npm - @sphereon/ssi-sdk.sd-jwt - Versions diffs - 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2 - Mend

@sphereon/ssi-sdk.sd-jwt 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/action-handler.d.ts +89 -0
package/dist/action-handler.d.ts.map +1 -0
package/dist/action-handler.js +397 -0
package/dist/action-handler.js.map +1 -0
package/dist/defaultCallbacks.d.ts +6 -0
package/dist/defaultCallbacks.d.ts.map +1 -0
package/dist/defaultCallbacks.js +55 -0
package/dist/defaultCallbacks.js.map +1 -0
package/dist/index.d.ts +4 -334
package/dist/index.d.ts.map +1 -0
package/dist/index.js +20 -562
package/dist/index.js.map +1 -1
package/dist/trustAnchors.d.ts +3 -0
package/dist/trustAnchors.d.ts.map +1 -0
package/dist/trustAnchors.js +20 -0
package/dist/trustAnchors.js.map +1 -0
package/dist/types.d.ts +234 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +10 -0
package/dist/types.js.map +1 -0
package/dist/utils.d.ts +18 -0
package/dist/utils.d.ts.map +1 -0
package/dist/utils.js +85 -0
package/dist/utils.js.map +1 -0
package/package.json +24 -34
package/src/__tests__/sd-jwt-integrity.test.ts +1 -1
package/src/__tests__/sd-jwt.test.ts +1 -2
package/src/action-handler.ts +2 -2
package/src/defaultCallbacks.ts +3 -4
package/src/types.ts +1 -1
package/src/utils.ts +4 -4
package/dist/index.cjs +0 -595
package/dist/index.cjs.map +0 -1
package/dist/index.d.cts +0 -334

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/action-handler.ts","../src/defaultCallbacks.ts","../src/trustAnchors.ts","../src/utils.ts","../src/types.ts"],"sourcesContent":["import { Jwt, SDJwt } from '@sd-jwt/core'\nimport { SDJwtVcInstance, SdJwtVcPayload } from '@sd-jwt/sd-jwt-vc'\nimport { DisclosureFrame, Hasher, JwtPayload, KbVerifier, PresentationFrame, Signer, Verifier } from '@sd-jwt/types'\nimport { calculateJwkThumbprint, signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { HasherSync, JsonWebKey, JWK, SdJwtTypeMetadata } from '@sphereon/ssi-types'\nimport { IAgentPlugin } from '@veramo/core'\nimport { decodeBase64url } from '@veramo/utils'\nimport Debug from 'debug'\nimport { defaultGenerateDigest, defaultGenerateSalt, defaultVerifySignature } from './defaultCallbacks'\nimport { funkeTestCA, sphereonCA } from './trustAnchors'\nimport { assertValidTypeMetadata, fetchUrlWithErrorHandling, validateIntegrity } from './utils'\nimport {\n Claims,\n FetchSdJwtTypeMetadataFromVctUrlArgs,\n GetSignerForIdentifierArgs,\n GetSignerResult,\n ICreateSdJwtPresentationArgs,\n ICreateSdJwtPresentationResult,\n ICreateSdJwtVcArgs,\n ICreateSdJwtVcResult,\n IRequiredContext,\n ISDJwtPlugin,\n IVerifySdJwtPresentationArgs,\n IVerifySdJwtPresentationResult,\n IVerifySdJwtVcArgs,\n IVerifySdJwtVcResult,\n SdJWTImplementation,\n SdJwtVerifySignature,\n SignKeyArgs,\n SignKeyResult,\n} from './types'\n\nconst debug = Debug('@sphereon/ssi-sdk.sd-jwt')\n\n/*\n @beta\n * SD-JWT plugin\n /\nexport class SDJwtPlugin implements IAgentPlugin {\n // @ts-ignore\n private readonly trustAnchorsInPEM: string[]\n private readonly registeredImplementations: SdJWTImplementation\n private _signers: Record<string, Signer>\n private _defaultSigner?: Signer\n\n constructor(\n registeredImplementations?: SdJWTImplementation & {\n signers?: Record<string, Signer>\n defaultSigner?: Signer\n },\n trustAnchorsInPEM?: string[],\n ) {\n this.trustAnchorsInPEM = trustAnchorsInPEM ?? []\n if (!registeredImplementations) {\n registeredImplementations = {}\n }\n if (typeof registeredImplementations?.hasher !== 'function') {\n registeredImplementations.hasher = defaultGenerateDigest\n }\n if (typeof registeredImplementations?.saltGenerator !== 'function') {\n registeredImplementations.saltGenerator = defaultGenerateSalt\n }\n this.registeredImplementations = registeredImplementations\n this._signers = registeredImplementations?.signers ?? {}\n this._defaultSigner = registeredImplementations?.defaultSigner\n\n // Verify signature default is used below in the methods if not provided here, as it needs the context of the agent\n }\n\n // map the methods your plugin is declaring to their implementation\n readonly methods: ISDJwtPlugin = {\n createSdJwtVc: this.createSdJwtVc.bind(this),\n createSdJwtPresentation: this.createSdJwtPresentation.bind(this),\n verifySdJwtVc: this.verifySdJwtVc.bind(this),\n verifySdJwtPresentation: this.verifySdJwtPresentation.bind(this),\n fetchSdJwtTypeMetadataFromVctUrl: this.fetchSdJwtTypeMetadataFromVctUrl.bind(this),\n }\n\n private async getSignerForIdentifier(args: GetSignerForIdentifierArgs, context: IRequiredContext): Promise<GetSignerResult> {\n const { identifier, resolution } = args\n if (Object.keys(this._signers).includes(identifier) && typeof this._signers[identifier] === 'function') {\n return { signer: this._signers[identifier] }\n } else if (typeof this._defaultSigner === 'function') {\n return { signer: this._defaultSigner }\n }\n const signingKey = await this.getSignKey({ identifier, vmRelationship: 'assertionMethod', resolution }, context)\n const { key, alg } = signingKey\n\n const signer: Signer = async (data: string): Promise<string> => {\n return context.agent.keyManagerSign({ keyRef: key.kmsKeyRef, data })\n }\n\n return { signer, alg, signingKey }\n }\n\n /\n Create a signed SD-JWT credential.\n * @param args - Arguments necessary for the creation of a SD-JWT credential.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @returns A signed SD-JWT credential.\n /\n async createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult> {\n const issuer = args.credentialPayload.iss\n if (!issuer) {\n throw new Error('credential.issuer must not be empty')\n }\n const { alg, signer, signingKey } = await this.getSignerForIdentifier({ identifier: issuer, resolution: args.resolution }, context)\n const sdjwt = new SDJwtVcInstance({\n signer,\n hasher: this.registeredImplementations.hasher,\n saltGenerator: this.registeredImplementations.saltGenerator,\n signAlg: alg ?? 'ES256',\n hashAlg: 'sha-256',\n })\n\n const credential = await sdjwt.issue(args.credentialPayload, args.disclosureFrame as DisclosureFrame<typeof args.credentialPayload>, {\n header: {\n ...(signingKey?.key.kid !== undefined && { kid: signingKey.key.kid }),\n ...(signingKey?.key.x5c !== undefined && { x5c: signingKey.key.x5c }),\n },\n })\n\n return { credential }\n }\n\n /\n Get the key to sign the SD-JWT\n * @param args - consists of twp arguments: identifier like a did and other forms of identifiers and vmRelationship which represents the purpose of the key\n * @param context - agent instance\n * @returns the key to sign the SD-JWT\n /\n async getSignKey(args: SignKeyArgs, context: IRequiredContext): Promise<SignKeyResult> {\n // TODO Using identifierManagedGetByDid now (new managed identifier resolution). Evaluate of we need to implement more identifier types here\n const { identifier, resolution } = { ...args }\n if (resolution) {\n const key = resolution.key\n const alg = await signatureAlgorithmFromKey({ key })\n switch (resolution.method) {\n case 'did':\n debug(`Signing key ${key.publicKeyHex} found for identifier ${identifier}`)\n return { alg, key: { ...key, kmsKeyRef: resolution.kmsKeyRef, kid: resolution.kid } }\n default:\n if (key.meta?.x509 && key.meta.x509.x5c) {\n return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef, x5c: key.meta.x509.x5c as string[] } }\n } else if (key.meta?.jwkThumbprint) {\n return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef, jwkThumbprint: key.meta.jwkThumbprint } }\n } else {\n return { alg, key: { kid: resolution.kid, kmsKeyRef: resolution.kmsKeyRef } }\n }\n }\n } else if (identifier.startsWith('did:')) {\n const didIdentifier = await context.agent.identifierManagedGetByDid({ identifier })\n if (!didIdentifier) {\n throw new Error(`No identifier found with the given did: ${identifier}`)\n }\n const key = didIdentifier.key\n const alg = await signatureAlgorithmFromKey({ key })\n debug(`Signing key ${key.publicKeyHex} found for identifier ${identifier}`)\n\n return { alg, key: { ...key, kmsKeyRef: didIdentifier.kmsKeyRef, kid: didIdentifier.kid } }\n } else {\n const kidIdentifier = await context.agent.identifierManagedGetByKid({ identifier })\n if (!kidIdentifier) {\n throw new Error(`No identifier found with the given kid: ${identifier}`)\n }\n const key = kidIdentifier.key\n const alg = await signatureAlgorithmFromKey({ key })\n if (key.meta?.x509 && key.meta.x509.x5c) {\n return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef, x5c: key.meta.x509.x5c as string[] } }\n } else if (key.meta?.jwkThumbprint) {\n return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef, jwkThumbprint: key.meta.jwkThumbprint } }\n } else {\n return { alg, key: { kid: kidIdentifier.kid, kmsKeyRef: kidIdentifier.kmsKeyRef } }\n }\n }\n }\n\n /\n Create a signed SD-JWT presentation.