@sd-jwt/sd-jwt-vc 0.3.2-next.94

package/dist/index.mjs

@@ -0,0 +1,442 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// ../../node_modules/.pnpm/js-base64@3.7.6/node_modules/js-base64/base64.js
+var require_base64 = __commonJS({
+  "../../node_modules/.pnpm/js-base64@3.7.6/node_modules/js-base64/base64.js"(exports, module) {
+    "use strict";
+    (function(global2, factory) {
+      typeof exports === "object" && typeof module !== "undefined" ? module.exports = factory() : typeof define === "function" && define.amd ? define(factory) : (
+        // cf. https://github.com/dankogai/js-base64/issues/119
+        function() {
+          var _Base64 = global2.Base64;
+          var gBase64 = factory();
+          gBase64.noConflict = function() {
+            global2.Base64 = _Base64;
+            return gBase64;
+          };
+          if (global2.Meteor) {
+            Base64 = gBase64;
+          }
+          global2.Base64 = gBase64;
+        }()
+      );
+    })(typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : exports, function() {
+      "use strict";
+      var version = "3.7.6";
+      var VERSION = version;
+      var _hasatob = typeof atob === "function";
+      var _hasbtoa = typeof btoa === "function";
+      var _hasBuffer = typeof Buffer === "function";
+      var _TD = typeof TextDecoder === "function" ? new TextDecoder() : void 0;
+      var _TE = typeof TextEncoder === "function" ? new TextEncoder() : void 0;
+      var b64ch = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+      var b64chs = Array.prototype.slice.call(b64ch);
+      var b64tab = function(a) {
+        var tab = {};
+        a.forEach(function(c, i) {
+          return tab[c] = i;
+        });
+        return tab;
+      }(b64chs);
+      var b64re = /^(?:[A-Za-z\d+\/]{4})*?(?:[A-Za-z\d+\/]{2}(?:==)?|[A-Za-z\d+\/]{3}=?)?$/;
+      var _fromCC = String.fromCharCode.bind(String);
+      var _U8Afrom = typeof Uint8Array.from === "function" ? Uint8Array.from.bind(Uint8Array) : function(it) {
+        return new Uint8Array(Array.prototype.slice.call(it, 0));
+      };
+      var _mkUriSafe = function(src) {
+        return src.replace(/=/g, "").replace(/[+\/]/g, function(m0) {
+          return m0 == "+" ? "-" : "_";
+        });
+      };
+      var _tidyB64 = function(s) {
+        return s.replace(/[^A-Za-z0-9\+\/]/g, "");
+      };
+      var btoaPolyfill = function(bin) {
+        var u32, c0, c1, c2, asc = "";
+        var pad = bin.length % 3;
+        for (var i = 0; i < bin.length; ) {
+          if ((c0 = bin.charCodeAt(i++)) > 255 || (c1 = bin.charCodeAt(i++)) > 255 || (c2 = bin.charCodeAt(i++)) > 255)
+            throw new TypeError("invalid character found");
+          u32 = c0 << 16 | c1 << 8 | c2;
+          asc += b64chs[u32 >> 18 & 63] + b64chs[u32 >> 12 & 63] + b64chs[u32 >> 6 & 63] + b64chs[u32 & 63];
+        }
+        return pad ? asc.slice(0, pad - 3) + "===".substring(pad) : asc;
+      };
+      var _btoa = _hasbtoa ? function(bin) {
+        return btoa(bin);
+      } : _hasBuffer ? function(bin) {
+        return Buffer.from(bin, "binary").toString("base64");
+      } : btoaPolyfill;
+      var _fromUint8Array = _hasBuffer ? function(u8a) {
+        return Buffer.from(u8a).toString("base64");
+      } : function(u8a) {
+        var maxargs = 4096;
+        var strs = [];
+        for (var i = 0, l = u8a.length; i < l; i += maxargs) {
+          strs.push(_fromCC.apply(null, u8a.subarray(i, i + maxargs)));
+        }
+        return _btoa(strs.join(""));
+      };
+      var fromUint8Array = function(u8a, urlsafe) {
+        if (urlsafe === void 0) {
+          urlsafe = false;
+        }
+        return urlsafe ? _mkUriSafe(_fromUint8Array(u8a)) : _fromUint8Array(u8a);
+      };
+      var cb_utob = function(c) {
+        if (c.length < 2) {
+          var cc = c.charCodeAt(0);
+          return cc < 128 ? c : cc < 2048 ? _fromCC(192 | cc >>> 6) + _fromCC(128 | cc & 63) : _fromCC(224 | cc >>> 12 & 15) + _fromCC(128 | cc >>> 6 & 63) + _fromCC(128 | cc & 63);
