disclosures = encodedDisclosures.map(fromString_1.disclosureFromString);
+    return {
+        header,
+        payload,
+        signature,
+        keyBinding,
+        disclosures
+    };
+};
+exports.sdJwtFromCompact = sdJwtFromCompact;
+//# sourceMappingURL=fromCompact.js.map

package/build/sdJwt/fromCompact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromCompact.js","sourceRoot":"","sources":["../../src/sdJwt/fromCompact.ts"],"names":[],"mappings":";;;AAAA,0DAAgE;AAChE,gCAAuC;AACvC,8CAAqD;AAE9C,MAAM,gBAAgB,GAAG,CAI5B,OAAe,EACjB,EAAE;IACA,MAAM,CAAC,qBAAqB,EAAE,GAAG,kBAAkB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEzE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAA,oBAAc,EACjD,qBAAqB,CACxB,CAAA;IAED,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO;YACH,MAAM;YACN,OAAO;YACP,SAAS;SACZ,CAAA;IACL,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAE5C,0DAA0D;IAC1D,+DAA+D;IAC/D,oEAAoE;IACpE,IAAI,CAAC,aAAa;QAAE,kBAAkB,CAAC,GAAG,EAAE,CAAA;IAE5C,MAAM,iBAAiB,GAAG,aAAa;QACnC,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE;QAC1B,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,UAAU,GAAG,iBAAiB;QAChC,CAAC,CAAC,IAAA,kCAAqB,EAAC,iBAAiB,CAAC;QAC1C,CAAC,CAAC,SAAS,CAAA;IAEf,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,iCAAoB,CAAC,CAAA;IAEhE,OAAO;QACH,MAAM;QACN,OAAO;QACP,SAAS;QACT,UAAU;QACV,WAAW;KACd,CAAA;AACL,CAAC,CAAA;AA5CY,QAAA,gBAAgB,oBA4C5B"}

package/build/sdJwt/index.d.ts

@@ -0,0 +1 @@
+export * from './fromCompact';

package/build/sdJwt/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./fromCompact"), exports);
+//# sourceMappingURL=index.js.map

package/build/sdJwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdJwt/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA6B"}

package/build/sdJwtVc/decode.d.ts

@@ -0,0 +1,18 @@
+import type { AsyncHasher, Hasher } from '@sd-jwt/types';
+export declare const decodeSdJwtVc: <HI extends Hasher | AsyncHasher>(compact: string, hasher: HI) => {
+    compactSdJwtVc: string;
+    signedPayload: Record<string, unknown>;
+    header: Record<string, unknown>;
+    signature: Uint8Array;
+    keyBinding: {
+        header: Record<string, unknown>;
+        payload: Record<string, unknown>;
+        signature: Uint8Array;
+    } | undefined;
+    disclosures: {
+        digest: import("../disclosures/calculateDigest").CalculateDigestReturnType<HI>;
+        decoded: import("@sd-jwt/types").Disclosure;
+        encoded: import("@sd-jwt/types").DisclosureArray;
+    }[];
+    decodedPayload: Record<string, unknown>;
+};

package/build/sdJwtVc/decode.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeSdJwtVc = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const fromCompact_1 = require("./fromCompact");
+const utils_2 = require("@sd-jwt/utils");
+const calculateDigest_1 = require("../disclosures/calculateDigest");
+const toArray_1 = require("../disclosures/toArray");
+const decodeSdJwtVc = (compact, hasher) => {
+    var _a, _b;
+    const { header, payload, signature, keyBinding, disclosures } = (0, fromCompact_1.sdJwtVcFromCompact)(compact);
+    const hasherAlgorithm = (_a = (0, utils_2.getValueByKeyAnyLevel)(payload, '_sd_alg')) !== null && _a !== void 0 ? _a : utils_1.HasherAlgorithm.Sha256;
+    const disclosureWithDigests = (_b = disclosures === null || disclosures === void 0 ? void 0 : disclosures.map((d) => ({
+        digest: (0, calculateDigest_1.disclosureCalculateDigest)(d, hasherAlgorithm, hasher),
+        decoded: d,
+        encoded: (0, toArray_1.disclosureToArray)(d)
+    }))) !== null && _b !== void 0 ? _b : [];
+    return {
+        compactSdJwtVc: compact,
+        signedPayload: payload,
+        header,
+        signature,
+        keyBinding,
+        disclosures: disclosureWithDigests,
+        decodedPayload: (0, utils_2.swapClaims)(payload, disclosureWithDigests.map((d) => (Object.assign(Object.assign({}, d.decoded), { digest: d.digest }))))
+    };
+};
+exports.decodeSdJwtVc = decodeSdJwtVc;
+//# sourceMappingURL=decode.js.map

