@sphereon/ssi-sdk.credential-validation 0.33.1-next.3 → 0.33.1-next.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/dist/index.cjs +1759 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/{ssi-sdk.credential-validation.d.ts → index.d.cts} +83 -101
  4. package/dist/index.d.ts +79 -4
  5. package/dist/index.js +1727 -25
  6. package/dist/index.js.map +1 -1
  7. package/package.json +32 -14
  8. package/plugin.schema.json +287 -390
  9. package/src/types/ICredentialValidation.ts +1 -1
  10. package/dist/agent/CredentialValidation.d.ts +0 -20
  11. package/dist/agent/CredentialValidation.d.ts.map +0 -1
  12. package/dist/agent/CredentialValidation.js +0 -243
  13. package/dist/agent/CredentialValidation.js.map +0 -1
  14. package/dist/index.d.ts.map +0 -1
  15. package/dist/tsdoc-metadata.json +0 -11
  16. package/dist/types/ICredentialValidation.d.ts +0 -59
  17. package/dist/types/ICredentialValidation.d.ts.map +0 -1
  18. package/dist/types/ICredentialValidation.js +0 -10
  19. package/dist/types/ICredentialValidation.js.map +0 -1
package/dist/index.cjs ADDED
@@ -0,0 +1,1759 @@
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
+ var __commonJS = (cb, mod) => function __require() {
10
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
11
+ };
12
+ var __export = (target, all) => {
13
+ for (var name in all)
14
+ __defProp(target, name, { get: all[name], enumerable: true });
15
+ };
16
+ var __copyProps = (to, from, except, desc) => {
17
+ if (from && typeof from === "object" || typeof from === "function") {
18
+ for (let key of __getOwnPropNames(from))
19
+ if (!__hasOwnProp.call(to, key) && key !== except)
20
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
21
+ }
22
+ return to;
23
+ };
24
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
25
+ // If the importer is in node compatibility mode or this is not an ESM
26
+ // file that has been converted to a CommonJS file using a Babel-
27
+ // compatible transform (i.e. "__esModule" has not been set), then set
28
+ // "default" to the CommonJS "module.exports" for node compatibility.
29
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
30
+ mod
31
+ ));
32
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
33
+
34
+ // plugin.schema.json
35
+ var require_plugin_schema = __commonJS({
36
+ "plugin.schema.json"(exports, module2) {
37
+ module2.exports = {
38
+ ICredentialValidation: {
39
+ components: {
40
+ schemas: {
41
+ VerifyCredentialArgs: {
42
+ type: "object",
43
+ properties: {
44
+ credential: {
45
+ $ref: "#/components/schemas/OriginalVerifiableCredential"
46
+ },
47
+ hasher: {
48
+ $ref: "#/components/schemas/HasherSync"
49
+ },
50
+ fetchRemoteContexts: {
51
+ type: "boolean"
52
+ },
53
+ policies: {
54
+ $ref: "#/components/schemas/VerificationPolicies"
55
+ }
56
+ },
57
+ required: ["credential", "fetchRemoteContexts"],
58
+ additionalProperties: false
59
+ },
60
+ OriginalVerifiableCredential: {
61
+ anyOf: [
62
+ {
63
+ $ref: "#/components/schemas/W3CVerifiableCredential"
64
+ },
65
+ {
66
+ $ref: "#/components/schemas/JwtDecodedVerifiableCredential"
67
+ },
68
+ {
69
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredential"
70
+ },
71
+ {
72
+ $ref: "#/components/schemas/MdocOid4vpIssuerSigned"
73
+ },
74
+ {
75
+ $ref: "#/components/schemas/MdocDocument"
76
+ }
77
+ ]
78
+ },
79
+ W3CVerifiableCredential: {
80
+ anyOf: [
81
+ {
82
+ $ref: "#/components/schemas/IVerifiableCredential"
83
+ },
84
+ {
85
+ $ref: "#/components/schemas/CompactJWT"
86
+ }
87
+ ],
88
+ description: "Represents a signed Verifiable Credential (includes proof), in either JSON, compact JWT or compact SD-JWT VC format. See {@link https://www.w3.org/TR/vc-data-model/#credentials | VC data model } See {@link https://www.w3.org/TR/vc-data-model/#proof-formats | proof formats }"
89
+ },
90
+ IVerifiableCredential: {
91
+ type: "object",
92
+ properties: {
93
+ proof: {
94
+ anyOf: [
95
+ {
96
+ $ref: "#/components/schemas/IProof"
97
+ },
98
+ {
99
+ type: "array",
100
+ items: {
101
+ $ref: "#/components/schemas/IProof"
102
+ }
103
+ }
104
+ ]
105
+ },
106
+ "@context": {
107
+ anyOf: [
108
+ {
109
+ $ref: "#/components/schemas/ICredentialContextType"
110
+ },
111
+ {
112
+ type: "array",
113
+ items: {
114
+ $ref: "#/components/schemas/ICredentialContextType"
115
+ }
116
+ }
117
+ ]
118
+ },
119
+ type: {
120
+ type: "array",
121
+ items: {
122
+ type: "string"
123
+ }
124
+ },
125
+ credentialSchema: {
126
+ anyOf: [
127
+ {
128
+ $ref: "#/components/schemas/ICredentialSchemaType"
129
+ },
130
+ {
131
+ type: "array",
132
+ items: {
133
+ $ref: "#/components/schemas/ICredentialSchemaType"
134
+ }
135
+ }
136
+ ]
137
+ },
138
+ issuer: {
139
+ anyOf: [
140
+ {
141
+ $ref: "#/components/schemas/IIssuerId"
142
+ },
143
+ {
144
+ $ref: "#/components/schemas/IIssuer"
145
+ }
146
+ ]
147
+ },
148
+ issuanceDate: {
149
+ type: "string"
150
+ },
151
+ credentialSubject: {
152
+ anyOf: [
153
+ {
154
+ type: "object",
155
+ properties: {
156
+ id: {
157
+ type: "string"
158
+ }
159
+ }
160
+ },
161
+ {
162
+ type: "array",
163
+ items: {
164
+ type: "object",
165
+ properties: {
166
+ id: {
167
+ type: "string"
168
+ }
169
+ }
170
+ }
171
+ }
172
+ ]
173
+ },
174
+ expirationDate: {
175
+ type: "string"
176
+ },
177
+ id: {
178
+ type: "string"
179
+ },
180
+ credentialStatus: {
181
+ $ref: "#/components/schemas/ICredentialStatus"
182
+ },
183
+ description: {
184
+ type: "string"
185
+ },
186
+ name: {
187
+ type: "string"
188
+ }
189
+ },
190
+ required: ["@context", "credentialSubject", "issuanceDate", "issuer", "proof", "type"]
191
+ },
192
+ IProof: {
193
+ type: "object",
194
+ properties: {
195
