@sd-jwt/sd-jwt-vc 0.6.0 → 0.6.1-next.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +15 -23
- package/dist/index.mjs +15 -23
- package/package.json +5 -5
- package/src/index.ts +3 -11
- package/src/sd-jwt-vc-payload.ts +7 -7
- package/test/app-e2e.spec.ts +2 -2
package/dist/index.d.mts
CHANGED
|
@@ -3,13 +3,13 @@ import { DisclosureFrame } from '@sd-jwt/types';
|
|
|
3
3
|
|
|
4
4
|
interface SdJwtVcPayload extends SdJwtPayload {
|
|
5
5
|
iss: string;
|
|
6
|
-
iat: number;
|
|
7
6
|
nbf?: number;
|
|
8
7
|
exp?: number;
|
|
9
8
|
cnf?: unknown;
|
|
10
9
|
vct: string;
|
|
11
10
|
status?: unknown;
|
|
12
11
|
sub?: string;
|
|
12
|
+
iat?: number;
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
|
package/dist/index.d.ts
CHANGED
|
@@ -3,13 +3,13 @@ import { DisclosureFrame } from '@sd-jwt/types';
|
|
|
3
3
|
|
|
4
4
|
interface SdJwtVcPayload extends SdJwtPayload {
|
|
5
5
|
iss: string;
|
|
6
|
-
iat: number;
|
|
7
6
|
nbf?: number;
|
|
8
7
|
exp?: number;
|
|
9
8
|
cnf?: unknown;
|
|
10
9
|
vct: string;
|
|
11
10
|
status?: unknown;
|
|
12
11
|
sub?: string;
|
|
12
|
+
iat?: number;
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
|
package/dist/index.js
CHANGED
|
@@ -325,17 +325,17 @@ var require_dist = __commonJS({
|
|
|
325
325
|
};
|
|
326
326
|
var src_exports2 = {};
|
|
327
327
|
__export2(src_exports2, {
|
|
328
|
-
Base64urlDecode: () => Base64urlDecode,
|
|
329
|
-
Base64urlEncode: () => Base64urlEncode,
|
|
330
328
|
Disclosure: () => Disclosure,
|
|
331
329
|
SDJWTException: () => SDJWTException2,
|
|
332
|
-
|
|
330
|
+
base64urlDecode: () => base64urlDecode,
|
|
331
|
+
base64urlEncode: () => base64urlEncode,
|
|
332
|
+
uint8ArrayToBase64Url: () => uint8ArrayToBase64Url
|
|
333
333
|
});
|
|
334
334
|
module2.exports = __toCommonJS2(src_exports2);
|
|
335
335
|
var import_js_base64 = require_base64();
|
|
336
|
-
var
|
|
337
|
-
var
|
|
338
|
-
var
|
|
336
|
+
var base64urlEncode = import_js_base64.Base64.encodeURI;
|
|
337
|
+
var base64urlDecode = import_js_base64.Base64.decode;
|
|
338
|
+
var uint8ArrayToBase64Url = (input) => import_js_base64.Base64.fromUint8Array(input, true);
|
|
339
339
|
var SDJWTException2 = class _SDJWTException extends Error {
|
|
340
340
|
constructor(message, details) {
|
|
341
341
|
super(message);
|
|
@@ -371,16 +371,16 @@ var require_dist = __commonJS({
|
|
|
371
371
|
return __async(this, null, function* () {
|
|
372
372
|
const { hasher, alg } = hash;
|
|
373
373
|
const digest = yield hasher(s, alg);
|
|
374
|
-
const digestStr =
|
|
375
|
-
const item = JSON.parse(
|
|
374
|
+
const digestStr = uint8ArrayToBase64Url(digest);
|
|
375
|
+
const item = JSON.parse(base64urlDecode(s));
|
|
376
376
|
return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
|
|
377
377
|
});
|
|
378
378
|
}
|
|
379
379
|
static fromEncodeSync(s, hash) {
|
|
380
380
|
const { hasher, alg } = hash;
|
|
381
381
|
