@sphereon/ssi-sdk.sd-jwt 0.33.1-next.3 → 0.33.1-next.73

package/dist/index.d.ts

@@ -1,4 +1,334 @@
-export { SDJwtPlugin } from './action-handler';
-export * from './utils';
-export * from './types';
-//# sourceMappingURL=index.d.ts.map
+import { SdJwtVcPayload as SdJwtVcPayload$1, SDJwtVcInstance } from '@sd-jwt/sd-jwt-vc';
+import { SaltGenerator, KBOptions, kbHeader, kbPayload, Hasher, Signer, HasherSync as HasherSync$1 } from '@sd-jwt/types';
+import { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils';
+import { HasherSync, JsonWebKey, SdJwtTypeMetadata, JoseSignatureAlgorithm } from '@sphereon/ssi-types';
+import { IPluginMethodMap, IAgentContext, IDIDManager, IResolver, IKeyManager, DIDDocumentSection, IAgentPlugin } from '@veramo/core';
+import { ManagedIdentifierResult, IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
+import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
+import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc';
+
+declare const sdJwtPluginContextMethods: Array<string>;
+/**
+ * My Agent Plugin description.
+ *
+ * This is the interface that describes what your plugin can do.
+ * The methods listed here, will be directly available to the veramo agent where your plugin is going to be used.
+ * Depending on the agent configuration, other agent plugins, as well as the application where the agent is used
+ * will be able to call these methods.
+ *
+ * To build a schema for your plugin using standard tools, you must link to this file in your package.json.
+ * Example:
+ * ```
+ * "veramo": {
+ *    "pluginInterfaces": {
+ *      "IMyAgentPlugin": "./src/types/IMyAgentPlugin.ts"
+ *    }
+ *  },
+ * ```
+ *
+ * @beta
+ */
+interface ISDJwtPlugin extends IPluginMethodMap {
+    /**
+     * Your plugin method description
+     *
+     * @param args - Input parameters for this method
+     * @param context - The required context where this method can run.
+     *   Declaring a context type here lets other developers know which other plugins
+     *   need to also be installed for this method to work.
+     */
+    /**
+     * Create a signed SD-JWT credential.
+     * @param args - Arguments necessary for the creation of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult>;
+    /**
+     * Create a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the creation of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult>;
+    /**
+     * Verify a signed SD-JWT credential.
+     * @param args - Arguments necessary for the verification of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult>;
+    /**
+     * Verify a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the verification of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult>;
+    /**
+     * Fetch and validate Type Metadata.
+     * @param args - Arguments necessary for fetching and validating the type metadata.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     */
+    fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata>;
+}
+declare function contextHasSDJwtPlugin(context: IAgentContext<IPluginMethodMap>): context is IAgentContext<ISDJwtPlugin>;
+/**
+ * ICreateSdJwtVcArgs
+ *
+ * @beta
+ */
+interface SdJwtVcPayload extends SdJwtVcPayload$1 {
+    x5c?: string[];
+}
+interface ICreateSdJwtVcArgs {
+    credentialPayload: SdJwtVcPayload;
+    disclosureFrame?: IDisclosureFrame;
+    resolution?: ManagedIdentifierResult;
+}
+/**
+ * @beta
+ */
+interface IDisclosureFrame {
+    _sd?: string[];
+    _sd_decoy?: number;
+    [x: string]: string[] | number | IDisclosureFrame | undefined;
+}
+/**
+ * ICreateSdJwtVcResult
+ *
+ * @beta
+ */
+interface ICreateSdJwtVcResult {
+    /**
+     * the encoded sd-jwt credential
+     */
+    credential: string;
+}
+/**
+ *
+ * @beta
+ */
+interface ICreateSdJwtPresentationArgs {
+    /**
+     * Encoded SD-JWT credential
+     */
+    presentation: string;
+    presentationFrame?: IPresentationFrame;
+    /**
+     * Allows to override the holder. Normally it will be looked up from the cnf or sub values
+     */
+    holder?: string;
+    /**
+     * Information to include to add key binding.
