@sd-jwt/decode 0.3.0 → 2.0.2-next.26

package/dist/index.mjs

@@ -0,0 +1,249 @@
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __objRest = (source, exclude) => {
+  var target = {};
+  for (var prop in source)
+    if (__hasOwnProp.call(source, prop) && exclude.indexOf(prop) < 0)
+      target[prop] = source[prop];
+  if (source != null && __getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(source)) {
+      if (exclude.indexOf(prop) < 0 && __propIsEnum.call(source, prop))
+        target[prop] = source[prop];
+    }
+  return target;
+};
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+
+// src/decode.ts
+import { Base64urlDecode, SDJWTException, Disclosure } from "@sd-jwt/utils";
+import {
+  SD_DIGEST,
+  SD_LIST_KEY,
+  SD_SEPARATOR
+} from "@sd-jwt/types";
+var decodeJwt = (jwt) => {
+  const { 0: header, 1: payload, 2: signature, length } = jwt.split(".");
+  if (length !== 3) {
+    throw new SDJWTException("Invalid JWT as input");
+  }
+  return {
+    header: JSON.parse(Base64urlDecode(header)),
+    payload: JSON.parse(Base64urlDecode(payload)),
+    signature
+  };
+};
+var splitSdJwt = (sdjwt) => {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  if (encodedDisclosures.length === 0) {
+    return {
+      jwt: encodedJwt,
+      disclosures: []
+    };
+  }
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  return {
+    jwt: encodedJwt,
+    disclosures: encodedDisclosures,
+    kbJwt: encodedKeyBindingJwt || void 0
+  };
+};
+var decodeSdJwt = (sdjwt, hasher) => __async(void 0, null, function* () {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  const jwt = decodeJwt(encodedJwt);
+  if (encodedDisclosures.length === 0) {
+    return {
+      jwt,
+      disclosures: []
+    };
+  }
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  const kbJwt = encodedKeyBindingJwt ? decodeJwt(encodedKeyBindingJwt) : void 0;
+  const { _sd_alg } = getSDAlgAndPayload(jwt.payload);
+  const disclosures = yield Promise.all(
+    encodedDisclosures.map(
+      (ed) => Disclosure.fromEncode(ed, { alg: _sd_alg, hasher })
+    )
+  );
+  return {
+    jwt,
+    disclosures,
+    kbJwt
+  };
+});
+var decodeSdJwtSync = (sdjwt, hasher) => {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  const jwt = decodeJwt(encodedJwt);
+  if (encodedDisclosures.length === 0) {
+    return {
+      jwt,
+      disclosures: []
+    };
+  }
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  const kbJwt = encodedKeyBindingJwt ? decodeJwt(encodedKeyBindingJwt) : void 0;
+  const { _sd_alg } = getSDAlgAndPayload(jwt.payload);
+  const disclosures = encodedDisclosures.map(
+    (ed) => Disclosure.fromEncodeSync(ed, { alg: _sd_alg, hasher })
+  );
+  return {
+    jwt,
+    disclosures,
+    kbJwt
+  };
+};
+var getClaims = (rawPayload, disclosures, hasher) => __async(void 0, null, function* () {
+  const { unpackedObj } = yield unpack(rawPayload, disclosures, hasher);
+  return unpackedObj;
+});
+var getClaimsSync = (rawPayload, disclosures, hasher) => {
+  const { unpackedObj } = unpackSync(rawPayload, disclosures, hasher);
+  return unpackedObj;
+};
+var unpackArray = (arr, map, prefix = "") => {
+  const keys = {};
+  const unpackedArray = [];
+  arr.forEach((item, idx) => {
+    if (typeof item === "object" && item !== null) {
+      const hash = item[SD_LIST_KEY];
+      if (hash) {
+        const disclosed = map[hash];
+        if (disclosed) {
+          const presentKey = prefix ? `${prefix}.${idx}` : `${idx}`;
+          keys[presentKey] = hash;
+          const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+            disclosed.value,
+            map,
+            presentKey
+          );
+          unpackedArray.push(unpackedObj);
+          Object.assign(keys, disclosureKeys);
+        }
+      } else {