const digest = hasher(s, alg);
|
|
382
|
-
const digestStr =
|
|
383
|
-
const item = JSON.parse(
|
|
382
|
+
const digestStr = uint8ArrayToBase64Url(digest);
|
|
383
|
+
const item = JSON.parse(base64urlDecode(s));
|
|
384
384
|
return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
|
|
385
385
|
}
|
|
386
386
|
static fromArray(item, _meta) {
|
|
@@ -388,7 +388,7 @@ var require_dist = __commonJS({
|
|
|
388
388
|
}
|
|
389
389
|
encode() {
|
|
390
390
|
if (!this._encoded) {
|
|
391
|
-
this._encoded =
|
|
391
|
+
this._encoded = base64urlEncode(JSON.stringify(this.decode()));
|
|
392
392
|
}
|
|
393
393
|
return this._encoded;
|
|
394
394
|
}
|
|
@@ -400,7 +400,7 @@ var require_dist = __commonJS({
|
|
|
400
400
|
const { hasher, alg } = hash;
|
|
401
401
|
if (!this._digest) {
|
|
402
402
|
const hash2 = yield hasher(this.encode(), alg);
|
|
403
|
-
this._digest =
|
|
403
|
+
this._digest = uint8ArrayToBase64Url(hash2);
|
|
404
404
|
}
|
|
405
405
|
return this._digest;
|
|
406
406
|
});
|
|
@@ -409,7 +409,7 @@ var require_dist = __commonJS({
|
|
|
409
409
|
const { hasher, alg } = hash;
|
|
410
410
|
if (!this._digest) {
|
|
411
411
|
const hash2 = hasher(this.encode(), alg);
|
|
412
|
-
this._digest =
|
|
412
|
+
this._digest = uint8ArrayToBase64Url(hash2);
|
|
413
413
|
}
|
|
414
414
|
return this._digest;
|
|
415
415
|
}
|
|
@@ -431,7 +431,7 @@ var SDJwtVcInstance = class extends import_core.SDJwtInstance {
|
|
|
431
431
|
/**
|
|
432
432
|
* The type of the SD-JWT-VC set in the header.typ field.
|
|
433
433
|
*/
|
|
434
|
-
this.type = "sd-jwt
|
|
434
|
+
this.type = "vc+sd-jwt";
|
|
435
435
|
}
|
|
436
436
|
/**
|
|
437
437
|
* Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
|
|
@@ -439,15 +439,7 @@ var SDJwtVcInstance = class extends import_core.SDJwtInstance {
|
|
|
439
439
|
*/
|
|
440
440
|
validateReservedFields(disclosureFrame) {
|
|
441
441
|
if ((disclosureFrame == null ? void 0 : disclosureFrame._sd) && Array.isArray(disclosureFrame._sd) && disclosureFrame._sd.length > 0) {
|
|
442
|
-
const reservedNames = [
|
|
443
|
-
"iss",
|
|
444
|
-
"iat",
|
|
445
|
-
"nbf",
|
|
446
|
-
"exp",
|
|
447
|
-
"cnf",
|
|
448
|
-
"vct",
|
|
449
|
-
"status"
|
|
450
|
-
];
|
|
442
|
+
const reservedNames = ["iss", "nbf", "exp", "cnf", "vct", "status"];
|
|
451
443
|
const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter((key) => reservedNames.includes(key));
|
|
452
444
|
if (reservedNamesInDisclosureFrame.length > 0) {
|
|
453
445
|
throw new import_dist.SDJWTException("Cannot disclose protected field");
|
package/dist/index.mjs
CHANGED
|
@@ -319,17 +319,17 @@ var require_dist = __commonJS({
|
|
|
319
319
|
};
|
|
320
320
|
var src_exports = {};
|
|
321
321
|
__export(src_exports, {
|
|
322
|
-
Base64urlDecode: () => Base64urlDecode,
|
|
323
|
-
Base64urlEncode: () => Base64urlEncode,
|
|
324
322
|
Disclosure: () => Disclosure,
|
|
325
323
|
