@solidus-network/sdk 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -2
- package/dist/index.js.map +1 -1
- package/dist/sdjwt/index.d.ts +5 -1
- package/dist/sdjwt/index.d.ts.map +1 -1
- package/dist/sdjwt/index.js +3 -0
- package/dist/sdjwt/index.js.map +1 -1
- package/dist/sdjwt/issue.d.ts.map +1 -1
- package/dist/sdjwt/issue.js +49 -8
- package/dist/sdjwt/issue.js.map +1 -1
- package/dist/sdjwt/present.d.ts +15 -0
- package/dist/sdjwt/present.d.ts.map +1 -0
- package/dist/sdjwt/present.js +80 -0
- package/dist/sdjwt/present.js.map +1 -0
- package/dist/sdjwt/signer.d.ts +16 -0
- package/dist/sdjwt/signer.d.ts.map +1 -1
- package/dist/sdjwt/signer.js +27 -0
- package/dist/sdjwt/signer.js.map +1 -1
- package/dist/sdjwt/status-list.d.ts +61 -0
- package/dist/sdjwt/status-list.d.ts.map +1 -0
- package/dist/sdjwt/status-list.js +63 -0
- package/dist/sdjwt/status-list.js.map +1 -0
- package/dist/sdjwt/types.d.ts +96 -5
- package/dist/sdjwt/types.d.ts.map +1 -1
- package/dist/sdjwt/verify.d.ts +17 -4
- package/dist/sdjwt/verify.d.ts.map +1 -1
- package/dist/sdjwt/verify.js +171 -22
- package/dist/sdjwt/verify.js.map +1 -1
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
|
@@ -4,10 +4,11 @@ export type { DID, DIDDocument, VerifiableCredential, IssueCredentialParams, Ver
|
|
|
4
4
|
export { runMigrations, closeConnection } from './stub/db.js';
|
|
5
5
|
export { generateKeypair, decodePublicKey } from './stub/crypto.js';
|
|
6
6
|
export type { ChainConfig } from './chain/index.js';
|
|
7
|
+
export { createChainClient } from './chain/index.js';
|
|
7
8
|
export type { BbsDisclosedMessage, BbsCredentialProofResult, BbsCredentialRecord, } from './chain/bbs.js';
|
|
8
9
|
export { utf8ToHex, toHex } from './chain/bbs.js';
|
|
9
|
-
export { issueSdJwtVc, verifySdJwtVc, } from './sdjwt/index.js';
|
|
10
|
-
export type { IssueSdJwtVcParams, IssuedSdJwtVc, VerifySdJwtVcParams, VerificationResult as SdJwtVerificationResult, } from './sdjwt/index.js';
|
|
10
|
+
export { issueSdJwtVc, verifySdJwtVc, presentSdJwtVc, createStatusListJwt, ed25519PublicKeyToJwk, ed25519PublicKeyFromJwk, } from './sdjwt/index.js';
|
|
11
|
+
export type { IssueSdJwtVcParams, IssuedSdJwtVc, VerifySdJwtVcParams, PresentSdJwtVcParams, PresentationResult, CreateStatusListJwtParams, Ed25519Jwk, VerificationResult as SdJwtVerificationResult, } from './sdjwt/index.js';
|
|
11
12
|
export interface SolidusSDK {
|
|
12
13
|
did: {
|
|
13
14
|
create(publicKey: string): Promise<DID>;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,GAAG,EAAE,WAAW,EAAE,oBAAoB,EACtC,qBAAqB,EAAE,kBAAkB,EAAE,UAAU,EACtD,MAAM,gBAAgB,CAAA;AAKvB,OAAO,KAAK,EACV,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,gBAAgB,CAAA;AAEvB,YAAY,EACV,GAAG,EAAE,WAAW,EAAE,oBAAoB,EACtC,qBAAqB,EAAE,kBAAkB,EAAE,UAAU,GACtD,CAAA;AACD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AACnE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,YAAY,EACV,mBAAmB,EACnB,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,GAAG,EAAE,WAAW,EAAE,oBAAoB,EACtC,qBAAqB,EAAE,kBAAkB,EAAE,UAAU,EACtD,MAAM,gBAAgB,CAAA;AAKvB,OAAO,KAAK,EACV,mBAAmB,EACnB,wBAAwB,EAEzB,MAAM,gBAAgB,CAAA;AAEvB,YAAY,EACV,GAAG,EAAE,WAAW,EAAE,oBAAoB,EACtC,qBAAqB,EAAE,kBAAkB,EAAE,UAAU,GACtD,CAAA;AACD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AACnE,YAAY,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AACpD,YAAY,EACV,mBAAmB,EACnB,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAMjD,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAA;AACzB,YAAY,EACV,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,UAAU,EACV,kBAAkB,IAAI,uBAAuB,GAC9C,MAAM,kBAAkB,CAAA;AAEzB,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE;QACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAA;QACvC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;QACjD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;KAC1D,CAAA;IACD,WAAW,EAAE;QACX,KAAK,CAAC,MAAM,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;QACnE,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;QACjD,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QAC9D,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAA;KAC3D,CAAA;IACD,IAAI,EAAE;QACJ,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;QAChD,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;KACvF,CAAA;IACD;;;OAGG;IACH,GAAG,CAAC,EAAE;QACJ,eAAe,CAAC,MAAM,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAA;YACxB,UAAU,EAAE,MAAM,CAAA;YAClB,cAAc,EAAE,MAAM,CAAA;YACtB,WAAW,EAAE,UAAU,CAAA;YACvB,SAAS,EAAE,UAAU,CAAA;YACrB,eAAe,EAAE,MAAM,CAAA;SACxB,GAAG,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,YAAY,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,CAAC,CAAA;QACvE,WAAW,CAAC,MAAM,EAAE;YAClB,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,EAAE,MAAM,CAAA;YACjB,SAAS,CAAC,EAAE,MAAM,CAAA;YAClB,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,iBAAiB,EAAE,mBAAmB,EAAE,CAAA;YACxC,iBAAiB,EAAE,MAAM,CAAA;SAC1B,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;QACpB,qBAAqB,CAAC,MAAM,EAAE;YAC5B,YAAY,EAAE,MAAM,CAAA;YACpB,QAAQ,EAAE,MAAM,CAAA;YAChB,SAAS,CAAC,EAAE,MAAM,CAAA;YAClB,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,iBAAiB,EAAE,mBAAmB,EAAE,CAAA;SACzC,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAA;KACtC,CAAA;CACF;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAAA;IACpC,8EAA8E;IAC9E,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,gEAAgE;IAChE,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAkCD,wBAAgB,SAAS,CAAC,MAAM,EAAE,aAAa,GAAG,UAAU,CAiB3D"}
|
package/dist/index.js
CHANGED
|
@@ -5,10 +5,13 @@ import { getSql } from './stub/db.js';
|
|
|
5
5
|
import { createChainClient } from './chain/index.js';
|
|
6
6
|
export { runMigrations, closeConnection } from './stub/db.js';
|
|
7
7
|
export { generateKeypair, decodePublicKey } from './stub/crypto.js';
|
|
8
|
+
export { createChainClient } from './chain/index.js';
|
|
8
9
|
export { utf8ToHex, toHex } from './chain/bbs.js';
|
|
9
10
|
// SD-JWT VC (selective-disclosure JWT, VC profile) — required for
|
|
10
|
-
// EUDI Wallet interop.
|
|
11
|
-
|
|
11
|
+
// EUDI Wallet interop.
|
|
12
|
+
// Phase 1: issue + verify on flat subjects.
|
|
13
|
+
// Phase 2: holder presentation API + Key-Binding JWT.