+        } else {
+          var cc = 65536 + (c.charCodeAt(0) - 55296) * 1024 + (c.charCodeAt(1) - 56320);
+          return _fromCC(240 | cc >>> 18 & 7) + _fromCC(128 | cc >>> 12 & 63) + _fromCC(128 | cc >>> 6 & 63) + _fromCC(128 | cc & 63);
+        }
+      };
+      var re_utob = /[\uD800-\uDBFF][\uDC00-\uDFFFF]|[^\x00-\x7F]/g;
+      var utob = function(u) {
+        return u.replace(re_utob, cb_utob);
+      };
+      var _encode = _hasBuffer ? function(s) {
+        return Buffer.from(s, "utf8").toString("base64");
+      } : _TE ? function(s) {
+        return _fromUint8Array(_TE.encode(s));
+      } : function(s) {
+        return _btoa(utob(s));
+      };
+      var encode = function(src, urlsafe) {
+        if (urlsafe === void 0) {
+          urlsafe = false;
+        }
+        return urlsafe ? _mkUriSafe(_encode(src)) : _encode(src);
+      };
+      var encodeURI = function(src) {
+        return encode(src, true);
+      };
+      var re_btou = /[\xC0-\xDF][\x80-\xBF]|[\xE0-\xEF][\x80-\xBF]{2}|[\xF0-\xF7][\x80-\xBF]{3}/g;
+      var cb_btou = function(cccc) {
+        switch (cccc.length) {
+          case 4:
+            var cp = (7 & cccc.charCodeAt(0)) << 18 | (63 & cccc.charCodeAt(1)) << 12 | (63 & cccc.charCodeAt(2)) << 6 | 63 & cccc.charCodeAt(3), offset = cp - 65536;
+            return _fromCC((offset >>> 10) + 55296) + _fromCC((offset & 1023) + 56320);
+          case 3:
+            return _fromCC((15 & cccc.charCodeAt(0)) << 12 | (63 & cccc.charCodeAt(1)) << 6 | 63 & cccc.charCodeAt(2));
+          default:
+            return _fromCC((31 & cccc.charCodeAt(0)) << 6 | 63 & cccc.charCodeAt(1));
+        }
+      };
+      var btou = function(b) {
+        return b.replace(re_btou, cb_btou);
+      };
+      var atobPolyfill = function(asc) {
+        asc = asc.replace(/\s+/g, "");
+        if (!b64re.test(asc))
+          throw new TypeError("malformed base64.");
+        asc += "==".slice(2 - (asc.length & 3));
+        var u24, bin = "", r1, r2;
+        for (var i = 0; i < asc.length; ) {
+          u24 = b64tab[asc.charAt(i++)] << 18 | b64tab[asc.charAt(i++)] << 12 | (r1 = b64tab[asc.charAt(i++)]) << 6 | (r2 = b64tab[asc.charAt(i++)]);
+          bin += r1 === 64 ? _fromCC(u24 >> 16 & 255) : r2 === 64 ? _fromCC(u24 >> 16 & 255, u24 >> 8 & 255) : _fromCC(u24 >> 16 & 255, u24 >> 8 & 255, u24 & 255);
+        }
+        return bin;
+      };
+      var _atob = _hasatob ? function(asc) {
+        return atob(_tidyB64(asc));
+      } : _hasBuffer ? function(asc) {
+        return Buffer.from(asc, "base64").toString("binary");
+      } : atobPolyfill;
+      var _toUint8Array = _hasBuffer ? function(a) {
+        return _U8Afrom(Buffer.from(a, "base64"));
+      } : function(a) {
+        return _U8Afrom(_atob(a).split("").map(function(c) {
+          return c.charCodeAt(0);
+        }));
+      };
+      var toUint8Array = function(a) {
+        return _toUint8Array(_unURI(a));
+      };
+      var _decode = _hasBuffer ? function(a) {
+        return Buffer.from(a, "base64").toString("utf8");
+      } : _TD ? function(a) {
+        return _TD.decode(_toUint8Array(a));
+      } : function(a) {
+        return btou(_atob(a));
+      };
+      var _unURI = function(a) {
+        return _tidyB64(a.replace(/[-_]/g, function(m0) {
+          return m0 == "-" ? "+" : "/";
+        }));
+      };
+      var decode = function(src) {
+        return _decode(_unURI(src));
+      };
+      var isValid = function(src) {
+        if (typeof src !== "string")
+          return false;
+        var s = src.replace(/\s+/g, "").replace(/={0,2}$/, "");
+        return !/[^\s0-9a-zA-Z\+/]/.test(s) || !/[^\s0-9a-zA-Z\-_]/.test(s);
+      };
+      var _noEnum = function(v) {
+        return {
+          value: v,
+          enumerable: false,
+          writable: true,
+          configurable: true
+        };