\n * @param args - Arguments necessary for the creation of a SD-JWT presentation.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @returns A signed SD-JWT presentation.\n /\n async createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult> {\n const cred = await SDJwt.fromEncode(args.presentation, this.registeredImplementations.hasher!)\n const claims = await cred.getClaims<Claims>(this.registeredImplementations.hasher!)\n let holder: string\n // we primarly look for a cnf field, if it's not there we look for a sub field. If this is also not given, we throw an error since we can not sign it.\n if (args.holder) {\n holder = args.holder\n } else if (claims.cnf?.jwk) {\n const jwk = claims.cnf.jwk\n holder = calculateJwkThumbprint({ jwk: jwk as JWK })\n } else if (claims.cnf?.kid) {\n holder = claims.cnf?.kid\n } else if (claims.sub) {\n holder = claims.sub as string\n } else {\n throw new Error('invalid_argument: credential does not include a holder reference')\n }\n const { alg, signer } = await this.getSignerForIdentifier({ identifier: holder }, context)\n\n const sdjwt = new SDJwtVcInstance({\n hasher: this.registeredImplementations.hasher ?? defaultGenerateDigest,\n saltGenerator: this.registeredImplementations.saltGenerator,\n kbSigner: signer,\n kbSignAlg: alg ?? 'ES256',\n })\n const presentation = await sdjwt.present(args.presentation, args.presentationFrame as PresentationFrame<SdJwtVcPayload>, { kb: args.kb })\n\n return { presentation }\n }\n\n /\n Verify a signed SD-JWT credential.\n * @param args - Arguments necessary for the verify a SD-JWT credential.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @returns\n /\n async verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult> {\n // callback\n const verifier: Verifier = async (data: string, signature: string) => this.verify(sdjwt, context, data, signature)\n const sdjwt = new SDJwtVcInstance({ verifier, hasher: this.registeredImplementations.hasher ?? defaultGenerateDigest })\n const { header = {}, payload, kb } = await sdjwt.verify(args.credential)\n\n return { header, payload: payload as SdJwtVcPayload, kb }\n }\n\n /\n Verify the key binding of a SD-JWT by validating the signature of the key bound to the SD-JWT\n * @param sdjwt - SD-JWT instance\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @param data - signed data\n * @param signature - The signature\n * @param payload - The payload of the SD-JWT\n * @returns\n /\n private verifyKb(sdjwt: SDJwtVcInstance, context: IRequiredContext, data: string, signature: string, payload: JwtPayload): Promise<boolean> {\n if (!payload.cnf) {\n throw Error('other method than cnf is not supported yet')\n }\n return this.verifySignatureCallback(context)(data, signature, this.getJwk(payload))\n }\n\n /\n Validates the signature of a SD-JWT\n * @param sdjwt - SD-JWT instance\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @param data - signed data\n * @param signature - The signature\n * @returns\n /\n async verify(\n sdjwt: SDJwtVcInstance,\n context: IRequiredContext,\n data: string,\n signature: string,\n opts?: { x5cValidation?: X509CertificateChainValidationOpts },\n ): Promise<boolean> {\n const decodedVC = await sdjwt.decode(`${data}.${signature}`)\n const issuer: string = ((decodedVC.jwt as Jwt).payload as Record<string, unknown>).iss as string\n const header = (decodedVC.jwt as Jwt).header as Record<string, any>\n const x5c: string[] \| undefined = header?.x5c as string[]\n let jwk: JWK \| JsonWebKey \| undefined = header.jwk\n if (x5c) {\n const trustAnchors = new Set<string>([...this.trustAnchorsInPEM])\n if (trustAnchors.size === 0) {\n trustAnchors.add(sphereonCA)\n trustAnchors.add(funkeTestCA)\n }\n const certificateValidationResult = await context.agent.x509VerifyCertificateChain({\n chain: x5c,\n trustAnchors: Array.from(trustAnchors),\n // TODO: Defaults to allowing untrusted certs! Fine for now, not when wallets go mainstream\n opts: opts?.x5cValidation ?? { trustRootWhenNoAnchors: true, allowNoTrustAnchorsFound: true },\n })\n\n if (certificateValidationResult.error \|\| !certificateValidationResult?.certificateChain) {\n return Promise.reject(Error(`Certificate chain validation failed. ${certificateValidationResult.message}`))\n }\n const certInfo = certificateValidationResult.certificateChain[0]\n jwk = certInfo.publicKeyJWK as JWK\n }\n\n if (!jwk && header.kid?.includes('did:')) {\n const didDoc = await context.agent.resolveDid({ didUrl: header.kid })\n if (!didDoc) {\n throw new Error('invalid_issuer: issuer did not resolve to a did document')\n }\n //TODO SDK-20: This should be checking for an assertionMethod and not just an verificationMethod with an id\n const didDocumentKey = didDoc.didDocument?.verificationMethod?.find((key) => key.id)\n if (!didDocumentKey) {\n throw new Error('invalid_issuer: issuer did document does not include referenced key')\n }\n //FIXME SDK-21: in case it's another did method, the value of the key can be also encoded as a base64url\n // needs more checks. some DID methods do not expose the keys as publicKeyJwk\n jwk = didDocumentKey.publicKeyJwk as JsonWebKey\n }\n\n if (!jwk && issuer.includes('did:')) {\n // TODO refactor\n const didDoc = await context.agent.resolveDid({ didUrl: issuer })\n if (!didDoc) {\n throw new Error('invalid_issuer: issuer did not resolve to a did document')\n }\n //TODO SDK-20: This should be checking for an assertionMethod and not just an verificationMethod with an id\n const didDocumentKey = didDoc.didDocument?.verificationMethod?.find((key) => key.id)\n if (!didDocumentKey) {\n throw new Error('invalid_issuer: issuer did document does not include referenced key')\n }\n //FIXME SDK-21: in case it's another did method, the value of the key can be also encoded as a base64url\n // needs more checks. some DID methods do not expose the keys as publicKeyJwk\n jwk = didDocumentKey.publicKeyJwk as JsonWebKey\n }\n\n if (!jwk) {\n throw new Error('No valid public key found for signature verification')\n }\n\n return this.verifySignatureCallback(context)(data, signature, jwk)\n }\n\n /\n Verify a signed SD-JWT presentation.\n * @param args - Arguments necessary for the verify a SD-JWT presentation.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @returns\n /\n async verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult> {\n let sdjwt: SDJwtVcInstance\n const verifier: Verifier = async (data: string, signature: string) => this.verify(sdjwt, context, data, signature)\n const verifierKb: KbVerifier = async (data: string, signature: string, payload: JwtPayload) =>\n this.verifyKb(sdjwt, context, data, signature, payload)\n sdjwt = new SDJwtVcInstance({\n verifier,\n hasher: this.registeredImplementations.hasher,\n kbVerifier: verifierKb,\n })\n\n return sdjwt.verify(args.presentation, args.requiredClaimKeys, args.kb)\n }\n\n /\n Fetch and validate Type Metadata.\n * @param args - Arguments necessary for fetching and validating the type metadata.