+ type: {
196
+ anyOf: [
197
+ {
198
+ $ref: "#/components/schemas/IProofType"
199
+ },
200
+ {
201
+ type: "string"
202
+ }
203
+ ]
204
+ },
205
+ created: {
206
+ type: "string"
207
+ },
208
+ proofPurpose: {
209
+ anyOf: [
210
+ {
211
+ $ref: "#/components/schemas/IProofPurpose"
212
+ },
213
+ {
214
+ type: "string"
215
+ }
216
+ ]
217
+ },
218
+ verificationMethod: {
219
+ type: "string"
220
+ },
221
+ challenge: {
222
+ type: "string"
223
+ },
224
+ domain: {
225
+ type: "string"
226
+ },
227
+ proofValue: {
228
+ type: "string"
229
+ },
230
+ jws: {
231
+ type: "string"
232
+ },
233
+ jwt: {
234
+ type: "string"
235
+ },
236
+ mso_mdoc: {
237
+ type: "string"
238
+ },
239
+ nonce: {
240
+ type: "string"
241
+ },
242
+ requiredRevealStatements: {
243
+ type: "array",
244
+ items: {
245
+ type: "string"
246
+ }
247
+ }
248
+ },
249
+ required: ["type", "created", "proofPurpose", "verificationMethod"]
250
+ },
251
+ IProofType: {
252
+ type: "string",
253
+ enum: [
254
+ "Ed25519Signature2018",
255
+ "Ed25519Signature2020",
256
+ "EcdsaSecp256k1Signature2019",
257
+ "EcdsaSecp256k1RecoverySignature2020",
258
+ "JsonWebSignature2020",
259
+ "RsaSignature2018",
260
+ "GpgSignature2020",
261
+ "JcsEd25519Signature2020",
262
+ "BbsBlsSignatureProof2020",
263
+ "BbsBlsBoundSignatureProof2020",
264
+ "JwtProof2020",
265
+ "SdJwtProof2024",
266
+ "MsoMdocProof2024"
267
+ ]
268
+ },
269
+ IProofPurpose: {
270
+ type: "string",
271
+ enum: [
272
+ "verificationMethod",
273
+ "assertionMethod",
274
+ "authentication",
275
+ "keyAgreement",
276
+ "contactAgreement",
277
+ "capabilityInvocation",
278
+ "capabilityDelegation"
279
+ ]
280
+ },
281
+ ICredentialContextType: {
282
+ anyOf: [
283
+ {
284
+ type: "object",
285
+ properties: {
286
+ name: {
287
+ type: "string"
288
+ },
289
+ did: {
290
+ type: "string"
291
+ }
292
+ }
293
+ },
294
+ {
295
+ type: "string"
296
+ }
297
+ ]
298
+ },
299
+ ICredentialSchemaType: {
300
+ anyOf: [
301
+ {
302
+ $ref: "#/components/schemas/ICredentialSchema"
303
+ },
304
+ {
305
+ type: "string"
306
+ }
307
+ ]
308
+ },
309
+ ICredentialSchema: {
310
+ type: "object",
311
+ properties: {
312
+ id: {
313
+ type: "string"
314
+ },
315
+ type: {
316
+ type: "string"
317
+ }
318
+ },
319
+ required: ["id"],
320
+ additionalProperties: false
321
+ },
322
+ IIssuerId: {
323
+ type: "string"
324
+ },
325
+ IIssuer: {
326
+ type: "object",
327
+ properties: {
328
+ id: {
329
+ type: "string"
330
+ }
331
+ },
332
+ required: ["id"]
333
+ },
334
+ ICredentialStatus: {
335
+ type: "object",
336
+ properties: {
337
+ id: {
338
+ type: "string"
339
+ },
340
+ type: {
341
+ type: "string"
342
+ }
343
+ },
344
+ required: ["id", "type"]
345
+ },
346
+ CompactJWT: {
347
+ type: "string",
348
+ description: "Represents a Json Web Token in compact form."
349
+ },
350
+ JwtDecodedVerifiableCredential: {
351
+ type: "object",
352
+ properties: {
353
+ vc: {
354
+ $ref: "#/components/schemas/IVerifiableCredential"
355
+ },
356
+ exp: {
357
+ type: "string"
358
+ },
359
+ iss: {
360
+ type: "string"
361
+ },
362
+ nbf: {
363
+ type: "string"
364
+ },
365
+ sub: {
366
+ type: "string"
367
+ },
368
+ jti: {
369
+ type: "string"
370
+ }
371
+ },
372
+ required: ["vc", "exp", "iss", "nbf", "sub", "jti"]
373
+ },
374
+ SdJwtDecodedVerifiableCredential: {
375
+ type: "object",
376
+ properties: {
377
+ compactSdJwtVc: {
378
+ type: "string",
379
+ description: "The compact sd jwt is the sd-jwt encoded as string. It is a normal JWT, with the disclosures and kb-jwt appended separated by ~"
380
+ },
381
+ disclosures: {
382
+ type: "array",
383
+ items: {
384
+ $ref: "#/components/schemas/SdJwtDisclosure"
385
+ },
386
+ description: "The disclosures included within the SD-JWT in both encoded and decoded format. The digests are also included, and allows the disclosures to be linked against the digests in the signed payload."
387
+ },
388
+ signedPayload: {
389
+ $ref: "#/components/schemas/SdJwtSignedVerifiableCredentialPayload",
390
+ description: "The signed payload is the payload of the sd-jwt that is actually signed, and that includes the `_sd` and `...` digests."
391
+ },
392
+ decodedPayload: {
393
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredentialPayload",
394
+ description: "The decoded payload is the payload when all `_sd` and `...` digests have been replaced by the actual values from the disclosures. This format could also be seen as the 'pretty` version of the SD JWT payload.\n\nThis is useful for displaying the contents of the SD JWT VC to the user, or for example for querying the contents of the SD JWT VC using a PEX presentation definition path."
395
+ },
396
+ kbJwt: {
397
+ type: "object",
398
+ properties: {
399
+ header: {
400
+ $ref: "#/components/schemas/SdJwtVcKbJwtHeader"
401
+ },
402
+ payload: {
403
+ $ref: "#/components/schemas/SdJwtVcKbJwtPayload"
404
+ },
405
+ compact: {
406
+ $ref: "#/components/schemas/CompactJWT"
407
+ }
408
+ },
409
+ required: ["header", "payload"],
410
+ additionalProperties: false,
411
+ description: "Key binding JWT"
412
+ }
413
+ },
414
+ required: ["compactSdJwtVc", "disclosures", "signedPayload", "decodedPayload"],
415
+ additionalProperties: false,
416
+ description: "The decoded SD JWT Verifiable Credential. This representation includes multiple representations of the same SD-JWT, and allows to fully process an SD-JWT, as well as create a presentation SD-JWT (minus the KB-JWT) by removing certain disclosures from the compact SD-JWT.\n\nThis representation is useful as it doesn't require a hasher implementation to match the different digests in the signed SD-JWT payload, with the different disclosures."
