@sd-jwt/sd-jwt-vc 0.12.1-next.0 → 0.12.1-next.2

package/README.md

@@ -41,7 +41,7 @@ import { DisclosureFrame } from '@sd-jwt/sd-jwt-vc';
 const iss = 'University';
 
 // issuance time
-const iat = new Date().getTime() / 1000;
+const iat = Math.floor(Date.now() / 1000); // current time in seconds
 
 //unique identifier of the schema
 const vct = 'University-Degree';

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import { SDJWTConfig, kbPayload, kbHeader, DisclosureFrame } from '@sd-jwt/types';
-import { SdJwtPayload, SDJwtInstance } from '@sd-jwt/core';
+import { SdJwtPayload, SDJwtInstance, VerifierOptions } from '@sd-jwt/core';
 
 /**
  * Logo metadata used in rendering a credential.
@@ -215,8 +215,9 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     private statusValidator;
     /**
      * Verifies the SD-JWT-VC. It will validate the signature, the keybindings when required, the status, and the VCT.
+     * @param currentDate current time in seconds
      */
-    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<VerificationResult>;
+    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean, options?: VerifierOptions): Promise<VerificationResult>;
     /**
      * Gets VCT Metadata of the raw SD-JWT-VC. Returns the type metadata format. If the SD-JWT-VC is invalid or does not contain a vct claim, an error is thrown.
      * @param encodedSDJwt
@@ -256,6 +257,7 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     /**
      * Verifies the status of the SD-JWT-VC.
      * @param result
+     * @param options
      */
     private verifyStatus;
 }

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { SDJWTConfig, kbPayload, kbHeader, DisclosureFrame } from '@sd-jwt/types';
-import { SdJwtPayload, SDJwtInstance } from '@sd-jwt/core';
+import { SdJwtPayload, SDJwtInstance, VerifierOptions } from '@sd-jwt/core';
 
 /**
  * Logo metadata used in rendering a credential.
@@ -215,8 +215,9 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     private statusValidator;
     /**
      * Verifies the SD-JWT-VC. It will validate the signature, the keybindings when required, the status, and the VCT.
+     * @param currentDate current time in seconds
      */
-    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<VerificationResult>;
+    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean, options?: VerifierOptions): Promise<VerificationResult>;
     /**
      * Gets VCT Metadata of the raw SD-JWT-VC. Returns the type metadata format. If the SD-JWT-VC is invalid or does not contain a vct claim, an error is thrown.
      * @param encodedSDJwt
@@ -256,6 +257,7 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     /**
      * Verifies the status of the SD-JWT-VC.
      * @param result
+     * @param options
      */
     private verifyStatus;
 }

package/dist/index.js

@@ -129,8 +129,9 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
   }
   /**
    * Verifies the SD-JWT-VC. It will validate the signature, the keybindings when required, the status, and the VCT.
+   * @param currentDate current time in seconds
    */
-  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings) {
+  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings, options) {
     return __async(this, null, function* () {
       const result = yield __superGet(_SDJwtVcInstance.prototype, this, "verify").call(this, encodedSDJwt, requiredClaimKeys, requireKeyBindings).then((res) => {
         return {
@@ -139,7 +140,7 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
           kb: res.kb
         };
       });
-      yield this.verifyStatus(result);
+      yield this.verifyStatus(result, options);
       if (this.userConfig.loadTypeMetadataFormat) {
         yield this.verifyVct(result);
       }
@@ -291,10 +292,11 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
   /**
    * Verifies the status of the SD-JWT-VC.
    * @param result
+   * @param options
    */
-  verifyStatus(result) {
+  verifyStatus(result, options) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
+      var _a, _b, _c, _d;
       if (result.payload.status) {
         if (result.payload.status.status_list) {
           const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher.bind(this);
@@ -302,15 +304,16 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
             result.payload.status.status_list.uri
           );
           const slJWT = import_core.Jwt.fromEncode(statusListJWT);
-          yield slJWT.verify(this.userConfig.verifier);
-          if (((_b = slJWT.payload) == null ? void 0 : _b.exp) && slJWT.payload.exp < Date.now() / 1e3) {
+          yield slJWT.verify(this.userConfig.verifier, options);
+          const currentDate = (_b = options == null ? void 0 : options.currentDate) != null ? _b : Math.floor(Date.now() / 1e3);
+          if (((_c = slJWT.payload) == null ? void 0 : _c.exp) && slJWT.payload.exp < currentDate) {
             throw new import_utils.SDJWTException("Status list is expired");
           }
           const statusList = (0, import_jwt_status_list.getListFromStatusListJWT)(statusListJWT);
           const status = statusList.getStatus(
             result.payload.status.status_list.idx
           );
-          const statusValidator = (_c = this.userConfig.statusValidator) != null ? _c : this.statusValidator.bind(this);
+          const statusValidator = (_d = this.userConfig.statusValidator) != null ? _d : this.statusValidator.bind(this);
           yield statusValidator(status);
         }
       }