|
|
14
|
+
export { issueSdJwtVc, verifySdJwtVc, presentSdJwtVc, createStatusListJwt, ed25519PublicKeyToJwk, ed25519PublicKeyFromJwk, } from './sdjwt/index.js';
|
|
12
15
|
function createStubSdk() {
|
|
13
16
|
return {
|
|
14
17
|
did: {
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAKxC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AACpE,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAChH,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAoB,MAAM,kBAAkB,CAAA;AAWtE,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAKxC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AACpE,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAChH,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAoB,MAAM,kBAAkB,CAAA;AAWtE,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAEnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAMpD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAEjD,kEAAkE;AAClE,uBAAuB;AACvB,8CAA8C;AAC9C,wDAAwD;AACxD,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,kBAAkB,CAAA;AAmEzB,SAAS,aAAa;IACpB,OAAO;QACL,GAAG,EAAE;YACH,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,UAAU;YACnB,UAAU,EAAE,aAAa;SAC1B;QACD,WAAW,EAAE;YACX,KAAK,EAAE,gBAAgB;YACvB,MAAM,EAAE,iBAAiB;YACzB,MAAM,EAAE,iBAAiB;YACzB,KAAK,EAAE,gBAAgB;SACxB;QACD,IAAI,EAAE;YACJ,KAAK,CAAC,eAAe,CAAC,MAAc;gBAClC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAA;gBACpB,MAAM,SAAS,GAAG,UAAU,EAAE,CAAA;gBAC9B,MAAM,GAAG,CAAA,2DAA2D,SAAS,KAAK,MAAM,GAAG,CAAA;gBAC3F,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,KAAK,CAAC,kBAAkB,CACtB,GAAW,EACX,UAAkB,EAClB,OAAe;gBAEf,qDAAqD;gBACrD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;YACpC,CAAC;SACF;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAAqB;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,CAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAgD,IAAI,MAAM,CAAC,CAAA;IAEvH,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,SAAS,CAAC;QACf,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,uBAAuB,CAAA;YACzF,MAAM,SAAS,GAAG,MAAM,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAA;YACpF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;YAC3F,CAAC;YACD,OAAO,iBAAiB,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;QAClF,CAAC;QACD,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,aAAa,EAAE,CAAA;IAC1B,CAAC;AACH,CAAC"}
|
package/dist/sdjwt/index.d.ts
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
|
-
export type { IssueSdJwtVcParams, IssuedSdJwtVc, VerifySdJwtVcParams, VerificationResult, } from './types.js';
|
|
1
|
+
export type { IssueSdJwtVcParams, IssuedSdJwtVc, VerifySdJwtVcParams, VerificationResult, PresentSdJwtVcParams, PresentationResult, } from './types.js';
|
|
2
2
|
export { issueSdJwtVc } from './issue.js';
|
|
3
3
|
export { verifySdJwtVc } from './verify.js';
|
|
4
|
+
export { presentSdJwtVc } from './present.js';
|
|
5
|
+
export { createStatusListJwt } from './status-list.js';
|
|
6
|
+
export type { CreateStatusListJwtParams } from './status-list.js';
|
|
7
|
+
export { ed25519PublicKeyToJwk, ed25519PublicKeyFromJwk, type Ed25519Jwk, } from './signer.js';
|
|
4
8
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sdjwt/index.ts"],"names":[],"mappings":"AAGA,YAAY,EACV,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,YAAY,CAAA;AAEnB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sdjwt/index.ts"],"names":[],"mappings":"AAGA,YAAY,EACV,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,YAAY,CAAA;AAEnB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AACtD,YAAY,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAA;AACjE,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,UAAU,GAChB,MAAM,aAAa,CAAA"}
|
package/dist/sdjwt/index.js
CHANGED
|
@@ -2,4 +2,7 @@
|
|
|
2
2
|
// See `.claude/plans/2026-05-09-sdjwt-vc-implementation.md`.
|
|
3
3
|
export { issueSdJwtVc } from './issue.js';
|
|
4
4
|
export { verifySdJwtVc } from './verify.js';
|
|
5
|
+
export { presentSdJwtVc } from './present.js';
|
|
6
|
+
export { createStatusListJwt } from './status-list.js';
|
|
7
|
+
export { ed25519PublicKeyToJwk, ed25519PublicKeyFromJwk, } from './signer.js';
|
|
5
8
|
//# sourceMappingURL=index.js.map
|
package/dist/sdjwt/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdjwt/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AACrC,6DAA6D;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sdjwt/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AACrC,6DAA6D;AAW7D,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAEtD,OAAO,EACL,qBAAqB,EACrB,uBAAuB,GAExB,MAAM,aAAa,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"issue.d.ts","sourceRoot":"","sources":["../../src/sdjwt/issue.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"issue.d.ts","sourceRoot":"","sources":["../../src/sdjwt/issue.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAYH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAuDnE,wBAAsB,YAAY,CAChC,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,aAAa,CAAC,CA+ExB"}
|
package/dist/sdjwt/issue.js
CHANGED
|
@@ -9,15 +9,44 @@
|
|
|
9
9
|
*/
|
|
10
10
|
import { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
|
|
11
11
|
import * as ed from '@noble/ed25519';
|
|
12
|
-
import { makeEd25519Signer, sdJwtHasher, sdJwtSaltGenerator, } from './signer.js';
|
|
12
|
+
import { ed25519PublicKeyToJwk, makeEd25519Signer, sdJwtHasher, sdJwtSaltGenerator, } from './signer.js';
|
|
13
|
+
/**
|
|
14
|
+
* Build a sd-jwt-js DisclosureFrame from a list of disclosable claim
|
|
15
|
+
* paths (Phase 2c). Each path is a dot-separated string like
|
|
16
|
+
* `address.street`. The resulting frame is recursive — nested `_sd`
|
|
17
|
+
* arrays per object level — matching sd-jwt-js's DisclosureFrame type.
|
|
18
|
+
*
|
|
19
|
+
* Default behaviour (when `disclosable` is undefined): every top-level
|
|
20
|
+
* key except `id` is disclosable. Nested objects are NOT auto-expanded
|
|
21
|
+
* — callers who want nested disclosure must pass explicit paths.
|
|
22
|
+
*/
|
|
13
23
|
function buildDisclosureFrame(subject, disclosable) {
|
|
14
|
-
|
|
15
|
-
//
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
24
|
+
const paths = disclosable ?? Object.keys(subject).filter((k) => k !== 'id');
|
|
25
|
+
// Flat fast path: no dotted paths → original Phase 1 behaviour.
|
|
26
|
+
if (paths.every((p) => !p.includes('.'))) {
|
|
27
|
+
return { _sd: paths };
|
|
28
|
+
}
|
|
29
|
+
const root = { _sd: [] };
|
|
30
|
+
for (const path of paths) {
|
|
31
|
+
const segments = path.split('.');
|
|
32
|
+
let cursor = root;
|
|
33
|
+
for (let i = 0; i < segments.length; i++) {
|
|
34
|
+
const seg = segments[i];
|
|
35
|
+
if (i === segments.length - 1) {
|
|
36
|
+
cursor._sd.push(seg);
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
const existing = cursor[seg];
|
|
40
|
+
if (existing === undefined ||
|
|
41
|
+
Array.isArray(existing) ||
|
|
42
|
+
seg === '_sd') {
|
|
43
|
+
cursor[seg] = { _sd: [] };
|
|
44
|
+
}
|
|
45
|
+
cursor = cursor[seg];
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
return root;
|
|
21
50
|
}
|
|
22
51
|
export async function issueSdJwtVc(params) {
|
|
23
52
|
if (params.issuerPrivateKey.length !== 32) {
|
|
@@ -58,6 +87,18 @@ export async function issueSdJwtVc(params) {
|
|
|
58
87
|
if (params.validUntil !== undefined) {
|
|
59
88
|
payload['exp'] = Math.floor(new Date(params.validUntil).getTime() / 1000);
|
|
60
89
|
}
|
|
90
|
+
// When a holder public key is supplied, bind the credential to that
|
|
91
|
+
// key via the W3C `cnf` claim (RFC 7800). The verifier checks the
|
|
92
|
+
// KB-JWT's signature against this key at presentation time.
|
|
93
|
+
if (params.holderPublicKey !== undefined) {
|
|
94
|
+
payload['cnf'] = { jwk: ed25519PublicKeyToJwk(params.holderPublicKey) };
|
|
95
|
+
}
|
|
96
|
+
// Optional status-list reference per draft-ietf-oauth-status-list.
|
|
97
|
+
if (params.status !== undefined) {
|
|
98
|
+
payload['status'] = {
|
|
99
|
+
status_list: { uri: params.status.uri, idx: params.status.idx },
|
|
100
|
+
};
|
|
101
|
+
}
|
|
61
102
|
const disclosureFrame = buildDisclosureFrame(subject, params.disclosable);
|
|
62
103
|
const compact = await sdjwt.issue(payload, disclosureFrame);
|
|
63
104
|
// Quick sanity check that we can derive a count of disclosures from
|
package/dist/sdjwt/issue.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"issue.js","sourceRoot":"","sources":["../../src/sdjwt/issue.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAEpC,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,kBAAkB,GACnB,MAAM,aAAa,CAAA;AAGpB,SAAS,oBAAoB,CAC3B,OAAgC,EAChC,WAAsB;IAEtB
|
|
1
|
+
{"version":3,"file":"issue.js","sourceRoot":"","sources":["../../src/sdjwt/issue.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AAEpC,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,WAAW,EACX,kBAAkB,GACnB,MAAM,aAAa,CAAA;AAGpB;;;;;;;;;GASG;AACH,SAAS,oBAAoB,CAC3B,OAAgC,EAChC,WAAsB;IAEtB,MAAM,KAAK,GACT,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAA;IAE/D,gEAAgE;IAChE,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,GAAG,EAAE,KAAK,EAElB,CAAA;IACH,CAAC;IAOD,MAAM,IAAI,GAAc,EAAE,GAAG,EAAE,EAAE,EAAE,CAAA;IACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,MAAM,GAAc,IAAI,CAAA;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAA;YACxB,IAAI,CAAC,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACtB,CAAC;iBAAM,CAAC;gBACN,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC5B,IACE,QAAQ,KAAK,SAAS;oBACtB,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;oBACvB,GAAG,KAAK,KAAK,EACb,CAAC;oBACD,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAe,CAAA;gBACxC,CAAC;gBACD,MAAM,GAAG,MAAM,CAAC,GAAG,CAAc,CAAA;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAA2D,CAAA;AACpE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAA0B;IAE1B,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,0CAA0C,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAC3E,CAAA;IACH,CAAC;IAED,6DAA6D;IAC7D,qEAAqE;IACrE,sDAAsD;IACtD,MAAM,eAAe,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;IAE3E,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;QAChC,MAAM,EAAE,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAClD,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE,WAAW;QACnB,OAAO,EAAE,SAAS;QAClB,aAAa,EAAE,kBAAkB;QACjC,+DAA+D;QAC/D,8DAA8D;QAC9D,qDAAqD;QACrD,sBAAsB,EAAE,KAAK;KAC9B,CAAC,CAAA;IAEF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,MAAM,OAAO,GAAG,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,CAAA;IACrC,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAC/E,qEAAqE;IACrE,2CAA2C;IAC3C,OAAO,OAAO,CAAC,IAAI,CAAC,CAAA;IAEpB,MAAM,OAAO,GAA4B;QACvC,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,GAAG;QACR,GAAG,OAAO;KACX,CAAA;IACD,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,CAAA;IACvD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;IAC1E,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACpC,OAAO,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;IAC3E,CAAC;IACD,oEAAoE;IACpE,kEAAkE;IAClE,4DAA4D;IAC5D,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,qBAAqB,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAA;IACzE,CAAC;IACD,mEAAmE;IACnE,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,CAAC,QAAQ,CAAC,GAAG;YAClB,WAAW,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;SAChE,CAAA;IACH,CAAC;IAED,MAAM,eAAe,GAAG,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,CAAA;IACzE,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,KAAK,CAC/B,OAA4C,EAC5C,eAAoD,CACrD,CAAA;IAED,oEAAoE;IACpE,gEAAgE;IAChE,+DAA+D;IAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAChC,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAA;IAEzE,gEAAgE;IAChE,kEAAkE;IAClE,sDAAsD;IACtD,KAAK,eAAe,CAAA;IAEpB,OAAO;QACL,OAAO;QACP,OAAO;QACP,eAAe;KAChB,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Holder-side presentation API for SD-JWT VC.