417
+ },
418
+ SdJwtDisclosure: {
419
+ type: "object",
420
+ properties: {
421
+ encoded: {
422
+ type: "string"
423
+ },
424
+ decoded: {
425
+ $ref: "#/components/schemas/SdJwtDecodedDisclosure"
426
+ },
427
+ digest: {
428
+ type: "string"
429
+ }
430
+ },
431
+ required: ["encoded", "decoded", "digest"],
432
+ additionalProperties: false
433
+ },
434
+ SdJwtDecodedDisclosure: {
435
+ anyOf: [
436
+ {
437
+ type: "array",
438
+ minItems: 3,
439
+ items: [
440
+ {
441
+ type: "string"
442
+ },
443
+ {
444
+ type: "string"
445
+ },
446
+ {
447
+ $ref: "#/components/schemas/JsonValue"
448
+ }
449
+ ],
450
+ maxItems: 3
451
+ },
452
+ {
453
+ type: "array",
454
+ minItems: 2,
455
+ items: [
456
+ {
457
+ type: "string"
458
+ },
459
+ {
460
+ $ref: "#/components/schemas/JsonValue"
461
+ }
462
+ ],
463
+ maxItems: 2
464
+ }
465
+ ]
466
+ },
467
+ JsonValue: {
468
+ anyOf: [
469
+ {
470
+ type: "string"
471
+ },
472
+ {
473
+ type: "number"
474
+ },
475
+ {
476
+ type: "boolean"
477
+ },
478
+ {
479
+ type: "object",
480
+ additionalProperties: {
481
+ anyOf: [
482
+ {
483
+ $ref: "#/components/schemas/JsonValue"
484
+ },
485
+ {
486
+ not: {}
487
+ }
488
+ ]
489
+ }
490
+ },
491
+ {
492
+ type: "array",
493
+ items: {
494
+ $ref: "#/components/schemas/JsonValue"
495
+ }
496
+ }
497
+ ]
498
+ },
499
+ SdJwtSignedVerifiableCredentialPayload: {
500
+ type: "object",
501
+ properties: {
502
+ vct: {
503
+ type: "string"
504
+ },
505
+ iss: {
506
+ type: "string"
507
+ },
508
+ iat: {
509
+ type: "number"
510
+ },
511
+ nbf: {
512
+ type: "number"
513
+ },
514
+ exp: {
515
+ type: "number"
516
+ },
517
+ cnf: {
518
+ type: "object",
519
+ properties: {
520
+ jwk: {},
521
+ kid: {
522
+ type: "string"
523
+ }
524
+ },
525
+ additionalProperties: false
526
+ },
527
+ status: {
528
+ type: "object",
529
+ properties: {
530
+ idx: {
531
+ type: "number"
532
+ },
533
+ uri: {
534
+ type: "string"
535
+ }
536
+ },
537
+ required: ["idx", "uri"],
538
+ additionalProperties: false
539
+ },
540
+ sub: {
541
+ type: "string"
542
+ },
543
+ _sd: {
544
+ type: "array",
545
+ items: {
546
+ type: "string"
547
+ }
548
+ },
549
+ _sd_alg: {
550
+ type: "string"
551
+ }
552
+ },
553
+ additionalProperties: {
554
+ anyOf: [
555
+ {
556
+ $ref: "#/components/schemas/SdJwtJsonValue"
557
+ },
558
+ {
559
+ not: {}
560
+ },
561
+ {
562
+ $ref: "#/components/schemas/JsonValue"
563
+ },
564
+ {
565
+ not: {}
566
+ }
567
+ ]
568
+ },
569
+ required: ["iat", "iss", "vct"],
570
+ description: "The signed payload of an SD-JWT. Includes fields such as `_sd`, `...` and `_sd_alg`"
571
+ },
572
+ SdJwtJsonValue: {
573
+ anyOf: [
574
+ {
575
+ type: "string"
576
+ },
577
+ {
578
+ type: "number"
579
+ },
580
+ {
581
+ type: "boolean"
582
+ },
583
+ {
584
+ type: "object",
585
+ properties: {
586
+ _sd: {
587
+ type: "array",
588
+ items: {
589
+ type: "string"
590
+ }
591
+ }
592
+ },
593
+ additionalProperties: {
594
+ anyOf: [
595
+ {
596
+ $ref: "#/components/schemas/SdJwtJsonValue"
597
+ },
598
+ {
599
+ not: {}
600
+ }
601
+ ]
602
+ }
603
+ },
604
+ {
605
+ type: "array",
606
+ items: {
607
+ anyOf: [
608
+ {
609
+ $ref: "#/components/schemas/SdJwtJsonValue"
610
+ },
611
+ {
612
+ type: "object",
613
+ properties: {
614
+ "...": {
615
+ type: "string"
616
+ }
617
+ },
618
+ required: ["..."],
619
+ additionalProperties: false
620
+ }
621
+ ]
622
+ }
623
+ }
624
+ ]
625
+ },
626
+ SdJwtDecodedVerifiableCredentialPayload: {
627
+ type: "object",
628
+ properties: {
629
+ vct: {
630
+ type: "string"
631
+ },
632
+ iss: {
633
+ type: "string"
634
+ },
635
+ iat: {
636
+ type: "number"
637
+ },
638
+ nbf: {
639
+ type: "number"
640
+ },
641
+ exp: {
642
+ type: "number"
643
+ },
644
+ cnf: {
645
+ type: "object",
646
+ properties: {
647
+ jwk: {},
648
+ kid: {
649
+ type: "string"
650
+ }
651
+ },
652
+ additionalProperties: false
653
+ },
654
+ status: {
655
+ type: "object",
656
+ properties: {
657
+ idx: {
658
+ type: "number"
659
+ },
660
+ uri: {
661
+ type: "string"
662
+ }
663
+ },
664
+ required: ["idx", "uri"],
665
+ additionalProperties: false
666
+ },
667
+ sub: {
668
+ type: "string"
669
+ }
670
+ },
671
+ required: ["vct", "iss", "iat"],
672
+ additionalProperties: {
673
+ anyOf: [
674
+ {
675
+ $ref: "#/components/schemas/JsonValue"
676
+ },
677
+ {
678
+ not: {}
679
+ }
680
+ ]
681
+ },
682
+ description: "Decoded 'pretty' SD JWT Verifiable Credential. This representation has all the `_sd` properties removed, and includes the disclosures directly within the payload."
683
+ },
684
+ SdJwtVcKbJwtHeader: {
685
+ type: "object",
686
+ properties: {
687
+ typ: {
688
+ type: "string",
689
+ const: "kb+jwt"
690
+ },
691
+ alg: {
692
+ type: "string"
693
+ }
694
+ },
695
+ required: ["typ", "alg"]
696
+ },
697
+ SdJwtVcKbJwtPayload: {
698
+ type: "object",
699
+ properties: {
700
+ iat: {
701
+ type: "number"
702
+ },
703
+ aud: {
704
+ type: "string"
705
+ },
706
+ nonce: {
707
+ type: "string"
708
+ },
709
+ sd_hash: {
710
+ type: "string"
711
+ }
712
+ },
713
+ required: ["iat", "aud", "nonce", "sd_hash"],
714
+ additionalProperties: {}
715
+ },
716
+ MdocOid4vpIssuerSigned: {
717
+ type: "string",
718
+ description: "Represents a selective disclosure JWT vc in compact form."