package/build/sdJwtVc/decode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decode.js","sourceRoot":"","sources":["../../src/sdJwtVc/decode.ts"],"names":[],"mappings":";;;AAEA,yCAA+C;AAC/C,+CAAkD;AAClD,yCAAiE;AACjE,oEAA0E;AAC1E,oDAA0D;AAEnD,MAAM,aAAa,GAAG,CACzB,OAAe,EACf,MAAU,EACZ,EAAE;;IACA,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,GACzD,IAAA,gCAAkB,EAAC,OAAO,CAAC,CAAA;IAE/B,MAAM,eAAe,GACjB,MAAA,IAAA,6BAAqB,EAAkB,OAAO,EAAE,SAAS,CAAC,mCAC1D,uBAAe,CAAC,MAAM,CAAA;IAE1B,MAAM,qBAAqB,GACvB,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrB,MAAM,EAAE,IAAA,2CAAyB,EAAC,CAAC,EAAE,eAAe,EAAE,MAAM,CAAC;QAC7D,OAAO,EAAE,CAAC;QACV,OAAO,EAAE,IAAA,2BAAiB,EAAC,CAAC,CAAC;KAChC,CAAC,CAAC,mCAAI,EAAE,CAAA;IAEb,OAAO;QACH,cAAc,EAAE,OAAO;QACvB,aAAa,EAAE,OAAO;QACtB,MAAM;QACN,SAAS;QACT,UAAU;QACV,WAAW,EAAE,qBAAqB;QAClC,cAAc,EAAE,IAAA,kBAAU,EACtB,OAAO,EACP,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iCAC1B,CAAC,CAAC,OAAO,KACZ,MAAM,EAAE,CAAC,CAAC,MAAM,IAClB,CAA2C,CAChD;KACJ,CAAA;AACL,CAAC,CAAA;AAjCY,QAAA,aAAa,iBAiCzB"}

package/build/sdJwtVc/fromCompact.d.ts

@@ -0,0 +1,17 @@
+export declare const sdJwtVcFromCompact: <Header extends Record<string, unknown> = Record<string, unknown>, Payload extends Record<string, unknown> = Record<string, unknown>>(compact: string) => {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+    keyBinding?: undefined;
+    disclosures?: undefined;
+} | {
+    header: Header;
+    payload: Payload;
+    signature: Uint8Array;
+    keyBinding: {
+        header: Record<string, unknown>;
+        payload: Record<string, unknown>;
+        signature: Uint8Array;
+    } | undefined;
+    disclosures: import("@sd-jwt/types").Disclosure[];
+};

package/build/sdJwtVc/fromCompact.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sdJwtVcFromCompact = void 0;
+const utils_1 = require("@sd-jwt/utils");
+const fromCompact_1 = require("../sdJwt/fromCompact");
+const sdJwtVcFromCompact = (compact) => {
+    const sdJwt = (0, fromCompact_1.sdJwtFromCompact)(compact);
+    try {
+        (0, utils_1.assertClaimInObject)(sdJwt.header, 'typ', 'vc+sd-jwt');
+        (0, utils_1.assertClaimInObject)(sdJwt.header, 'alg');
+        (0, utils_1.assertClaimInObject)(sdJwt.payload, 'iss');
+        (0, utils_1.assertClaimInObject)(sdJwt.payload, 'vct');
+        (0, utils_1.assertClaimInObject)(sdJwt.payload, 'iat');
+        (0, utils_1.assertClaimInObject)(sdJwt.payload, 'cnf');
+    }
+    catch (e) {
+        if (e instanceof Error) {
+            e.message = `jwt is not valid for usage with sd-jwt-vc. Error: ${e.message}`;
+        }
+        throw e;
+    }
+    return sdJwt;
+};
+exports.sdJwtVcFromCompact = sdJwtVcFromCompact;
+//# sourceMappingURL=fromCompact.js.map