package/dist/index.mjs

@@ -97,8 +97,9 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
   }
   /**
    * Verifies the SD-JWT-VC. It will validate the signature, the keybindings when required, the status, and the VCT.
+   * @param currentDate current time in seconds
    */
-  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings) {
+  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings, options) {
     return __async(this, null, function* () {
       const result = yield __superGet(_SDJwtVcInstance.prototype, this, "verify").call(this, encodedSDJwt, requiredClaimKeys, requireKeyBindings).then((res) => {
         return {
@@ -107,7 +108,7 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
           kb: res.kb
         };
       });
-      yield this.verifyStatus(result);
+      yield this.verifyStatus(result, options);
       if (this.userConfig.loadTypeMetadataFormat) {
         yield this.verifyVct(result);
       }
@@ -259,10 +260,11 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
   /**
    * Verifies the status of the SD-JWT-VC.
    * @param result
+   * @param options
    */
-  verifyStatus(result) {
+  verifyStatus(result, options) {
     return __async(this, null, function* () {
-      var _a, _b, _c;
+      var _a, _b, _c, _d;
       if (result.payload.status) {
         if (result.payload.status.status_list) {
           const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher.bind(this);
@@ -270,15 +272,16 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
             result.payload.status.status_list.uri
           );
           const slJWT = Jwt.fromEncode(statusListJWT);
-          yield slJWT.verify(this.userConfig.verifier);
-          if (((_b = slJWT.payload) == null ? void 0 : _b.exp) && slJWT.payload.exp < Date.now() / 1e3) {
+          yield slJWT.verify(this.userConfig.verifier, options);
+          const currentDate = (_b = options == null ? void 0 : options.currentDate) != null ? _b : Math.floor(Date.now() / 1e3);
+          if (((_c = slJWT.payload) == null ? void 0 : _c.exp) && slJWT.payload.exp < currentDate) {
             throw new SDJWTException("Status list is expired");
           }
           const statusList = getListFromStatusListJWT(statusListJWT);
           const status = statusList.getStatus(
             result.payload.status.status_list.idx
           );
-          const statusValidator = (_c = this.userConfig.statusValidator) != null ? _c : this.statusValidator.bind(this);
+          const statusValidator = (_d = this.userConfig.statusValidator) != null ? _d : this.statusValidator.bind(this);
           yield statusValidator(status);
         }
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/sd-jwt-vc",
-  "version": "0.12.1-next.0+36e0b22",
+  "version": "0.12.1-next.2+1eefb26",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -39,15 +39,15 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@sd-jwt/core": "0.12.1-next.0+36e0b22",
-    "@sd-jwt/jwt-status-list": "0.12.1-next.0+36e0b22",
-    "@sd-jwt/utils": "0.12.1-next.0+36e0b22",
+    "@sd-jwt/core": "0.12.1-next.2+1eefb26",
+    "@sd-jwt/jwt-status-list": "0.12.1-next.2+1eefb26",
+    "@sd-jwt/utils": "0.12.1-next.2+1eefb26",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1"
   },
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.12.1-next.0+36e0b22",
-    "@sd-jwt/types": "0.12.1-next.0+36e0b22",
+    "@sd-jwt/crypto-nodejs": "0.12.1-next.2+1eefb26",
+    "@sd-jwt/types": "0.12.1-next.2+1eefb26",
     "jose": "^5.2.2",
     "msw": "^2.3.5"
   },
@@ -67,5 +67,5 @@
       "esm"
     ]
   },
-  "gitHead": "36e0b22eb619f3ca9ae8522a26617e50c3680526"
+  "gitHead": "1eefb262c40ea23e999cdef6e75222e5b4df1e2c"
 }