719
+ },
720
+ MdocDocument: {
721
+ $ref: "#/components/schemas/com.sphereon.mdoc.data.device.DocumentCbor"
722
+ },
723
+ "com.sphereon.mdoc.data.device.DocumentCbor": {
724
+ type: "object",
725
+ additionalProperties: false,
726
+ properties: {}
727
+ },
728
+ HasherSync: {
729
+ $comment: "(data: string | ArrayBuffer, alg: string) => Uint8Array",
730
+ type: "object",
731
+ properties: {
732
+ namedArgs: {
733
+ type: "object",
734
+ properties: {
735
+ data: {
736
+ anyOf: [
737
+ {
738
+ type: "string"
739
+ },
740
+ {
741
+ $ref: "#/components/schemas/ArrayBuffer"
742
+ }
743
+ ]
744
+ },
745
+ alg: {
746
+ type: "string"
747
+ }
748
+ },
749
+ required: ["data", "alg"],
750
+ additionalProperties: false
751
+ }
752
+ }
753
+ },
754
+ ArrayBuffer: {
755
+ type: "object",
756
+ properties: {
757
+ byteLength: {
758
+ type: "number"
759
+ }
760
+ },
761
+ required: ["byteLength"],
762
+ additionalProperties: false
763
+ },
764
+ VerificationPolicies: {
765
+ type: "object",
766
+ properties: {
767
+ schemaValidation: {
768
+ $ref: "#/components/schemas/SchemaValidation"
769
+ },
770
+ credentialStatus: {
771
+ type: "boolean"
772
+ },
773
+ expirationDate: {
774
+ type: "boolean"
775
+ },
776
+ issuanceDate: {
777
+ type: "boolean"
778
+ }
779
+ },
780
+ required: ["expirationDate", "issuanceDate"],
781
+ additionalProperties: false
782
+ },
783
+ SchemaValidation: {
784
+ type: "string",
785
+ enum: ["ALWAYS", "NEVER", "WHEN_PRESENT"]
786
+ },
787
+ VerificationResult: {
788
+ type: "object",
789
+ properties: {
790
+ result: {
791
+ type: "boolean"
792
+ },
793
+ source: {
794
+ anyOf: [
795
+ {
796
+ $ref: "#/components/schemas/WrappedVerifiableCredential"
797
+ },
798
+ {
799
+ $ref: "#/components/schemas/WrappedVerifiablePresentation"
800
+ }
801
+ ]
802
+ },
803
+ subResults: {
804
+ type: "array",
805
+ items: {
806
+ $ref: "#/components/schemas/VerificationSubResult"
807
+ }
808
+ },
809
+ error: {
810
+ type: "string"
811
+ },
812
+ errorDetails: {
813
+ type: "string"
814
+ }
815
+ },
816
+ required: ["result", "source", "subResults"],
817
+ additionalProperties: false
818
+ },
819
+ WrappedVerifiableCredential: {
820
+ anyOf: [
821
+ {
822
+ $ref: "#/components/schemas/WrappedW3CVerifiableCredential"
823
+ },
824
+ {
825
+ $ref: "#/components/schemas/WrappedSdJwtVerifiableCredential"
826
+ },
827
+ {
828
+ $ref: "#/components/schemas/WrappedMdocCredential"
829
+ }
830
+ ]
831
+ },
832
+ WrappedW3CVerifiableCredential: {
833
+ type: "object",
834
+ properties: {
835
+ original: {
836
+ anyOf: [
837
+ {
838
+ $ref: "#/components/schemas/W3CVerifiableCredential"
839
+ },
840
+ {
841
+ $ref: "#/components/schemas/JwtDecodedVerifiableCredential"
842
+ }
843
+ ],
844
+ description: "Original VC that we've received"
845
+ },
846
+ decoded: {
847
+ anyOf: [
848
+ {
849
+ $ref: "#/components/schemas/JwtDecodedVerifiableCredential"
850
+ },
851
+ {
852
+ $ref: "#/components/schemas/IVerifiableCredential"
853
+ }
854
+ ],
855
+ description: "In case of JWT credential it will be the decoded version. In other cases it will be the same as original one"
856
+ },
857
+ type: {
858
+ anyOf: [
859
+ {
860
+ $ref: "#/components/schemas/OriginalType.JSONLD"
861
+ },
862
+ {
863
+ $ref: "#/components/schemas/OriginalType.JWT_ENCODED"
864
+ },
865
+ {
866
+ $ref: "#/components/schemas/OriginalType.JWT_DECODED"
867
+ }
868
+ ],
869
+ description: "Type of this credential. Supported types are json-ld, jwt (decoded/encoded)"
870
+ },
871
+ format: {
872
+ type: "string",
873
+ enum: ["jwt_vc", "ldp_vc", "ldp", "jwt"],
874
+ description: "The claim format, typically used during exchange transport protocols"
875
+ },
876
+ credential: {
877
+ $ref: "#/components/schemas/IVerifiableCredential",
878
+ description: "Internal stable representation of a Credential"
879
+ }
880
+ },
881
+ required: ["original", "decoded", "type", "format", "credential"],
882
+ additionalProperties: false
883
+ },
884
+ "OriginalType.JSONLD": {
885
+ type: "string",
886
+ const: "json-ld"
887
+ },
888
+ "OriginalType.JWT_ENCODED": {
889
+ type: "string",
890
+ const: "jwt-encoded"
891
+ },
892
+ "OriginalType.JWT_DECODED": {
893
+ type: "string",
894
+ const: "jwt-decoded"
895
+ },
896
+ WrappedSdJwtVerifiableCredential: {
897
+ type: "object",
898
+ properties: {
899
+ original: {
900
+ anyOf: [
901
+ {
902
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredential"
903
+ },
904
+ {
905
+ $ref: "#/components/schemas/CompactSdJwtVc"
906
+ }
907
+ ],
908
+ description: "Original VC that we've received. Can be either the encoded or decoded variant."
909
+ },
910
+ decoded: {
911
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredentialPayload",
912
+ description: "Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT as the `decoded` property is used in e.g. PEX to check for path filters from fields. The full decoded credential can be found in the `credential` field."
913
+ },
914
+ type: {
915
+ anyOf: [
916
+ {
917
+ $ref: "#/components/schemas/OriginalType.SD_JWT_VC_DECODED"
918
+ },
919
+ {
920
+ $ref: "#/components/schemas/OriginalType.SD_JWT_VC_ENCODED"
921
+ }
922
+ ],
923
+ description: "Type of this credential."
924
+ },
925
+ format: {
926
+ type: "string",
927
+ const: "vc+sd-jwt",
928
+ description: "The claim format, typically used during exchange transport protocols"
929
+ },
930
+ credential: {
931
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredential",
932
+ description: "Internal stable representation of a Credential"
933
+ }
934
+ },
935
+ required: ["original", "decoded", "type", "format", "credential"],
936
+ additionalProperties: false
937
+ },
938
+ CompactSdJwtVc: {
939
+ type: "string",
940
+ description: "Represents a selective disclosure JWT vc in compact form."
941
+ },
942
+ "OriginalType.SD_JWT_VC_DECODED": {
943
+ type: "string",
944
+ const: "sd-jwt-vc-decoded"
945
+ },
946
+ "OriginalType.SD_JWT_VC_ENCODED": {
947
+ type: "string",
948
+ const: "sd-jwt-vc-encoded"
949
+ },
950
+ WrappedMdocCredential: {
951
+ type: "object",
952
+ properties: {
953
+ original: {
954
+ anyOf: [
955
+ {
956
+ $ref: "#/components/schemas/MdocDocument"
957
+ },
958
+ {
959
+ $ref: "#/components/schemas/MdocOid4vpIssuerSigned"
960
+ }
961
+ ],
962
+ description: "Original IssuerSigned to Mdoc that we've received. Can be either the encoded or decoded variant."
963
+ },
964
+ decoded: {
965
+ $ref: "#/components/schemas/MdocDecodedPayload",
966
+ description: "Record where keys are the namespaces and the values are objects again with the namespace values"
967
+ },
968
+ type: {
969
+ anyOf: [
970
+ {
971
+ $ref: "#/components/schemas/OriginalType.MSO_MDOC_DECODED"
972
+ },
973
+ {
974
+ $ref: "#/components/schemas/OriginalType.MSO_MDOC_ENCODED"
975
+ }
976
+ ],
977
+ description: "Type of this credential."