+        const newKey = prefix ? `${prefix}.${idx}` : `${idx}`;
+        const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+          item,
+          map,
+          newKey
+        );
+        unpackedArray.push(unpackedObj);
+        Object.assign(keys, disclosureKeys);
+      }
+    } else {
+      unpackedArray.push(item);
+    }
+  });
+  return { unpackedObj: unpackedArray, disclosureKeymap: keys };
+};
+var unpackObj = (obj, map, prefix = "") => {
+  const keys = {};
+  if (typeof obj === "object" && obj !== null) {
+    if (Array.isArray(obj)) {
+      return unpackArray(obj, map, prefix);
+    }
+    for (const key in obj) {
+      if (key !== SD_DIGEST && key !== SD_LIST_KEY && typeof obj[key] === "object") {
+        const newKey = prefix ? `${prefix}.${key}` : key;
+        const { unpackedObj: unpackedObj2, disclosureKeymap: disclosureKeys } = unpackObj(
+          obj[key],
+          map,
+          newKey
+        );
+        obj[key] = unpackedObj2;
+        Object.assign(keys, disclosureKeys);
+      }
+    }
+    const _a = obj, { _sd } = _a, payload = __objRest(_a, ["_sd"]);
+    const claims = {};
+    if (_sd) {
+      for (const hash of _sd) {
+        const disclosed = map[hash];
+        if (disclosed == null ? void 0 : disclosed.key) {
+          const presentKey = prefix ? `${prefix}.${disclosed.key}` : disclosed.key;
+          keys[presentKey] = hash;
+          const { unpackedObj: unpackedObj2, disclosureKeymap: disclosureKeys } = unpackObj(
+            disclosed.value,
+            map,
+            presentKey
+          );
+          claims[disclosed.key] = unpackedObj2;
+          Object.assign(keys, disclosureKeys);
+        }
+      }
+    }
+    const unpackedObj = Object.assign(payload, claims);
+    return { unpackedObj, disclosureKeymap: keys };
+  }
+  return { unpackedObj: obj, disclosureKeymap: keys };
+};
+var createHashMapping = (disclosures, hash) => __async(void 0, null, function* () {
+  const map = {};
+  for (let i = 0; i < disclosures.length; i++) {
+    const disclosure = disclosures[i];
+    const digest = yield disclosure.digest(hash);
+    map[digest] = disclosure;
+  }
+  return map;
+});
+var createHashMappingSync = (disclosures, hash) => {
+  const map = {};
+  for (let i = 0; i < disclosures.length; i++) {
+    const disclosure = disclosures[i];
+    const digest = disclosure.digestSync(hash);
+    map[digest] = disclosure;
+  }
+  return map;
+};
+var getSDAlgAndPayload = (sdjwtPayload) => {
+  const _a = sdjwtPayload, { _sd_alg } = _a, payload = __objRest(_a, ["_sd_alg"]);
+  if (typeof _sd_alg !== "string") {
+    return { _sd_alg: "sha-256", payload };
+  }
+  return { _sd_alg, payload };
+};
+var unpack = (sdjwtPayload, disclosures, hasher) => __async(void 0, null, function* () {
+  const { _sd_alg, payload } = getSDAlgAndPayload(sdjwtPayload);
+  const hash = { hasher, alg: _sd_alg };
+  const map = yield createHashMapping(disclosures, hash);
+  return unpackObj(payload, map);
+});
+var unpackSync = (sdjwtPayload, disclosures, hasher) => {
+  const { _sd_alg, payload } = getSDAlgAndPayload(sdjwtPayload);
+  const hash = { hasher, alg: _sd_alg };
+  const map = createHashMappingSync(disclosures, hash);
+  return unpackObj(payload, map);
+};
+export {
+  createHashMapping,
+  createHashMappingSync,
+  decodeJwt,
+  decodeSdJwt,
+  decodeSdJwtSync,
+  getClaims,
+  getClaimsSync,
+  getSDAlgAndPayload,
+  splitSdJwt,
+  unpack,
+  unpackArray,
+  unpackObj,
+  unpackSync
+};

package/package.json

@@ -1,49 +1,60 @@
 {
-    "name": "@sd-jwt/decode",
-    "version": "0.3.0",
-    "description": "Decode implementation of sd-jwt Draft 06 and sd-jwt-vc Draft 01",
-    "license": "(MIT OR Apache-2.0)",
-    "author": "Berend Sliedrecht <sliedrecht@berend.io>",
-    "readme": "../../README.md",
