@sphereon/oid4vc-common 0.16.1-next.8 → 0.16.1-unstable.100
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/hasher.d.ts.map +1 -1
- package/dist/hasher.js +3 -2
- package/dist/hasher.js.map +1 -1
- package/dist/jwt/JwtIssuer.d.ts +0 -1
- package/dist/jwt/JwtIssuer.d.ts.map +1 -1
- package/dist/jwt/JwtVerifier.d.ts.map +1 -1
- package/dist/jwt/JwtVerifier.js +20 -4
- package/dist/jwt/JwtVerifier.js.map +1 -1
- package/lib/hasher.ts +3 -2
- package/lib/jwt/JwtIssuer.ts +0 -2
- package/lib/jwt/JwtVerifier.ts +22 -5
- package/package.json +3 -3
package/dist/hasher.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAM7C,eAAO,MAAM,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAM7C,eAAO,MAAM,aAAa,EAAE,MAW3B,CAAC"}
|
package/dist/hasher.js
CHANGED
|
@@ -7,10 +7,11 @@ exports.defaultHasher = void 0;
|
|
|
7
7
|
const sha_js_1 = __importDefault(require("sha.js"));
|
|
8
8
|
const supportedAlgorithms = ['sha256', 'sha384', 'sha512'];
|
|
9
9
|
const defaultHasher = (data, algorithm) => {
|
|
10
|
-
|
|
10
|
+
const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
|
|
11
|
+
if (!supportedAlgorithms.includes(sanitizedAlgorithm)) {
|
|
11
12
|
throw new Error(`Unsupported hashing algorithm ${algorithm}`);
|
|
12
13
|
}
|
|
13
|
-
return new Uint8Array((0, sha_js_1.default)(
|
|
14
|
+
return new Uint8Array((0, sha_js_1.default)(sanitizedAlgorithm)
|
|
14
15
|
.update(data)
|
|
15
16
|
.digest());
|
|
16
17
|
};
|
package/dist/hasher.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":";;;;;;AACA,oDAAyB;AAEzB,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAG7D,MAAM,aAAa,GAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE;IACvD,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":";;;;;;AACA,oDAAyB;AAEzB,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAG7D,MAAM,aAAa,GAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,kBAAyC,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,IAAI,UAAU,CACnB,IAAA,gBAAG,EAAC,kBAAyC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,EAAE,CACZ,CAAC;AACJ,CAAC,CAAC;AAXW,QAAA,aAAa,iBAWxB"}
|
package/dist/jwt/JwtIssuer.d.ts
CHANGED
|
@@ -31,7 +31,6 @@ export interface JwtIssuerX5c extends JwtIssuerBase {
|
|
|
31
31
|
* It must match an entry in the x5c certificate leaf entry dnsName / uriName
|
|
32
32
|
*/
|
|
33
33
|
issuer: string;
|
|
34
|
-
clientIdScheme: 'x509_san_dns' | 'x509_san_uri';
|
|
35
34
|
}
|
|
36
35
|
export interface JwtIssuerJwk extends JwtIssuerBase {
|
|
37
36
|
method: 'jwk';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtIssuer.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAElF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,mBAAmB,CAAC;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;;;OAQG;IACH,MAAM,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"JwtIssuer.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAElF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,mBAAmB,CAAC;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;;;OAQG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IACpD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,SAAS,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,eAAe,CAAC;AAErF,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,SAAS,GAAG,sBAAsB,IAAI,CAC5E,SAAS,EAAE,CAAC,EACZ,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,KAC5C,OAAO,CAAC,MAAM,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtVerifier.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE,MAAM,EAAE,mBAAmB,CAAC;IAE5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,2BAA2B,CAAC;AAE7H,eAAO,MAAM,iBAAiB,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAS/G,CAAC;
|
|
1
|
+