978
+ },
979
+ format: {
980
+ type: "string",
981
+ const: "mso_mdoc",
982
+ description: "The claim format, typically used during exchange transport protocols"
983
+ },
984
+ credential: {
985
+ $ref: "#/components/schemas/MdocDocument",
986
+ description: "Internal stable representation of a Credential"
987
+ }
988
+ },
989
+ required: ["original", "decoded", "type", "format", "credential"],
990
+ additionalProperties: false
991
+ },
992
+ MdocDecodedPayload: {
993
+ $ref: "#/components/schemas/Record<string,Record<string,(string|number|boolean)>>",
994
+ description: "Record where keys are the namespaces and the values are objects again with the namespace values"
995
+ },
996
+ "Record<string,Record<string,(string|number|boolean)>>": {
997
+ type: "object",
998
+ additionalProperties: {
999
+ $ref: "#/components/schemas/Record<string,(string|number|boolean)>"
1000
+ }
1001
+ },
1002
+ "Record<string,(string|number|boolean)>": {
1003
+ type: "object",
1004
+ additionalProperties: {
1005
+ type: ["string", "number", "boolean"]
1006
+ }
1007
+ },
1008
+ "OriginalType.MSO_MDOC_DECODED": {
1009
+ type: "string",
1010
+ const: "mso_mdoc-decoded"
1011
+ },
1012
+ "OriginalType.MSO_MDOC_ENCODED": {
1013
+ type: "string",
1014
+ const: "mso_mdoc-encoded"
1015
+ },
1016
+ WrappedVerifiablePresentation: {
1017
+ anyOf: [
1018
+ {
1019
+ $ref: "#/components/schemas/WrappedW3CVerifiablePresentation"
1020
+ },
1021
+ {
1022
+ $ref: "#/components/schemas/WrappedSdJwtVerifiablePresentation"
1023
+ },
1024
+ {
1025
+ $ref: "#/components/schemas/WrappedMdocPresentation"
1026
+ }
1027
+ ]
1028
+ },
1029
+ WrappedW3CVerifiablePresentation: {
1030
+ type: "object",
1031
+ properties: {
1032
+ original: {
1033
+ anyOf: [
1034
+ {
1035
+ $ref: "#/components/schemas/W3CVerifiablePresentation"
1036
+ },
1037
+ {
1038
+ $ref: "#/components/schemas/JwtDecodedVerifiablePresentation"
1039
+ }
1040
+ ],
1041
+ description: "Original VP that we've received"
1042
+ },
1043
+ decoded: {
1044
+ anyOf: [
1045
+ {
1046
+ $ref: "#/components/schemas/JwtDecodedVerifiablePresentation"
1047
+ },
1048
+ {
1049
+ $ref: "#/components/schemas/IVerifiablePresentation"
1050
+ }
1051
+ ],
1052
+ description: "In case of JWT VP it will be the decoded version. In other cases it will be the same as original one"
1053
+ },
1054
+ type: {
1055
+ anyOf: [
1056
+ {
1057
+ $ref: "#/components/schemas/OriginalType.JSONLD"
1058
+ },
1059
+ {
1060
+ $ref: "#/components/schemas/OriginalType.JWT_ENCODED"
1061
+ },
1062
+ {
1063
+ $ref: "#/components/schemas/OriginalType.JWT_DECODED"
1064
+ }
1065
+ ],
1066
+ description: "Type of this Presentation. Supported types are json-ld and jwt (decoded/encoded) and sd-jwt-vc (decoded/encoded)"
1067
+ },
1068
+ format: {
1069
+ type: "string",
1070
+ enum: ["jwt_vp", "ldp_vp"],
1071
+ description: "The claim format, typically used during exchange transport protocols"
1072
+ },
1073
+ presentation: {
1074
+ $ref: "#/components/schemas/UniformVerifiablePresentation",
1075
+ description: "Internal stable representation of a Presentation without proofs, created based on https://www.w3.org/TR/vc-data-model/#jwt-decoding"
1076
+ },
1077
+ vcs: {
1078
+ type: "array",
1079
+ items: {
1080
+ $ref: "#/components/schemas/WrappedW3CVerifiableCredential"
1081
+ },
1082
+ description: "Wrapped Verifiable Credentials belonging to the Presentation"
1083
+ }
1084
+ },
1085
+ required: ["original", "decoded", "type", "format", "presentation", "vcs"],
1086
+ additionalProperties: false
1087
+ },
1088
+ W3CVerifiablePresentation: {
1089
+ anyOf: [
1090
+ {
1091
+ $ref: "#/components/schemas/IVerifiablePresentation"
1092
+ },
1093
+ {
1094
+ $ref: "#/components/schemas/CompactJWT"
1095
+ }
1096
+ ],
1097
+ description: "Represents a signed Verifiable Presentation (includes proof), in either JSON or compact JWT format. See {@link https://www.w3.org/TR/vc-data-model/#presentations | VC data model } See {@link https://www.w3.org/TR/vc-data-model/#proof-formats | proof formats }"
1098
+ },
1099
+ IVerifiablePresentation: {
1100
+ type: "object",
1101
+ properties: {
1102
+ proof: {
1103
+ anyOf: [
1104
+ {
1105
+ $ref: "#/components/schemas/IProof"
1106
+ },
1107
+ {
1108
+ type: "array",
1109
+ items: {
1110
+ $ref: "#/components/schemas/IProof"
1111
+ }
1112
+ }
1113
+ ]
1114
+ },
1115
+ id: {
1116
+ type: "string"
1117
+ },
1118
+ "@context": {
1119
+ anyOf: [
1120
+ {
1121
+ $ref: "#/components/schemas/ICredentialContextType"
1122
+ },
1123
+ {
1124
+ type: "array",
1125
+ items: {
1126
+ $ref: "#/components/schemas/ICredentialContextType"
1127
+ }
1128
+ }
1129
+ ]
1130
+ },
1131
+ type: {
1132
+ anyOf: [
1133
+ {
1134
+ type: "string"
1135
+ },
1136
+ {
1137
+ type: "array",
1138
+ items: {
1139
+ type: "string"
1140
+ }
1141
+ }
1142
+ ]
1143
+ },
1144
+ verifiableCredential: {
1145
+ type: "array",
1146
+ items: {
1147
+ $ref: "#/components/schemas/W3CVerifiableCredential"
1148
+ }
1149
+ },
1150
+ presentation_submission: {
1151
+ $ref: "#/components/schemas/PresentationSubmission"
1152
+ },
1153
+ holder: {
1154
+ type: "string"
1155
+ },
1156
+ verifier: {
1157
+ type: "string"
1158
+ }
1159
+ },
1160
+ required: ["@context", "proof"]
1161
+ },
1162
+ PresentationSubmission: {
1163
+ type: "object",
1164
+ properties: {
1165
+ id: {
1166
+ type: "string",
1167
+ description: "A UUID or some other unique ID to identify this Presentation Submission"
1168
+ },
1169
+ definition_id: {
1170
+ type: "string",
1171
+ description: "A UUID or some other unique ID to identify this Presentation Definition"
1172
+ },
1173
+ descriptor_map: {
1174
+ type: "array",
1175
+ items: {
1176
+ $ref: "#/components/schemas/Descriptor"
1177
+ },
1178
+ description: "List of descriptors of how the claims are being mapped to presentation definition"
1179
+ }
1180
+ },
1181
+ required: ["id", "definition_id", "descriptor_map"],
1182
+ additionalProperties: false,
1183
+ description: "It expresses how the inputs are presented as proofs to a Verifier."