+      };
+      var extendString = function() {
+        var _add = function(name, body) {
+          return Object.defineProperty(String.prototype, name, _noEnum(body));
+        };
+        _add("fromBase64", function() {
+          return decode(this);
+        });
+        _add("toBase64", function(urlsafe) {
+          return encode(this, urlsafe);
+        });
+        _add("toBase64URI", function() {
+          return encode(this, true);
+        });
+        _add("toBase64URL", function() {
+          return encode(this, true);
+        });
+        _add("toUint8Array", function() {
+          return toUint8Array(this);
+        });
+      };
+      var extendUint8Array = function() {
+        var _add = function(name, body) {
+          return Object.defineProperty(Uint8Array.prototype, name, _noEnum(body));
+        };
+        _add("toBase64", function(urlsafe) {
+          return fromUint8Array(this, urlsafe);
+        });
+        _add("toBase64URI", function() {
+          return fromUint8Array(this, true);
+        });
+        _add("toBase64URL", function() {
+          return fromUint8Array(this, true);
+        });
+      };
+      var extendBuiltins = function() {
+        extendString();
+        extendUint8Array();
+      };
+      var gBase64 = {
+        version,
+        VERSION,
+        atob: _atob,
+        atobPolyfill,
+        btoa: _btoa,
+        btoaPolyfill,
+        fromBase64: decode,
+        toBase64: encode,
+        encode,
+        encodeURI,
+        encodeURL: encodeURI,
+        utob,
+        btou,
+        decode,
+        isValid,
+        fromUint8Array,
+        toUint8Array,
+        extendString,
+        extendUint8Array,
+        extendBuiltins
+      };
+      gBase64.Base64 = {};
+      Object.keys(gBase64).forEach(function(k) {
+        return gBase64.Base64[k] = gBase64[k];
+      });
+      return gBase64;
+    });
+  }
+});
+
+// ../utils/dist/index.js
+var require_dist = __commonJS({
+  "../utils/dist/index.js"(exports, module) {
+    "use strict";
+    var __defProp2 = Object.defineProperty;
+    var __getOwnPropDesc2 = Object.getOwnPropertyDescriptor;
+    var __getOwnPropNames2 = Object.getOwnPropertyNames;
+    var __hasOwnProp2 = Object.prototype.hasOwnProperty;
+    var __export = (target, all) => {
+      for (var name in all)
+        __defProp2(target, name, { get: all[name], enumerable: true });
+    };
+    var __copyProps2 = (to, from, except, desc) => {
+      if (from && typeof from === "object" || typeof from === "function") {
+        for (let key of __getOwnPropNames2(from))
+          if (!__hasOwnProp2.call(to, key) && key !== except)
+            __defProp2(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc2(from, key)) || desc.enumerable });
+      }
+      return to;
+    };
+    var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
+    var __async = (__this, __arguments, generator) => {
+      return new Promise((resolve, reject) => {
+        var fulfilled = (value) => {
+          try {
+            step(generator.next(value));
+          } catch (e) {
+            reject(e);
+          }
+        };
+        var rejected = (value) => {
+          try {
+            step(generator.throw(value));
+          } catch (e) {
+            reject(e);
+          }
+        };
+        var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+        step((generator = generator.apply(__this, __arguments)).next());
+      });
+    };
+    var src_exports = {};
+    __export(src_exports, {
+      Base64urlDecode: () => Base64urlDecode,
+      Base64urlEncode: () => Base64urlEncode,
+      Disclosure: () => Disclosure,
+      SDJWTException: () => SDJWTException2,
+      Uint8ArrayToBase64Url: () => Uint8ArrayToBase64Url
+    });
+    module.exports = __toCommonJS(src_exports);
+    var import_js_base64 = require_base64();
+    var Base64urlEncode = import_js_base64.Base64.encodeURI;
+    var Base64urlDecode = import_js_base64.Base64.decode;