{"version":3,"file":"JwtVerifier.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE,MAAM,EAAE,mBAAmB,CAAC;IAE5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,2BAA2B,CAAC;AAE7H,eAAO,MAAM,iBAAiB,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAS/G,CAAC;AAiBF,eAAO,MAAM,cAAc,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAgB5G,CAAC;AAEF,eAAO,MAAM,cAAc,QAAe;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,QAAQ,cAAc,CAUxI,CAAC;AAEF,eAAO,MAAM,yBAAyB,QAC/B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WACtC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KACzB,QAAQ,WAAW,CAQrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,CAAC,CAAC,SAAS,WAAW,IAAI,CACzD,WAAW,EAAE,CAAC,EACd,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,KACzD,OAAO,CAAC,OAAO,CAAC,CAAC"}
|
package/dist/jwt/JwtVerifier.js
CHANGED
|
@@ -22,6 +22,19 @@ const getDidJwtVerifier = (jwt, options) => {
|
|
|
22
22
|
return { method: 'did', didUrl: jwt.header.kid, type: type, alg: jwt.header.alg };
|
|
23
23
|
};
|
|
24
24
|
exports.getDidJwtVerifier = getDidJwtVerifier;
|
|
25
|
+
const getIssuer = (type, payload) => {
|
|
26
|
+
// For 'request-object' the `iss` value is not required so we map the issuer to client_id
|
|
27
|
+
if (type === 'request-object') {
|
|
28
|
+
if (!payload.client_id) {
|
|
29
|
+
throw new Error('Missing required field client_id in request object JWT');
|
|
30
|
+
}
|
|
31
|
+
return payload.client_id;
|
|
32
|
+
}
|
|
33
|
+
if (typeof payload.iss !== 'string') {
|
|
34
|
+
throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
|
|
35
|
+
}
|
|
36
|
+
return payload.iss;
|
|
37
|
+
};
|
|
25
38
|
const getX5cVerifier = (jwt, options) => {
|
|
26
39
|
const { type } = options;
|
|
27
40
|
if (!jwt.header.x5c)
|
|
@@ -31,10 +44,13 @@ const getX5cVerifier = (jwt, options) => {
|
|
|
31
44
|
if (!Array.isArray(jwt.header.x5c) || jwt.header.x5c.length === 0 || !jwt.header.x5c.every((cert) => typeof cert === 'string')) {
|
|
32
45
|
throw new Error(`Received an invalid JWT.. '${type}' contains an invalid x5c header.`);
|
|
33
46
|
}
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
47
|
+
return {
|
|
48
|
+
method: 'x5c',
|
|
49
|
+
x5c: jwt.header.x5c,
|
|
50
|
+
issuer: getIssuer(type, jwt.payload),
|
|
51
|
+
type: type,
|
|
52
|
+
alg: jwt.header.alg,
|
|
53
|
+
};
|
|
38
54
|
};
|
|
39
55
|
exports.getX5cVerifier = getX5cVerifier;
|
|
40
56
|
const getJwkVerifier = (jwt, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtVerifier.js","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAyDO,MAAM,iBAAiB,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC/H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AACpF,CAAC,CAAC;AATW,QAAA,iBAAiB,qBAS5B;AAEK,MAAM,cAAc,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC5H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QAC/H,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"JwtVerifier.js","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAyDO,MAAM,iBAAiB,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC/H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AACpF,CAAC,CAAC;AATW,QAAA,iBAAiB,qBAS5B;AAEF,MAAM,SAAS,GAAG,CAAC,IAAa,EAAE,OAAmB,EAAU,EAAE;IAC/D,yFAAyF;IACzF,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,OAAO,CAAC,SAAmB,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,mDAAmD,CAAC,CAAC;IACxG,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC;AACrB,CAAC,CAAC;AAEK,MAAM,cAAc,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC5H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QAC/H,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IAED,OAAO;QACL,MAAM,EAAE,KAAK;QACb,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;QACnB,MAAM,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;QACpC,IAAI,EAAE,IAAI;QACV,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;KACpB,CAAC;AACJ,CAAC,CAAC;AAhBW,QAAA,cAAc,kBAgBzB;AAEK,MAAM,cAAc,GAAG,CAAO,GAA+C,EAAE,OAA0B,EAA2B,EAAE;IAC3I,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACtF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,mCAAmC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AAC3E,CAAC,CAAA,CAAC;AAVW,QAAA,cAAc,kBAUzB;AAEK,MAAM,yBAAyB,GAAG,CACvC,GAA+C,EAC/C,OAA0B,EACJ,EAAE;;IACxB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAEhC,IAAI,MAAA,MAAM,CAAC,GAAG,0CAAE,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAA,yBAAiB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;SACtF,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,OAAO,IAAA,sBAAc,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;SACxE,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,OAAO,IAAA,sBAAc,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;IAE7E,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;AAClD,CAAC,CAAA,CAAC;AAXW,QAAA,yBAAyB,6BAWpC"}