-    "keywords": [
-        "jwt",
-        "jwt-sd",
-        "sd-jwt",
-        "sd-jwt-vc",
-        "decentralized-identity",
-        "ssi",
-        "oauth",
-        "oauth2",
-        "openid-connect"
+  "name": "@sd-jwt/decode",
+  "version": "2.0.2-next.26+278b4fa",
+  "description": "sd-jwt draft 7 implementation in typescript",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "rm -rf **/dist && tsup",
+    "lint": "biome lint ./src",
+    "test": "pnpm run test:node && pnpm run test:browser && pnpm run test:cov",
+    "test:node": "vitest run ./src/test/*.spec.ts --coverage",
+    "test:browser": "vitest run ./src/test/*.spec.ts --environment jsdom --coverage"
+  },
+  "keywords": [
+    "sd-jwt",
+    "sdjwt",
+    "sd-jwt-vc"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/openwallet-foundation-labs/sd-jwt-js"
+  },
+  "author": "Lukas.J.Han <lukas.j.han@gmail.com>",
+  "homepage": "https://github.com/openwallet-foundation-labs/sd-jwt-js/wiki",
+  "bugs": {
+    "url": "https://github.com/openwallet-foundation-labs/sd-jwt-js/issues"
+  },
+  "license": "Apache-2.0",
+  "devDependencies": {
+    "@sd-jwt/crypto-nodejs": "2.0.2-next.26+278b4fa"
+  },
+  "dependencies": {
+    "@sd-jwt/types": "2.0.2-next.26+278b4fa",
+    "@sd-jwt/utils": "2.0.2-next.26+278b4fa"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "tsup": {
+    "entry": [
+      "./src/index.ts"
     ],
-    "repository": {
-        "url": "https://github.com/berendsliedrecht/sd-jwt-ts",
-        "type": "git"
-    },
-    "homepage": "https://github.com/berendsliedrecht/sd-jwt-ts",
-    "bugs": {
-        "url": "https://github.com/berendsliedrecht/sd-jwt-ts/issues",
-        "email": "sliedrecht@berend.io"
-    },
-    "publishConfig": {
-        "access": "public"
-    },
-    "main": "build/index.js",
-    "files": [
-        "build"
-    ],
-    "scripts": {
-        "build": "tsc",
-        "test": "node --require ts-node/register --test ./tests/*.test.ts"
-    },
-    "dependencies": {
-        "@sd-jwt/types": "0.3.0",
-        "@sd-jwt/utils": "0.3.0"
-    },
-    "devDependencies": {
-        "@types/node": "*",
-        "ts-node": "*",
-        "typescript": "*"
-    },
-    "gitHead": "38e6729c173b08d2b6adb437efa72e8bbb21cb2c"
+    "sourceMap": true,
+    "splitting": false,
+    "clean": true,
+    "dts": true,
+    "format": [
+      "cjs",
+      "esm"
+    ]
+  },
+  "gitHead": "278b4faf53b544d274ecb4e14a9f90c2312af846"
 }

package/src/decode.ts

@@ -0,0 +1,323 @@
+import { Base64urlDecode, SDJWTException, Disclosure } from '@sd-jwt/utils';
+import {
+  Hasher,
+  HasherAndAlg,
+  SD_DIGEST,
+  SD_LIST_KEY,
+  SD_SEPARATOR,
+} from '@sd-jwt/types';
+import { HasherAndAlgSync, HasherSync } from '@sd-jwt/types/src/type';
+
+export const decodeJwt = <
+  H extends Record<string, unknown>,
+  T extends Record<string, unknown>,
+>(
+  jwt: string,
+): { header: H; payload: T; signature: string } => {
+  const { 0: header, 1: payload, 2: signature, length } = jwt.split('.');
+  if (length !== 3) {
+    throw new SDJWTException('Invalid JWT as input');
+  }
+
+  return {
+    header: JSON.parse(Base64urlDecode(header)),
+    payload: JSON.parse(Base64urlDecode(payload)),
+    signature: signature,
+  };
+};
+
+// Split the sdjwt into 3 parts: jwt, disclosures and keybinding jwt. each part is base64url encoded
+// It's separated by the ~ character
+//
+// If there is no keybinding jwt, the third part will be undefined
+// If there are no disclosures, the second part will be an empty array
+export const splitSdJwt = (
+  sdjwt: string,
+): { jwt: string; disclosures: string[]; kbJwt?: string } => {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  if (encodedDisclosures.length === 0) {
+    // if input is just jwt, then return here.