+    var Uint8ArrayToBase64Url = (input) => import_js_base64.Base64.fromUint8Array(input, true);
+    var SDJWTException2 = class _SDJWTException extends Error {
+      constructor(message, details) {
+        super(message);
+        Object.setPrototypeOf(this, _SDJWTException.prototype);
+        this.name = "SDJWTException";
+        this.details = details;
+      }
+      getFullMessage() {
+        return `${this.name}: ${this.message} ${this.details ? `- ${JSON.stringify(this.details)}` : ""}`;
+      }
+    };
+    var Disclosure = class _Disclosure {
+      constructor(data, _meta) {
+        this._digest = _meta == null ? void 0 : _meta.digest;
+        this._encoded = _meta == null ? void 0 : _meta.encoded;
+        if (data.length === 2) {
+          this.salt = data[0];
+          this.value = data[1];
+          return;
+        }
+        if (data.length === 3) {
+          this.salt = data[0];
+          this.key = data[1];
+          this.value = data[2];
+          return;
+        }
+        throw new SDJWTException2("Invalid disclosure data");
+      }
+      // We need to digest of the original encoded data.
+      // After decode process, we use JSON.stringify to encode the data.
+      // This can be different from the original encoded data.
+      static fromEncode(s, hash) {
+        return __async(this, null, function* () {
+          const { hasher, alg } = hash;
+          const digest = yield hasher(s, alg);
+          const digestStr = Uint8ArrayToBase64Url(digest);
+          const item = JSON.parse(Base64urlDecode(s));
+          return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
+        });
+      }
+      static fromEncodeSync(s, hash) {
+        const { hasher, alg } = hash;
+        const digest = hasher(s, alg);
+        const digestStr = Uint8ArrayToBase64Url(digest);
+        const item = JSON.parse(Base64urlDecode(s));
+        return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
+      }
+      static fromArray(item, _meta) {
+        return new _Disclosure(item, _meta);
+      }
+      encode() {
+        if (!this._encoded) {
+          this._encoded = Base64urlEncode(JSON.stringify(this.decode()));
+        }
+        return this._encoded;
+      }
+      decode() {
+        return this.key ? [this.salt, this.key, this.value] : [this.salt, this.value];
+      }
+      digest(hash) {
+        return __async(this, null, function* () {
+          const { hasher, alg } = hash;
+          if (!this._digest) {
+            const hash2 = yield hasher(this.encode(), alg);
+            this._digest = Uint8ArrayToBase64Url(hash2);
+          }
+          return this._digest;
+        });
+      }
+      digestSync(hash) {
+        const { hasher, alg } = hash;
+        if (!this._digest) {
+          const hash2 = hasher(this.encode(), alg);
+          this._digest = Uint8ArrayToBase64Url(hash2);
+        }
+        return this._digest;
+      }
+    };
+  }
+});
+
+// src/index.ts
+var import_dist = __toESM(require_dist());
+import { SDJwtInstance } from "@sd-jwt/core";
+var SDJwtVcInstance = class extends SDJwtInstance {
+  constructor() {
+    super(...arguments);
+    this.type = "sd-jwt-vc";
+  }
+  validateReservedFields(disclosureFrame) {
+    if ((disclosureFrame == null ? void 0 : disclosureFrame._sd) && Array.isArray(disclosureFrame._sd) && disclosureFrame._sd.length > 0) {
+      const reservedNames = [
+        "iss",
+        "iat",
+        "nbf",
+        "exp",
+        "cnf",
+        "vct",
+        "status"
+      ];
+      const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter((key) => reservedNames.includes(key));
+      if (reservedNamesInDisclosureFrame.length > 0) {
+        throw new import_dist.SDJWTException("Cannot disclose protected field");
+      }
+    }
+  }
+};
+export {
+  SDJwtVcInstance
+};

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@sd-jwt/sd-jwt-vc",
+  "version": "0.3.2-next.94+32af6cf",