package/src/sd-jwt-vc-instance.ts

@@ -1,4 +1,4 @@
-import { Jwt, SDJwt, SDJwtInstance } from '@sd-jwt/core';
+import { Jwt, SDJwt, SDJwtInstance, type VerifierOptions } from '@sd-jwt/core';
 import type { DisclosureFrame, Hasher, Verifier } from '@sd-jwt/types';
 import { SDJWTException } from '@sd-jwt/utils';
 import type { SdJwtVcPayload } from './sd-jwt-vc-payload';
@@ -106,11 +106,14 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
 
   /**
    * Verifies the SD-JWT-VC. It will validate the signature, the keybindings when required, the status, and the VCT.
+   * @param currentDate current time in seconds
    */
   async verify(
     encodedSDJwt: string,
+    //TODO: we need to move these values in options, causing a breaking change
     requiredClaimKeys?: string[],
     requireKeyBindings?: boolean,
+    options?: VerifierOptions,
   ) {
     // Call the parent class's verify method
     const result: VerificationResult = await super
@@ -123,7 +126,7 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
         };
       });
 
-    await this.verifyStatus(result);
+    await this.verifyStatus(result, options);
     if (this.userConfig.loadTypeMetadataFormat) {
       await this.verifyVct(result);
     }
@@ -300,8 +303,12 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
   /**
    * Verifies the status of the SD-JWT-VC.
    * @param result
+   * @param options
    */
-  private async verifyStatus(result: VerificationResult): Promise<void> {
+  private async verifyStatus(
+    result: VerificationResult,
+    options?: VerifierOptions,
+  ): Promise<void> {
     if (result.payload.status) {
       //checks if a status field is present in the payload based on https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-02.html
       if (result.payload.status.status_list) {
@@ -319,13 +326,12 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
           StatusListJWTPayload
         >(statusListJWT);
         // check if the status list has a valid signature. The presence of the verifier is checked in the parent class.
-        await slJWT.verify(this.userConfig.verifier as Verifier);
+        await slJWT.verify(this.userConfig.verifier as Verifier, options);
 
+        const currentDate =
+          options?.currentDate ?? Math.floor(Date.now() / 1000);
         //check if the status list is expired
-        if (
-          slJWT.payload?.exp &&
-          (slJWT.payload.exp as number) < Date.now() / 1000
-        ) {
+        if (slJWT.payload?.exp && (slJWT.payload.exp as number) < currentDate) {
           throw new SDJWTException('Status list is expired');
         }
 

package/src/test/index.spec.ts

@@ -18,7 +18,7 @@ import { SignJWT } from 'jose';
 
 const iss = 'ExampleIssuer';
 const vct = 'ExampleCredentialType';
-const iat = new Date().getTime() / 1000;
+const iat = Math.floor(Date.now() / 1000);
 
 const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
 
@@ -45,7 +45,7 @@ const generateStatusList = async (): Promise<string> => {
   const payload: JwtPayload = {
     iss: 'https://example.com',
     sub: 'https://example.com/status/1',
-    iat: new Date().getTime() / 1000,
+    iat: Math.floor(Date.now() / 1000),
   };
   const header: StatusListJWTHeaderParameters = {
     alg: 'EdDSA',

package/src/test/vct.spec.ts

@@ -70,7 +70,7 @@ const server = setupServer(...restHandlers);
 
 const iss = 'ExampleIssuer';
 const vct = 'http://example.com/example';
-const iat = new Date().getTime() / 1000;
+const iat = Math.floor(Date.now() / 1000); // current time in seconds
 
 const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
 

package/test/app-e2e.spec.ts

@@ -30,7 +30,7 @@ const createSignerVerifier = () => {
 
 const iss = 'ExampleIssuer';
 const vct = 'ExampleCredentials';
-const iat = new Date().getTime() / 1000;
+const iat = Math.floor(Date.now() / 1000); // current time in seconds
 
 describe('App', () => {
   test('Example', async () => {