+     */
+    kb?: KBOptions;
+}
+/**
+ * @beta
+ */
+interface IPresentationFrame {
+    [x: string]: boolean | IPresentationFrame;
+}
+/**
+ * Created presentation
+ * @beta
+ */
+interface ICreateSdJwtPresentationResult {
+    /**
+     * Encoded presentation.
+     */
+    presentation: string;
+}
+/**
+ * @beta
+ */
+interface IVerifySdJwtVcArgs {
+    credential: string;
+    opts?: {
+        x5cValidation?: X509CertificateChainValidationOpts;
+    };
+}
+/**
+ * @beta
+ */
+type IVerifySdJwtVcResult = {
+    payload: SdJwtVcPayload$1;
+    header: Record<string, unknown>;
+    kb?: {
+        header: kbHeader;
+        payload: kbPayload;
+    };
+};
+/**
+ * @beta
+ */
+interface IVerifySdJwtPresentationArgs {
+    presentation: string;
+    requiredClaimKeys?: string[];
+    kb?: boolean;
+}
+/**
+ * @beta
+ */
+type IVerifySdJwtPresentationResult = {
+    payload: unknown;
+    header: Record<string, unknown> | undefined;
+    kb?: {
+        header: kbHeader;
+        payload: kbPayload;
+    };
+};
+type SignKeyArgs = {
+    identifier: string;
+    vmRelationship: DIDDocumentSection;
+    resolution?: ManagedIdentifierResult;
+};
+type SignKeyResult = {
+    alg: JoseSignatureAlgorithm;
+    key: {
+        kid?: string;
+        kmsKeyRef: string;
+        x5c?: string[];
+        jwkThumbprint?: string;
+    };
+};
+/**
+ * This context describes the requirements of this plugin.
+ * For this plugin to function properly, the agent needs to also have other plugins installed that implement the
+ * interfaces declared here.
+ * You can also define requirements on a more granular level, for each plugin method or event handler of your plugin.
+ *
+ * @beta
+ */
+type IRequiredContext = IAgentContext<IDIDManager & IIdentifierResolution & IJwtService & IResolver & IKeyManager & ImDLMdoc>;
+type SdJwtVerifySignature = (data: string, signature: string, publicKey: JsonWebKey) => Promise<boolean>;
+interface SdJWTImplementation {
+    saltGenerator?: SaltGenerator;
+    hasher?: HasherSync;
+    verifySignature?: SdJwtVerifySignature;
+}
+interface Claims {
+    /**
+     * Subject of the SD-JWT
+     */
+    sub?: string;
+    cnf?: {
+        jwk?: JsonWebKey;
+        kid?: string;
+    };
+    [key: string]: unknown;
+}
+type FetchSdJwtTypeMetadataFromVctUrlArgs = {
+    vct: string;
+    vctIntegrity?: string;
+    opts?: FetchSdJwtTypeMetadataFromVctUrlOpts;
+};
+type FetchSdJwtTypeMetadataFromVctUrlOpts = {
+    hasher?: HasherSync | Hasher;
+};
+type GetSignerForIdentifierArgs = {
+    identifier: string;
+    resolution?: ManagedIdentifierResult;
+};
+type GetSignerResult = {
+    signer: Signer;
+    alg?: string;
+    signingKey?: SignKeyResult;
+};
+
+/**
+ * @beta
+ * SD-JWT plugin
+ */
+declare class SDJwtPlugin implements IAgentPlugin {
+    private readonly trustAnchorsInPEM;
+    private readonly registeredImplementations;
+    private _signers;
+    private _defaultSigner?;
+    constructor(registeredImplementations?: SdJWTImplementation & {
+        signers?: Record<string, Signer>;
+        defaultSigner?: Signer;
+    }, trustAnchorsInPEM?: string[]);
+    readonly methods: ISDJwtPlugin;
+    private getSignerForIdentifier;
+    /**
+     * Create a signed SD-JWT credential.
+     * @param args - Arguments necessary for the creation of a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT credential.