1184
+ },
1185
+ Descriptor: {
1186
+ type: "object",
1187
+ properties: {
1188
+ id: {
1189
+ type: "string",
1190
+ description: "ID to identify the descriptor from Presentation Definition Input Descriptor it coresponds to."
1191
+ },
1192
+ path: {
1193
+ type: "string",
1194
+ description: "The path where the verifiable credential is located in the presentation submission json"
1195
+ },
1196
+ path_nested: {
1197
+ $ref: "#/components/schemas/Descriptor"
1198
+ },
1199
+ format: {
1200
+ type: "string",
1201
+ description: "The Proof or JWT algorith that the proof is in"
1202
+ }
1203
+ },
1204
+ required: ["id", "path", "format"],
1205
+ additionalProperties: false,
1206
+ description: "descriptor map laying out the structure of the presentation submission."
1207
+ },
1208
+ JwtDecodedVerifiablePresentation: {
1209
+ type: "object",
1210
+ properties: {
1211
+ vp: {
1212
+ $ref: "#/components/schemas/IVerifiablePresentation"
1213
+ },
1214
+ exp: {
1215
+ type: "string"
1216
+ },
1217
+ iss: {
1218
+ type: "string"
1219
+ },
1220
+ nbf: {
1221
+ type: "string"
1222
+ },
1223
+ sub: {
1224
+ type: "string"
1225
+ },
1226
+ jti: {
1227
+ type: "string"
1228
+ },
1229
+ aud: {
1230
+ type: "string"
1231
+ },
1232
+ iat: {
1233
+ type: "string"
1234
+ }
1235
+ },
1236
+ required: ["vp", "exp", "iss", "nbf", "sub", "jti", "aud", "iat"]
1237
+ },
1238
+ UniformVerifiablePresentation: {
1239
+ type: "object",
1240
+ properties: {
1241
+ "@context": {
1242
+ anyOf: [
1243
+ {
1244
+ $ref: "#/components/schemas/ICredentialContextType"
1245
+ },
1246
+ {
1247
+ type: "array",
1248
+ items: {
1249
+ $ref: "#/components/schemas/ICredentialContextType"
1250
+ }
1251
+ }
1252
+ ]
1253
+ },
1254
+ type: {
1255
+ anyOf: [
1256
+ {
1257
+ type: "string"
1258
+ },
1259
+ {
1260
+ type: "array",
1261
+ items: {
1262
+ type: "string"
1263
+ }
1264
+ }
1265
+ ]
1266
+ },
1267
+ verifiableCredential: {
1268
+ type: "array",
1269
+ items: {
1270
+ $ref: "#/components/schemas/WrappedW3CVerifiableCredential"
1271
+ }
1272
+ },
1273
+ presentation_submission: {
1274
+ $ref: "#/components/schemas/PresentationSubmission"
1275
+ },
1276
+ holder: {
1277
+ type: "string"
1278
+ }
1279
+ },
1280
+ required: ["@context", "type", "verifiableCredential"],
1281
+ additionalProperties: false
1282
+ },
1283
+ WrappedSdJwtVerifiablePresentation: {
1284
+ type: "object",
1285
+ properties: {
1286
+ original: {
1287
+ anyOf: [
1288
+ {
1289
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredential"
1290
+ },
1291
+ {
1292
+ $ref: "#/components/schemas/CompactSdJwtVc"
1293
+ }
1294
+ ],
1295
+ description: "Original VP that we've received. Can be either the encoded or decoded variant."
1296
+ },
1297
+ decoded: {
1298
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredentialPayload",
1299
+ description: "Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT."
1300
+ },
1301
+ type: {
1302
+ anyOf: [
1303
+ {
1304
+ $ref: "#/components/schemas/OriginalType.SD_JWT_VC_DECODED"
1305
+ },
1306
+ {
1307
+ $ref: "#/components/schemas/OriginalType.SD_JWT_VC_ENCODED"
1308
+ }
1309
+ ],
1310
+ description: "Type of this Presentation."
1311
+ },
1312
+ format: {
1313
+ type: "string",
1314
+ const: "vc+sd-jwt",
1315
+ description: "The claim format, typically used during exchange transport protocols"
1316
+ },
1317
+ presentation: {
1318
+ $ref: "#/components/schemas/SdJwtDecodedVerifiableCredential",
1319
+ description: "Internal stable representation of a Presentation"
1320
+ },
1321
+ vcs: {
1322
+ type: "array",
1323
+ items: {
1324
+ $ref: "#/components/schemas/WrappedSdJwtVerifiableCredential"
1325
+ },
1326
+ minItems: 1,
1327
+ maxItems: 1,
1328
+ description: "Wrapped Verifiable Credentials belonging to the Presentation. Will always be an array with a single SdJwtVerifiableCredential entry."
1329
+ }
1330
+ },
1331
+ required: ["original", "decoded", "type", "format", "presentation", "vcs"],
1332
+ additionalProperties: false
1333
+ },
1334
+ WrappedMdocPresentation: {
1335
+ type: "object",
1336
+ properties: {
1337
+ original: {
1338
+ anyOf: [
1339
+ {
1340
+ $ref: "#/components/schemas/MdocDeviceResponse"
1341
+ },
1342
+ {
1343
+ $ref: "#/components/schemas/MdocOid4vpMdocVpToken"
1344
+ }
1345
+ ],
1346
+ description: "Original VP that we've received. Can be either the encoded or decoded variant."
1347
+ },
1348
+ decoded: {
1349
+ $ref: "#/components/schemas/MdocDeviceResponse",
1350
+ description: "Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT."
1351
+ },
1352
+ type: {
1353
+ anyOf: [
1354
+ {
1355
+ $ref: "#/components/schemas/OriginalType.MSO_MDOC_ENCODED"
1356
+ },
1357
+ {
1358
+ $ref: "#/components/schemas/OriginalType.MSO_MDOC_DECODED"
1359
+ }
1360
+ ],
1361
+ description: "Type of this Presentation."
