npm - @sphereon/ssi-sdk.sd-jwt - Versions diffs - 0.34.1-next.7 → 0.34.1-next.85 - Mend

@sphereon/ssi-sdk.sd-jwt 0.34.1-next.7 → 0.34.1-next.85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.cjs +251 -42
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +66 -8
package/dist/index.d.ts +66 -8
package/dist/index.js +249 -40
package/dist/index.js.map +1 -1
package/package.json +21 -20
package/src/__tests__/{sd-jwt.test.ts → sd-jwt-vc.test.ts} +6 -4
package/src/__tests__/sd-jwt-vcdm2.test.ts +316 -0
package/src/action-handler.ts +80 -35
package/src/sdJwtVcdm2Instance.ts +155 -0
package/src/types.ts +40 -6
package/src/utils.ts +32 -1

package/src/types.ts CHANGED Viewed

@@ -1,12 +1,22 @@
-import { SdJwtVcPayload as SdJwtPayload } from '@sd-jwt/sd-jwt-vc'
 import { Hasher, kbHeader, KBOptions, kbPayload, SaltGenerator, Signer } from '@sd-jwt/types'
 import { IIdentifierResolution, ManagedIdentifierResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service'
 import { X509CertificateChainValidationOpts } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 import { ImDLMdoc } from '@sphereon/ssi-sdk.mdl-mdoc'
-import { HasherSync, JoseSignatureAlgorithm, JsonWebKey, SdJwtTypeMetadata } from '@sphereon/ssi-types'
+import {
+  HasherSync,
+  JoseSignatureAlgorithm,
+  JsonWebKey,
+  SdJwtType,
+  SdJwtTypeMetadata,
+  SdJwtVcdm2Payload,
+  SdJwtVcType,
+  SdJwtVpType,
+} from '@sphereon/ssi-types'
 import { DIDDocumentSection, IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap, IResolver } from '@veramo/core'
+import { SdJwtVcPayload as OrigSdJwtVcPayload } from '@sd-jwt/sd-jwt-vc'
+import { SdJwtPayload } from '@sd-jwt/core'
 export const sdJwtPluginContextMethods: Array<string> = ['createSdJwtVc', 'createSdJwtPresentation', 'verifySdJwtVc', 'verifySdJwtPresentation']
@@ -85,12 +95,19 @@ export function contextHasSDJwtPlugin(context: IAgentContext<IPluginMethodMap>):
  * @beta
  */
-export interface SdJwtVcPayload extends SdJwtPayload {
+export interface SdJwtVcPayload extends OrigSdJwtVcPayload {
   x5c?: string[]
 }
+export type Vcdm2Enveloped = 'EnvelopedVerifiableCredential' | 'EnvelopedVerifiablePresentation'
+export function isVcdm2SdJwt(type: SdJwtType | string): Boolean {
+  return type === 'vc+sd-jwt' || type === 'vp+sd-jwt'
+}
 export interface ICreateSdJwtVcArgs {
-  credentialPayload: SdJwtVcPayload
+  type?: SdJwtVcType
+  credentialPayload: SdJwtPayload
   // biome-ignore lint/suspicious/noExplicitAny: <explanation>
   disclosureFrame?: IDisclosureFrame
@@ -114,6 +131,8 @@ export interface IDisclosureFrame {
  * @beta
  */
 export interface ICreateSdJwtVcResult {
+  type: SdJwtVcType
   /**
    * the encoded sd-jwt credential
    */
@@ -146,6 +165,10 @@ export interface ICreateSdJwtPresentationArgs {
    * Information to include to add key binding.
    */
   kb?: KBOptions
+  type?: SdJwtVpType
+  vcdm2Enveloped?: Vcdm2Enveloped
 }
 /**
@@ -164,6 +187,8 @@ export interface ICreateSdJwtPresentationResult {
    * Encoded presentation.
    */
   presentation: string
+  type: SdJwtVpType
 }
 /**
@@ -180,7 +205,8 @@ export interface IVerifySdJwtVcArgs {
  * @beta
  */
 export type IVerifySdJwtVcResult = {
-  payload: SdJwtPayload
+  type: SdJwtVcType
+  payload: SdJwtVcPayload | SdJwtVcdm2Payload
   header: Record<string, unknown>
   kb?: { header: kbHeader; payload: kbPayload }
 }
@@ -193,7 +219,15 @@ export interface IVerifySdJwtPresentationArgs {
   requiredClaimKeys?: string[]
-  kb?: boolean
+  /**
+   * nonce used to verify the key binding jwt to prevent replay attacks.
+   */
+  keyBindingNonce?: string
+  /**
+   * Audience used to verify the key binding jwt
+   */
+  keyBindingAud?: string
 }
 /**

package/src/utils.ts CHANGED Viewed

@@ -1,7 +1,9 @@
-import { SdJwtTypeMetadata } from '@sphereon/ssi-types'
+import type { SdJwtTypeMetadata, SdJwtVcdm2Payload } from '@sphereon/ssi-types'
 // @ts-ignore
 import { toString } from 'uint8arrays/to-string'
 import { Hasher, HasherSync } from '@sd-jwt/types'
+import type { SdJwtPayload } from '@sd-jwt/core'
+import type { SdJwtVcPayload } from '@sd-jwt/sd-jwt-vc'
 // Helper function to fetch API with error handling
 export async function fetchUrlWithErrorHandling(url: string): Promise<Response> {
@@ -64,3 +66,32 @@ export function assertValidTypeMetadata(metadata: SdJwtTypeMetadata, vct: string
     throw new Error('VCT mismatch in metadata and credential')
   }
 }
+export function isVcdm2SdJwtPayload(payload: SdJwtPayload): payload is SdJwtVcdm2Payload {
+  return (
+    'type' in payload &&
+    Array.isArray(payload.type) &&
+    payload.type.includes('VerifiableCredential') &&
+    '@context' in payload &&
+    ((typeof payload['@context'] === 'string' && payload['@context'].length > 0) ||
+      (Array.isArray(payload['@context']) && payload['@context'].length > 0 && payload['@context'].includes('https://www.w3.org/ns/credentials/v2')))
+  )
+}
+export function isSdjwtVcPayload(payload: SdJwtPayload): payload is SdJwtVcPayload {
+  return !isVcdm2SdJwtPayload(payload) && 'vct' in payload && typeof payload.vct === 'string'
+}
+export function getIssuerFromSdJwt(payload: SdJwtPayload): string {
+    let issuer: string | undefined
+  if (isVcdm2SdJwtPayload(payload)) {
+    issuer = typeof payload.issuer === 'string' ? payload.issuer : payload.issuer?.id
+  }
+  if (isSdjwtVcPayload(payload)) {
+    issuer = payload.iss as string
+  }
+  if (!issuer) {
+      throw new Error('No issuer (iss or VCDM 2 issuer) found in SD-JWT or no VCDM2 SD-JWT or SD-JWT VC')
+  }
+  return issuer
+}