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n * @returns\n /\n async fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata> {\n const { vct, vctIntegrity, opts } = args\n const url = new URL(vct)\n\n const response = await fetchUrlWithErrorHandling(url.toString())\n const metadata: SdJwtTypeMetadata = (await response.json()) as SdJwtTypeMetadata\n assertValidTypeMetadata(metadata, vct)\n\n const validate = async (vct: string, input: unknown, integrityValue?: string, hasher?: Hasher \| HasherSync) => {\n if (hasher && integrityValue) {\n const validation = await validateIntegrity({ integrityValue, input, hasher })\n if (!validation) {\n return Promise.reject(Error(`Integrity check failed for vct: ${vct}, extends: ${metadata.extends}, integrity: ${integrityValue}}`))\n }\n }\n }\n\n const hasher = (opts?.hasher ?? this.registeredImplementations.hasher ?? defaultGenerateDigest) as Hasher \| HasherSync \| undefined\n if (hasher) {\n if (vctIntegrity) {\n await validate(vct, metadata, vctIntegrity, hasher)\n const vctValidation = await validateIntegrity({ integrityValue: vctIntegrity, input: metadata, hasher })\n if (!vctValidation) {\n return Promise.reject(Error(`Integrity check failed for vct: ${vct}, integrity: ${vctIntegrity}`))\n }\n }\n\n if (metadata['extends#integrity']) {\n const extendsMetadata = await this.fetchSdJwtTypeMetadataFromVctUrl({ vct: metadata['extends#integrity'], opts }, context)\n await validate(vct, extendsMetadata, metadata['extends#integrity'], hasher)\n }\n\n if (metadata['schema_uri#integrity']) {\n const schemaResponse = await fetchUrlWithErrorHandling(metadata.schema_uri!)\n const schema = await schemaResponse.json()\n await validate(vct, schema, metadata['schema_uri#integrity'], hasher)\n }\n\n metadata.display?.forEach((display) => {\n const simpleLogoIntegrity = display.rendering?.simple?.logo?.['uri#integrity']\n if (simpleLogoIntegrity) {\n console.log('TODO: Logo integrity check')\n }\n })\n }\n\n return metadata\n }\n\n private verifySignatureCallback(context: IRequiredContext): SdJwtVerifySignature {\n if (typeof this.registeredImplementations.verifySignature === 'function') {\n return this.registeredImplementations.verifySignature\n }\n\n return defaultVerifySignature(context)\n }\n\n private getJwk(payload: JwtPayload): JsonWebKey {\n if (payload.cnf?.jwk !== undefined) {\n return payload.cnf.jwk as JsonWebKey\n } else if (payload.cnf !== undefined && 'kid' in payload.cnf && typeof payload.cnf.kid === 'string' && payload.cnf.kid.startsWith('did:jwk:')) {\n // extract JWK from kid FIXME isn't there a did function for this already? Otherwise create one\n // FIXME this is a quick-fix to make verification but we need a real solution\n const encoded = this.extractBase64FromDIDJwk(payload.cnf.kid)\n const decoded = decodeBase64url(encoded)\n const jwt = JSON.parse(decoded)\n return jwt as JsonWebKey\n }\n throw Error('Unable to extract JWK from SD-JWT payload')\n }\n\n private extractBase64FromDIDJwk(did: string): string {\n const parts = did.split(':')\n if (parts.length < 3) {\n throw new Error('Invalid DID format')\n }\n return parts[2].split('#')[0]\n }\n}\n","import { digestMethodParams } from '@sphereon/ssi-sdk-ext.key-utils'\nimport { HasherSync, JsonWebKey, JWK, Loggers } from '@sphereon/ssi-types'\nimport { v4 } from 'uuid'\n// @ts-ignore\nimport { fromString } from 'uint8arrays/from-string'\nimport { IRequiredContext, SdJwtVerifySignature } from './types'\n\nexport const defaultGenerateDigest: HasherSync = (data: string \| ArrayBuffer, alg: string): Uint8Array => {\n return digestMethodParams(alg.includes('256') ? 'SHA-256' : 'SHA-512').hash(\n typeof data === 'string' ? fromString(data, 'utf-8') : new Uint8Array(data),\n )\n}\n\nexport const defaultGenerateSalt = (): string => {\n return v4()\n}\n\nexport const defaultVerifySignature =\n (context: IRequiredContext): SdJwtVerifySignature =>\n async (data: string, signature: string, publicKey: JsonWebKey): Promise<boolean> => {\n // The data and signature from the sd-jwt lib are a jwt header.payload and signature, so let's recombine into a compact jwt\n const result = await context.agent.jwtVerifyJwsSignature({ jws: `${data}.${signature}`, jwk: publicKey as JWK })\n Loggers.DEFAULT.get('sd-jwt').info(`SD-JWT signature verified. Result: ${result.message}`)\n return !result.error\n }\n","export const funkeTestCA =\n '-----BEGIN CERTIFICATE-----\\n' +\n 'MIICeTCCAiCgAwIBAgIUB5E9QVZtmUYcDtCjKB/H3VQv72gwCgYIKoZIzj0EAwIwgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQHDAZCZXJsaW4xHTAbBgNVBAoMFEJ1bmRlc2RydWNrZXJlaSBHbWJIMREwDwYDVQQLDAhUIENTIElERTE2MDQGA1UEAwwtU1BSSU5EIEZ1bmtlIEVVREkgV2FsbGV0IFByb3RvdHlwZSBJc3N1aW5nIENBMB4XDTI0MDUzMTA2NDgwOVoXDTM0MDUyOTA2NDgwOVowgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQHDAZCZXJsaW4xHTAbBgNVBAoMFEJ1bmRlc2RydWNrZXJlaSBHbWJIMREwDwYDVQQLDAhUIENTIElERTE2MDQGA1UEAwwtU1BSSU5EIEZ1bmtlIEVVREkgV2FsbGV0IFByb3RvdHlwZSBJc3N1aW5nIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYGzdwFDnc7+Kn5ibAvCOM8ke77VQxqfMcwZL8IaIA+WCROcCfmY/giH92qMru5p/kyOivE0RC/IbdMONvDoUyaNmMGQwHQYDVR0OBBYEFNRWGMCJOOgOWIQYyXZiv6u7xZC+MB8GA1UdIwQYMBaAFNRWGMCJOOgOWIQYyXZiv6u7xZC+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA0cAMEQCIGEm7wkZKHt/atb4MdFnXW6yrnwMUT2u136gdtl10Y6hAiBuTFqvVYth1rbxzCP0xWZHmQK9kVyxn8GPfX27EIzzsw==\\n' +\n '-----END CERTIFICATE-----'\n\nexport const sphereonCA =\n '-----BEGIN CERTIFICATE-----\\n' +\n 'MIICCDCCAa6gAwIBAgITAPMgqwtYzWPBXaobHhxG9iSydTAKBggqhkjOPQQDAjBa\\n' +\n 'MQswCQYDVQQGEwJOTDEkMCIGA1UECgwbU3BoZXJlb24gSW50ZXJuYXRpb25hbCBC\\n' +\n 'LlYuMQswCQYDVQQLDAJJVDEYMBYGA1UEAwwPY2Euc3BoZXJlb24uY29tMB4XDTI0\\n' +\n 'MDcyODIxMjY0OVoXDTM0MDcyODIxMjY0OVowWjELMAkGA1UEBhMCTkwxJDAiBgNV\\n' +\n 'BAoMG1NwaGVyZW9uIEludGVybmF0aW9uYWwgQi5WLjELMAkGA1UECwwCSVQxGDAW\\n' +\n 'BgNVBAMMD2NhLnNwaGVyZW9uLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\\n' +\n 'BEiA0KeESSNrOcmCDga8YsBkUTgowZGwqvL2n91JUpAMdRSwvlVFdqdiLXnk2pQq\\n' +\n 'T1vZnDG0I+x+iz2EbdsG0aajUzBRMB0GA1UdDgQWBBTnB8pdlVz5yKD+zuNkRR6A\\n' +\n 'sywywTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8E\\n' +\n 'BTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIHH7ie1OAAbff5262rzZVQa8J9zENG8A\\n' +\n 'QlHHFydMdgaXAiEA1Ib82mhHIYDziE0DDbHEAXOs98al+7dpo8fPGVGTeKI=\\n' +\n '-----END CERTIFICATE-----'\n","import { SdJwtTypeMetadata } from '@sphereon/ssi-types'\n// @ts-ignore\nimport { toString } from 'uint8arrays/to-string'\nimport { Hasher, HasherSync } from '@sd-jwt/types'\n\n// Helper function to fetch API with error handling\nexport async function fetchUrlWithErrorHandling(url: string): Promise<Response> {\n const response = await fetch(url)\n if (!response.ok) {\n throw new Error(`${response.status}: ${response.statusText}`)\n }\n return response\n}\n\nexport type IntegrityAlg = 'sha256' \| 'sha384' \| 'sha512'\n\nfunction extractHashAlgFromIntegrity(integrityValue?: string): IntegrityAlg \| undefined {\n const val = integrityValue?.toLowerCase().trim().split('-')[0]\n if (val === 'sha256' \|\| val === 'sha384' \|\| val === 'sha512') {\n return val as IntegrityAlg\n }\n return undefined\n}\n\nexport function extractHashFromIntegrity(integrityValue?: string): string \| undefined {\n return integrityValue?.toLowerCase().trim().split('-')[1]\n}\n\nexport async function validateIntegrity({\n input,\n integrityValue,\n hasher,\n}: {\n input: any\n integrityValue?: string\n hasher: HasherSync \| Hasher\n}): Promise<boolean> {\n if (!integrityValue) {\n return true\n }\n const alg = extractHashAlgFromIntegrity(integrityValue)\n if (!alg) {\n return false\n }\n const calculatedHash = await createIntegrity({ hasher, input, alg })\n return calculatedHash == integrityValue\n}\n\nexport async function createIntegrity({\n input,\n hasher,\n alg = 'sha256',\n}: {\n input: any\n hasher: HasherSync \| Hasher\n alg?: IntegrityAlg\n}): Promise<string> {\n const calculatedHash = await hasher(typeof input === 'string' ? input : JSON.stringify(input), alg)\n return `${alg}-${toString(calculatedHash, 'base64')}`\n}\n\nexport function assertValidTypeMetadata(metadata: SdJwtTypeMetadata, vct: string): void {\n if (metadata.vct !