package/build/sdJwtVc/fromCompact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fromCompact.js","sourceRoot":"","sources":["../../src/sdJwtVc/fromCompact.ts"],"names":[],"mappings":";;;AAAA,yCAAmD;AACnD,sDAAuD;AAEhD,MAAM,kBAAkB,GAAG,CAI9B,OAAe,EACjB,EAAE;IACA,MAAM,KAAK,GAAG,IAAA,8BAAgB,EAAkB,OAAO,CAAC,CAAA;IAExD,IAAI,CAAC;QACD,IAAA,2BAAmB,EAAC,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,WAAW,CAAC,CAAA;QACrD,IAAA,2BAAmB,EAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACxC,IAAA,2BAAmB,EAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACzC,IAAA,2BAAmB,EAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACzC,IAAA,2BAAmB,EAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACzC,IAAA,2BAAmB,EAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAC7C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;YACrB,CAAC,CAAC,OAAO,GAAG,qDAAqD,CAAC,CAAC,OAAO,EAAE,CAAA;QAChF,CAAC;QAED,MAAM,CAAC,CAAA;IACX,CAAC;IAED,OAAO,KAAK,CAAA;AAChB,CAAC,CAAA;AAxBY,QAAA,kBAAkB,sBAwB9B"}

package/build/sdJwtVc/index.d.ts

@@ -0,0 +1,2 @@
+export * from './decode';
+export * from './fromCompact';

package/build/sdJwtVc/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./decode"), exports);
+__exportStar(require("./fromCompact"), exports);
+//# sourceMappingURL=index.js.map

package/build/sdJwtVc/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdJwtVc/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAwB;AACxB,gDAA6B"}

package/package.json

@@ -0,0 +1,51 @@
+{
+    "name": "@sd-jwt/decode",
+    "version": "0.1.2-alpha.0",
+    "description": "Decode implementation of sd-jwt Draft 06 and sd-jwt-vc Draft 01",
+    "license": "(MIT OR Apache-2.0)",
+    "author": "Berend Sliedrecht <sliedrecht@berend.io>",
+    "readme": "../../README.md",
+    "keywords": [
+        "jwt",
+        "jwt-sd",
+        "sd-jwt",
+        "sd-jwt-vc",
+        "decentralized-identity",
+        "ssi",
+        "oauth",
+        "oauth2",
+        "openid-connect"
+    ],
+    "repository": {
+        "url": "https://github.com/berendsliedrecht/sd-jwt-ts",
+        "type": "git"
+    },
+    "homepage": "https://github.com/berendsliedrecht/sd-jwt-ts",
+    "bugs": {
+        "url": "https://github.com/berendsliedrecht/sd-jwt-ts/issues",
+        "email": "sliedrecht@berend.io"
+    },
+    "publishConfig": {
+        "access": "public"
+    },
+    "main": "build/index.js",
+    "files": [
+        "build",
+        "../../LICENSE-MIT",
+        "../../LICENSE-APACHE-2.0"
+    ],
+    "scripts": {
+        "build": "tsc",
+        "test": "node --require ts-node/register --test ./tests/*.test.ts",
+        "release": "release-it"
+    },
+    "dependencies": {
+        "@sd-jwt/types": "workspace:*",
+        "@sd-jwt/utils": "workspace:*"
+    },
+    "devDependencies": {
+        "@types/node": "*",
+        "ts-node": "*",
+        "typescript": "*"
+    }
+}