|
|
3
|
+
*
|
|
4
|
+
* Phase 2. Takes an issued SD-JWT VC (with all disclosures attached)
|
|
5
|
+
* and returns a presentation that:
|
|
6
|
+
* - reveals only the disclosures the holder consents to,
|
|
7
|
+
* - is bound to a Key-Binding JWT signed by the holder's private key.
|
|
8
|
+
*
|
|
9
|
+
* The KB-JWT proves the holder controls the key referenced by the
|
|
10
|
+
* issuer-set `cnf.jwk` claim — without it, anyone with a copy of the
|
|
11
|
+
* compact form could replay the credential to a different verifier.
|
|
12
|
+
*/
|
|
13
|
+
import type { PresentSdJwtVcParams, PresentationResult } from './types.js';
|
|
14
|
+
export declare function presentSdJwtVc(params: PresentSdJwtVcParams): Promise<PresentationResult>;
|
|
15
|
+
//# sourceMappingURL=present.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"present.d.ts","sourceRoot":"","sources":["../../src/sdjwt/present.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,OAAO,KAAK,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AA6C1E,wBAAsB,cAAc,CAClC,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAmC7B"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Holder-side presentation API for SD-JWT VC.
|
|
3
|
+
*
|
|
4
|
+
* Phase 2. Takes an issued SD-JWT VC (with all disclosures attached)
|
|
5
|
+
* and returns a presentation that:
|
|
6
|
+
* - reveals only the disclosures the holder consents to,
|
|
7
|
+
* - is bound to a Key-Binding JWT signed by the holder's private key.
|
|
8
|
+
*
|
|
9
|
+
* The KB-JWT proves the holder controls the key referenced by the
|
|
10
|
+
* issuer-set `cnf.jwk` claim — without it, anyone with a copy of the
|
|
11
|
+
* compact form could replay the credential to a different verifier.
|
|
12
|
+
*/
|
|
13
|
+
import { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
|
|
14
|
+
import { makeEd25519Signer, sdJwtHasher, sdJwtSaltGenerator, } from './signer.js';
|
|
15
|
+
/**
|
|
16
|
+
* Build a sd-jwt-js PresentationFrame from a list of claim paths
|
|
17
|
+
* (Phase 2c — supports nested paths via dot notation). Each path is
|
|
18
|
+
* either a top-level key (`'firstName'`) or a dotted path into a
|
|
19
|
+
* nested object (`'address.street'`). Result is a recursive map
|
|
20
|
+
* `{ key: true | { nestedKey: true } }` matching sd-jwt-js's
|
|
21
|
+
* PresentationFrame type.
|
|
22
|
+
*/
|
|
23
|
+
function buildPresentationFrame(reveal) {
|
|
24
|
+
// Flat fast path — preserves the original Phase 2 behaviour.
|
|
25
|
+
if (reveal.every((p) => !p.includes('.'))) {
|
|
26
|
+
const flat = {};
|
|
27
|
+
for (const k of reveal)
|
|
28
|
+
flat[k] = true;
|
|
29
|
+
return flat;
|
|
30
|
+
}
|
|
31
|
+
const root = {};
|
|
32
|
+
for (const path of reveal) {
|
|
33
|
+
const segments = path.split('.');
|
|
34
|
+
let cursor = root;
|
|
35
|
+
for (let i = 0; i < segments.length; i++) {
|
|
36
|
+
const seg = segments[i];
|
|
37
|
+
if (i === segments.length - 1) {
|
|
38
|
+
cursor[seg] = true;
|
|
39
|
+
}
|
|
40
|
+
else {
|
|
41
|
+
// If a previous path already pinned this segment as `true`,
|
|
42
|
+
// upgrade to an object so we can attach the nested key.
|
|
43
|
+
const existing = cursor[seg];
|
|
44
|
+
if (existing === true || existing === undefined) {
|
|
45
|
+
cursor[seg] = {};
|
|
46
|
+
}
|
|
47
|
+
cursor = cursor[seg];
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
return root;
|
|
52
|
+
}
|
|
53
|
+
export async function presentSdJwtVc(params) {
|
|
54
|
+
if (params.holderPrivateKey.length !== 32) {
|
|
55
|
+
throw new Error(`holderPrivateKey must be 32 bytes, got ${params.holderPrivateKey.length}`);
|
|
56
|
+
}
|
|
57
|
+
// Holder uses its own key as the KB-JWT signer. The issuer-side
|
|
58
|
+
// signer is irrelevant here — present() does not re-sign the SD-JWT,
|
|
59
|
+
// only the new KB-JWT.
|
|
60
|
+
const sdjwt = new SDJwtVcInstance({
|
|
61
|
+
hasher: sdJwtHasher,
|
|
62
|
+
saltGenerator: sdJwtSaltGenerator,
|
|
63
|
+
hashAlg: 'sha-256',
|
|
64
|
+
kbSigner: makeEd25519Signer(params.holderPrivateKey),
|
|
65
|
+
kbSignAlg: 'EdDSA',
|
|
66
|
+
loadTypeMetadataFormat: false,
|
|
67
|
+
});
|
|
68
|
+
const presentationFrame = buildPresentationFrame(params.claimsToReveal);
|
|
69
|
+
const compact = await sdjwt.present(params.compact, presentationFrame, {
|
|
70
|
+
kb: {
|
|
71
|
+
payload: {
|
|
72
|
+
iat: Math.floor(Date.now() / 1000),
|
|
73
|
+
aud: params.audience,
|
|
74
|
+
nonce: params.nonce,
|
|
75
|
+
},
|
|
76
|
+
},
|
|
77
|
+
});
|
|
78
|
+
return { compact };
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=present.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"present.js","sourceRoot":"","sources":["../../src/sdjwt/present.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAGnD,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,kBAAkB,GACnB,MAAM,aAAa,CAAA;AAGpB;;;;;;;GAOG;AACH,SAAS,sBAAsB,CAC7B,MAAgB;IAEhB,6DAA6D;IAC7D,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAyB,EAAE,CAAA;QACrC,KAAK,MAAM,CAAC,IAAI,MAAM;YAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAA;QACtC,OAAO,IAA6D,CAAA;IACtE,CAAC;IAKD,MAAM,IAAI,GAAc,EAAE,CAAA;IAC1B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,MAAM,GAAc,IAAI,CAAA;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAA;YACxB,IAAI,CAAC,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;YACpB,CAAC;iBAAM,CAAC;gBACN,4DAA4D;gBAC5D,wDAAwD;gBACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC5B,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAChD,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAA;gBAClB,CAAC;gBACD,MAAM,GAAG,MAAM,CAAC,GAAG,CAAc,CAAA;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAA6D,CAAA;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,0CAA0C,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAC3E,CAAA;IACH,CAAC;IAED,gEAAgE;IAChE,qEAAqE;IACrE,uBAAuB;IACvB,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;QAChC,MAAM,EAAE,WAAW;QACnB,aAAa,EAAE,kBAAkB;QACjC,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,CAAC;QACpD,SAAS,EAAE,OAAO;QAClB,sBAAsB,EAAE,KAAK;KAC9B,CAAC,CAAA;IAEF,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;IACvE,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,OAAO,CACjC,MAAM,CAAC,OAAO,EACd,iBAAiB,EACjB;QACE,EAAE,EAAE;YACF,OAAO,EAAE;gBACP,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAClC,GAAG,EAAE,MAAM,CAAC,QAAQ;gBACpB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;SACF;KACF,CACF,CAAA;IAED,OAAO,EAAE,OAAO,EAAE,CAAA;AACpB,CAAC"}
|
package/dist/sdjwt/signer.d.ts
CHANGED
|
@@ -40,4 +40,20 @@ export declare function sdJwtHasher(data: string | ArrayBuffer, alg: string): Ui
|
|
|
40
40
|
* sd-jwt-js calls this with `length = 16` by default.