== vct) {\n throw new Error('VCT mismatch in metadata and credential')\n }\n}\n","import { SdJwtVcPayload as SdJwtPayload } from '@sd-jwt/sd-jwt-vc'\nimport { Hasher, kbHeader, KBOptions, kbPayload, SaltGenerator, Signer } from '@sd-jwt/types'\nimport { IIdentifierResolution, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'\nimport { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'\nimport { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils'\nimport { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'\nimport { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'\nimport { HasherSync, JoseSignatureAlgorithm, JsonWebKey, SdJwtTypeMetadata } from '@sphereon/ssi-types'\nimport { DIDDocumentSection, IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'\n\nexport const sdJwtPluginContextMethods: Array<string> = ['createSdJwtVc', 'createSdJwtPresentation', 'verifySdJwtVc', 'verifySdJwtPresentation']\n\n/\n My Agent Plugin description.\n \n This is the interface that describes what your plugin can do.\n * The methods listed here, will be directly available to the veramo agent where your plugin is going to be used.\n * Depending on the agent configuration, other agent plugins, as well as the application where the agent is used\n * will be able to call these methods.\n \n To build a schema for your plugin using standard tools, you must link to this file in your package.json.\n * Example:\n * ```\n * \"veramo\": {\n * \"pluginInterfaces\": {\n * \"IMyAgentPlugin\": \"./src/types/IMyAgentPlugin.ts\"\n * }\n * },\n * ```\n \n @beta\n /\nexport interface ISDJwtPlugin extends IPluginMethodMap {\n /\n Your plugin method description\n \n @param args - Input parameters for this method\n * @param context - The required context where this method can run.\n * Declaring a context type here lets other developers know which other plugins\n * need to also be installed for this method to work.\n /\n /\n Create a signed SD-JWT credential.\n * @param args - Arguments necessary for the creation of a SD-JWT credential.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n /\n createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult>\n\n /\n Create a signed SD-JWT presentation.\n * @param args - Arguments necessary for the creation of a SD-JWT presentation.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n /\n createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult>\n\n /\n Verify a signed SD-JWT credential.\n * @param args - Arguments necessary for the verification of a SD-JWT credential.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n /\n verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult>\n\n /\n Verify a signed SD-JWT presentation.\n * @param args - Arguments necessary for the verification of a SD-JWT presentation.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n /\n verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult>\n\n /\n Fetch and validate Type Metadata.\n * @param args - Arguments necessary for fetching and validating the type metadata.\n * @param context - This reserved param is automatically added and handled by the framework, do not override\n /\n fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata>\n}\n\nexport function contextHasSDJwtPlugin(context: IAgentContext<IPluginMethodMap>): context is IAgentContext<ISDJwtPlugin> {\n return contextHasPlugin(context, 'verifySdJwtVc')\n}\n\n/\n ICreateSdJwtVcArgs\n \n @beta\n /\n\nexport interface SdJwtVcPayload extends SdJwtPayload {\n x5c?: string[]\n}\n\nexport interface ICreateSdJwtVcArgs {\n credentialPayload: SdJwtVcPayload\n\n // biome-ignore lint/suspicious/noExplicitAny: <explanation>\n disclosureFrame?: IDisclosureFrame\n\n resolution?: ManagedIdentifierResult\n}\n\n/\n @beta\n /\nexport interface IDisclosureFrame {\n _sd?: string[]\n _sd_decoy?: number\n\n [x: string]: string[] \| number \| IDisclosureFrame \| undefined\n}\n\n/\n ICreateSdJwtVcResult\n \n @beta\n /\nexport interface ICreateSdJwtVcResult {\n /\n the encoded sd-jwt credential\n /\n credential: string\n}\n\n/\n \n * @beta\n /\nexport interface ICreateSdJwtPresentationArgs {\n /\n Encoded SD-JWT credential\n /\n presentation: string\n\n /\n * The keys to use for selective disclosure for presentation\n * if not provided, all keys will be disclosed\n * if empty object, no keys will be disclosed\n /\n presentationFrame?: IPresentationFrame\n\n /\n Allows to override the holder. Normally it will be looked up from the cnf or sub values\n /\n holder?: string\n\n /\n Information to include to add key binding.\n /\n kb?: KBOptions\n}\n\n/\n @beta\n /\nexport interface IPresentationFrame {\n [x: string]: boolean \| IPresentationFrame\n}\n\n/\n Created presentation\n * @beta\n /\nexport interface ICreateSdJwtPresentationResult {\n /\n Encoded presentation.\n /\n presentation: string\n}\n\n/\n @beta\n /\nexport interface IVerifySdJwtVcArgs {\n credential: string\n opts?: {\n x5cValidation?: X509CertificateChainValidationOpts\n }\n}\n\n/\n @beta\n /\nexport type IVerifySdJwtVcResult = {\n payload: SdJwtPayload\n header: Record<string, unknown>\n kb?: { header: kbHeader; payload: kbPayload }\n}\n\n/\n @beta\n /\nexport interface IVerifySdJwtPresentationArgs {\n presentation: string\n\n requiredClaimKeys?: string[]\n\n kb?: boolean\n}\n\n/\n @beta\n /\nexport type IVerifySdJwtPresentationResult = {\n payload: unknown //fixme: maybe this can be `SdJwtPayload`\n header: Record<string, unknown> \| undefined\n kb?: { header: kbHeader; payload: kbPayload }\n}\n\nexport type SignKeyArgs = {\n identifier: string\n vmRelationship: DIDDocumentSection\n resolution?: ManagedIdentifierResult\n}\n\nexport type SignKeyResult = {\n alg: JoseSignatureAlgorithm\n key: {\n kid?: string\n kmsKeyRef: string\n x5c?: string[]\n jwkThumbprint?: string\n }\n}\n/\n This context describes the requirements of this plugin.\n * For this plugin to function properly, the agent needs to also have other plugins installed that implement the\n * interfaces declared here.\n * You can also define requirements on a more granular level, for each plugin method or event handler of your plugin.\n \n @beta\n /\nexport type IRequiredContext = IAgentContext<IDIDManager & IIdentifierResolution & IJwtService & IResolver & IKeyManager & ImDLMdoc>\n\nexport type SdJwtVerifySignature = (data: string, signature: string, publicKey: JsonWebKey) => Promise<boolean>\nexport interface SdJWTImplementation {\n saltGenerator?: SaltGenerator\n hasher?: HasherSync\n verifySignature?: SdJwtVerifySignature\n}\n\nexport interface Claims {\n /\n Subject of the SD-JWT\n */\n sub?: string\n cnf?: {\n jwk?: JsonWebKey\n kid?: string\n }\n\n [key: string]: unknown\n}\n\nexport type FetchSdJwtTypeMetadataFromVctUrlArgs = {\n vct: string\n vctIntegrity?: string\n opts?: FetchSdJwtTypeMetadataFromVctUrlOpts\n}\n\nexport type FetchSdJwtTypeMetadataFromVctUrlOpts = {\n hasher?: HasherSync \| Hasher\n}\n\nexport type GetSignerForIdentifierArgs = {\n identifier: string\n resolution?: ManagedIdentifierResult\n}\n\nexport type GetSignerResult = {\n signer: Signer\n alg?: string\n signingKey?: SignKeyResult\n}\n"],"mappings":";;;;AAAA,SAAcA,aAAa;AAC3B,SAASC,uBAAuC;AAEhD,SAASC,wBAAwBC,iCAAiC;AAIlE,SAASC,uBAAuB;AAChC,OAAOC,WAAW;;;ACRlB,SAASC,0BAA0B;AACnC,SAAsCC,eAAe;AACrD,SAASC,UAAU;AAEnB,SAASC,kBAAkB;AAGpB,IAAMC,wBAAoC,wBAACC,MAA4BC,QAAAA;AAC5E,SAAOC,mBAAmBD,IAAIE,SAAS,KAAA,IAAS,YAAY,SAAA,EAAWC,KACrE,OAAOJ,SAAS,WAAWK,WAAWL,MAAM,OAAA,IAAW,IAAIM,WAAWN,IAAAA,CAAAA;AAE1E,GAJiD;AAM1C,IAAMO,sBAAsB,6BAAA;AACjC,SAAOC,GAAAA;AACT,GAFmC;AAI5B,IAAMC,yBACX,wBAACC,YACD,OAAOV,MAAcW,WAAmBC,cAAAA;AAEtC,QAAMC,SAAS,MAAMH,QAAQI,MAAMC,sBAAsB;IAAEC,KAAK,GAAGhB,IAAAA,IAAQW,SAAAA;IAAaM,KAAKL;EAAiB,CAAA;AAC9GM,UAAQC,QAAQC,IAAI,QAAA,EAAUC,KAAK,sCAAsCR,OAAOS,OAAO,EAAE;AACzF,SAAO,CAACT,OAAOU;AACjB,GANA;;;AClBK,IAAMC,cACX;AAIK,IAAMC,aACX;;;ACJF,SAASC,gBAAgB;AAIzB,eAAsBC,0BAA0BC,KAAW;AACzD,QAAMC,WAAW,MAAMC,MAAMF,GAAAA;AAC7B,MAAI,CAACC,SAASE,IAAI;AAChB,UAAM,IAAIC,MAAM,GAAGH,SAASI,MAAM,KAAKJ,SAASK,UAAU,EAAE;EAC9D;AACA,SAAOL;AACT;AANsBF;AAUtB,SAASQ,4BAA4BC,gBAAuB;AAC1D,QAAMC,MAAMD,gBAAgBE,YAAAA,EAAcC,KAAAA,EAAOC,MAAM,GAAA,EAAK,CAAA;AAC5D,MAAIH,QAAQ,YAAYA,QAAQ,YAAYA,QAAQ,UAAU;AAC5D,WAAOA;EACT;AACA,SAAOI;AACT;AANSN;AAQF,SAASO,yBAAyBN,gBAAuB;AAC9D,SAAOA,gBAAgBE,YAAAA,EAAcC,KAAAA,EAAOC,MAAM,GAAA,EAAK,CAAA;AACzD;AAFgBE;AAIhB,eAAsBC,kBAAkB,EACtCC,OACAR,gBACAS,OAAM,GAKP;AACC,MAAI,CAACT,gBAAgB;AACnB,WAAO;EACT;AACA,QAAMU,MAAMX,4BAA4BC,cAAAA;AACxC,MAAI,CAACU,KAAK;AACR,WAAO;EACT;AACA,QAAMC,iBAAiB,MAAMC,gBAAgB;IAAEH;IAAQD;IAAOE;EAAI,CAAA;AAClE,SAAOC,kBAAkBX;AAC3B;AAlBsBO;AAoBtB,eAAsBK,gBAAgB,EACpCJ,OACAC,QACAC,MAAM,SAAQ,GAKf;AACC,QAAMC,iBAAiB,MAAMF,OAAO,OAAOD,UAAU,WAAWA,QAAQK,KAAKC,UAAUN,KAAAA,GAAQE,GAAAA;AAC/F,SAAO,GAAGA,GAAAA,IAAOK,SAASJ,gBAAgB,QAAA,CAAA;AAC5C;AAXsBC;AAaf,SAASI,wBAAwBC,UAA6BC,KAAW;AAC9E,MAAID,SAASC,QAAQA,KAAK;AACxB,UAAM,IAAItB,MAAM,yCAAA;EAClB;AACF;AAJgBoB;;;AH5BhB,IAAMG,QAAQC,MAAM,0BAAA;AAMb,IAAMC,cAAN,MAAMA;EAvCb,OAuCaA;;;;EAEMC;EACAC;EACTC;EACAC;EAERC,YACEH,2BAIAD,mBACA;AACA,SAAKA,oBAAoBA,qBAAqB,CAAA;AAC9C,QAAI,CAACC,2BAA2B;AAC9BA,kCAA4B,CAAC;IAC/B;AACA,QAAI,OAAOA,2BAA2BI,WAAW,YAAY;AAC3DJ,gCAA0BI,SAASC;IACrC;AACA,QAAI,OAAOL,2BAA2BM,kBAAkB,YAAY;AAClEN,gCAA0BM,gBAAgBC;IAC5C;AACA,SAAKP,4BAA4BA;AACjC,SAAKC,WAAWD,2BAA2BQ,WAAW,CAAC;AACvD,SAAKN,iBAAiBF,2BAA2BS;EAGnD;;EAGSC,UAAwB;IAC/BC,eAAe,KAAKA,cAAcC,KAAK,IAAI;IAC3CC,yBAAyB,KAAKA,wBAAwBD,KAAK,IAAI;IAC/DE,eAAe,KAAKA,cAAcF,KAAK,IAAI;IAC3CG,yBAAyB,KAAKA,wBAAwBH,KAAK,IAAI;IAC/DI,kCAAkC,KAAKA,iCAAiCJ,KAAK,IAAI;EACnF;EAEA,MAAcK,uBAAuBC,MAAkCC,SAAqD;AAC1H,UAAM,EAAEC,YAAYC,WAAU,IAAKH;AACnC,QAAII,OAAOC,KAAK,KAAKtB,QAAQ,EAAEuB,SAASJ,UAAAA,KAAe,OAAO,KAAKnB,SAASmB,UAAAA,MAAgB,YAAY;AACtG,aAAO;QAAEK,QAAQ,KAAKxB,SAASmB,UAAAA;MAAY;IAC7C,WAAW,OAAO,KAAKlB,mBAAmB,YAAY;AACpD,aAAO;QAAEuB,QAAQ,KAAKvB;MAAe;IACvC;AACA,UAAMwB,aAAa,MAAM,KAAKC,WAAW;MAAEP;MAAYQ,gBAAgB;MAAmBP;IAAW,GAAGF,OAAAA;AACxG,UAAM,EAAEU,KAAKC,IAAG,IAAKJ;AAErB,UAAMD,SAAiB,8BAAOM,SAAAA;AAC5B,aAAOZ,QAAQa,MAAMC,eAAe;QAAEC,QAAQL,IAAIM;QAAWJ;MAAK,CAAA;IACpE,GAFuB;AAIvB,WAAO;MAAEN;MAAQK;MAAKJ;IAAW;EACnC;;;;;;;EAQA,MAAMf,cAAcO,MAA0BC,SAA0D;AACtG,UAAMiB,SAASlB,KAAKmB,kBAAkBC;AACtC,QAAI,CAACF,QAAQ;AACX,YAAM,IAAIG,MAAM,qCAAA;IAClB;AACA,UAAM,EAAET,KAAKL,QAAQC,WAAU,IAAK,MAAM,KAAKT,uBAAuB;MAAEG,YAAYgB;MAAQf,YAAYH,KAAKG;IAAW,GAAGF,OAAAA;AAC3H,UAAMqB,QAAQ,IAAIC,gBAAgB;MAChChB;MACArB,QAAQ,KAAKJ,0BAA0BI;MACvCE,eAAe,KAAKN,0BAA0BM;MAC9CoC,SAASZ,OAAO;MAChBa,SAAS;IACX,CAAA;AAEA,UAAMC,aAAa,MAAMJ,MAAMK,MAAM3B,KAAKmB,mBAAmBnB,KAAK4B,iBAAmE;MACnIC,QAAQ;QACN,GAAIrB,YAAYG,IAAImB,QAAQC,UAAa;UAAED,KAAKtB,WAAWG,IAAImB;QAAI;QACnE,GAAItB,YAAYG,IAAIqB,QAAQD,UAAa;UAAEC,KAAKxB,WAAWG,IAAIqB;QAAI;MACrE;IACF,CAAA;AAEA,WAAO;MAAEN;IAAW;EACtB;;;;;;;EAQA,MAAMjB,WAAWT,MAAmBC,SAAmD;AAErF,UAAM,EAAEC,YAAYC,WAAU,IAAK;MAAE,GAAGH;IAAK;AAC7C,QAAIG,YAAY;AACd,YAAMQ,MAAMR,WAAWQ;AACvB,YAAMC,MAAM,MAAMqB,0BAA0B;QAAEtB;MAAI,CAAA;AAClD,cAAQR,WAAW+B,QAAM;QACvB,KAAK;AACHxD,gBAAM,eAAeiC,IAAIwB,YAAY,yBAAyBjC,UAAAA,EAAY;AAC1E,iBAAO;YAAEU;YAAKD,KAAK;cAAE,GAAGA;cAAKM,WAAWd,WAAWc;cAAWa,KAAK3B,WAAW2B;YAAI;UAAE;QACtF;AACE,cAAInB,IAAIyB,MAAMC,QAAQ1B,IAAIyB,KAAKC,KAAKL,KAAK;AACvC,mBAAO;cAAEpB;cAAKD,KAAK;gBAAEmB,KAAK3B,WAAW2B;gBAAKb,WAAWd,WAAWc;gBAAWe,KAAKrB,IAAIyB,KAAKC,KAAKL;cAAgB;YAAE;UAClH,WAAWrB,IAAIyB,MAAME,eAAe;AAClC,mBAAO;cAAE1B;cAAKD,KAAK;gBAAEmB,KAAK3B,WAAW2B;gBAAKb,WAAWd,WAAWc;gBAAWqB,eAAe3B,IAAIyB,KAAKE;cAAc;YAAE;UACrH,OAAO;AACL,mBAAO;cAAE1B;cAAKD,KAAK;gBAAEmB,KAAK3B,WAAW2B;gBAAKb,WAAWd,WAAWc;cAAU;YAAE;UAC9E;MACJ;IACF,WAAWf,WAAWqC,WAAW,MAAA,GAAS;AACxC,YAAMC,gBAAgB,MAAMvC,QAAQa,MAAM2B,0BAA0B;QAAEvC;MAAW,CAAA;AACjF,UAAI,CAACsC,eAAe;AAClB,cAAM,IAAInB,MAAM,2CAA2CnB,UAAAA,EAAY;MACzE;AACA,YAAMS,MAAM6B,cAAc7B;AAC1B,YAAMC,MAAM,MAAMqB,0BAA0B;QAAEtB;MAAI,CAAA;AAClDjC,YAAM,eAAeiC,IAAIwB,YAAY,yBAAyBjC,UAAAA,EAAY;AAE1E,aAAO;QAAEU;QAAKD,KAAK;UAAE,GAAGA;UAAKM,WAAWuB,cAAcvB;UAAWa,KAAKU,cAAcV;QAAI;MAAE;IAC5F,OAAO;AACL,YAAMY,gBAAgB,MAAMzC,QAAQa,MAAM6B,0BAA0B;QAAEzC;MAAW,CAAA;AACjF,UAAI,CAACwC,eAAe;AAClB,cAAM,IAAIrB,MAAM,2CAA2CnB,UAAAA,EAAY;MACzE;AACA,YAAMS,MAAM+B,cAAc/B;AAC1B,YAAMC,MAAM,MAAMqB,0BAA0B;QAAEtB;MAAI,CAAA;AAClD,UAAIA,IAAIyB,MAAMC,QAAQ1B,IAAIyB,KAAKC,KAAKL,KAAK;AACvC,eAAO;UAAEpB;UAAKD,KAAK;YAAEmB,KAAKY,cAAcZ;YAAKb,WAAWyB,cAAczB;YAAWe,KAAKrB,IAAIyB,KAAKC,KAAKL;UAAgB;QAAE;MACxH,WAAWrB,IAAIyB,MAAME,eAAe;AAClC,eAAO;UAAE1B;UAAKD,KAAK;YAAEmB,KAAKY,cAAcZ;YAAKb,WAAWyB,cAAczB;YAAWqB,eAAe3B,IAAIyB,KAAKE;UAAc;QAAE;MAC3H,OAAO;AACL,eAAO;UAAE1B;UAAKD,KAAK;YAAEmB,KAAKY,cAAcZ;YAAKb,WAAWyB,cAAczB;UAAU;QAAE;MACpF;IACF;EACF;;;;;;;EAQA,MAAMtB,wBAAwBK,MAAoCC,SAAoE;AACpI,UAAM2C,OAAO,MAAMC,MAAMC,WAAW9C,KAAK+C,cAAc,KAAKjE,0BAA0BI,MAAM;AAC5F,UAAM8D,SAAS,MAAMJ,KAAKK,UAAkB,KAAKnE,0BAA0BI,MAAM;AACjF,QAAIgE;AAEJ,QAAIlD,KAAKkD,QAAQ;AACfA,eAASlD,KAAKkD;IAChB,WAAWF,OAAOG,KAAKC,KAAK;AAC1B,YAAMA,MAAMJ,OAAOG,IAAIC;AACvBF,eAASG,uBAAuB;QAAED;MAAgB,CAAA;IACpD,WAAWJ,OAAOG,KAAKrB,KAAK;AAC1BoB,eAASF,OAAOG,KAAKrB;IACvB,WAAWkB,OAAOM,KAAK;AACrBJ,eAASF,OAAOM;IAClB,OAAO;AACL,YAAM,IAAIjC,MAAM,kEAAA;IAClB;AACA,UAAM,EAAET,KAAKL,OAAM,IAAK,MAAM,KAAKR,uBAAuB;MAAEG,YAAYgD;IAAO,GAAGjD,OAAAA;AAElF,UAAMqB,QAAQ,IAAIC,gBAAgB;MAChCrC,QAAQ,KAAKJ,0BAA0BI,UAAUC;MACjDC,eAAe,KAAKN,0BAA0BM;MAC9CmE,UAAUhD;MACViD,WAAW5C,OAAO;IACpB,CAAA;AACA,UAAMmC,eAAe,MAAMzB,MAAMmC,QAAQzD,KAAK+C,cAAc/C,KAAK0D,mBAAwD;MAAEC,IAAI3D,KAAK2D;IAAG,CAAA;AAEvI,WAAO;MAAEZ;IAAa;EACxB;;;;;;;EAQA,MAAMnD,cAAcI,MAA0BC,SAA0D;AAEtG,UAAM2D,WAAqB,8BAAO/C,MAAcgD,cAAsB,KAAKC,OAAOxC,OAAOrB,SAASY,MAAMgD,SAAAA,GAA7E;AAC3B,UAAMvC,QAAQ,IAAIC,gBAAgB;MAAEqC;MAAU1E,QAAQ,KAAKJ,0BAA0BI,UAAUC;IAAsB,CAAA;AACrH,UAAM,EAAE0C,SAAS,CAAC,GAAGkC,SAASJ,GAAE,IAAK,MAAMrC,MAAMwC,OAAO9D,KAAK0B,UAAU;AAEvE,WAAO;MAAEG;MAAQkC;MAAoCJ;IAAG;EAC1D;;;;;;;;;;EAWQK,SAAS1C,OAAwBrB,SAA2BY,MAAcgD,WAAmBE,SAAuC;AAC1I,QAAI,CAACA,QAAQZ,KAAK;AAChB,YAAM9B,MAAM,4CAAA;IACd;AACA,WAAO,KAAK4C,wBAAwBhE,OAAAA,EAASY,MAAMgD,WAAW,KAAKK,OAAOH,OAAAA,CAAAA;EAC5E;;;;;;;;;EAUA,MAAMD,OACJxC,OACArB,SACAY,MACAgD,WACAM,MACkB;AAClB,UAAMC,YAAY,MAAM9C,MAAM+C,OAAO,GAAGxD,IAAAA,IAAQgD,SAAAA,EAAW;AAC3D,UAAM3C,SAAmBkD,UAAUE,IAAYP,QAAoC3C;AACnF,UAAMS,SAAUuC,UAAUE,IAAYzC;AACtC,UAAMG,MAA4BH,QAAQG;AAC1C,QAAIoB,MAAoCvB,OAAOuB;AAC/C,QAAIpB,KAAK;AACP,YAAMuC,eAAe,oBAAIC,IAAY;WAAI,KAAK3F;OAAkB;AAChE,UAAI0F,aAAaE,SAAS,GAAG;AAC3BF,qBAAaG,IAAIC,UAAAA;AACjBJ,qBAAaG,IAAIE,WAAAA;MACnB;AACA,YAAMC,8BAA8B,MAAM5E,QAAQa,MAAMgE,2BAA2B;QACjFC,OAAO/C;QACPuC,cAAcS,MAAMC,KAAKV,YAAAA;;QAEzBJ,MAAMA,MAAMe,iBAAiB;UAAEC,wBAAwB;UAAMC,0BAA0B;QAAK;MAC9F,CAAA;AAEA,UAAIP,4BAA4BQ,SAAS,CAACR,6BAA6BS,kBAAkB;AACvF,eAAOC,QAAQC,OAAOnE,MAAM,wCAAwCwD,4BAA4BY,OAAO,EAAE,CAAA;MAC3G;AACA,YAAMC,WAAWb,4BAA4BS,iBAAiB,CAAA;AAC9DlC,YAAMsC,SAASC;IACjB;AAEA,QAAI,CAACvC,OAAOvB,OAAOC,KAAKxB,SAAS,MAAA,GAAS;AACxC,YAAMsF,SAAS,MAAM3F,QAAQa,MAAM+E,WAAW;QAAEC,QAAQjE,OAAOC;MAAI,CAAA;AACnE,UAAI,CAAC8D,QAAQ;AACX,cAAM,IAAIvE,MAAM,0DAAA;MAClB;AAEA,YAAM0E,iBAAiBH,OAAOI,aAAaC,oBAAoBC,KAAK,CAACvF,QAAQA,IAAIwF,EAAE;AACnF,UAAI,CAACJ,gBAAgB;AACnB,cAAM,IAAI1E,MAAM,qEAAA;MAClB;AAGA+B,YAAM2C,eAAeK;IACvB;AAEA,QAAI,CAAChD,OAAOlC,OAAOZ,SAAS,MAAA,GAAS;AAEnC,YAAMsF,SAAS,MAAM3F,QAAQa,MAAM+E,WAAW;QAAEC,QAAQ5E;MAAO,CAAA;AAC/D,UAAI,CAAC0E,QAAQ;AACX,cAAM,IAAIvE,MAAM,0DAAA;MAClB;AAEA,YAAM0E,iBAAiBH,OAAOI,aAAaC,oBAAoBC,KAAK,CAACvF,QAAQA,IAAIwF,EAAE;AACnF,UAAI,CAACJ,gBAAgB;AACnB,cAAM,IAAI1E,MAAM,qEAAA;MAClB;AAGA+B,YAAM2C,eAAeK;IACvB;AAEA,QAAI,CAAChD,KAAK;AACR,YAAM,IAAI/B,MAAM,sDAAA;IAClB;AAEA,WAAO,KAAK4C,wBAAwBhE,OAAAA,EAASY,MAAMgD,WAAWT,GAAAA;EAChE;;;;;;;EAQA,MAAMvD,wBAAwBG,MAAoCC,SAAoE;AACpI,QAAIqB;AACJ,UAAMsC,WAAqB,8BAAO/C,MAAcgD,cAAsB,KAAKC,OAAOxC,OAAOrB,SAASY,MAAMgD,SAAAA,GAA7E;AAC3B,UAAMwC,aAAyB,8BAAOxF,MAAcgD,WAAmBE,YACrE,KAAKC,SAAS1C,OAAOrB,SAASY,MAAMgD,WAAWE,OAAAA,GADlB;AAE/BzC,YAAQ,IAAIC,gBAAgB;MAC1BqC;MACA1E,QAAQ,KAAKJ,0BAA0BI;MACvCoH,YAAYD;IACd,CAAA;AAEA,WAAO/E,MAAMwC,OAAO9D,KAAK+C,cAAc/C,KAAKuG,mBAAmBvG,KAAK2D,EAAE;EACxE;;;;;;;EAQA,MAAM7D,iCAAiCE,MAA4CC,SAAuD;AACxI,UAAM,EAAEuG,KAAKC,cAActC,KAAI,IAAKnE;AACpC,UAAM0G,MAAM,IAAIC,IAAIH,GAAAA;AAEpB,UAAMI,WAAW,MAAMC,0BAA0BH,IAAII,SAAQ,CAAA;AAC7D,UAAMC,WAA+B,MAAMH,SAASI,KAAI;AACxDC,4BAAwBF,UAAUP,GAAAA;AAElC,UAAMU,WAAW,8BAAOV,MAAaW,OAAgBC,gBAAyBlI,YAAAA;AAC5E,UAAIA,WAAUkI,gBAAgB;AAC5B,cAAMC,aAAa,MAAMC,kBAAkB;UAAEF;UAAgBD;UAAOjI,QAAAA;QAAO,CAAA;AAC3E,YAAI,CAACmI,YAAY;AACf,iBAAO9B,QAAQC,OAAOnE,MAAM,mCAAmCmF,IAAAA,cAAiBO,SAASQ,OAAO,gBAAgBH,cAAAA,GAAiB,CAAA;QACnI;MACF;IACF,GAPiB;AASjB,UAAMlI,SAAUiF,MAAMjF,UAAU,KAAKJ,0BAA0BI,UAAUC;AACzE,QAAID,QAAQ;AACV,UAAIuH,cAAc;AAChB,cAAMS,SAASV,KAAKO,UAAUN,cAAcvH,MAAAA;AAC5C,cAAMsI,gBAAgB,MAAMF,kBAAkB;UAAEF,gBAAgBX;UAAcU,OAAOJ;UAAU7H;QAAO,CAAA;AACtG,YAAI,CAACsI,eAAe;AAClB,iBAAOjC,QAAQC,OAAOnE,MAAM,mCAAmCmF,GAAAA,gBAAmBC,YAAAA,EAAc,CAAA;QAClG;MACF;AAEA,UAAIM,SAAS,mBAAA,GAAsB;AACjC,cAAMU,kBAAkB,MAAM,KAAK3H,iCAAiC;UAAE0G,KAAKO,SAAS,mBAAA;UAAsB5C;QAAK,GAAGlE,OAAAA;AAClH,cAAMiH,SAASV,KAAKiB,iBAAiBV,SAAS,mBAAA,GAAsB7H,MAAAA;MACtE;AAEA,UAAI6H,SAAS,sBAAA,GAAyB;AACpC,cAAMW,iBAAiB,MAAMb,0BAA0BE,SAASY,UAAU;AAC1E,cAAMC,SAAS,MAAMF,eAAeV,KAAI;AACxC,cAAME,SAASV,KAAKoB,QAAQb,SAAS,sBAAA,GAAyB7H,MAAAA;MAChE;AAEA6H,eAASc,SAASC,QAAQ,CAACD,YAAAA;AACzB,cAAME,sBAAsBF,QAAQG,WAAWC,QAAQC,OAAO,eAAA;AAC9D,YAAIH,qBAAqB;AACvBI,kBAAQC,IAAI,4BAAA;QACd;MACF,CAAA;IACF;AAEA,WAAOrB;EACT;EAEQ9C,wBAAwBhE,SAAiD;AAC/E,QAAI,OAAO,KAAKnB,0BAA0BuJ,oBAAoB,YAAY;AACxE,aAAO,KAAKvJ,0BAA0BuJ;IACxC;AAEA,WAAOC,uBAAuBrI,OAAAA;EAChC;EAEQiE,OAAOH,SAAiC;AAC9C,QAAIA,QAAQZ,KAAKC,QAAQrB,QAAW;AAClC,aAAOgC,QAAQZ,IAAIC;IACrB,WAAWW,QAAQZ,QAAQpB,UAAa,SAASgC,QAAQZ,OAAO,OAAOY,QAAQZ,IAAIrB,QAAQ,YAAYiC,QAAQZ,IAAIrB,IAAIS,WAAW,UAAA,GAAa;AAG7I,YAAMgG,UAAU,KAAKC,wBAAwBzE,QAAQZ,IAAIrB,GAAG;AAC5D,YAAM2G,UAAUC,gBAAgBH,OAAAA;AAChC,YAAMjE,MAAMqE,KAAKC,MAAMH,OAAAA;AACvB,aAAOnE;IACT;AACA,UAAMjD,MAAM,2CAAA;EACd;EAEQmH,wBAAwBK,KAAqB;AACnD,UAAMC,QAAQD,IAAIE,MAAM,GAAA;AACxB,QAAID,MAAME,SAAS,GAAG;AACpB,YAAM,IAAI3H,MAAM,oBAAA;IAClB;AACA,WAAOyH,MAAM,CAAA,EAAGC,MAAM,GAAA,EAAK,CAAA;EAC7B;AACF;;;AItaA,SAASE,wBAAwB;AAK1B,IAAMC,4BAA2C;EAAC;EAAiB;EAA2B;EAAiB;;AAmE/G,SAASC,sBAAsBC,SAAwC;AAC5E,SAAOC,iBAAiBD,SAAS,eAAA;AACnC;AAFgBD;","names":["SDJwt","SDJwtVcInstance","calculateJwkThumbprint","signatureAlgorithmFromKey","decodeBase64url","Debug","digestMethodParams","Loggers","v4","fromString","defaultGenerateDigest","data","alg","digestMethodParams","includes","hash","fromString","Uint8Array","defaultGenerateSalt","v4","defaultVerifySignature","context","signature","publicKey","result","agent","jwtVerifyJwsSignature","jws","jwk","Loggers","DEFAULT","get","info","message","error","funkeTestCA","sphereonCA","toString","fetchUrlWithErrorHandling","url","response","fetch","ok","Error","status","statusText","extractHashAlgFromIntegrity","integrityValue","val","toLowerCase","trim","split","undefined","extractHashFromIntegrity","validateIntegrity","input","hasher","alg","calculatedHash","createIntegrity","JSON","stringify","toString","assertValidTypeMetadata","metadata","vct","debug","Debug","SDJwtPlugin","trustAnchorsInPEM","registeredImplementations","_signers","_defaultSigner","constructor","hasher","defaultGenerateDigest","saltGenerator","defaultGenerateSalt","signers","defaultSigner","methods","createSdJwtVc","bind","createSdJwtPresentation","verifySdJwtVc","verifySdJwtPresentation","fetchSdJwtTypeMetadataFromVctUrl","getSignerForIdentifier","args","context","identifier","resolution","Object","keys","includes","signer","signingKey","getSignKey","vmRelationship","key","alg","data","agent","keyManagerSign","keyRef","kmsKeyRef","issuer","credentialPayload","iss","Error","sdjwt","SDJwtVcInstance","signAlg","hashAlg","credential","issue","disclosureFrame","header","kid","undefined","x5c","signatureAlgorithmFromKey","method","publicKeyHex","meta","x509","jwkThumbprint","startsWith","didIdentifier","identifierManagedGetByDid","kidIdentifier","identifierManagedGetByKid","cred","SDJwt","fromEncode","presentation","claims","getClaims","holder","cnf","jwk","calculateJwkThumbprint","sub","kbSigner","kbSignAlg","present","presentationFrame","kb","verifier","signature","verify","payload","verifyKb","verifySignatureCallback","getJwk","opts","decodedVC","decode","jwt","trustAnchors","Set","size","add","sphereonCA","funkeTestCA","certificateValidationResult","x509VerifyCertificateChain","chain","Array","from","x5cValidation","trustRootWhenNoAnchors","allowNoTrustAnchorsFound","error","certificateChain","Promise","reject","message","certInfo","publicKeyJWK","didDoc","resolveDid","didUrl","didDocumentKey","didDocument","verificationMethod","find","id","publicKeyJwk","verifierKb","kbVerifier","requiredClaimKeys","vct","vctIntegrity","url","URL","response","fetchUrlWithErrorHandling","toString","metadata","json","assertValidTypeMetadata","validate","input","integrityValue","validation","validateIntegrity","extends","vctValidation","extendsMetadata","schemaResponse","schema_uri","schema","display","forEach","simpleLogoIntegrity","rendering","simple","logo","console","log","verifySignature","defaultVerifySignature","encoded","extractBase64FromDIDJwk","decoded","decodeBase64url","JSON","parse","did","parts","split","length","contextHasPlugin","sdJwtPluginContextMethods","contextHasSDJwtPlugin","context","contextHasPlugin"]}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mDAA8C;AAArC,6GAAA,WAAW,OAAA;AACpB,0CAAuB;AACvB,0CAAuB"}

package/dist/trustAnchors.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare const funkeTestCA: string;
+export declare const sphereonCA: string;
+//# sourceMappingURL=trustAnchors.d.ts.map

package/dist/trustAnchors.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"trustAnchors.d.ts","sourceRoot":"","sources":["../src/trustAnchors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,QAGK,CAAA;AAE7B,eAAO,MAAM,UAAU,QAaM,CAAA"}

package/dist/trustAnchors.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sphereonCA = exports.funkeTestCA = void 0;
+exports.funkeTestCA = '-----BEGIN CERTIFICATE-----\n' +
+    'MIICeTCCAiCgAwIBAgIUB5E9QVZtmUYcDtCjKB/H3VQv72gwCgYIKoZIzj0EAwIwgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQHDAZCZXJsaW4xHTAbBgNVBAoMFEJ1bmRlc2RydWNrZXJlaSBHbWJIMREwDwYDVQQLDAhUIENTIElERTE2MDQGA1UEAwwtU1BSSU5EIEZ1bmtlIEVVREkgV2FsbGV0IFByb3RvdHlwZSBJc3N1aW5nIENBMB4XDTI0MDUzMTA2NDgwOVoXDTM0MDUyOTA2NDgwOVowgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQHDAZCZXJsaW4xHTAbBgNVBAoMFEJ1bmRlc2RydWNrZXJlaSBHbWJIMREwDwYDVQQLDAhUIENTIElERTE2MDQGA1UEAwwtU1BSSU5EIEZ1bmtlIEVVREkgV2FsbGV0IFByb3RvdHlwZSBJc3N1aW5nIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYGzdwFDnc7+Kn5ibAvCOM8ke77VQxqfMcwZL8IaIA+WCROcCfmY/giH92qMru5p/kyOivE0RC/IbdMONvDoUyaNmMGQwHQYDVR0OBBYEFNRWGMCJOOgOWIQYyXZiv6u7xZC+MB8GA1UdIwQYMBaAFNRWGMCJOOgOWIQYyXZiv6u7xZC+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA0cAMEQCIGEm7wkZKHt/atb4MdFnXW6yrnwMUT2u136gdtl10Y6hAiBuTFqvVYth1rbxzCP0xWZHmQK9kVyxn8GPfX27EIzzsw==\n' +
+    '-----END CERTIFICATE-----';
+exports.sphereonCA = '-----BEGIN CERTIFICATE-----\n' +
+    'MIICCDCCAa6gAwIBAgITAPMgqwtYzWPBXaobHhxG9iSydTAKBggqhkjOPQQDAjBa\n' +
+    'MQswCQYDVQQGEwJOTDEkMCIGA1UECgwbU3BoZXJlb24gSW50ZXJuYXRpb25hbCBC\n' +
+    'LlYuMQswCQYDVQQLDAJJVDEYMBYGA1UEAwwPY2Euc3BoZXJlb24uY29tMB4XDTI0\n' +
+    'MDcyODIxMjY0OVoXDTM0MDcyODIxMjY0OVowWjELMAkGA1UEBhMCTkwxJDAiBgNV\n' +
+    'BAoMG1NwaGVyZW9uIEludGVybmF0aW9uYWwgQi5WLjELMAkGA1UECwwCSVQxGDAW\n' +
+    'BgNVBAMMD2NhLnNwaGVyZW9uLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\n' +
+    'BEiA0KeESSNrOcmCDga8YsBkUTgowZGwqvL2n91JUpAMdRSwvlVFdqdiLXnk2pQq\n' +
+    'T1vZnDG0I+x+iz2EbdsG0aajUzBRMB0GA1UdDgQWBBTnB8pdlVz5yKD+zuNkRR6A\n' +
+    'sywywTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8E\n' +
+    'BTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIHH7ie1OAAbff5262rzZVQa8J9zENG8A\n' +
+    'QlHHFydMdgaXAiEA1Ib82mhHIYDziE0DDbHEAXOs98al+7dpo8fPGVGTeKI=\n' +
+    '-----END CERTIFICATE-----';
+//# sourceMappingURL=trustAnchors.js.map

package/dist/trustAnchors.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"trustAnchors.js","sourceRoot":"","sources":["../src/trustAnchors.ts"],"names":[],"mappings":";;;AAAa,QAAA,WAAW,GACtB,+BAA+B;IAC/B,w1BAAw1B;IACx1B,2BAA2B,CAAA;AAEhB,QAAA,UAAU,GACrB,+BAA+B;IAC/B,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,gEAAgE;IAChE,2BAA2B,CAAA"}

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,234 @@
+import { SdJwtVcPayload as SdJwtPayload } from '@sd-jwt/sd-jwt-vc';
+import { Hasher, kbHeader, KBOptions, kbPayload, SaltGenerator, Signer } from '@sd-jwt/types';
+import { IIdentifierResolution, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution';
+import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
+import { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils';
+import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
+import { HasherSync, JoseSignatureAlgorithm, SdJwtTypeMetadata } from '@sphereon/ssi-types';
+import { DIDDocumentSection, IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core';
+export declare const sdJwtPluginContextMethods: Array<string>;
+/**
+ * My Agent Plugin description.