+    // This is for compatibility with jwt
+    return {
+      jwt: encodedJwt,
+      disclosures: [],
+    };
+  }
+
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  return {
+    jwt: encodedJwt,
+    disclosures: encodedDisclosures,
+    kbJwt: encodedKeyBindingJwt || undefined,
+  };
+};
+
+// Decode the sdjwt into the jwt, disclosures and keybinding jwt
+// jwt, disclosures and keybinding jwt are also decoded
+export const decodeSdJwt = async (
+  sdjwt: string,
+  hasher: Hasher,
+): Promise<DecodedSDJwt> => {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  const jwt = decodeJwt(encodedJwt);
+
+  if (encodedDisclosures.length === 0) {
+    // if input is just jwt, then return here.
+    // This is for compatibility with jwt
+    return {
+      jwt,
+      disclosures: [],
+    };
+  }
+
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  const kbJwt = encodedKeyBindingJwt
+    ? decodeJwt(encodedKeyBindingJwt)
+    : undefined;
+
+  const { _sd_alg } = getSDAlgAndPayload(jwt.payload);
+
+  const disclosures = await Promise.all(
+    encodedDisclosures.map((ed) =>
+      Disclosure.fromEncode(ed, { alg: _sd_alg, hasher }),
+    ),
+  );
+
+  return {
+    jwt,
+    disclosures,
+    kbJwt,
+  };
+};
+
+export const decodeSdJwtSync = (
+  sdjwt: string,
+  hasher: HasherSync,
+): DecodedSDJwt => {
+  const [encodedJwt, ...encodedDisclosures] = sdjwt.split(SD_SEPARATOR);
+  const jwt = decodeJwt(encodedJwt);
+
+  if (encodedDisclosures.length === 0) {
+    // if input is just jwt, then return here.
+    // This is for compatibility with jwt
+    return {
+      jwt,
+      disclosures: [],
+    };
+  }
+
+  const encodedKeyBindingJwt = encodedDisclosures.pop();
+  const kbJwt = encodedKeyBindingJwt
+    ? decodeJwt(encodedKeyBindingJwt)
+    : undefined;
+
+  const { _sd_alg } = getSDAlgAndPayload(jwt.payload);
+
+  const disclosures = encodedDisclosures.map((ed) =>
+    Disclosure.fromEncodeSync(ed, { alg: _sd_alg, hasher }),
+  );
+
+  return {
+    jwt,
+    disclosures,
+    kbJwt,
+  };
+};
+
+// Get the claims from jwt and disclosures
+// The digested values are matched with the disclosures and the claims are extracted
+export const getClaims = async <T>(
+  rawPayload: Record<string, unknown>,
+  disclosures: Array<Disclosure>,
+  hasher: Hasher,
+): Promise<T> => {
+  const { unpackedObj } = await unpack(rawPayload, disclosures, hasher);
+  return unpackedObj as T;
+};
+
+export const getClaimsSync = <T>(
+  rawPayload: Record<string, unknown>,
+  disclosures: Array<Disclosure>,
+  hasher: HasherSync,
+): T => {
+  const { unpackedObj } = unpackSync(rawPayload, disclosures, hasher);
+  return unpackedObj as T;
+};
+
+export const unpackArray = (
+  arr: Array<unknown>,
+  map: Record<string, Disclosure>,
+  prefix = '',
+): { unpackedObj: unknown; disclosureKeymap: Record<string, string> } => {
+  const keys: Record<string, string> = {};
+  const unpackedArray: unknown[] = [];
+  arr.forEach((item, idx) => {
+    if (typeof item === 'object' && item !== null) {
+      const hash = (item as Record<string, string>)[SD_LIST_KEY];
+      if (hash) {
+        const disclosed = map[hash];
+        if (disclosed) {
+          const presentKey = prefix ? `${prefix}.${idx}` : `${idx}`;
+          keys[presentKey] = hash;
+
+          const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+            disclosed.value,
+            map,
+            presentKey,
+          );
+          unpackedArray.push(unpackedObj);
+          Object.assign(keys, disclosureKeys);
+        }
+      } else {
+        const newKey = prefix ? `${prefix}.${idx}` : `${idx}`;
+        const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+          item,
+          map,
+          newKey,
+        );
+        unpackedArray.push(unpackedObj);
+        Object.assign(keys, disclosureKeys);
+      }
+    } else {
+      unpackedArray.push(item);
+    }
+  });
+  return { unpackedObj: unpackedArray, disclosureKeymap: keys };
+};
+
+export const unpackObj = (
+  obj: unknown,
+  map: Record<string, Disclosure>,
+  prefix = '',
+): { unpackedObj: unknown; disclosureKeymap: Record<string, string> } => {