|
|
41
41
|
*/
|
|
42
42
|
export declare function sdJwtSaltGenerator(length: number): string;
|
|
43
|
+
/**
|
|
44
|
+
* JWK shape used in the SD-JWT VC `cnf` claim for an Ed25519 holder
|
|
45
|
+
* key. Matches RFC 8037 — Ed25519 → OKP curve, no `d` (private)
|
|
46
|
+
* component. The verifier reconstructs the raw 32-byte public key from
|
|
47
|
+
* `x`.
|
|
48
|
+
*/
|
|
49
|
+
export interface Ed25519Jwk {
|
|
50
|
+
kty: 'OKP';
|
|
51
|
+
crv: 'Ed25519';
|
|
52
|
+
x: string;
|
|
53
|
+
alg: 'EdDSA';
|
|
54
|
+
}
|
|
55
|
+
/** Convert a 32-byte Ed25519 public key into the canonical JWK form. */
|
|
56
|
+
export declare function ed25519PublicKeyToJwk(publicKey: Uint8Array): Ed25519Jwk;
|
|
57
|
+
/** Recover a 32-byte Ed25519 public key from its canonical JWK form. */
|
|
58
|
+
export declare function ed25519PublicKeyFromJwk(jwk: unknown): Uint8Array;
|
|
43
59
|
//# sourceMappingURL=signer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/sdjwt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAqBH;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,UAAU,IAIxC,MAAM,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAI7C;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,UAAU,IAIzC,MAAM,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC,CAWjE;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,GAAG,WAAW,EAC1B,GAAG,EAAE,MAAM,GACV,UAAU,CASZ;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAQzD"}
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/sdjwt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAqBH;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,UAAU,IAIxC,MAAM,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAI7C;AAED,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,UAAU,IAIzC,MAAM,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC,CAWjE;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,GAAG,WAAW,EAC1B,GAAG,EAAE,MAAM,GACV,UAAU,CASZ;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAQzD;AAED;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,KAAK,CAAA;IACV,GAAG,EAAE,SAAS,CAAA;IACd,CAAC,EAAE,MAAM,CAAA;IACT,GAAG,EAAE,OAAO,CAAA;CACb;AAED,wEAAwE;AACxE,wBAAgB,qBAAqB,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAUvE;AAED,wEAAwE;AACxE,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAehE"}
|
package/dist/sdjwt/signer.js
CHANGED
|
@@ -89,4 +89,31 @@ export function sdJwtSaltGenerator(length) {
|
|
|
89
89
|
.replace(/\//g, '_')
|
|
90
90
|
.replace(/=/g, '');
|
|
91
91
|
}
|
|
92
|
+
/** Convert a 32-byte Ed25519 public key into the canonical JWK form. */
|
|
93
|
+
export function ed25519PublicKeyToJwk(publicKey) {
|
|
94
|
+
if (publicKey.length !== 32) {
|
|
95
|
+
throw new Error(`publicKey must be 32 bytes, got ${publicKey.length}`);
|
|
96
|
+
}
|
|
97
|
+
return {
|
|
98
|
+
kty: 'OKP',
|
|
99
|
+
crv: 'Ed25519',
|
|
100
|
+
x: toBase64Url(publicKey),
|
|
101
|
+
alg: 'EdDSA',
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
/** Recover a 32-byte Ed25519 public key from its canonical JWK form. */
|
|
105
|
+
export function ed25519PublicKeyFromJwk(jwk) {
|
|
106
|
+
if (!jwk ||
|
|
107
|
+
typeof jwk !== 'object' ||
|
|
108
|
+
jwk.kty !== 'OKP' ||
|
|
109
|
+
jwk.crv !== 'Ed25519' ||
|
|
110
|
+
typeof jwk.x !== 'string') {
|
|
111
|
+
throw new Error('not an Ed25519 OKP JWK');
|
|
112
|
+
}
|
|
113
|
+
const bytes = fromBase64Url(jwk.x);
|
|
114
|
+
if (bytes.length !== 32) {
|
|
115
|
+
throw new Error(`JWK x must decode to 32 bytes, got ${bytes.length}`);
|
|
116
|
+
}
|
|
117
|
+
return bytes;
|
|
118
|
+
}
|
|
92
119
|
//# sourceMappingURL=signer.js.map
|
package/dist/sdjwt/signer.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/sdjwt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAC/D,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAC7C,GAAG,CACJ,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAsB;IACtD,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,oCAAoC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;IAC1E,CAAC;IACD,OAAO,KAAK,EAAE,IAAY,EAAmB,EAAE;QAC7C,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAA;QAC1E,OAAO,WAAW,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC,CAAA;AACH,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,SAAqB;IACvD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAA;IACxE,CAAC;IACD,OAAO,KAAK,EAAE,IAAY,EAAE,SAAiB,EAAoB,EAAE;QACjE,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,WAAW,CACzB,aAAa,CAAC,SAAS,CAAC,EACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAC9B,SAAS,CACV,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,IAA0B,EAC1B,GAAW;IAEX,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC9D,CAAC;IACD,MAAM,KAAK,GACT,OAAO,IAAI,KAAK,QAAQ;QACtB,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC;QAChC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAA;IAC1B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAA;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;IACpC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/sdjwt/signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAC/D,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAC7C,GAAG,CACJ,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAsB;IACtD,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,oCAAoC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;IAC1E,CAAC;IACD,OAAO,KAAK,EAAE,IAAY,EAAmB,EAAE;QAC7C,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAAA;QAC1E,OAAO,WAAW,CAAC,GAAG,CAAC,CAAA;IACzB,CAAC,CAAA;AACH,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,SAAqB;IACvD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAA;IACxE,CAAC;IACD,OAAO,KAAK,EAAE,IAAY,EAAE,SAAiB,EAAoB,EAAE;QACjE,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,WAAW,CACzB,aAAa,CAAC,SAAS,CAAC,EACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAC9B,SAAS,CACV,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,IAA0B,EAC1B,GAAW;IAEX,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAA;IAC9D,CAAC;IACD,MAAM,KAAK,GACT,OAAO,IAAI,KAAK,QAAQ;QACtB,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC;QAChC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAA;IAC1B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAA;AACtB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAA;IACpC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AAeD,wEAAwE;AACxE,MAAM,UAAU,qBAAqB,CAAC,SAAqB;IACzD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAA;IACxE,CAAC;IACD,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,SAAS;QACd,CAAC,EAAE,WAAW,CAAC,SAAS,CAAC;QACzB,GAAG,EAAE,OAAO;KACb,CAAA;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,uBAAuB,CAAC,GAAY;IAClD,IACE,CAAC,GAAG;QACJ,OAAO,GAAG,KAAK,QAAQ;QACtB,GAAyB,CAAC,GAAG,KAAK,KAAK;QACvC,GAAyB,CAAC,GAAG,KAAK,SAAS;QAC5C,OAAQ,GAAuB,CAAC,CAAC,KAAK,QAAQ,EAC9C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;IAC3C,CAAC;IACD,MAAM,KAAK,GAAG,aAAa,CAAE,GAAqB,CAAC,CAAC,CAAC,CAAA;IACrD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,sCAAsC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;IACvE,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Status list (draft-ietf-oauth-status-list) helper for issuers.
|
|
3
|
+
*
|
|
4
|
+
* The lifecycle:
|
|
5
|
+
* 1. Issuer creates a `StatusList` (a bitstring of N statuses,
|
|
6
|
+
* typically 1 bit per credential — 0 = active, 1 = revoked).
|
|
7
|
+
* 2. Issuer wraps it in a JWT signed by the issuer's key, served at
|
|
8
|
+
* a stable URL (e.g., `/status-lists/<id>`).
|
|
9
|
+
* 3. Each issued SD-JWT VC carries a `status.status_list.{uri, idx}`
|
|
10
|
+
* pointing at one bit in the list.
|
|
11
|
+
* 4. To revoke a credential, the issuer flips its bit and republishes
|
|
12
|
+
* the (now-updated) JWT at the same URL.
|
|
13
|
+
* 5. Verifiers refetch the list (cache-respecting) and check the bit.
|
|
14
|
+
*
|
|
15
|
+
* `createStatusListJwt` is a thin wrapper around `@sd-jwt/jwt-status-list`
|
|
16
|
+
* that uses Ed25519 / EdDSA to match the rest of Solidus's signing
|
|
17
|
+
* conventions.
|
|
18
|
+
*/
|
|
19
|
+
import { type BitsPerStatus } from '@sd-jwt/jwt-status-list';
|
|
20
|
+
export interface CreateStatusListJwtParams {
|
|
21
|
+
/** Issuer's raw 32-byte Ed25519 private key. */
|
|
22
|
+
issuerPrivateKey: Uint8Array;
|
|
23
|
+
/** Issuer DID — becomes the `iss` claim on the status-list JWT. */
|
|
24
|
+
issuer: string;
|
|
25
|
+
/**
|
|
26
|
+
* The URL where this status-list JWT will be served. Becomes the
|
|
27
|
+
* `sub` claim per draft-ietf-oauth-status-list §6.2 and is what
|
|
28
|
+
* issued credentials reference via `status.status_list.uri`.
