@sphereon/ssi-types

import mdocPkg from '@sphereon/kmp-mdoc-core'; import { CredentialPayload, VerifiableCredential, IssuerType } from '@veramo/core'; import { SDJWTConfig, Verifier } from '@sd-jwt/types'; import { EventEmitter } from 'events'; /** * Accept a Type or a Promise of that Type. * * @internal */ type OrPromise<T> = T | Promise<T>; type Optional<T, K extends keyof T> = Pick<Partial<T>, K> & Omit<T, K>; type RequireOneOf<T, Keys extends keyof T = keyof T> = Pick<T, Exclude<keyof T, Keys>> & { [K in Keys]-?: Required<Pick<T, K>> & Partial<Pick<T, Exclude<Keys, K>>>; }[Keys]; type BearerTokenArg = (() => Promise<string>) | string; /** * Generic structure used for validations. For instance for X509 and JWs signature checks. Allows us to create multilevel structures for complex validations */ type IValidationResult = { /** * The name of the validation or its subsystem. Mainly used for information purposes. Not assumed to be unique */ name: string; /** * Whether the validation was successful or not */ error: boolean; /** * Whether an error can be ignored or not (up to processing logic) */ critical: boolean; /** * Any status/info message about the validation */ message: string; /** * The date and time of the validation */ verificationTime: Date; }; type IValidationResults = { /** * Global derived error state for easy access */ error: boolean; verifications: Array<IValidationResult>; }; interface IParsedDID { did: string; didUrl: string; method: string; id: string; path?: string; fragment?: string; query?: string; params?: { [index: string]: string; }; } /** * Defines an object type that can be extended with other properties. */ type Extensible = Record<string, any>; /** * Defines the result of a DID resolution operation. * * @see {@link Resolvable.resolve} * @see {@link https://www.w3.org/TR/did-core/#did-resolution} */ interface DIDResolutionResult { '@context'?: 'https://w3id.org/did-resolution/v1' | string | string[]; didResolutionMetadata: DIDResolutionMetadata; didDocument: DIDDocument | null; didDocumentMetadata: DIDDocumentMetadata; } /** * Describes the options forwarded to the resolver when executing a {@link Resolvable.resolve} operation. * * @see {@link https://www.w3.org/TR/did-core/#did-resolution-options} */ interface DIDResolutionOptions extends Extensible { accept?: string; } /** * Encapsulates the resolution metadata resulting from a {@link Resolvable.resolve} operation. * * @see {@link https://www.w3.org/TR/did-core/#did-resolution-metadata} */ interface DIDResolutionMetadata extends Extensible { contentType?: string; error?: 'invalidDid' | 'notFound' | 'representationNotSupported' | 'unsupportedDidMethod' | string; } /** * Represents metadata about the DID document resulting from a {@link Resolvable.resolve} operation. * * @see {@link https://www.w3.org/TR/did-core/#did-document-metadata} */ interface DIDDocumentMetadata extends Extensible { created?: string; updated?: string; deactivated?: boolean; versionId?: string; nextUpdate?: string; nextVersionId?: string; equivalentId?: string; canonicalId?: string; } /** * Represents the Verification Relationship between a DID subject and a Verification Method. * * @see {@link https://www.w3.org/TR/did-core/#verification-relationships} */ type KeyCapabilitySection = 'authentication' | 'assertionMethod' | 'keyAgreement' | 'capabilityInvocation' | 'capabilityDelegation'; /** * Represents a DID document. * * @see {@link https://www.w3.org/TR/did-core/#did-document-properties} */ type DIDDocument = { '@context'?: 'https://www.w3.org/ns/did/v1' | string | string[]; id: string; alsoKnownAs?: string[]; controller?: string | string[]; verificationMethod?: VerificationMethod[]; service?: Service[]; /** * @deprecated */ publicKey?: VerificationMethod[]; } & { [x in KeyCapabilitySection]?: (string | VerificationMethod)[]; }; /** * Represents a Service entry in a {@link https://www.w3.org/TR/did-core/#did-document-properties | DID document}. * * @see {@link https://www.w3.org/TR/did-core/#services} * @see {@link https://www.w3.org/TR/did-core/#service-properties} */ interface Service { id: string; type: string; serviceEndpoint: ServiceEndpoint | ServiceEndpoint[]; [x: string]: any; } /** * Represents an endpoint of a Service entry in a DID document. * * @see {@link https://www.w3.org/TR/did-core/#dfn-serviceendpoint} * @see {@link https://www.w3.org/TR/did-core/#services} */ type ServiceEndpoint = string | Record<string, any>; /** * Encapsulates a JSON web key type that includes only the public properties that * can be used in DID documents. * * The private properties are intentionally omitted to discourage the use * (and accidental disclosure) of private keys in DID documents. * * @see {@link https://www.rfc-editor.org/rfc/rfc7517 | RFC7517 JsonWebKey (JWK)} */ interface JsonWebKey extends Extensible { alg?: string; crv?: string; e?: string; ext?: boolean; key_ops?: string[]; kid?: string; kty: string; n?: string; use?: string; x?: string; y?: string; } /** * Represents the properties of a Verification Method listed in a DID document. * * This data type includes public key representations that are no longer present in the spec but are still used by * several DID methods / resolvers and kept for backward compatibility. * * @see {@link https://www.w3.org/TR/did-core/#verification-methods} * @see {@link https://www.w3.org/TR/did-core/#verification-method-properties} */ interface VerificationMethod { id: string; type: string; controller: string; publicKeyBase58?: string; publicKeyBase64?: string; publicKeyJwk?: JsonWebKey; publicKeyHex?: string; publicKeyMultibase?: string; blockchainAccountId?: string; ethereumAddress?: string; conditionOr?: VerificationMethod[]; conditionAnd?: VerificationMethod[]; threshold?: number; conditionThreshold?: VerificationMethod[]; conditionWeightedThreshold?: ConditionWeightedThreshold[]; conditionDelegated?: string; relationshipParent?: string[]; relationshipChild?: string[]; relationshipSibling?: string[]; } interface ConditionWeightedThreshold { condition: VerificationMethod; weight: number; } /** * It expresses how the inputs are presented as proofs to a Verifier. */ interface PresentationSubmission { /** * A UUID or some other unique ID to identify this Presentation Submission */ id: string; /** * A UUID or some other unique ID to identify this Presentation Definition */ definition_id: string; /** * List of descriptors of how the claims are being mapped to presentation definition */ descriptor_map: Array<Descriptor>; } /** * descriptor map laying out the structure of the presentation submission. */ interface Descriptor { /** * ID to identify the descriptor from Presentation Definition Input Descriptor it coresponds to. */ id: string; /** * The path where the verifiable credential is located in the presentation submission json */ path: string; path_nested?: Descriptor; /** * The Proof or JWT algorith that the proof is in */ format: string; } type CredentialEncoding = 'json' | 'jwt' | 'cbor'; type IssuerAttributeName = 'iss' | 'issuer' | 'issuerAuth'; type SubjectAttributeName = 'subject' | 'id' | 'deviceMac' | 'TODO'; type TypeAttributeName = 'type' | 'vct'; type DataModel = 'W3C_VCDM' | 'IETF_SD_JWT' | 'ISO_MSO_MDOC'; interface CredentialConstraint { credentialFormat: CredentialFormat; presentationFormat: PresentationFormat; maxSignatures: number; encoding: CredentialEncoding; dataModel: DataModel; typeAttribute?: TypeAttributeName; issuerAttributes: [IssuerAttributeName]; } declare enum StatusListCredentialIdMode { ISSUANCE = "ISSUANCE", NEVER = "NEVER" } declare enum StatusListDriverType { AGENT_TYPEORM = "agent_typeorm" } declare class ObjectUtils { static asArray<T>(value: T): T[]; static isObject(value: unknown): value is object; static isUrlAbsolute(url: string): void; static isString(value: unknown): value is string; static isBase64(value: unknown): boolean; } declare const shaHasher: HasherSync; declare const defaultHasher: HasherSync; declare function isWrappedW3CVerifiableCredential(vc: WrappedVerifiableCredential): vc is WrappedW3CVerifiableCredential; declare function isWrappedW3CVerifiablePresentation(vp: WrappedVerifiablePresentation): vp is WrappedW3CVerifiablePresentation; declare enum StatusListType { StatusList2021 = "StatusList2021", OAuthStatusList = "OAuthStatusList", BitstringStatusList = "BitstringStatusList" } declare function isVcdm1Credential(credential: CredentialPayload | IVerifiableCredential | ICredential | VerifiableCredential | unknown): boolean; declare function isVcdm2Credential(credential: CredentialPayload | IVerifiableCredential | ICredential | VerifiableCredential | unknown): boolean; declare function addVcdmContextIfNeeded(context?: string[], defaultValue?: string): string[]; declare const VCDM_CREDENTIAL_CONTEXT_V1 = "https://www.w3.org/2018/credentials/v1"; declare const VCDM_CREDENTIAL_CONTEXT_V2 = "https://www.w3.org/ns/credentials/v2"; declare const VCDM_CREDENTIAL_CONTEXT_VERSIONS: string[]; declare enum IProofPurpose { verificationMethod = "verificationMethod", assertionMethod = "assertionMethod", authentication = "authentication", keyAgreement = "keyAgreement", contractAgreement = "contactAgreement", capabilityInvocation = "capabilityInvocation", capabilityDelegation = "capabilityDelegation" } declare enum IProofType { Ed25519Signature2018 = "Ed25519Signature2018", Ed25519Signature2020 = "Ed25519Signature2020", EcdsaSecp256k1Signature2019 = "EcdsaSecp256k1Signature2019", EcdsaSecp256k1RecoverySignature2020 = "EcdsaSecp256k1RecoverySignature2020", JsonWebSignature2020 = "JsonWebSignature2020", RsaSignature2018 = "RsaSignature2018", GpgSignature2020 = "GpgSignature2020", JcsEd25519Signature2020 = "JcsEd25519Signature2020", BbsBlsSignatureProof2020 = "BbsBlsSignatureProof2020", BbsBlsBoundSignatureProof2020 = "BbsBlsBoundSignatureProof2020", JwtProof2020 = "JwtProof2020", SdJwtProof2024 = "SdJwtProof2024", MdocProof2024 = "MsoMdocProof2024" } declare const parseDid: (did: string) => IParsedDID; declare function isWrappedMdocCredential(vc: WrappedVerifiableCredential): vc is WrappedMdocCredential; declare function isWrappedMdocPresentation(vp: WrappedVerifiablePresentation): vp is WrappedMdocPresentation; declare function getMdocDecodedPayload(mdoc: MdocDocument): MdocDecodedPayload; /** * Decode an Mdoc from its issuerSigned OID4VP Base64URL (string) to an object containing the disclosures, * signed payload, decoded payload * */ declare function decodeMdocIssuerSigned(oid4vpIssuerSigned: MdocOid4vpIssuerSigned): MdocDocument; declare function encodeMdocIssuerSigned(issuerSigned: MdocIssuerSigned, encoding?: 'base64url'): string; /** * Decode an Mdoc from its vp_token OID4VP Base64URL (string) to an object containing the disclosures, * signed payload, decoded payload * */ declare function decodeMdocDeviceResponse(vpToken: MdocOid4vpMdocVpToken): MdocDeviceResponse; declare const mdocDecodedCredentialToUniformCredential: (decoded: MdocDocument, opts?: { maxTimeSkewInMS?: number; }) => IVerifiableCredential; /** * Decode an SD-JWT vc from its compact format (string) to an object containing the disclosures, * signed payload, decoded payload and