1362
+ },
1363
+ format: {
1364
+ type: "string",
1365
+ const: "mso_mdoc",
1366
+ description: "The claim format, typically used during exchange transport protocols"
1367
+ },
1368
+ presentation: {
1369
+ $ref: "#/components/schemas/MdocDeviceResponse",
1370
+ description: "Internal stable representation of a Presentation"
1371
+ },
1372
+ vcs: {
1373
+ type: "array",
1374
+ items: {
1375
+ $ref: "#/components/schemas/WrappedMdocCredential"
1376
+ },
1377
+ description: "Wrapped Mdocs belonging to the Presentation. There can be multiple documents in a single device response"
1378
+ }
1379
+ },
1380
+ required: ["original", "decoded", "type", "format", "presentation", "vcs"],
1381
+ additionalProperties: false
1382
+ },
1383
+ MdocDeviceResponse: {
1384
+ $ref: "#/components/schemas/com.sphereon.mdoc.data.device.DeviceResponseCbor"
1385
+ },
1386
+ "com.sphereon.mdoc.data.device.DeviceResponseCbor": {
1387
+ type: "object",
1388
+ additionalProperties: false,
1389
+ properties: {}
1390
+ },
1391
+ MdocOid4vpMdocVpToken: {
1392
+ type: "string"
1393
+ },
1394
+ VerificationSubResult: {
1395
+ type: "object",
1396
+ properties: {
1397
+ result: {
1398
+ type: "boolean"
1399
+ },
1400
+ error: {
1401
+ type: "string"
1402
+ },
1403
+ errorDetails: {
1404
+ type: "string"
1405
+ }
1406
+ },
1407
+ required: ["result"],
1408
+ additionalProperties: false
1409
+ },
1410
+ VerifyMdocCredentialArgs: {
1411
+ type: "object",
1412
+ properties: {
1413
+ credential: {
1414
+ type: "string"
1415
+ }
1416
+ },
1417
+ required: ["credential"],
1418
+ additionalProperties: false
1419
+ },
1420
+ ValidateSchemaArgs: {
1421
+ type: "object",
1422
+ properties: {
1423
+ credential: {
1424
+ $ref: "#/components/schemas/OriginalVerifiableCredential"
1425
+ },
1426
+ validationPolicy: {
1427
+ $ref: "#/components/schemas/SchemaValidation"
1428
+ },
1429
+ hasher: {
1430
+ $ref: "#/components/schemas/HasherSync"
1431
+ }
1432
+ },
1433
+ required: ["credential"],
1434
+ additionalProperties: false
1435
+ },
1436
+ VerifySDJWTCredentialArgs: {
1437
+ type: "object",
1438
+ properties: {
1439
+ credential: {
1440
+ type: "string"
1441
+ },
1442
+ hasher: {
1443
+ $ref: "#/components/schemas/HasherSync"
1444
+ }
1445
+ },
1446
+ required: ["credential"],
1447
+ additionalProperties: false
1448
+ },
1449
+ VerifyW3CCredentialArgs: {
1450
+ type: "object",
1451
+ additionalProperties: false
1452
+ }
1453
+ },
1454
+ methods: {
1455
+ cvVerifyCredential: {
1456
+ description: "",
1457
+ arguments: {
1458
+ $ref: "#/components/schemas/VerifyCredentialArgs"
1459
+ },
1460
+ returnType: {
1461
+ $ref: "#/components/schemas/VerificationResult"
1462
+ }
1463
+ },
1464
+ cvVerifyMdoc: {
1465
+ description: "",
1466
+ arguments: {
1467
+ $ref: "#/components/schemas/VerifyMdocCredentialArgs"
1468
+ },
1469
+ returnType: {
1470
+ $ref: "#/components/schemas/VerificationResult"
1471
+ }
1472
+ },
1473
+ cvVerifySchema: {
1474
+ description: "",
1475
+ arguments: {
1476
+ $ref: "#/components/schemas/ValidateSchemaArgs"
1477
+ },
1478
+ returnType: {
1479
+ $ref: "#/components/schemas/VerificationResult"
1480
+ }
1481
+ },
1482
+ cvVerifySDJWTCredential: {
1483
+ description: "",
1484
+ arguments: {
1485
+ $ref: "#/components/schemas/VerifySDJWTCredentialArgs"
1486
+ },
1487
+ returnType: {
1488
+ $ref: "#/components/schemas/VerificationResult"
1489
+ }
1490
+ },
1491
+ cvVerifyW3CCredential: {
1492
+ description: "",
1493
+ arguments: {
1494
+ $ref: "#/components/schemas/VerifyW3CCredentialArgs"
1495
+ },
1496
+ returnType: {
1497
+ $ref: "#/components/schemas/VerificationResult"
1498
+ }
1499
+ }
1500
+ }
1501
+ }
1502
+ }
1503
+ };
1504
+ }
1505
+ });
1506
+
1507
+ // src/index.ts
1508
+ var index_exports = {};
1509
+ __export(index_exports, {
1510
+ CredentialValidation: () => CredentialValidation,
1511
+ SchemaValidation: () => SchemaValidation,
1512
+ credentialValidationMethods: () => credentialValidationMethods,
1513
+ schema: () => schema
1514
+ });
1515
+ module.exports = __toCommonJS(index_exports);
1516
+
1517
+ // src/agent/CredentialValidation.ts
1518
+ var import_kmp_mdoc_core = require("@sphereon/kmp-mdoc-core");
1519
+ var import_ssi_types = require("@sphereon/ssi-types");
1520
+ var import_ajv_formats = __toESM(require("ajv-formats"), 1);
1521
+ var import__ = __toESM(require("ajv/dist/2020"), 1);
1522
+ var import_cross_fetch = __toESM(require("cross-fetch"), 1);
1523
+ var import_ssi_sdk = require("@sphereon/ssi-sdk.core");
1524
+ var decodeFrom = import_kmp_mdoc_core.com.sphereon.kmp.decodeFrom;
1525
+ var IssuerSignedCbor = import_kmp_mdoc_core.com.sphereon.mdoc.data.device.IssuerSignedCbor;
1526
+ var credentialValidationMethods = [
1527
+ "cvVerifyCredential",
1528
+ "cvVerifySchema",
1529
+ "cvVerifyMdoc",
1530
+ "cvVerifySDJWTCredential",
1531
+ "cvVerifyW3CCredential"
1532
+ ];
1533
+ var CredentialValidation = class {
1534
+ static {
1535
+ __name(this, "CredentialValidation");
1536
+ }
1537
+ schema = schema.ICredentialValidation;
1538
+ methods = {
1539
+ cvVerifyCredential: this.cvVerifyCredential.bind(this),
1540
+ cvVerifySchema: this.cvVerifySchema.bind(this),
1541
+ cvVerifyMdoc: this.cvVerifyMdoc.bind(this),
1542
+ cvVerifySDJWTCredential: this.cvVerifySDJWTCredential.bind(this),
1543
+ cvVerifyW3CCredential: this.cvVerifyW3CCredential.bind(this)
1544
+ };
1545
+ detectSchemas(wrappedVC) {
1546
+ if ("credential" in wrappedVC) {
1547
+ const { credential } = wrappedVC;
1548
+ if ("credentialSchema" in credential) {
1549
+ const { credentialSchema } = credential;
1550
+ if (Array.isArray(credentialSchema)) {
1551
+ return credentialSchema;
1552
+ } else if (credentialSchema) {
1553
+ return [
1554
+ credentialSchema
1555
+ ];
1556
+ }
1557
+ }
1558
+ }
1559
+ return void 0;
1560
+ }
1561
+ async cvVerifyCredential(args, context) {
1562
+ const { credential, hasher = import_ssi_sdk.defaultHasher, policies } = args;
1563
+ const schemaResult = await this.cvVerifySchema({
1564
+ credential,
1565
+ validationPolicy: policies?.schemaValidation ?? SchemaValidation.WHEN_PRESENT,
1566
+ hasher
1567
+ });
1568
+ if (!schemaResult.result) {
1569
+ return schemaResult;
1570
+ }
1571
+ if (import_ssi_types.CredentialMapper.isMsoMdocOid4VPEncoded(credential)) {
1572
+ return await this.cvVerifyMdoc({
1573
+ credential
1574
+ }, context);
1575
+ } else if (import_ssi_types.CredentialMapper.isSdJwtEncoded(credential)) {
1576