|
|
29
|
+
*/
|
|
30
|
+
uri: string;
|
|
31
|
+
/**
|
|
32
|
+
* Total number of statuses in the list. Determines the bitstring
|
|
33
|
+
* size. Choose with growth in mind — once published, callers cannot
|
|
34
|
+
* shrink the list without breaking existing references.
|
|
35
|
+
*/
|
|
36
|
+
totalStatuses: number;
|
|
37
|
+
/**
|
|
38
|
+
* Bits per status. 1 = boolean (active/revoked); 2/4/8 add finer
|
|
39
|
+
* granularity (suspended, expired, etc.) per spec §6. Default 1.
|
|
40
|
+
*/
|
|
41
|
+
bitsPerStatus?: BitsPerStatus;
|
|
42
|
+
/**
|
|
43
|
+
* Indexes whose status should be set to non-zero. With `bitsPerStatus
|
|
44
|
+
* = 1`, listing an index here means "revoked". For higher bit
|
|
45
|
+
* widths, pass `[index, value]` tuples.
|
|
46
|
+
*/
|
|
47
|
+
revoked?: Array<number | [number, number]>;
|
|
48
|
+
/**
|
|
49
|
+
* Optional time-to-live in seconds — verifiers MAY use this to
|
|
50
|
+
* decide how long to cache the list. Per draft-ietf-oauth-status-list.
|
|
51
|
+
*/
|
|
52
|
+
ttlSeconds?: number;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Build a signed status-list JWT.
|
|
56
|
+
*
|
|
57
|
+
* Returns the JWT in compact form. Issuers serve this at the URL
|
|
58
|
+
* embedded in their issued SD-JWT VCs' `status.status_list.uri` claim.
|
|
59
|
+
*/
|
|
60
|
+
export declare function createStatusListJwt(params: CreateStatusListJwtParams): Promise<string>;
|
|
61
|
+
//# sourceMappingURL=status-list.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"status-list.d.ts","sourceRoot":"","sources":["../../src/sdjwt/status-list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,yBAAyB,CAAA;AAUhC,MAAM,WAAW,yBAAyB;IACxC,gDAAgD;IAChD,gBAAgB,EAAE,UAAU,CAAA;IAE5B,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAA;IAEd;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;;;OAIG;IACH,aAAa,EAAE,MAAM,CAAA;IAErB;;;OAGG;IACH,aAAa,CAAC,EAAE,aAAa,CAAA;IAE7B;;;;OAIG;IACH,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IAE1C;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,yBAAyB,GAChC,OAAO,CAAC,MAAM,CAAC,CA8CjB"}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Status list (draft-ietf-oauth-status-list) helper for issuers.
|
|
3
|
+
*
|
|
4
|
+
* The lifecycle:
|
|
5
|
+
* 1. Issuer creates a `StatusList` (a bitstring of N statuses,
|
|
6
|
+
* typically 1 bit per credential — 0 = active, 1 = revoked).
|
|
7
|
+
* 2. Issuer wraps it in a JWT signed by the issuer's key, served at
|
|
8
|
+
* a stable URL (e.g., `/status-lists/<id>`).
|
|
9
|
+
* 3. Each issued SD-JWT VC carries a `status.status_list.{uri, idx}`
|
|
10
|
+
* pointing at one bit in the list.
|
|
11
|
+
* 4. To revoke a credential, the issuer flips its bit and republishes
|
|
12
|
+
* the (now-updated) JWT at the same URL.
|
|
13
|
+
* 5. Verifiers refetch the list (cache-respecting) and check the bit.
|
|
14
|
+
*
|
|
15
|
+
* `createStatusListJwt` is a thin wrapper around `@sd-jwt/jwt-status-list`
|
|
16
|
+
* that uses Ed25519 / EdDSA to match the rest of Solidus's signing
|
|
17
|
+
* conventions.
|
|
18
|
+
*/
|
|
19
|
+
import * as ed from '@noble/ed25519';
|
|
20
|
+
import { StatusList, createHeaderAndPayload, } from '@sd-jwt/jwt-status-list';
|
|
21
|
+
function toBase64Url(bytes) {
|
|
22
|
+
return Buffer.from(bytes)
|
|
23
|
+
.toString('base64')
|
|
24
|
+
.replace(/\+/g, '-')
|
|
25
|
+
.replace(/\//g, '_')
|
|
26
|
+
.replace(/=/g, '');
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Build a signed status-list JWT.
|
|
30
|
+
*
|
|
31
|
+
* Returns the JWT in compact form. Issuers serve this at the URL
|
|
32
|
+
* embedded in their issued SD-JWT VCs' `status.status_list.uri` claim.
|
|
33
|
+
*/
|
|
34
|
+
export async function createStatusListJwt(params) {
|
|
35
|
+
if (params.issuerPrivateKey.length !== 32) {
|
|
36
|
+
throw new Error(`issuerPrivateKey must be 32 bytes, got ${params.issuerPrivateKey.length}`);
|
|
37
|
+
}
|
|
38
|
+
const bitsPerStatus = params.bitsPerStatus ?? 1;
|
|
39
|
+
const list = new StatusList(new Array(params.totalStatuses).fill(0), bitsPerStatus);
|
|
40
|
+
for (const entry of params.revoked ?? []) {
|
|
41
|
+
if (typeof entry === 'number') {
|
|
42
|
+
list.setStatus(entry, 1);
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
list.setStatus(entry[0], entry[1]);
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
const now = Math.floor(Date.now() / 1000);
|
|
49
|
+
const basePayload = {
|
|
50
|
+
iss: params.issuer,
|
|
51
|
+
sub: params.uri,
|
|
52
|
+
iat: now,
|
|
53
|
+
};
|
|
54
|
+
if (params.ttlSeconds !== undefined)
|
|
55
|
+
basePayload['ttl'] = params.ttlSeconds;
|
|
56
|
+
const { header, payload } = createHeaderAndPayload(list, basePayload, { alg: 'EdDSA', typ: 'statuslist+jwt' });
|
|
57
|
+
const headerSegment = toBase64Url(new TextEncoder().encode(JSON.stringify(header)));
|
|
58
|
+
const payloadSegment = toBase64Url(new TextEncoder().encode(JSON.stringify(payload)));
|
|
59
|
+
const signingInput = `${headerSegment}.${payloadSegment}`;
|
|
60
|
+
const signature = await ed.signAsync(new TextEncoder().encode(signingInput), params.issuerPrivateKey);
|
|
61
|
+
return `${signingInput}.${toBase64Url(signature)}`;
|
|
62
|
+
}
|
|
63
|
+
//# sourceMappingURL=status-list.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"status-list.js","sourceRoot":"","sources":["../../src/sdjwt/status-list.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EACL,UAAU,EACV,sBAAsB,GAEvB,MAAM,yBAAyB,CAAA;AAEhC,SAAS,WAAW,CAAC,KAAiB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AA2CD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAiC;IAEjC,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,0CAA0C,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAC3E,CAAA;IACH,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,IAAI,UAAU,CACzB,IAAI,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EACvC,aAAa,CACd,CAAA;IACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QACzC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QAC1B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,MAAM,WAAW,GAA4B;QAC3C,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,GAAG;KACT,CAAA;IACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS;QAAE,WAAW,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,UAAU,CAAA;IAE3E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,sBAAsB,CAChD,IAAI,EACJ,WAAoB,EACpB,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,CACxC,CAAA;IAED,MAAM,aAAa,GAAG,WAAW,CAC/B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CACjD,CAAA;IACD,MAAM,cAAc,GAAG,WAAW,CAChC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAClD,CAAA;IACD,MAAM,YAAY,GAAG,GAAG,aAAa,IAAI,cAAc,EAAE,CAAA;IACzD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,SAAS,CAClC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,MAAM,CAAC,gBAAgB,CACxB,CAAA;IACD,OAAO,GAAG,YAAY,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAA;AACpD,CAAC"}
|
package/dist/sdjwt/types.d.ts
CHANGED
|
@@ -33,18 +33,38 @@ export interface IssueSdJwtVcParams {
|
|
|
33
33
|
*/
|
|
34
34
|
issuerPrivateKey: Uint8Array;
|
|
35
35
|
/**
|
|
36
|
-
* Subject-claim paths that should be disclosable. Each entry is
|
|
37
|
-
* top-level
|
|
38
|
-
* nested
|
|
39
|
-
* claim is disclosable
|
|
36
|
+
* Subject-claim paths that should be disclosable. Each entry is
|
|
37
|
+
* either a top-level key (`'birthdate'`) or a dotted path into a
|
|
38
|
+
* nested object (`'address.street'`). If omitted, every top-level
|
|
39
|
+
* subject claim except `id` is disclosable; nested objects are not
|
|
40
|
+
* auto-expanded — pass explicit paths to selectively disclose them.