the compact SD-JWT vc. * * Both the input and output interfaces of this method are defined in `@sphereon/ssi-types`, so * this method hides the actual implementation of SD-JWT (which is currently based on @sd-jwt/core) */ declare function decodeSdJwtVc(compactSdJwtVc: CompactSdJwtVc, hasher: HasherSync): SdJwtDecodedVerifiableCredential; /** * Decode an SD-JWT vc from its compact format (string) to an object containing the disclosures, * signed payload, decoded payload and the compact SD-JWT vc. * * Both the input and output interfaces of this method are defined in `@sphereon/ssi-types`, so * this method hides the actual implementation of SD-JWT (which is currently based on @sd-jwt/core) */ declare function decodeSdJwtVcAsync(compactSdJwtVc: CompactSdJwtVc, hasher: Hasher): Promise<SdJwtDecodedVerifiableCredential>; declare const sdJwtDecodedCredentialToUniformCredential: (decoded: SdJwtDecodedVerifiableCredential, opts?: { maxTimeSkewInMS?: number; }) => IVerifiableCredential; declare enum JwkKeyType { EC = "EC", RSA = "RSA", oct = "oct", OKP = "OKP" } declare enum JoseSignatureAlgorithm { RS256 = "RS256", RS384 = "RS384", RS512 = "RS512", ES256 = "ES256", ES256K = "ES256K", ES384 = "ES384", ES512 = "ES512", EdDSA = "EdDSA", HS256 = "HS256", HS384 = "HS384", HS512 = "HS512", PS256 = "PS256", PS384 = "PS384", PS512 = "PS512", none = "none" } declare enum JoseKeyOperation { SIGN = "sign", VERIFY = "verify", ENCRYPT = "encrypt", DECRYPT = "decrypt", WRAP_KEY = "wrapKey", UNWRAP_KEY = "unwrapKey", DERIVE_KEY = "deriveKey", DERIVE_BITS = "deriveBits" } declare enum JoseCurve { P_256 = "P-256", P_384 = "P-384", P_521 = "P-521", X25519 = "X25519", X448 = "X448", EdDSA = "EdDSA", Ed25519 = "Ed25519", Ed448 = "Ed448", secp256k1 = "secp256k1" } declare enum ICoseKeyType { OKP = 1, EC2 = 2, RSA = 3, Symmetric = 4, Reserved = 0 } declare enum ICoseSignatureAlgorithm { ES256 = -7, ES256K = -47, ES384 = -35, ES512 = -36, EdDSA = -8, HS256_64 = 4, HS256 = 5, HS384 = 6, HS512 = 7, PS256 = -37, PS384 = -38, PS512 = -39 } declare enum ICoseKeyOperation { SIGN = 1, VERIFY = 2, ENCRYPT = 3, DECRYPT = 4, WRAP_KEY = 5, UNWRAP_KEY = 6, DERIVE_KEY = 7, DERIVE_BITS = 8, MAC_CREATE = 9, MAC_VERIFY = 10 } declare enum ICoseCurve { P_256 = 1, P_384 = 2, P_521 = 3, X25519 = 4, X448 = 5, Ed25519 = 6, Ed448 = 7, secp256k1 = -1 } type DeviceResponseCbor = mdocPkg.com.sphereon.mdoc.data.device.DeviceResponseCbor; declare const sha256: (data: string | ArrayBuffer | SharedArrayBuffer) => Uint8Array; declare class CredentialMapper { /** * Decodes a compact SD-JWT vc to it's decoded variant. This method can be used when the hasher implementation used is Async, and therefore not suitable for usage * with the other decode methods. */ static decodeSdJwtVcAsync(compactSdJwtVc: string, hasher: Hasher): Promise<SdJwtDecodedVerifiableCredential>; /** * Decodes a Verifiable Presentation to a uniform format. * * When decoding SD-JWT credentials, a hasher implementation must be provided. The hasher implementation must be sync. When using * an async hasher implementation, use the decodeSdJwtVcAsync method instead and you can provide the decoded payload to methods * instead of the compact SD-JWT. * * @param presentation * @param hasher Hasher implementation to use for SD-JWT decoding. */ static decodeVerifiablePresentation(presentation: OriginalVerifiablePresentation, hasher?: HasherSync): JwtDecodedVerifiablePresentation | IVerifiablePresentation | SdJwtDecodedVerifiableCredential | MdocOid4vpMdocVpToken | MdocDeviceResponse; /** * Decodes a Verifiable Credential to a uniform format. * * When decoding SD-JWT credentials, a hasher implementation must be provided. The hasher implementation must be sync. When