SDJWTException: () => SDJWTException2,
|
|
326
|
-
|
|
324
|
+
base64urlDecode: () => base64urlDecode,
|
|
325
|
+
base64urlEncode: () => base64urlEncode,
|
|
326
|
+
uint8ArrayToBase64Url: () => uint8ArrayToBase64Url
|
|
327
327
|
});
|
|
328
328
|
module.exports = __toCommonJS(src_exports);
|
|
329
329
|
var import_js_base64 = require_base64();
|
|
330
|
-
var
|
|
331
|
-
var
|
|
332
|
-
var
|
|
330
|
+
var base64urlEncode = import_js_base64.Base64.encodeURI;
|
|
331
|
+
var base64urlDecode = import_js_base64.Base64.decode;
|
|
332
|
+
var uint8ArrayToBase64Url = (input) => import_js_base64.Base64.fromUint8Array(input, true);
|
|
333
333
|
var SDJWTException2 = class _SDJWTException extends Error {
|
|
334
334
|
constructor(message, details) {
|
|
335
335
|
super(message);
|
|
@@ -365,16 +365,16 @@ var require_dist = __commonJS({
|
|
|
365
365
|
return __async(this, null, function* () {
|
|
366
366
|
const { hasher, alg } = hash;
|
|
367
367
|
const digest = yield hasher(s, alg);
|
|
368
|
-
const digestStr =
|
|
369
|
-
const item = JSON.parse(
|
|
368
|
+
const digestStr = uint8ArrayToBase64Url(digest);
|
|
369
|
+
const item = JSON.parse(base64urlDecode(s));
|
|
370
370
|
return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
|
|
371
371
|
});
|
|
372
372
|
}
|
|
373
373
|
static fromEncodeSync(s, hash) {
|
|
374
374
|
const { hasher, alg } = hash;
|
|
375
375
|
const digest = hasher(s, alg);
|
|
376
|
-
const digestStr =
|
|
377
|
-
const item = JSON.parse(
|
|
376
|
+
const digestStr = uint8ArrayToBase64Url(digest);
|
|
377
|
+
const item = JSON.parse(base64urlDecode(s));
|
|
378
378
|
return _Disclosure.fromArray(item, { digest: digestStr, encoded: s });
|
|
379
379
|
}
|
|
380
380
|
static fromArray(item, _meta) {
|
|
@@ -382,7 +382,7 @@ var require_dist = __commonJS({
|
|
|
382
382
|
}
|
|
383
383
|
encode() {
|
|
384
384
|
if (!this._encoded) {
|
|
385
|
-
this._encoded =
|
|
385
|
+
this._encoded = base64urlEncode(JSON.stringify(this.decode()));
|
|
386
386
|
}
|
|
387
387
|
return this._encoded;
|
|
388
388
|
}
|
|
@@ -394,7 +394,7 @@ var require_dist = __commonJS({
|
|
|
394
394
|
const { hasher, alg } = hash;
|
|
395
395
|
if (!this._digest) {
|
|
396
396
|
const hash2 = yield hasher(this.encode(), alg);
|
|
397
|
-
this._digest =
|
|
397
|
+
this._digest = uint8ArrayToBase64Url(hash2);
|
|
398
398
|
}
|
|
399
399
|
return this._digest;
|
|
400
400
|
});
|
|
@@ -403,7 +403,7 @@ var require_dist = __commonJS({
|
|
|
403
403
|
const { hasher, alg } = hash;
|
|
404
404
|
if (!this._digest) {
|
|
405
405
|
const hash2 = hasher(this.encode(), alg);
|
|
406
|
-
this._digest =
|
|
406
|
+
this._digest = uint8ArrayToBase64Url(hash2);
|
|
407
407
|
}
|
|
408
408
|
return this._digest;
|
|
409
409
|
}
|
|
@@ -420,7 +420,7 @@ var SDJwtVcInstance = class extends SDJwtInstance {
|
|
|
420
420
|
/**
|
|
421
421
|
* The type of the SD-JWT-VC set in the header.typ field.