|
|
40
41
|
*
|
|
41
|
-
* @example ['birthdate', 'address']
|
|
42
|
+
* @example ['birthdate', 'address.street', 'address.city']
|
|
42
43
|
*/
|
|
43
44
|
disclosable?: string[];
|
|
44
45
|
/** RFC 3339 timestamp; sd-jwt-vc maps this to `nbf`. Defaults to now. */
|
|
45
46
|
validFrom?: string;
|
|
46
47
|
/** RFC 3339 timestamp; sd-jwt-vc maps this to `exp`. Optional. */
|
|
47
48
|
validUntil?: string;
|
|
49
|
+
/**
|
|
50
|
+
* Optional 32-byte Ed25519 public key of the *holder*. When provided,
|
|
51
|
+
* the issued SD-JWT embeds a `cnf.jwk` claim binding the credential
|
|
52
|
+
* to this key — required if the verifier is going to enforce a
|
|
53
|
+
* Key-Binding JWT at presentation time. Omit to issue a bearer
|
|
54
|
+
* credential (Phase 1 default).
|
|
55
|
+
*/
|
|
56
|
+
holderPublicKey?: Uint8Array;
|
|
57
|
+
/**
|
|
58
|
+
* Optional reference into a status list (draft-ietf-oauth-status-list).
|
|
59
|
+
* When set, the issued SD-JWT carries `status: { status_list: { uri,
|
|
60
|
+
* idx } }`; verifiers that supply a `statusListFetcher` will fetch
|
|
61
|
+
* the list, look up bit `idx`, and reject the credential if the
|
|
62
|
+
* status indicates revocation.
|
|
63
|
+
*/
|
|
64
|
+
status?: {
|
|
65
|
+
uri: string;
|
|
66
|
+
idx: number;
|
|
67
|
+
};
|
|
48
68
|
}
|
|
49
69
|
/**
|
|
50
70
|
* The compact-serialised SD-JWT VC, plus metadata. The `compact` field
|
|
@@ -70,6 +90,77 @@ export interface VerifySdJwtVcParams {
|
|
|
70
90
|
* from the chain client.
|
|
71
91
|
*/
|
|
72
92
|
issuerPublicKey: Uint8Array;
|
|
93
|
+
/**
|
|
94
|
+
* If provided, the verifier requires a valid Key-Binding JWT and
|
|
95
|
+
* checks the KB-JWT's `aud` claim against this value. Use this to
|
|
96
|
+
* stop a stolen presentation from being replayed against a different
|
|
97
|
+
* verifier.
|
|
98
|
+
*/
|
|
99
|
+
expectedAudience?: string;
|
|
100
|
+
/**
|
|
101
|
+
* If provided, the verifier requires a valid Key-Binding JWT and
|
|
102
|
+
* checks the KB-JWT's `nonce` claim against this value. The verifier
|
|
103
|
+
* is responsible for generating a fresh nonce per presentation
|
|
104
|
+
* request and remembering it for the duration of the round-trip.
|
|
105
|
+
*/
|
|
106
|
+
expectedNonce?: string;
|
|
107
|
+
/**
|
|
108
|
+
* Callback that fetches the status-list JWT at a given URI. Required
|
|
109
|
+
* to enable revocation checking; if absent the verifier skips the
|
|
110
|
+
* status check (treats every credential as live). In production the
|
|
111
|
+
* caller usually wires this to `fetch()`; tests can use an in-memory
|
|
112
|
+
* map.
|
|
113
|
+
*/
|
|
114
|
+
statusListFetcher?: (uri: string) => Promise<string>;
|
|
115
|
+
/**
|
|
116
|
+
* Verifier callback for the *status list JWT*'s signature. The
|
|
117
|
+
* status list JWT is signed by the issuer (or a status-list-specific
|
|
118
|
+
* key); pass the public key here. If omitted, the same issuerPublicKey
|
|
119
|
+
* used for the SD-JWT is reused — appropriate when the issuer signs
|
|
120
|
+
* its own status lists.
|
|
121
|
+
*/
|
|
122
|
+
statusListIssuerPublicKey?: Uint8Array;
|
|
123
|
+
}
|
|
124
|
+
/** Parameters accepted by [`presentSdJwtVc`]. */
|
|
125
|
+
export interface PresentSdJwtVcParams {
|
|
126
|
+
/** Compact-serialised SD-JWT VC as issued (with all disclosures attached). */
|
|
127
|
+
compact: string;
|
|
128
|
+
/**
|
|
129
|
+
* Paths of the subject claims to reveal in this presentation. Each
|
|
130
|
+
* entry is either a top-level key (`'firstName'`) or a dotted path
|
|
131
|
+
* into a nested object (`'address.street'`). Any disclosure not
|
|
132
|
+
* listed here is omitted from the presented compact form; the
|
|
133
|
+
* verifier still sees the hash but cannot recover the value.
|
|
134
|
+
*
|
|
135
|
+
* @example ['firstName', 'address.street']
|
|
136
|
+
*/
|
|
137
|
+
claimsToReveal: string[];
|
|
138
|
+
/**
|
|
139
|
+
* Holder's raw 32-byte Ed25519 *private* key. Must be the partner of
|
|
140
|
+
* the `holderPublicKey` that was bound at issuance time via `cnf.jwk`.
|
|
141
|
+
* Required because Phase 2 always emits a Key-Binding JWT — bearer
|
|
142
|
+
* presentations stay on the Phase-1 verify path with no `aud`/`nonce`.
|
|
143
|
+
*/
|
|
144
|
+
holderPrivateKey: Uint8Array;
|
|
145
|
+
/**
|
|
146
|
+
* Audience identifier for the verifier (typically the verifier's
|
|
147
|
+
* client_id or origin). Becomes the `aud` claim of the KB-JWT.
|
|
148
|
+
*/
|
|
149
|
+
audience: string;
|
|
150
|
+
/**
|
|
151
|
+
* Fresh, single-use nonce supplied by the verifier. Becomes the
|
|
152
|
+
* `nonce` claim of the KB-JWT.
|
|
153
|
+
*/
|
|
154
|
+
nonce: string;
|
|
155
|
+
}
|
|
156
|
+
/** Result of [`presentSdJwtVc`]. */
|
|
157
|
+
export interface PresentationResult {
|
|
158
|
+
/**
|
|
159
|
+
* Compact-serialised presentation:
|
|
160
|
+
* `<jws>~<revealed_d1>~<revealed_d2>~<kb-jwt>`. Note that the trailing
|
|
161
|
+
* `~` before the KB-JWT is part of the spec.
|
|
162
|
+
*/
|
|
163
|
+
compact: string;
|
|
73
164
|
}
|
|
74
165
|
export interface VerificationResult {
|
|
75
166
|
/** True if signature, hashes, and freshness all check out. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sdjwt/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,+CAA+C;AAC/C,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAEhC;;;OAGG;IACH,gBAAgB,EAAE,UAAU,CAAA;IAE5B
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/sdjwt/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,+CAA+C;AAC/C,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;;;OAIG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAEhC;;;OAGG;IACH,gBAAgB,EAAE,UAAU,CAAA;IAE5B;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IAEtB,yEAAyE;IACzE,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,UAAU,CAAA;IAE5B;;;;;;OAMG;IACH,MAAM,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;CACtC;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAA;IAEf,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAEhC,4CAA4C;IAC5C,eAAe,EAAE,MAAM,CAAA;CACxB;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IAClC,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;OAKG;IACH,eAAe,EAAE,UAAU,CAAA;IAE3B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAEzB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAEpD;;;;;;OAMG;IACH,yBAAyB,CAAC,EAAE,UAAU,CAAA;CACvC;AAED,iDAAiD;AACjD,MAAM,WAAW,oBAAoB;IACnC,8EAA8E;IAC9E,OAAO,EAAE,MAAM,CAAA;IAEf;;;;;;;;OAQG;IACH,cAAc,EAAE,MAAM,EAAE,CAAA;IAExB;;;;;OAKG;IACH,gBAAgB,EAAE,UAAU,CAAA;IAE5B;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAA;CACd;AAED,oCAAoC;AACpC,MAAM,WAAW,kBAAkB;IACjC;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,8DAA8D;IAC9D,KAAK,EAAE,OAAO,CAAA;IAEd;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAE/B,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf,gDAAgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAA;CACf"}
|
package/dist/sdjwt/verify.d.ts
CHANGED
|
@@ -1,9 +1,22 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Verify an SD-JWT VC.
|
|
2
|
+
* Verify an SD-JWT VC, optionally including a Key-Binding JWT.
|
|
3
3
|
*
|
|
4
|
-
* Phase 1
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* Phase 1 verified just the issuer's signature + freshness; Phase 2
|
|
5
|
+
* adds an optional KB-JWT path. When the caller supplies
|
|
6
|
+
* `expectedAudience` and/or `expectedNonce`, the verifier:
|
|
7
|
+
* - requires a KB-JWT to be present in the compact form,
|
|
8
|
+
* - extracts the holder's public key from the SD-JWT's `cnf.jwk`,
|
|
9
|
+
* - verifies the KB-JWT signature against that key,
|
|
10
|
+
* - checks `aud` and `nonce` match the caller's expectations,
|
|
11
|
+
* - confirms `sd_hash` matches the hash of the SD-JWT being presented.
|
|
12
|
+
*
|
|
13
|
+
* If neither expected* is set, the verifier behaves as Phase 1 — bearer
|
|
14
|
+
* presentations remain accepted.