+  "description": "sd-jwt draft 7 implementation in typescript",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "rm -rf **/dist && tsup",
+    "lint": "biome lint ./src",
+    "test": "pnpm run test:node && pnpm run test:browser && pnpm run test:e2e && pnpm run test:cov",
+    "test:node": "vitest run ./src/test/*.spec.ts && vitest run ./src/test/*.spec.ts --environment jsdom",
+    "test:browser": "vitest run ./src/test/*.spec.ts --environment jsdom",
+    "test:e2e": "vitest run ./test/*e2e.spec.ts --environment node",
+    "test:cov": "vitest run --coverage"
+  },
+  "keywords": [
+    "sd-jwt",
+    "sdjwt",
+    "sd-jwt-vc"
+  ],
+  "engines": {
+    "node": ">=16"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/openwallet-foundation-labs/sd-jwt-js"
+  },
+  "author": "Lukas.J.Han <lukas.j.han@gmail.com>",
+  "homepage": "https://github.com/openwallet-foundation-labs/sd-jwt-js/wiki",
+  "bugs": {
+    "url": "https://github.com/openwallet-foundation-labs/sd-jwt-js/issues"
+  },
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@sd-jwt/core": "0.3.2-next.94+32af6cf"
+  },
+  "devDependencies": {
+    "@sd-jwt/crypto-nodejs": "0.3.2-next.94+32af6cf",
+    "@sd-jwt/types": "0.3.2-next.94+32af6cf"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "tsup": {
+    "entry": [
+      "./src/index.ts"
+    ],
+    "sourceMap": true,
+    "splitting": false,
+    "clean": true,
+    "dts": true,
+    "format": [
+      "cjs",
+      "esm"
+    ]
+  },
+  "gitHead": "32af6cfa150fceb440fc9225bcaf2791a6aeee90"
+}

package/src/index.ts

@@ -0,0 +1,55 @@
+import { SDJwt, SDJwtInstance, SdJwtPayload } from '@sd-jwt/core';
+import { DisclosureFrame } from '@sd-jwt/types';
+import { SDJWTException } from '../../utils/dist';
+
+export interface SdJwtVcPayload extends SdJwtPayload {
+  // The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
+  iss: string;
+  // The time of issuance of the Verifiable Credential. See [RFC7519] for more information.
+  iat: number;
+  // OPTIONAL. The time before which the Verifiable Credential MUST NOT be accepted before validating. See [RFC7519] for more information.
+  nbf?: number;
+  //OPTIONAL. The expiry time of the Verifiable Credential after which the Verifiable Credential is no longer valid. See [RFC7519] for more information.
+  exp?: number;
+  // REQUIRED when Cryptographic Key Binding is to be supported. Contains the confirmation method as defined in [RFC7800]. It is RECOMMENDED that this contains a JWK as defined in Section 3.2 of [RFC7800]. For Cryptographic Key Binding, the Key Binding JWT in the Combined Format for Presentation MUST be signed by the key identified in this claim.
+  cnf?: unknown;
+  //REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
+  vct: string;
+  // OPTIONAL. The information on how to read the status of the Verifiable Credential. See [I-D.looker-oauth-jwt-cwt-status-list] for more information.
+  status?: unknown;
+
+  //The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
+  sub?: string;
+}
+
+export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
+  protected type = 'sd-jwt-vc';
+
+  protected validateReservedFields(
+    disclosureFrame: DisclosureFrame<SdJwtVcPayload>,
+  ): void {
+    //validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2
+    if (
+      disclosureFrame?._sd &&
+      Array.isArray(disclosureFrame._sd) &&
+      disclosureFrame._sd.length > 0
+    ) {
+      const reservedNames = [
+        'iss',
+        'iat',
+        'nbf',
+        'exp',
+        'cnf',
+        'vct',
+        'status',
+      ];
+      // check if there is any reserved names in the disclosureFrame._sd array
+      const reservedNamesInDisclosureFrame = (
+        disclosureFrame._sd as string[]
+      ).filter((key) => reservedNames.includes(key));
+      if (reservedNamesInDisclosureFrame.length > 0) {
+        throw new SDJWTException('Cannot disclose protected field');
+      }
+    }
+  }
+}