|
|
422
422
|
*/
|
|
423
|
-
this.type = "sd-jwt
|
|
423
|
+
this.type = "vc+sd-jwt";
|
|
424
424
|
}
|
|
425
425
|
/**
|
|
426
426
|
* Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
|
|
@@ -428,15 +428,7 @@ var SDJwtVcInstance = class extends SDJwtInstance {
|
|
|
428
428
|
*/
|
|
429
429
|
validateReservedFields(disclosureFrame) {
|
|
430
430
|
if ((disclosureFrame == null ? void 0 : disclosureFrame._sd) && Array.isArray(disclosureFrame._sd) && disclosureFrame._sd.length > 0) {
|
|
431
|
-
const reservedNames = [
|
|
432
|
-
"iss",
|
|
433
|
-
"iat",
|
|
434
|
-
"nbf",
|
|
435
|
-
"exp",
|
|
436
|
-
"cnf",
|
|
437
|
-
"vct",
|
|
438
|
-
"status"
|
|
439
|
-
];
|
|
431
|
+
const reservedNames = ["iss", "nbf", "exp", "cnf", "vct", "status"];
|
|
440
432
|
const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter((key) => reservedNames.includes(key));
|
|
441
433
|
if (reservedNamesInDisclosureFrame.length > 0) {
|
|
442
434
|
throw new import_dist.SDJWTException("Cannot disclose protected field");
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sd-jwt/sd-jwt-vc",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.1-next.6+f8db275",
|
|
4
4
|
"description": "sd-jwt draft 7 implementation in typescript",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.mjs",
|
|
@@ -39,11 +39,11 @@
|
|
|
39
39
|
},
|
|
40
40
|
"license": "Apache-2.0",
|
|
41
41
|
"dependencies": {
|
|
42
|
-
"@sd-jwt/core": "0.6.
|
|
42
|
+
"@sd-jwt/core": "0.6.1-next.6+f8db275"
|
|
43
43
|
},
|
|
44
44
|
"devDependencies": {
|
|
45
|
-
"@sd-jwt/crypto-nodejs": "0.6.
|
|
46
|
-
"@sd-jwt/types": "0.6.
|
|
45
|
+
"@sd-jwt/crypto-nodejs": "0.6.1-next.6+f8db275",
|
|
46
|
+
"@sd-jwt/types": "0.6.1-next.6+f8db275"
|
|
47
47
|
},
|
|
48
48
|
"publishConfig": {
|
|
49
49
|
"access": "public"
|
|
@@ -61,5 +61,5 @@
|
|
|
61
61
|
"esm"
|
|
62
62
|
]
|
|
63
63
|
},
|
|
64
|
-
"gitHead": "
|
|
64
|
+
"gitHead": "f8db275690dab88000a039838680a3478b3b61ec"
|
|
65
65
|
}
|
package/src/index.ts
CHANGED
|
@@ -9,7 +9,7 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
|
|
|
9
9
|
/**
|
|
10
10
|
* The type of the SD-JWT-VC set in the header.typ field.