using * an async hasher implementation, use the decodeSdJwtVcAsync method instead and you can provide the decoded payload to methods * instead of the compact SD-JWT. * * @param credential * @param hasher Hasher implementation to use for SD-JWT decoding */ static decodeVerifiableCredential(credential: OriginalVerifiableCredential, hasher?: HasherSync): JwtDecodedVerifiableCredential | IVerifiableCredential | SdJwtDecodedVerifiableCredential; /** * Converts a presentation to a wrapped presentation. * * When decoding SD-JWT credentials, a hasher implementation must be provided. The hasher implementation must be sync. When using * an async hasher implementation, use the decodeSdJwtVcAsync method instead and you can provide the decoded payload to methods * instead of the compact SD-JWT. * * @param originalPresentation * @param opts */ static toWrappedVerifiablePresentation(originalPresentation: OriginalVerifiablePresentation, opts?: { maxTimeSkewInMS?: number; hasher?: HasherSync; }): WrappedVerifiablePresentation; /** * Converts a list of credentials to a list of wrapped credentials. * * When decoding SD-JWT credentials, a hasher implementation must be provided. The hasher implementation must be sync. When using * an async hasher implementation, use the decodeSdJwtVcAsync method instead and you can provide the decoded payload to methods * instead of the compact SD-JWT. * * @param hasher Hasher implementation to use for SD-JWT decoding */ static toWrappedVerifiableCredentials(verifiableCredentials: OriginalVerifiableCredential[], opts?: { maxTimeSkewInMS?: number; hasher?: HasherSync; }): WrappedVerifiableCredential[]; /** * Converts a credential to a wrapped credential. * * When decoding SD-JWT credentials, a hasher implementation must be provided. The hasher implementation must be sync. When using * an async hasher implementation, use the decodeSdJwtVcAsync method instead and you can provide the decoded payload to methods * instead of the compact SD-JWT. * * @param hasher Hasher implementation to use for SD-JWT decoding */ static toWrappedVerifiableCredential(verifiableCredential: OriginalVerifiableCredential, opts?: { maxTimeSkewInMS?: number; hasher?: HasherSync; }): WrappedVerifiableCredential; static isJwtEncoded(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is string; static isSdJwtEncoded(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is string; static isMsoMdocOid4VPEncoded(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is string; static isW3cCredential(credential: ICredential | SdJwtDecodedVerifiableCredential | MdocDocument): credential is ICredential; static isCredential(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is OriginalVerifiableCredential; static isPresentation(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is OriginalVerifiablePresentation; static hasProof(original: OriginalVerifiableCredential | OriginalVerifiablePresentation | string): boolean; static isW3cPresentation(presentation: UniformVerifiablePresentation | IPresentation | SdJwtDecodedVerifiableCredential | DeviceResponseCbor): presentation is IPresentation; static isSdJwtDecodedCredentialPayload(credential: ICredential | SdJwtDecodedVerifiableCredentialPayload): credential is SdJwtDecodedVerifiableCredentialPayload; static areOriginalVerifiableCredentialsEqual(firstOriginal: OriginalVerifiableCredential, secondOriginal: OriginalVerifiableCredential): boolean; static isJsonLdAsString(original: OriginalVerifiableCredential | OriginalVerifiablePresentation): original is string; static isSdJwtDecodedCredential(original: OriginalVerifiableCredential | OriginalVerifiablePresentation | ICredential | IPresentation): original is SdJwtDecodedVerifiableCredential; static