|
|
15
|
+
*
|
|
16
|
+
* KB-JWT parsing is done in this module rather than via sd-jwt-js's
|
|
17
|
+
* `verify()` because sd-jwt-js conflates "extract KB-JWT" and "check
|
|
18
|
+
* nonce" in a single option, leaving us no clean way to surface
|
|
19
|
+
* `aud mismatch` separately from `nonce mismatch`.
|
|
7
20
|
*/
|
|
8
21
|
import type { VerifySdJwtVcParams, VerificationResult } from './types.js';
|
|
9
22
|
export declare function verifySdJwtVc(params: VerifySdJwtVcParams): Promise<VerificationResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/sdjwt/verify.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/sdjwt/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAWH,OAAO,KAAK,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AA4EzE,wBAAsB,aAAa,CACjC,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC,kBAAkB,CAAC,CAuI7B"}
|
package/dist/sdjwt/verify.js
CHANGED
|
@@ -1,12 +1,81 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Verify an SD-JWT VC.
|
|
2
|
+
* Verify an SD-JWT VC, optionally including a Key-Binding JWT.
|
|
3
3
|
*
|
|
4
|
-
* Phase 1
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* Phase 1 verified just the issuer's signature + freshness; Phase 2
|
|
5
|
+
* adds an optional KB-JWT path. When the caller supplies
|
|
6
|
+
* `expectedAudience` and/or `expectedNonce`, the verifier:
|
|
7
|
+
* - requires a KB-JWT to be present in the compact form,
|
|
8
|
+
* - extracts the holder's public key from the SD-JWT's `cnf.jwk`,
|
|
9
|
+
* - verifies the KB-JWT signature against that key,
|
|
10
|
+
* - checks `aud` and `nonce` match the caller's expectations,
|
|
11
|
+
* - confirms `sd_hash` matches the hash of the SD-JWT being presented.
|
|
12
|
+
*
|
|
13
|
+
* If neither expected* is set, the verifier behaves as Phase 1 — bearer
|
|
14
|
+
* presentations remain accepted.
|
|
15
|
+
*
|
|
16
|
+
* KB-JWT parsing is done in this module rather than via sd-jwt-js's
|
|
17
|
+
* `verify()` because sd-jwt-js conflates "extract KB-JWT" and "check
|
|
18
|
+
* nonce" in a single option, leaving us no clean way to surface
|
|
19
|
+
* `aud mismatch` separately from `nonce mismatch`.
|
|
7
20
|
*/
|
|
8
21
|
import { SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
|
|
9
|
-
import
|
|
22
|
+
import * as ed from '@noble/ed25519';
|
|
23
|
+
import { sha256 } from '@noble/hashes/sha2';
|
|
24
|
+
import { ed25519PublicKeyFromJwk, makeEd25519Verifier, sdJwtHasher, } from './signer.js';
|
|
25
|
+
function fromBase64Url(input) {
|
|
26
|
+
const padded = input
|
|
27
|
+
.replace(/-/g, '+')
|
|
28
|
+
.replace(/_/g, '/')
|
|
29
|
+
.padEnd(input.length + ((4 - (input.length % 4)) % 4), '=');
|
|
30
|
+
return new Uint8Array(Buffer.from(padded, 'base64'));
|
|
31
|
+
}
|
|
32
|
+
function toBase64Url(input) {
|
|
33
|
+
return Buffer.from(input)
|
|
34
|
+
.toString('base64')
|
|
35
|
+
.replace(/\+/g, '-')
|
|
36
|
+
.replace(/\//g, '_')
|
|
37
|
+
.replace(/=/g, '');
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Decode (without verifying) the KB-JWT off the end of a compact SD-JWT.
|
|
41
|
+
*
|
|
42
|
+
* The compact form is `<jws>~<d1>~<d2>~<kb-jwt>`. The KB-JWT is the
|
|
43
|
+
* final non-empty segment; the `<jws>~<d1>~...~` prefix (with the
|
|
44
|
+
* trailing `~` retained) is what `sd_hash` covers per spec §3.3.
|
|
45
|
+
*/
|
|
46
|
+
function extractKbJwt(compact) {
|
|
47
|
+
const lastTilde = compact.lastIndexOf('~');
|
|
48
|
+
if (lastTilde < 0)
|
|
49
|
+
return null;
|
|
50
|
+
const kbCompact = compact.slice(lastTilde + 1);
|
|
51
|
+
if (kbCompact.length === 0)
|
|
52
|
+
return null;
|
|
53
|
+
const sdJwtBody = compact.slice(0, lastTilde + 1); // includes trailing `~`
|
|
54
|
+
const segments = kbCompact.split('.');
|
|
55
|
+
if (segments.length !== 3)
|
|
56
|
+
return null;
|
|
57
|
+
let payload;
|
|
58
|
+
try {
|
|
59
|
+
payload = JSON.parse(new TextDecoder().decode(fromBase64Url(segments[1])));
|
|
60
|
+
}
|
|
61
|
+
catch {
|
|
62
|
+
return null;
|
|
63
|
+
}
|
|
64
|
+
return { kbCompact, sdJwtBody, payload };
|
|
65
|
+
}
|
|
66
|
+
async function verifyKbSignature(kbCompact, holderPublicKey) {
|
|
67
|
+
const segments = kbCompact.split('.');
|
|
68
|
+
if (segments.length !== 3)
|
|
69
|
+
return false;
|
|
70
|
+
const signingInput = `${segments[0]}.${segments[1]}`;
|
|
71
|
+
const signature = fromBase64Url(segments[2]);
|
|
72
|
+
try {
|
|
73
|
+
return await ed.verifyAsync(signature, new TextEncoder().encode(signingInput), holderPublicKey);
|
|
74
|
+
}
|
|
75
|
+
catch {
|
|
76
|
+
return false;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
10
79
|
export async function verifySdJwtVc(params) {
|
|
11
80
|
if (params.issuerPublicKey.length !== 32) {
|
|
12
81
|
return {
|
|
@@ -15,31 +84,31 @@ export async function verifySdJwtVc(params) {
|
|
|
15
84
|
error: `issuerPublicKey must be 32 bytes, got ${params.issuerPublicKey.length}`,
|
|
16
85
|
};
|
|
17
86
|
}
|
|
87
|
+
const requireKb = params.expectedAudience !== undefined ||
|
|
88
|
+
params.expectedNonce !== undefined;
|
|
89
|
+
const statusListVerifier = params.statusListIssuerPublicKey
|
|
90
|
+
? makeEd25519Verifier(params.statusListIssuerPublicKey)
|
|
91
|
+
: makeEd25519Verifier(params.issuerPublicKey);
|
|
18
92
|
const sdjwt = new SDJwtVcInstance({
|
|
19
93
|
verifier: makeEd25519Verifier(params.issuerPublicKey),
|
|
20
94
|
hasher: sdJwtHasher,
|
|
21
95
|
hashAlg: 'sha-256',
|
|
22
96
|
loadTypeMetadataFormat: false,
|
|
97
|
+
// Wire status-list lookup if the caller supplied a fetcher.
|
|
98
|
+
// sd-jwt-vc fetches the status-list JWT, verifies its signature,
|
|
99
|
+
// looks up `idx`, and (by default) treats any non-zero status as
|
|
100
|
+
// revoked.
|
|
101
|
+
...(params.statusListFetcher !== undefined
|
|
102
|
+
? {
|
|
103
|
+
statusListFetcher: params.statusListFetcher,
|
|
104
|
+
statusVerifier: statusListVerifier,
|
|
105
|
+
}
|
|
106
|
+
: {}),
|
|
23
107
|
});
|
|
108
|
+
let payload;
|
|
24
109
|
try {
|
|
25
110
|
const result = await sdjwt.verify(params.compact);
|
|
26
|
-
|
|
27
|
-
// sd-jwt-js's verify() reconstructs the disclosed claims and merges
|
|
28
|
-
// them into the payload, dropping the `_sd` arrays. So
|
|
29
|
-
// `result.payload` is already the full revealed claim set.
|
|
30
|
-
const claims = {};
|
|
31
|
-
for (const [k, v] of Object.entries(payload)) {
|
|
32
|
-
// Drop SD-JWT housekeeping fields from the user-facing claim set.