+ *
+ * This is the interface that describes what your plugin can do.
+ * The methods listed here, will be directly available to the veramo agent where your plugin is going to be used.
+ * Depending on the agent configuration, other agent plugins, as well as the application where the agent is used
+ * will be able to call these methods.
+ *
+ * To build a schema for your plugin using standard tools, you must link to this file in your package.json.
+ * Example:
+ * ```
+ * "veramo": {
+ *    "pluginInterfaces": {
+ *      "IMyAgentPlugin": "./src/types/IMyAgentPlugin.ts"
+ *    }
+ *  },
+ * ```
+ *
+ * @beta
+ */
+export interface ISDJwtPlugin extends IPluginMethodMap {
+    /**
+     * Your plugin method description
+     *
+     * @param args - Input parameters for this method
+     * @param context - The required context where this method can run.
+     *   Declaring a context type here lets other developers know which other plugins
+     *   need to also be installed for this method to work.
+     */
+    /**
+     * Create a signed SD-JWT credential.
+     * @param args - Arguments necessary for the creation of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult>;
+    /**
+     * Create a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the creation of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult>;
+    /**
+     * Verify a signed SD-JWT credential.
+     * @param args - Arguments necessary for the verification of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult>;
+    /**
+     * Verify a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the verification of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult>;
+    /**
+     * Fetch and validate Type Metadata.
+     * @param args - Arguments necessary for fetching and validating the type metadata.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata>;
+}
+export declare function contextHasSDJwtPlugin(context: IAgentContext<IPluginMethodMap>): context is IAgentContext<ISDJwtPlugin>;
+/**
+ * ICreateSdJwtVcArgs
+ *
+ * @beta
+ */
+export interface SdJwtVcPayload extends SdJwtPayload {
+    x5c?: string[];
+}
+export interface ICreateSdJwtVcArgs {
+    credentialPayload: SdJwtVcPayload;
+    disclosureFrame?: IDisclosureFrame;
+    resolution?: ManagedIdentifierResult;
+}
+/**
+ * @beta
+ */
+export interface IDisclosureFrame {
+    _sd?: string[];
+    _sd_decoy?: number;
+    [x: string]: string[] | number | IDisclosureFrame | undefined;
+}
+/**
+ * ICreateSdJwtVcResult
+ *
+ * @beta
+ */
+export interface ICreateSdJwtVcResult {
+    /**
+     * the encoded sd-jwt credential
+     */
+    credential: string;
+}
+/**
+ *
+ * @beta
+ */
+export interface ICreateSdJwtPresentationArgs {
+    /**
+     * Encoded SD-JWT credential
+     */
+    presentation: string;
+    presentationFrame?: IPresentationFrame;
+    /**
+     * Allows to override the holder. Normally it will be looked up from the cnf or sub values
+     */
+    holder?: string;
+    /**
+     * Information to include to add key binding.
+     */
+    kb?: KBOptions;
+}
+/**
+ * @beta
+ */
+export interface IPresentationFrame {
+    [x: string]: boolean | IPresentationFrame;
+}
+/**
+ * Created presentation
+ * @beta
+ */
+export interface ICreateSdJwtPresentationResult {
+    /**
+     * Encoded presentation.
+     */
+    presentation: string;
+}
+/**
+ * @beta
+ */
+export interface IVerifySdJwtVcArgs {
+    credential: string;
+    opts?: {
+        x5cValidation?: X509CertificateChainValidationOpts;
+    };
+}
+/**
+ * @beta
+ */
+export type IVerifySdJwtVcResult = {
+    payload: SdJwtPayload;
+    header: Record<string, unknown>;
+    kb?: {
+        header: kbHeader;
+        payload: kbPayload;
+    };
+};
+/**
+ * @beta
+ */
+export interface IVerifySdJwtPresentationArgs {
+    presentation: string;
+    requiredClaimKeys?: string[];
+    kb?: boolean;
+}
+/**
+ * @beta
+ */
+export type IVerifySdJwtPresentationResult = {
+    payload: unknown;
+    header: Record<string, unknown> | undefined;
+    kb?: {
+        header: kbHeader;
+        payload: kbPayload;
+    };
+};
+export type SignKeyArgs = {
+    identifier: string;
+    vmRelationship: DIDDocumentSection;
+    resolution?: ManagedIdentifierResult;
+};
+export type SignKeyResult = {
+    alg: JoseSignatureAlgorithm;
+    key: {
+        kid?: string;
+        kmsKeyRef: string;
+        x5c?: string[];
+        jwkThumbprint?: string;
+    };
+};
+/**
+ * This context describes the requirements of this plugin.
+ * For this plugin to function properly, the agent needs to also have other plugins installed that implement the
+ * interfaces declared here.
+ * You can also define requirements on a more granular level, for each plugin method or event handler of your plugin.
+ *
+ * @beta
+ */
+export type IRequiredContext = IAgentContext<IDIDManager & IIdentifierResolution & IJwtService & IResolver & IKeyManager & ImDLMdoc>;
+export type SdJwtVerifySignature = (data: string, signature: string, publicKey: JsonWebKey) => Promise<boolean>;
+export interface SdJWTImplementation {
+    saltGenerator?: SaltGenerator;
+    hasher?: HasherSync;
+    verifySignature?: SdJwtVerifySignature;
+}
+export interface Claims {
+    /**
+     * Subject of the SD-JWT
+     */
+    sub?: string;
+    cnf?: {
+        jwk?: JsonWebKey;
+        kid?: string;
+    };
+    [key: string]: unknown;
+}
+export type FetchSdJwtTypeMetadataFromVctUrlArgs = {
+    vct: string;
+    vctIntegrity?: string;
+    opts?: FetchSdJwtTypeMetadataFromVctUrlOpts;
+};
+export type FetchSdJwtTypeMetadataFromVctUrlOpts = {
+    hasher?: HasherSync | Hasher;
+};
+export type GetSignerForIdentifierArgs = {
+    identifier: string;
+    resolution?: ManagedIdentifierResult;
+};
+export type GetSignerResult = {
+    signer: Signer;
+    alg?: string;
+    signingKey?: SignKeyResult;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,IAAI,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAClE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAC7F,OAAO,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,6CAA6C,CAAA;AAC5G,OAAO,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAA;AAC/D,OAAO,EAAE,kCAAkC,EAAE,MAAM,kCAAkC,CAAA;AAErF,OAAO,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAA;AACrD,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAC3F,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAEvH,eAAO,MAAM,yBAAyB,EAAE,KAAK,CAAC,MAAM,CAA4F,CAAA;AAEhJ;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,YAAa,SAAQ,gBAAgB;IACpD;;;;;;;OAOG;IACH;;;;OAIG;IACH,aAAa,CAAC,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;IAEjG;;;;OAIG;IACH,uBAAuB,CAAC,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAA;IAE/H;;;;OAIG;IACH,aAAa,CAAC,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;IAEjG;;;;OAIG;IACH,uBAAuB,CAAC,IAAI,EAAE,4BAA4B,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAA;IAE/H;;;;OAIG;IACH,gCAAgC,CAAC,IAAI,EAAE,oCAAoC,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAA;CACpI;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,aAAa,CAAC,gBAAgB,CAAC,GAAG,OAAO,IAAI,aAAa,CAAC,YAAY,CAAC,CAEtH;AAED;;;;GAIG;AAEH,MAAM,WAAW,cAAe,SAAQ,YAAY;IAClD,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,EAAE,cAAc,CAAA;IAGjC,eAAe,CAAC,EAAE,gBAAgB,CAAA;IAElC,UAAU,CAAC,EAAE,uBAAuB,CAAA;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAAA;CAC9D;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAOpB,iBAAiB,CAAC,EAAE,kBAAkB,CAAA;IAEtC;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf;;OAEG;IACH,EAAE,CAAC,EAAE,SAAS,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,kBAAkB,CAAA;CAC1C;AAED;;;GAGG;AACH,MAAM,WAAW,8BAA8B;IAC7C;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE;QACL,aAAa,CAAC,EAAE,kCAAkC,CAAA;KACnD,CAAA;CACF;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,EAAE,YAAY,CAAA;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,EAAE,CAAC,EAAE;QAAE,MAAM,EAAE,QAAQ,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAA;CAC9C,CAAA;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,YAAY,EAAE,MAAM,CAAA;IAEpB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;IAE5B,EAAE,CAAC,EAAE,OAAO,CAAA;CACb;AAED;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAA;IAC3C,EAAE,CAAC,EAAE;QAAE,MAAM,EAAE,QAAQ,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAA;CAC9C,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,kBAAkB,CAAA;IAClC,UAAU,CAAC,EAAE,uBAAuB,CAAA;CACrC,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,sBAAsB,CAAA;IAC3B,GAAG,EAAE;QACH,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,SAAS,EAAE,MAAM,CAAA;QACjB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;QACd,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,CAAA;CACF,CAAA;AACD;;;;;;;GAOG;AACH,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC,WAAW,GAAG,qBAAqB,GAAG,WAAW,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC,CAAA;AAEpI,MAAM,MAAM,oBAAoB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;AAC/G,MAAM,WAAW,mBAAmB;IAClC,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB,eAAe,CAAC,EAAE,oBAAoB,CAAA;CACvC;AAED,MAAM,WAAW,MAAM;IACrB;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE;QACJ,GAAG,CAAC,EAAE,UAAU,CAAA;QAChB,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IAED,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,MAAM,oCAAoC,GAAG;IACjD,GAAG,EAAE,MAAM,CAAA;IACX,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,oCAAoC,CAAA;CAC5C,CAAA;AAED,MAAM,MAAM,oCAAoC,GAAG;IACjD,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,uBAAuB,CAAA;CACrC,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,UAAU,CAAC,EAAE,aAAa,CAAA;CAC3B,CAAA"}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sdJwtPluginContextMethods = void 0;