|
|
11
11
|
*/
|
|
12
|
-
protected type = 'sd-jwt
|
|
12
|
+
protected type = 'vc+sd-jwt';
|
|
13
13
|
|
|
14
14
|
/**
|
|
15
15
|
* Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
|
|
@@ -18,21 +18,13 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
|
|
|
18
18
|
protected validateReservedFields(
|
|
19
19
|
disclosureFrame: DisclosureFrame<SdJwtVcPayload>,
|
|
20
20
|
): void {
|
|
21
|
-
//validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-
|
|
21
|
+
//validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-03.html#section-3.2.2.2
|
|
22
22
|
if (
|
|
23
23
|
disclosureFrame?._sd &&
|
|
24
24
|
Array.isArray(disclosureFrame._sd) &&
|
|
25
25
|
disclosureFrame._sd.length > 0
|
|
26
26
|
) {
|
|
27
|
-
const reservedNames = [
|
|
28
|
-
'iss',
|
|
29
|
-
'iat',
|
|
30
|
-
'nbf',
|
|
31
|
-
'exp',
|
|
32
|
-
'cnf',
|
|
33
|
-
'vct',
|
|
34
|
-
'status',
|
|
35
|
-
];
|
|
27
|
+
const reservedNames = ['iss', 'nbf', 'exp', 'cnf', 'vct', 'status'];
|
|
36
28
|
// check if there is any reserved names in the disclosureFrame._sd array
|
|
37
29
|
const reservedNamesInDisclosureFrame = (
|
|
38
30
|
disclosureFrame._sd as string[]
|
package/src/sd-jwt-vc-payload.ts
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
import type { SdJwtPayload } from '@sd-jwt/core';
|
|
2
2
|
|
|
3
3
|
export interface SdJwtVcPayload extends SdJwtPayload {
|
|
4
|
-
// The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
|
|
4
|
+
// REQUIRED. The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
|
|
5
5
|
iss: string;
|
|
6
|
-
// The time of issuance of the Verifiable Credential. See [RFC7519] for more information.
|
|
7
|
-
iat: number;
|
|
8
6
|
// OPTIONAL. The time before which the Verifiable Credential MUST NOT be accepted before validating. See [RFC7519] for more information.
|
|
9
7
|
nbf?: number;
|
|
10
|
-
//OPTIONAL. The expiry time of the Verifiable Credential after which the Verifiable Credential is no longer valid. See [RFC7519] for more information.
|
|
8
|
+
// OPTIONAL. The expiry time of the Verifiable Credential after which the Verifiable Credential is no longer valid. See [RFC7519] for more information.
|
|
11
9
|
exp?: number;
|
|
12
|
-
//
|
|
10
|
+
// OPTIONAL unless cryptographic Key Binding is to be supported, in which case it is REQUIRED. Contains the confirmation method identifying the proof of possession key as defined in [RFC7800]. It is RECOMMENDED that this contains a JWK as defined in Section 3.2 of [RFC7800]. For proof of cryptographic Key Binding, the Key Binding JWT in the presentation of the SD-JWT MUST be signed by the key identified in this claim.
|
|
13
11
|
cnf?: unknown;
|
|
14
|
-
//REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
|
|
12
|
+
// REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
|
|
15
13
|
vct: string;
|
|
16
14
|
// OPTIONAL. The information on how to read the status of the Verifiable Credential. See [I-D.looker-oauth-jwt-cwt-status-list] for more information.
|
|
17
15
|
status?: unknown;
|
|
18
16
|
|
|
19
|
-
//The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
|
|
17
|
+
// OPTIONAL. The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
|
|
20
18
|
sub?: string;
|
|
19
|
+
// OPTIONAL. The time of issuance of the Verifiable Credential. See [RFC7519] for more information.
|
|
20
|
+
iat?: number;
|
|
21
21
|
}
|
package/test/app-e2e.spec.ts
CHANGED
|
@@ -232,7 +232,7 @@ async function JSONtest(filename: string) {
|
|
|
232
232
|
|
|
233
233
|
expect(validated).toBeDefined();
|
|
234
234
|
expect(validated).toStrictEqual({
|
|
235
|
-
header: { alg: 'EdDSA', typ: 'sd-jwt
|
|
235
|
+
header: { alg: 'EdDSA', typ: 'vc+sd-jwt' },
|
|
236
236
|
payload,
|
|
237
237
|
});
|
|
238
238
|
|
|
@@ -256,7 +256,7 @@ async function JSONtest(filename: string) {
|
|
|
256
256
|
|
|
257
257
|
expect(verified).toBeDefined();
|
|
258
258
|
expect(verified).toStrictEqual({
|
|
259
|
-
header: { alg: 'EdDSA', typ: 'sd-jwt
|
|
259
|
+
header: { alg: 'EdDSA', typ: 'vc+sd-jwt' },
|
|
260
260
|
payload,
|
|
261
261
|
});
|
|
262
262
|
}
|