|
|
33
|
-
if (k === '_sd' || k === '_sd_alg' || k === 'cnf')
|
|
34
|
-
continue;
|
|
35
|
-
claims[k] = v;
|
|
36
|
-
}
|
|
37
|
-
const out = { valid: true, claims };
|
|
38
|
-
if (typeof payload['iss'] === 'string')
|
|
39
|
-
out.issuer = payload['iss'];
|
|
40
|
-
if (typeof payload['vct'] === 'string')
|
|
41
|
-
out.vct = payload['vct'];
|
|
42
|
-
return out;
|
|
111
|
+
payload = result.payload;
|
|
43
112
|
}
|
|
44
113
|
catch (e) {
|
|
45
114
|
return {
|
|
@@ -48,5 +117,85 @@ export async function verifySdJwtVc(params) {
|
|
|
48
117
|
error: e instanceof Error ? e.message : String(e),
|
|
49
118
|
};
|
|
50
119
|
}
|
|
120
|
+
if (requireKb) {
|
|
121
|
+
const parsed = extractKbJwt(params.compact);
|
|
122
|
+
if (!parsed) {
|
|
123
|
+
return {
|
|
124
|
+
valid: false,
|
|
125
|
+
claims: {},
|
|
126
|
+
error: 'KB-JWT required but not present in compact form',
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
const cnf = payload.cnf;
|
|
130
|
+
if (!cnf?.jwk) {
|
|
131
|
+
return {
|
|
132
|
+
valid: false,
|
|
133
|
+
claims: {},
|
|
134
|
+
error: 'SD-JWT does not bind a holder key (`cnf.jwk` missing)',
|
|
135
|
+
};
|
|
136
|
+
}
|
|
137
|
+
let holderPk;
|
|
138
|
+
try {
|
|
139
|
+
holderPk = ed25519PublicKeyFromJwk(cnf.jwk);
|
|
140
|
+
}
|
|
141
|
+
catch (e) {
|
|
142
|
+
return {
|
|
143
|
+
valid: false,
|
|
144
|
+
claims: {},
|
|
145
|
+
error: `cnf.jwk invalid: ${e instanceof Error ? e.message : String(e)}`,
|
|
146
|
+
};
|
|
147
|
+
}
|
|
148
|
+
const sigOk = await verifyKbSignature(parsed.kbCompact, holderPk);
|
|
149
|
+
if (!sigOk) {
|
|
150
|
+
return {
|
|
151
|
+
valid: false,
|
|
152
|
+
claims: {},
|
|
153
|
+
error: 'KB-JWT signature does not match the holder key from cnf.jwk',
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
if (params.expectedAudience !== undefined &&
|
|
157
|
+
parsed.payload.aud !== params.expectedAudience) {
|
|
158
|
+
return {
|
|
159
|
+
valid: false,
|
|
160
|
+
claims: {},
|
|
161
|
+
error: `KB-JWT aud mismatch: expected ${params.expectedAudience}, got ${parsed.payload.aud ?? '<missing>'}`,
|
|
162
|
+
};
|
|
163
|
+
}
|
|
164
|
+
if (params.expectedNonce !== undefined &&
|
|
165
|
+
parsed.payload.nonce !== params.expectedNonce) {
|
|
166
|
+
return {
|
|
167
|
+
valid: false,
|
|
168
|
+
claims: {},
|
|
169
|
+
error: `KB-JWT nonce mismatch: expected ${params.expectedNonce}, got ${parsed.payload.nonce ?? '<missing>'}`,
|
|
170
|
+
};
|
|
171
|
+
}
|
|
172
|
+
// Confirm sd_hash matches the SHA-256 of the SD-JWT body (everything
|
|
173
|
+
// before the KB-JWT, with the trailing `~` retained per spec).
|
|
174
|
+
if (parsed.payload.sd_hash !== undefined) {
|
|
175
|
+
const expectedHash = toBase64Url(sha256(new TextEncoder().encode(parsed.sdJwtBody)));
|
|
176
|
+
if (parsed.payload.sd_hash !== expectedHash) {
|
|
177
|
+
return {
|
|
178
|
+
valid: false,
|
|
179
|
+
claims: {},
|
|
180
|
+
error: 'KB-JWT sd_hash does not cover the presented SD-JWT body',
|
|
181
|
+
};
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
// sd-jwt-js's verify() reconstructs disclosed claims and merges
|
|
186
|
+
// them into the payload, dropping the `_sd` arrays. The caller
|
|
187
|
+
// should never see SD-JWT housekeeping fields.
|
|
188
|
+
const claims = {};
|
|
189
|
+
for (const [k, v] of Object.entries(payload)) {
|
|
190
|
+
if (k === '_sd' || k === '_sd_alg' || k === 'cnf')
|
|
191
|
+
continue;
|
|
192
|
+
claims[k] = v;
|
|
193
|
+
}
|
|
194
|
+
const out = { valid: true, claims };
|
|
195
|
+
if (typeof payload['iss'] === 'string')
|
|
196
|
+
out.issuer = payload['iss'];
|
|
197
|
+
if (typeof payload['vct'] === 'string')
|
|
198
|
+
out.vct = payload['vct'];
|
|
199
|
+
return out;
|
|
51
200
|
}
|
|
52
201
|
//# sourceMappingURL=verify.js.map
|
package/dist/sdjwt/verify.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/sdjwt/verify.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/sdjwt/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAA;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EACL,uBAAuB,EACvB,mBAAmB,EACnB,WAAW,GACZ,MAAM,aAAa,CAAA;AAGpB,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,MAAM,GAAG,KAAK;SACjB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAC7D,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;SACtB,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACtB,CAAC;AAeD;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IAC1C,IAAI,SAAS,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC9B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAA;IAC9C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACvC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,CAAA,CAAC,wBAAwB;IAC1E,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACtC,IAAI,OAAqB,CAAA;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAClB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,CACtC,CAAA;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,CAAA;AAC1C,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,SAAiB,EACjB,eAA2B;IAE3B,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IACvC,MAAM,YAAY,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAE,IAAI,QAAQ,CAAC,CAAC,CAAE,EAAE,CAAA;IACtD,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAA;IAC7C,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,WAAW,CACzB,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,eAAe,CAChB,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAA2B;IAE3B,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACzC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,yCAAyC,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE;SAChF,CAAA;IACH,CAAC;IAED,MAAM,SAAS,GACb,MAAM,CAAC,gBAAgB,KAAK,SAAS;QACrC,MAAM,CAAC,aAAa,KAAK,SAAS,CAAA;IAEpC,MAAM,kBAAkB,GAAG,MAAM,CAAC,yBAAyB;QACzD,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,yBAAyB,CAAC;QACvD,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IAE/C,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC;QAChC,QAAQ,EAAE,mBAAmB,CAAC,MAAM,CAAC,eAAe,CAAC;QACrD,MAAM,EAAE,WAAW;QACnB,OAAO,EAAE,SAAS;QAClB,sBAAsB,EAAE,KAAK;QAC7B,4DAA4D;QAC5D,iEAAiE;QACjE,iEAAiE;QACjE,WAAW;QACX,GAAG,CAAC,MAAM,CAAC,iBAAiB,KAAK,SAAS;YACxC,CAAC,CAAC;gBACE,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;gBAC3C,cAAc,EAAE,kBAAkB;aACnC;YACH,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAA;IAEF,IAAI,OAAgC,CAAA;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACjD,OAAO,GAAG,MAAM,CAAC,OAAkC,CAAA;IACrD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,EAAE;YACV,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;SAClD,CAAA;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,iDAAiD;aACzD,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAI,OAAuC,CAAC,GAAG,CAAA;QACxD,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YACd,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,uDAAuD;aAC/D,CAAA;QACH,CAAC;QACD,IAAI,QAAoB,CAAA;QACxB,IAAI,CAAC;YACH,QAAQ,GAAG,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,oBAAoB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;aACxE,CAAA;QACH,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,6DAA6D;aACrE,CAAA;QACH,CAAC;QAED,IACE,MAAM,CAAC,gBAAgB,KAAK,SAAS;YACrC,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,MAAM,CAAC,gBAAgB,EAC9C,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,iCAAiC,MAAM,CAAC,gBAAgB,SAAS,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,WAAW,EAAE;aAC5G,CAAA;QACH,CAAC;QAED,IACE,MAAM,CAAC,aAAa,KAAK,SAAS;YAClC,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,MAAM,CAAC,aAAa,EAC7C,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,mCAAmC,MAAM,CAAC,aAAa,SAAS,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE;aAC7G,CAAA;QACH,CAAC;QAED,qEAAqE;QACrE,+DAA+D;QAC/D,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,WAAW,CAC9B,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CACnD,CAAA;YACD,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,KAAK,YAAY,EAAE,CAAC;gBAC5C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,EAAE;oBACV,KAAK,EAAE,yDAAyD;iBACjE,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,+DAA+D;IAC/D,+CAA+C;IAC/C,MAAM,MAAM,GAA4B,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,KAAK;YAAE,SAAQ;QAC3D,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACf,CAAC;IAED,MAAM,GAAG,GAAuB,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;IACvD,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ;QAAE,GAAG,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;IACnE,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,QAAQ;QAAE,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;IAChE,OAAO,GAAG,CAAA;AACZ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@solidus-network/sdk",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0",
|
|
4
4
|
"description": "Solidus Network SDK — DID resolution, verifiable credential issuance and verification, SD-JWT VC (EUDI-compatible), and on-chain queries via JSON-RPC.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -17,8 +17,8 @@
|
|
|
17
17
|
"@noble/hashes": "^1.5.0",
|
|
18
18
|
"@sd-jwt/sd-jwt-vc": "^0.19.0",
|
|
19
19
|
"@sd-jwt/types": "^0.19.0",
|
|
20
|
-
"@solidus-network/auth": "0.
|
|
21
|
-
"@solidus-network/types": "0.
|
|
20
|
+
"@solidus-network/auth": "0.3.0",
|
|
21
|
+
"@solidus-network/types": "0.3.0",
|
|
22
22
|
"bs58": "^6.0.0",
|
|
23
23
|
"postgres": "^3.4.4"
|
|
24
24
|
},
|