|
package/lib/hasher.ts
CHANGED
|
@@ -5,12 +5,13 @@ const supportedAlgorithms = ['sha256', 'sha384', 'sha512'] as const;
|
|
|
5
5
|
type SupportedAlgorithms = (typeof supportedAlgorithms)[number];
|
|
6
6
|
|
|
7
7
|
export const defaultHasher: Hasher = (data, algorithm) => {
|
|
8
|
-
|
|
8
|
+
const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
|
|
9
|
+
if (!supportedAlgorithms.includes(sanitizedAlgorithm as SupportedAlgorithms)) {
|
|
9
10
|
throw new Error(`Unsupported hashing algorithm ${algorithm}`);
|
|
10
11
|
}
|
|
11
12
|
|
|
12
13
|
return new Uint8Array(
|
|
13
|
-
sha(
|
|
14
|
+
sha(sanitizedAlgorithm as SupportedAlgorithms)
|
|
14
15
|
.update(data)
|
|
15
16
|
.digest(),
|
|
16
17
|
);
|
package/lib/jwt/JwtIssuer.ts
CHANGED
|
@@ -36,8 +36,6 @@ export interface JwtIssuerX5c extends JwtIssuerBase {
|
|
|
36
36
|
* It must match an entry in the x5c certificate leaf entry dnsName / uriName
|
|
37
37
|
*/
|
|
38
38
|
issuer: string;
|
|
39
|
-
|
|
40
|
-
clientIdScheme: 'x509_san_dns' | 'x509_san_uri';
|
|
41
39
|
}
|
|
42
40
|
|
|
43
41
|
export interface JwtIssuerJwk extends JwtIssuerBase {
|
package/lib/jwt/JwtVerifier.ts
CHANGED
|
@@ -66,6 +66,21 @@ export const getDidJwtVerifier = (jwt: { header: JwtHeader; payload: JwtPayload
|
|
|
66
66
|
return { method: 'did', didUrl: jwt.header.kid, type: type, alg: jwt.header.alg };
|
|
67
67
|
};
|
|
68
68
|
|
|
69
|
+
const getIssuer = (type: JwtType, payload: JwtPayload): string => {
|
|
70
|
+
// For 'request-object' the `iss` value is not required so we map the issuer to client_id
|
|
71
|
+
if (type === 'request-object') {
|
|
72
|
+
if (!payload.client_id) {
|
|
73
|
+
throw new Error('Missing required field client_id in request object JWT');
|
|
74
|
+
}
|
|
75
|
+
return payload.client_id as string;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
if (typeof payload.iss !== 'string') {
|
|
79
|
+
throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
|
|
80
|
+
}
|
|
81
|
+
return payload.iss;
|
|
82
|
+
};
|
|
83
|
+
|
|
69
84
|
export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): X5cJwtVerifier => {
|
|
70
85
|
const { type } = options;
|
|
71
86
|
if (!jwt.header.x5c) throw new Error(`Received an invalid JWT. Missing x5c header.`);
|
|
@@ -75,11 +90,13 @@ export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload },
|
|
|
75
90
|
throw new Error(`Received an invalid JWT.. '${type}' contains an invalid x5c header.`);
|
|
76
91
|
}
|
|
77
92
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
93
|
+
return {
|
|
94
|
+
method: 'x5c',
|
|
95
|
+
x5c: jwt.header.x5c,
|
|
96
|
+
issuer: getIssuer(type, jwt.payload),
|
|
97
|
+
type: type,
|
|
98
|
+
alg: jwt.header.alg,
|
|
99
|
+
};
|
|
83
100
|
};
|
|
84
101
|
|
|
85
102
|
export const getJwkVerifier = async (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): Promise<JwkJwtVerifier> => {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/oid4vc-common",
|
|
3
|
-
"version": "0.16.1-
|
|
3
|
+
"version": "0.16.1-unstable.100+dc97861",
|
|
4
4
|
"description": "OpenID 4 Verifiable Credentials Common",
|
|
5
5
|
"source": "lib/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"build:clean": "tsc --build --clean && tsc --build"
|
|
11
11
|
},
|
|
12
12
|
"dependencies": {
|
|
13
|
-
"@sphereon/ssi-types": "0.29.
|
|
13
|
+
"@sphereon/ssi-types": "0.29.1-unstable.121",
|
|
14
14
|
"jwt-decode": "^4.0.0",
|
|
15
15
|
"sha.js": "^2.4.11",
|
|
16
16
|
"uint8arrays": "3.1.1",
|
|
@@ -52,5 +52,5 @@
|
|
|
52
52
|
"publishConfig": {
|
|
53
53
|
"access": "public"
|
|
54
54
|
},
|
|
55
|
-
"gitHead": "
|
|
55
|
+
"gitHead": "dc978616b707c7df3044bd056689fecc35527e82"
|
|
56
56
|
}
|