+exports.contextHasSDJwtPlugin = contextHasSDJwtPlugin;
+const ssi_sdk_agent_config_1 = require("@sphereon/ssi-sdk.agent-config");
+exports.sdJwtPluginContextMethods = ['createSdJwtVc', 'createSdJwtPresentation', 'verifySdJwtVc', 'verifySdJwtPresentation'];
+function contextHasSDJwtPlugin(context) {
+    return (0, ssi_sdk_agent_config_1.contextHasPlugin)(context, 'verifySdJwtVc');
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AA6EA,sDAEC;AA1ED,yEAAiE;AAKpD,QAAA,yBAAyB,GAAkB,CAAC,eAAe,EAAE,yBAAyB,EAAE,eAAe,EAAE,yBAAyB,CAAC,CAAA;AAmEhJ,SAAgB,qBAAqB,CAAC,OAAwC;IAC5E,OAAO,IAAA,uCAAgB,EAAC,OAAO,EAAE,eAAe,CAAC,CAAA;AACnD,CAAC"}

package/dist/utils.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { SdJwtTypeMetadata } from '@sphereon/ssi-types';
+import { HasherSync } from '@sd-jwt/types';
+import { Hasher } from '@sd-jwt/types';
+export declare function fetchUrlWithErrorHandling(url: string): Promise<Response>;
+export type IntegrityAlg = 'sha256' | 'sha384' | 'sha512';
+export declare function extractHashFromIntegrity(integrityValue?: string): string | undefined;
+export declare function validateIntegrity({ input, integrityValue, hasher, }: {
+    input: any;
+    integrityValue?: string;
+    hasher: HasherSync | Hasher;
+}): Promise<boolean>;
+export declare function createIntegrity({ input, hasher, alg, }: {
+    input: any;
+    hasher: HasherSync | Hasher;
+    alg?: IntegrityAlg;
+}): Promise<string>;
+export declare function assertValidTypeMetadata(metadata: SdJwtTypeMetadata, vct: string): void;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAEvD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAGtC,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAM9E;AAED,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;AAUzD,wBAAgB,wBAAwB,CAAC,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEpF;AAED,wBAAsB,iBAAiB,CAAC,EACtC,KAAK,EACL,cAAc,EACd,MAAM,GACP,EAAE;IACD,KAAK,EAAE,GAAG,CAAA;IACV,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,MAAM,EAAE,UAAU,GAAG,MAAM,CAAA;CAC5B,GAAG,OAAO,CAAC,OAAO,CAAC,CAUnB;AAED,wBAAsB,eAAe,CAAC,EACpC,KAAK,EACL,MAAM,EACN,GAAc,GACf,EAAE;IACD,KAAK,EAAE,GAAG,CAAA;IACV,MAAM,EAAE,UAAU,GAAG,MAAM,CAAA;IAC3B,GAAG,CAAC,EAAE,YAAY,CAAA;CACnB,GAAG,OAAO,CAAC,MAAM,CAAC,CAGlB;AAED,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAItF"}

package/dist/utils.js ADDED Viewed

@@ -0,0 +1,85 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchUrlWithErrorHandling = fetchUrlWithErrorHandling;
+exports.extractHashFromIntegrity = extractHashFromIntegrity;
+exports.validateIntegrity = validateIntegrity;
+exports.createIntegrity = createIntegrity;
+exports.assertValidTypeMetadata = assertValidTypeMetadata;
+const u8a = __importStar(require("uint8arrays"));
+// Helper function to fetch API with error handling
+function fetchUrlWithErrorHandling(url) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const response = yield fetch(url);
+        if (!response.ok) {
+            throw new Error(`${response.status}: ${response.statusText}`);
+        }
+        return response;
+    });
+}
+function extractHashAlgFromIntegrity(integrityValue) {
+    const val = integrityValue === null || integrityValue === void 0 ? void 0 : integrityValue.toLowerCase().trim().split('-')[0];
+    if (val === 'sha256' || val === 'sha384' || val === 'sha512') {
+        return val;
+    }
+    return undefined;
+}
+function extractHashFromIntegrity(integrityValue) {
+    return integrityValue === null || integrityValue === void 0 ? void 0 : integrityValue.toLowerCase().trim().split('-')[1];
+}
+function validateIntegrity(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ input, integrityValue, hasher, }) {
+        if (!integrityValue) {
+            return true;
+        }
+        const alg = extractHashAlgFromIntegrity(integrityValue);
+        if (!alg) {
+            return false;
+        }
+        const calculatedHash = yield createIntegrity({ hasher, input, alg });
+        return calculatedHash == integrityValue;
+    });
+}
+function createIntegrity(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ input, hasher, alg = 'sha256', }) {
+        const calculatedHash = yield hasher(typeof input === 'string' ? input : JSON.stringify(input), alg);
+        return `${alg}-${u8a.toString(calculatedHash, 'base64')}`;
+    });
+}
+function assertValidTypeMetadata(metadata, vct) {
+    if (metadata.vct !== vct) {
+        throw new Error('VCT mismatch in metadata and credential');
+    }
+}
+//# sourceMappingURL=utils.js.map

package/dist/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,8DAMC;AAYD,4DAEC;AAED,8CAkBC;AAED,0CAWC;AAED,0DAIC;AAhED,iDAAkC;AAIlC,mDAAmD;AACnD,SAAsB,yBAAyB,CAAC,GAAW;;QACzD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;QACjC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAA;QAC/D,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;CAAA;AAID,SAAS,2BAA2B,CAAC,cAAuB;IAC1D,MAAM,GAAG,GAAG,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,WAAW,GAAG,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAC9D,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC7D,OAAO,GAAmB,CAAA;IAC5B,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,wBAAwB,CAAC,cAAuB;IAC9D,OAAO,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,WAAW,GAAG,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;AAC3D,CAAC;AAED,SAAsB,iBAAiB;yDAAC,EACtC,KAAK,EACL,cAAc,EACd,MAAM,GAKP;QACC,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,IAAI,CAAA;QACb,CAAC;QACD,MAAM,GAAG,GAAG,2BAA2B,CAAC,cAAc,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;QACpE,OAAO,cAAc,IAAI,cAAc,CAAA;IACzC,CAAC;CAAA;AAED,SAAsB,eAAe;yDAAC,EACpC,KAAK,EACL,MAAM,EACN,GAAG,GAAG,QAAQ,GAKf;QACC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAA;QACnG,OAAO,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAA;IAC3D,CAAC;CAAA;AAED,SAAgB,uBAAuB,CAAC,QAA2B,EAAE,GAAW;IAC9E,IAAI,QAAQ,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAC5D,CAAC;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,23 +1,12 @@
 {
   "name": "@sphereon/ssi-sdk.sd-jwt",
-  "version": "0.33.1-feature.vcdm2.tsup.31+71b615ad",
+  "version": "0.33.1-next.2+6f7f40b9",
   "source": "src/index.ts",
-  "type": "module",
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    "import": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
-    },
-    "require": {
-      "types": "./dist/index.d.cts",
-      "require": "./dist/index.cjs"
-    }
-  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "scripts": {
-    "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
+    "build": "tsc",
+    "build:clean": "tsc --build --clean && tsc --build"
   },
   "veramo": {
     "pluginInterfaces": {
@@ -27,27 +16,27 @@
   "dependencies": {
     "@sd-jwt/core": "^0.9.2",
     "@sd-jwt/sd-jwt-vc": "^0.9.2",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk.agent-config": "^0.33.1-feature.vcdm2.tsup.31+71b615ad",
-    "@sphereon/ssi-sdk.mdl-mdoc": "^0.33.1-feature.vcdm2.tsup.31+71b615ad",
-    "@sphereon/ssi-types": "^0.33.1-feature.vcdm2.tsup.31+71b615ad",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.28.0",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.0",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.28.0",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.28.0",
+    "@sphereon/ssi-sdk-ext.x509-utils": "0.28.0",
+    "@sphereon/ssi-sdk.agent-config": "0.33.1-next.2+6f7f40b9",
+    "@sphereon/ssi-sdk.mdl-mdoc": "0.33.1-next.2+6f7f40b9",
+    "@sphereon/ssi-types": "0.33.1-next.2+6f7f40b9",
     "@veramo/utils": "4.2.0",
     "debug": "^4.3.5",
-    "uint8arrays": "^3.1.1",
+    "uint8arrays": "3.1.1",
     "uuid": "^9.0.1"
   },
   "devDependencies": {
     "@sd-jwt/decode": "^0.9.2",
     "@sd-jwt/types": "^0.9.2",
     "@sd-jwt/utils": "^0.9.2",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.28.1-feature.esm.cjs.16",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.28.1-feature.esm.cjs.16",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.28.0",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.0",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.28.0",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.28.0",
     "@types/node": "^20.17.1",
     "@types/uuid": "^9.0.8",
     "@veramo/core": "4.2.0",
@@ -55,12 +44,12 @@
     "@veramo/did-manager": "4.2.0",
     "@veramo/did-resolver": "4.2.0",
     "did-resolver": "^4.1.0",
-    "typeorm": "^0.3.22",
-    "typescript": "5.8.3"
+    "typeorm": "^0.3.21",
+    "typescript": "5.4.2"
   },
   "files": [
-    "dist",
-    "src",
+    "dist/**/*",
+    "src/**/*",
     "README.md",
     "plugin.schema.json",
     "LICENSE"
@@ -82,5 +71,6 @@
     "Selective Disclosure",
     "Verifiable Credential"
   ],
-  "gitHead": "71b615adbfef8ecd843edb2f3d0c58cb6453cff9"
+  "nx": {},
+  "gitHead": "6f7f40b94beb385369fede046c3912bd0c053408"
 }

package/src/__tests__/sd-jwt-integrity.test.ts CHANGED Viewed

@@ -1,6 +1,6 @@
-import { describe, it } from 'vitest'
 import { defaultGenerateDigest } from '../defaultCallbacks'
 import { createIntegrity, validateIntegrity } from '../index'
 // type AgentType = IDIDManager & IKeyManager & IIdentifierResolution & IJwtService & IResolver & ISDJwtPlugin & ImDLMdoc
 const fs = require('node:fs')