+     */
+    createSdJwtVc(args: ICreateSdJwtVcArgs, context: IRequiredContext): Promise<ICreateSdJwtVcResult>;
+    /**
+     * Get the key to sign the SD-JWT
+     * @param args - consists of twp arguments: identifier like a did and other forms of identifiers and vmRelationship which represents the purpose of the key
+     * @param context - agent instance
+     * @returns the key to sign the SD-JWT
+     */
+    getSignKey(args: SignKeyArgs, context: IRequiredContext): Promise<SignKeyResult>;
+    /**
+     * Create a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the creation of a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns A signed SD-JWT presentation.
+     */
+    createSdJwtPresentation(args: ICreateSdJwtPresentationArgs, context: IRequiredContext): Promise<ICreateSdJwtPresentationResult>;
+    /**
+     * Verify a signed SD-JWT credential.
+     * @param args - Arguments necessary for the verify a SD-JWT credential.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtVc(args: IVerifySdJwtVcArgs, context: IRequiredContext): Promise<IVerifySdJwtVcResult>;
+    /**
+     * Verify the key binding of a SD-JWT by validating the signature of the key bound to the SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @param payload - The payload of the SD-JWT
+     * @returns
+     */
+    private verifyKb;
+    /**
+     * Validates the signature of a SD-JWT
+     * @param sdjwt - SD-JWT instance
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @param data - signed data
+     * @param signature - The signature
+     * @returns
+     */
+    verify(sdjwt: SDJwtVcInstance, context: IRequiredContext, data: string, signature: string, opts?: {
+        x5cValidation?: X509CertificateChainValidationOpts;
+    }): Promise<boolean>;
+    /**
+     * Verify a signed SD-JWT presentation.
+     * @param args - Arguments necessary for the verify a SD-JWT presentation.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    verifySdJwtPresentation(args: IVerifySdJwtPresentationArgs, context: IRequiredContext): Promise<IVerifySdJwtPresentationResult>;
+    /**
+     * Fetch and validate Type Metadata.
+     * @param args - Arguments necessary for fetching and validating the type metadata.
+     * @param context - This reserved param is automatically added and handled by the framework, *do not override*
+     * @returns
+     */
+    fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise<SdJwtTypeMetadata>;
+    private verifySignatureCallback;
+    private getJwk;
+    private extractBase64FromDIDJwk;
+}
+
+declare function fetchUrlWithErrorHandling(url: string): Promise<Response>;
+type IntegrityAlg = 'sha256' | 'sha384' | 'sha512';
+declare function extractHashFromIntegrity(integrityValue?: string): string | undefined;
+declare function validateIntegrity({ input, integrityValue, hasher, }: {
+    input: any;
+    integrityValue?: string;
+    hasher: HasherSync$1 | Hasher;
+}): Promise<boolean>;
+declare function createIntegrity({ input, hasher, alg, }: {
+    input: any;
+    hasher: HasherSync$1 | Hasher;
+    alg?: IntegrityAlg;
+}): Promise<string>;
+declare function assertValidTypeMetadata(metadata: SdJwtTypeMetadata, vct: string): void;
+
+export { type Claims, type FetchSdJwtTypeMetadataFromVctUrlArgs, type FetchSdJwtTypeMetadataFromVctUrlOpts, type GetSignerForIdentifierArgs, type GetSignerResult, type ICreateSdJwtPresentationArgs, type ICreateSdJwtPresentationResult, type ICreateSdJwtVcArgs, type ICreateSdJwtVcResult, type IDisclosureFrame, type IPresentationFrame, type IRequiredContext, type ISDJwtPlugin, type IVerifySdJwtPresentationArgs, type IVerifySdJwtPresentationResult, type IVerifySdJwtVcArgs, type IVerifySdJwtVcResult, type IntegrityAlg, SDJwtPlugin, type SdJWTImplementation, type SdJwtVcPayload, type SdJwtVerifySignature, type SignKeyArgs, type SignKeyResult, assertValidTypeMetadata, contextHasSDJwtPlugin, createIntegrity, extractHashFromIntegrity, fetchUrlWithErrorHandling, sdJwtPluginContextMethods, validateIntegrity };