+  const keys: Record<string, string> = {};
+  if (typeof obj === 'object' && obj !== null) {
+    if (Array.isArray(obj)) {
+      return unpackArray(obj, map, prefix);
+    }
+
+    for (const key in obj) {
+      if (
+        key !== SD_DIGEST &&
+        key !== SD_LIST_KEY &&
+        typeof (obj as Record<string, unknown>)[key] === 'object'
+      ) {
+        const newKey = prefix ? `${prefix}.${key}` : key;
+        const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+          (obj as Record<string, unknown>)[key],
+          map,
+          newKey,
+        );
+        (obj as Record<string, unknown>)[key] = unpackedObj;
+        Object.assign(keys, disclosureKeys);
+      }
+    }
+
+    const { _sd, ...payload } = obj as Record<string, unknown> & {
+      _sd?: Array<string>;
+    };
+    const claims: Record<string, unknown> = {};
+    if (_sd) {
+      for (const hash of _sd) {
+        const disclosed = map[hash];
+        if (disclosed?.key) {
+          const presentKey = prefix
+            ? `${prefix}.${disclosed.key}`
+            : disclosed.key;
+          keys[presentKey] = hash;
+
+          const { unpackedObj, disclosureKeymap: disclosureKeys } = unpackObj(
+            disclosed.value,
+            map,
+            presentKey,
+          );
+          claims[disclosed.key] = unpackedObj;
+          Object.assign(keys, disclosureKeys);
+        }
+      }
+    }
+
+    const unpackedObj = Object.assign(payload, claims);
+    return { unpackedObj, disclosureKeymap: keys };
+  }
+  return { unpackedObj: obj, disclosureKeymap: keys };
+};
+
+// Creates a mapping of the digests of the disclosures to the actual disclosures
+export const createHashMapping = async (
+  disclosures: Array<Disclosure>,
+  hash: HasherAndAlg,
+) => {
+  const map: Record<string, Disclosure> = {};
+  for (let i = 0; i < disclosures.length; i++) {
+    const disclosure = disclosures[i];
+    const digest = await disclosure.digest(hash);
+    map[digest] = disclosure;
+  }
+  return map;
+};
+
+export const createHashMappingSync = (
+  disclosures: Array<Disclosure>,
+  hash: HasherAndAlgSync,
+) => {
+  const map: Record<string, Disclosure> = {};
+  for (let i = 0; i < disclosures.length; i++) {
+    const disclosure = disclosures[i];
+    const digest = disclosure.digestSync(hash);
+    map[digest] = disclosure;
+  }
+  return map;
+};
+
+// Extract _sd_alg. If it is not present, it is assumed to be sha-256
+export const getSDAlgAndPayload = (sdjwtPayload: Record<string, unknown>) => {
+  const { _sd_alg, ...payload } = sdjwtPayload;
+  if (typeof _sd_alg !== 'string') {
+    // This is for compatibility
+    return { _sd_alg: 'sha-256', payload };
+  }
+  return { _sd_alg, payload };
+};
+
+// Match the digests of the disclosures with the claims and extract the claims
+// unpack function use unpackObj and unpackArray to recursively unpack the claims
+export const unpack = async (
+  sdjwtPayload: Record<string, unknown>,
+  disclosures: Array<Disclosure>,
+  hasher: Hasher,
+) => {
+  const { _sd_alg, payload } = getSDAlgAndPayload(sdjwtPayload);
+  const hash = { hasher, alg: _sd_alg };
+  const map = await createHashMapping(disclosures, hash);
+
+  return unpackObj(payload, map);
+};
+
+export const unpackSync = (
+  sdjwtPayload: Record<string, unknown>,
+  disclosures: Array<Disclosure>,
+  hasher: HasherSync,
+) => {
+  const { _sd_alg, payload } = getSDAlgAndPayload(sdjwtPayload);
+  const hash = { hasher, alg: _sd_alg };
+  const map = createHashMappingSync(disclosures, hash);
+
+  return unpackObj(payload, map);
+};
+
+// This is the type of the object that is returned by the decodeSdJwt function
+// It is a combination of the decoded jwt, the disclosures and the keybinding jwt
+export type DecodedSDJwt = {
+  jwt: {
+    header: Record<string, unknown>;
+    payload: Record<string, unknown>; // raw payload of sd-jwt
+    signature: string;
+  };
+  disclosures: Array<Disclosure>;
+  kbJwt?: {
+    header: Record<string, unknown>;
+    payload: Record<string, unknown>;
+    signature: string;
+  };
+};

package/src/index.ts

@@ -0,0 +1 @@
+export * from './decode';