+ return await this.cvVerifySDJWTCredential({
1577
+ credential,
1578
+ hasher
1579
+ }, context);
1580
+ } else {
1581
+ return await this.cvVerifyW3CCredential({
1582
+ ...args,
1583
+ credential
1584
+ }, context);
1585
+ }
1586
+ }
1587
+ async cvVerifySchema(args) {
1588
+ const { credential, hasher = import_ssi_sdk.defaultHasher, validationPolicy } = args;
1589
+ const wrappedCredential = import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
1590
+ hasher
1591
+ });
1592
+ if (validationPolicy === SchemaValidation.NEVER) {
1593
+ return {
1594
+ result: true,
1595
+ source: wrappedCredential,
1596
+ subResults: []
1597
+ };
1598
+ }
1599
+ return this.validateSchema(wrappedCredential, validationPolicy);
1600
+ }
1601
+ async validateSchema(wrappedVC, validationPolicy) {
1602
+ const schemas = this.detectSchemas(wrappedVC);
1603
+ if (!schemas) {
1604
+ if (validationPolicy === SchemaValidation.ALWAYS) {
1605
+ console.error(`No schema found for credential, but validation policy is set to ALWAYS. Returning false. Credential: ${JSON.stringify(wrappedVC.credential, null, 2)}`);
1606
+ return {
1607
+ result: false,
1608
+ source: wrappedVC,
1609
+ subResults: []
1610
+ };
1611
+ } else {
1612
+ return {
1613
+ result: true,
1614
+ source: wrappedVC,
1615
+ subResults: []
1616
+ };
1617
+ }
1618
+ }
1619
+ const subResults = await Promise.all(schemas.map((schema2) => this.verifyCredentialAgainstSchema(wrappedVC, schema2)));
1620
+ return {
1621
+ result: subResults.every((subResult) => subResult.result),
1622
+ source: wrappedVC,
1623
+ subResults
1624
+ };
1625
+ }
1626
+ async fetchSchema(uri) {
1627
+ const response = await (0, import_cross_fetch.default)(uri);
1628
+ if (!response.ok) {
1629
+ throw new Error(`Unable to fetch schema from ${uri}`);
1630
+ }
1631
+ return response.json();
1632
+ }
1633
+ async verifyCredentialAgainstSchema(wrappedVC, schema2) {
1634
+ const schemaUrl = typeof schema2 === "string" ? schema2 : schema2.id;
1635
+ let schemaValue;
1636
+ try {
1637
+ schemaValue = await this.fetchSchema(schemaUrl);
1638
+ } catch (error) {
1639
+ console.error(error);
1640
+ return {
1641
+ result: false,
1642
+ error
1643
+ };
1644
+ }
1645
+ const ajv = new import__.default({
1646
+ loadSchema: this.fetchSchema
1647
+ });
1648
+ (0, import_ajv_formats.default)(ajv);
1649
+ const validate = await ajv.compileAsync(schemaValue);
1650
+ const valid = validate(wrappedVC.credential);
1651
+ if (!valid) {
1652
+ console.error(`Schema validation failed for `, wrappedVC.credential);
1653
+ }
1654
+ return {
1655
+ result: valid
1656
+ };
1657
+ }
1658
+ async cvVerifyMdoc(args, context) {
1659
+ const { credential } = args;
1660
+ const issuerSigned = IssuerSignedCbor.Static.cborDecode(decodeFrom(credential, import_kmp_mdoc_core.com.sphereon.kmp.Encoding.BASE64URL));
1661
+ const verification = await context.agent.mdocVerifyIssuerSigned({
1662
+ input: issuerSigned.toJson().issuerAuth
1663
+ }).catch((error) => {
1664
+ console.error(error);
1665
+ return {
1666
+ name: "mdoc",
1667
+ critical: true,
1668
+ error: true,
1669
+ message: error.message ?? "Mdoc Issuer Signed VC could not be verified"
1670
+ };
1671
+ });
1672
+ return {
1673
+ source: import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
1674
+ hasher: import_ssi_sdk.defaultHasher
1675
+ }),
1676
+ result: !verification.error,
1677
+ subResults: [],
1678
+ ...verification.error && {
1679
+ error: verification.message ?? `Could not verify mdoc from issuer`
1680
+ }
1681
+ };
1682
+ }
1683
+ async cvVerifyW3CCredential(args, context) {
1684
+ const { credential, policies } = args;
1685
+ const result = await context.agent.verifyCredential(args);
1686
+ if (typeof result === "boolean") {
1687
+ return {
1688
+ // FIXME the source is never used, need to start using this as the source of truth
1689
+ source: import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(args.credential, {
1690
+ hasher: import_ssi_sdk.defaultHasher
1691
+ }),
1692
+ result,
1693
+ ...!result && {
1694
+ error: "Invalid JWT VC",
1695
+ errorDetails: `JWT VC was not valid with policies: ${JSON.stringify(policies)}`
1696
+ },
1697
+ subResults: []
1698
+ };
1699
+ } else {
1700
+ let error;
1701
+ let errorDetails;
1702
+ const subResults = [];
1703
+ if (result.error) {
1704
+ error = result.error?.message ?? "";
1705
+ errorDetails = result.error?.details?.code ?? "";
1706
+ errorDetails = (errorDetails !== "" ? `${errorDetails}, ` : "") + (result.error?.details?.url ?? "");
1707
+ if (result.error?.errors) {
1708
+ error = (error !== "" ? `${error}, ` : "") + result.error?.errors?.map((error2) => error2.message ?? error2.name).join(", ");
1709
+ errorDetails = (errorDetails !== "" ? `${errorDetails}, ` : "") + result.error?.errors?.map((error2) => (error2?.details?.code ? `${error2.details.code}, ` : "") + (error2?.details?.url ?? "")).join(", ");
1710
+ }
1711
+ console.error(error);
1712
+ }
1713
+ return {
1714
+ source: import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
1715
+ hasher: import_ssi_sdk.defaultHasher
1716
+ }),
1717
+ result: result.verified,
1718
+ subResults,
1719
+ error,
1720
+ errorDetails
1721
+ };
1722
+ }
1723
+ }
1724
+ async cvVerifySDJWTCredential(args, context) {
1725
+ const { credential, hasher = import_ssi_sdk.defaultHasher } = args;
1726
+ const verification = await context.agent.verifySdJwtVc({
1727
+ credential
1728
+ }).catch((error) => {
1729
+ console.error(error);
1730
+ return {
1731
+ error: "Invalid SD-JWT VC",
1732
+ errorDetails: error.message ?? "SD-JWT VC could not be verified"
1733
+ };
1734
+ });
1735
+ const result = "header" in verification && "payload" in verification;
1736
+ return {
1737
+ source: import_ssi_types.CredentialMapper.toWrappedVerifiableCredential(credential, {
1738
+ hasher: hasher ?? import_ssi_sdk.defaultHasher
1739
+ }),
1740
+ result,
1741
+ subResults: [],
1742
+ ...!result && {
1743
+ ...verification
1744
+ }
1745
+ };
1746
+ }
1747
+ };
1748
+
1749
+ // src/types/ICredentialValidation.ts
1750
+ var SchemaValidation = /* @__PURE__ */ function(SchemaValidation2) {
1751
+ SchemaValidation2["ALWAYS"] = "ALWAYS";
1752
+ SchemaValidation2["NEVER"] = "NEVER";
1753
+ SchemaValidation2["WHEN_PRESENT"] = "WHEN_PRESENT";
1754
+ return SchemaValidation2;
1755
+ }({});
1756
+
1757
+ // src/index.ts
1758
+ var schema = require_plugin_schema();
1759
+ //# sourceMappingURL=index.cjs.map