isSdJwtVcdm2DecodedCredential(original: OriginalVerifiableCredential | OriginalVerifiablePresentation | ICredential | IPresentation): original is SdJwtDecodedVerifiableCredential; static isMsoMdocDecodedCredential(original: OriginalVerifiableCredential | OriginalVerifiablePresentation | ICredential | IPresentation): original is MdocDocument; static isMsoMdocDecodedPresentation(original: OriginalVerifiablePresentation): original is MdocDeviceResponse; static isJwtDecodedCredential(original: OriginalVerifiableCredential): original is JwtDecodedVerifiableCredential; static isJwtDecodedPresentation(original: OriginalVerifiablePresentation): original is JwtDecodedVerifiablePresentation; static isWrappedSdJwtVerifiableCredential: typeof isWrappedSdJwtVerifiableCredential; static isWrappedSdJwtVerifiablePresentation: typeof isWrappedSdJwtVerifiablePresentation; static isWrappedW3CVerifiableCredential: typeof isWrappedW3CVerifiableCredential; static isWrappedW3CVerifiablePresentation: typeof isWrappedW3CVerifiablePresentation; static isWrappedMdocCredential: typeof isWrappedMdocCredential; static isWrappedMdocPresentation: typeof isWrappedMdocPresentation; static jwtEncodedPresentationToUniformPresentation(jwt: string, makeCredentialsUniform?: boolean, opts?: { maxTimeSkewInMS?: number; }): IPresentation; static jwtDecodedPresentationToUniformPresentation(decoded: JwtDecodedVerifiablePresentation, makeCredentialsUniform?: boolean, opts?: { maxTimeSkewInMS?: number; }): IVerifiablePresentation; static toUniformCredential(verifiableCredential: OriginalVerifiableCredential, opts?: { maxTimeSkewInMS?: number; hasher?: HasherSync; }): IVerifiableCredential; static toUniformPresentation(presentation: OriginalVerifiablePresentation, opts?: { maxTimeSkewInMS?: number; addContextIfMissing?: boolean; hasher?: HasherSync; }): IVerifiablePresentation; static jwtEncodedCredentialToUniformCredential(jwt: string, opts?: { maxTimeSkewInMS?: number; }): IVerifiableCredential; static jwtDecodedCredentialToUniformCredential(decoded: JwtDecodedVerifiableCredential, opts?: { maxTimeSkewInMS?: number; }): IVerifiableCredential; static toExternalVerifiableCredential(verifiableCredential: any): IVerifiableCredential; static storedCredentialToOriginalFormat(credential: OriginalVerifiableCredential): W3CVerifiableCredential; static storedPresentationToOriginalFormat(presentation: OriginalVerifiablePresentation): W3CVerifiablePresentation; static toCompactJWT(jwtDocument: W3CVerifiableCredential | JwtDecodedVerifiableCredential | W3CVerifiablePresentation | JwtDecodedVerifiablePresentation | string): string; static detectDocumentType(document: W3CVerifiableCredential | W3CVerifiablePresentation | JwtDecodedVerifiableCredential | JwtDecodedVerifiablePresentation | SdJwtDecodedVerifiableCredential | MdocDeviceResponse | MdocDocument): DocumentFormat; private static hasJWTProofType; private static getFirstProof; static issuerCorrelationIdFromIssuerType(issuer: IssuerType): string; } declare function isWrappedSdJwtVerifiableCredential(vc: WrappedVerifiableCredential): vc is WrappedSdJwtVerifiableCredential; declare function isWrappedSdJwtVerifiablePresentation(vp: WrappedVerifiablePresentation): vp is WrappedSdJwtVerifiablePresentation; declare enum OriginalType { JSONLD = "json-ld", JWT_ENCODED = "jwt-encoded", JWT_DECODED = "jwt-decoded", SD_JWT_VC_ENCODED = "sd-jwt-vc-encoded", SD_JWT_VC_DECODED = "sd-jwt-vc-decoded", MSO_MDOC_ENCODED = "mso_mdoc-encoded", MSO_MDOC_DECODED = "mso_mdoc-decoded" } declare const JWT_PROOF_TYPE_2020 = "JwtProof2020"; declare enum DocumentFormat { JWT = 0, JSONLD = 1, SD_JWT_VC = 2, EIP712 = 3, MSO_MDOC = 4 } type LanguageValueClaim = { language: string; value: string | string[] | number | number[]; }; declare const isLanguageValueObject: (claim?: unknown) => claim is LanguageValueClaim; declare const isLanguageValueObjects: (claim?: unknown) => claim is LanguageValueClaim[]; declare const toLanguageValueObject: (claim?: unknown) => LanguageValueClaim | undefined; declare const toLanguageValueObjects: (claim?: unknown) => LanguageValueClaim[] | undefined; declare const mapLanguageValue: (claim?: unknown, opts?: { language?: string; fallbackToFirstObject?: boolean; }) => any; declare const mapLanguageValues: <T extends object>(claimsOrCredential: T, opts?: { language?: string; fallbackToFirstObject?: boolean; noDeepClone?: boolean; }) => T; /** * Create some interface below to do a the mapping of the KMP library. * For now we are using the library directly, and thus do not need them, * but it would be nice if we can remove the imports and just have some interfaces here we can then use, like done * for sd-jwts */ type DocumentJson = mdocPkg.com.sphereon.mdoc.data.device.DocumentJson; type IssuerSignedItemJson = mdocPkg.com.sphereon.mdoc.data.device.IssuerSignedItemJson; /** * Represents a selective disclosure JWT vc in compact form. */ type MdocOid4vpIssuerSigned = string; type MdocOid4vpMdocVpToken = string; type MdocIssuerSigned = mdocPkg.com.sphereon.mdoc.data.device.IssuerSignedCbor; type MdocDocument = mdocPkg.com.sphereon.mdoc.data.device.DocumentCbor; type MdocDocumentJson = mdocPkg.com.sphereon.mdoc.data.device.DocumentJson; type IssuerSignedJson = mdocPkg.com.sphereon.mdoc.data.device.IssuerSignedJson; type DeviceSignedJson = mdocPkg.com.sphereon.mdoc.data.device.DeviceSignedJson; type MdocDeviceResponse = mdocPkg.com.sphereon.mdoc.data.device.DeviceResponseCbor; interface WrappedMdocCredential { /** * Original IssuerSigned to Mdoc that we've received. Can be either the encoded or decoded variant. */ original: MdocDocument | MdocOid4vpIssuerSigned; /** * Record where keys are the namespaces and the values are objects again with the namespace values * @todo which types can be there? (it doesn't matter for matching as mdoc only matches on path) */ decoded: MdocDecodedPayload; /** * Type of this credential. */ type: OriginalType.MSO_MDOC_DECODED | OriginalType.MSO_MDOC_ENCODED; /** * The claim format, typically used during exchange transport protocols */ format: 'mso_mdoc'; /** * Internal stable representation of a Credential */ credential: MdocDocument; } interface WrappedMdocPresentation { /** * Original VP that we've received. Can be either the encoded or decoded variant. */ original: MdocDeviceResponse | MdocOid4vpMdocVpToken; /** * Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT. */ decoded: MdocDeviceResponse; /** * Type of this Presentation. */ type: OriginalType.MSO_MDOC_ENCODED | OriginalType.MSO_MDOC_DECODED; /** * The claim format, typically used during exchange transport protocols */ format: 'mso_mdoc'; /** * Internal stable representation of a Presentation */ presentation: MdocDeviceResponse; /** * Wrapped Mdocs belonging to the Presentation. There can be multiple * documents in a single device response */ vcs: WrappedMdocCredential[]; } /** * Record where keys are the namespaces and the values are objects again with the namespace values */ type MdocDecodedPayload = Record<string, Record<string, string | number | boolean>>; type AdditionalClaims = Record<string, any>; type IIssuerId = string; type SingleOrArray<T> = T | T[]; interface IVcdmBaseCredential { '@context': SingleOrArray<ICredentialContextType>; type: string[]; credentialSchema?: undefined | SingleOrArray<ICredentialSchemaType>; issuer: IIssuerId | IIssuer; credentialSubject: SingleOrArray<ICredentialSubject & AdditionalClaims>; id?: string; credentialStatus?: SingleOrArray<ICredentialStatus>; description?: string; name?: string; } interface IVcdm2Credential extends IVcdmBaseCredential { validFrom: string; validUntil?: string; credentialStatus?: SingleOrArray<ICredentialStatus>; [x: string]: any; } interface ICredential extends IVcdmBaseCredential { issuanceDate: string; expirationDate?: string; credentialStatus?: ICredentialStatus; [x: string]: any; } interface ICredentialSubject { id?: string; } type ICredentialContextType = (ICredentialContext & AdditionalClaims) | string; interface ICredentialContext { name?: string; did?: string; } type ICredentialSchemaType = ICredentialSchema | string; interface ICredentialSchema { id: string; type?: string; } interface IProof { type: IProofType | string; created: string; proofPurpose: IProofPurpose | string; verificationMethod: string; challenge?: string; domain?: string; proofValue?: string; jws?: string; jwt?: string; mso_mdoc?: string; nonce?: string; requiredRevealStatements?: string[]; [x: string]: any; } interface ICredentialStatus { id: string; type: string; [x: string]: any; } interface IIssuer { id: string; [x: string]: any; } interface IHasProof { proof: IProof | IProof[]; } type IVerifiableCredential = ICredential & IHasProof; /** * Represents a Json Web Token in compact form. */ type CompactJWT = string; /** * Represents a signed Verifiable Credential (includes proof), in either JSON, compact JWT or compact SD-JWT VC format. * See {@link https://www.w3.org/TR/vc-data-model/#credentials | VC data model} * See {@link https://www.w3.org/TR/vc-data-model/#proof-formats | proof formats} */ type W3CVerifiableCredential = IVerifiableCredential | CompactJWT; interface IPresentation { id?: string; '@context': ICredentialContextType | ICredentialContextType[]; type?: string | string[]; verifiableCredential?: W3CVerifiableCredential[]; presentation_submission?: PresentationSubmission; holder?: string; verifier?: string; [x: string]: any; } type IVerifiablePresentation = IPresentation & IHasProof; /** * Represents a signed Verifiable Presentation (includes proof), in either JSON or compact JWT format. * See {@link https://www.w3.org/TR/vc-data-model/#presentations | VC data model} * See {@link https://www.w3.org/TR/vc-data-model/#proof-formats | proof formats} */ type W3CVerifiablePresentation = IVerifiablePresentation | CompactJWT; interface WrappedW3CVerifiableCredential { /** * Original VC that we've received */ original: W3CVerifiableCredential | JwtDecodedVerifiableCredential; /** * In case of JWT credential it will be the decoded version. In other cases it will be the same as original one */ decoded: JwtDecodedVerifiableCredential | IVerifiableCredential; /** * Type of this credential. Supported types are json-ld, jwt (decoded/encoded) */ type: OriginalType.JSONLD | OriginalType.JWT_ENCODED | OriginalType.JWT_DECODED; /** * The claim format, typically used during exchange transport protocols */ format: 'dc+sd-jwt' | 'jwt_vc' | 'ldp_vc' | 'ldp' | 'jwt'; /** * Internal stable representation of a Credential */ credential: IVerifiableCredential; } interface WrappedW3CVerifiablePresentation { /** * Original VP that we've received */ original: W3CVerifiablePresentation | JwtDecodedVerifiablePresentation; /** * In case of JWT VP it will be the decoded version. In other cases it will be the same as original one */ decoded: JwtDecodedVerifiablePresentation | IVerifiablePresentation; /** * Type of this Presentation. Supported types are json-ld and jwt (decoded/encoded) and sd-jwt-vc (decoded/encoded) */ type: OriginalType.JSONLD | OriginalType.JWT_ENCODED | OriginalType.JWT_DECODED; /** * The claim format, typically used during exchange transport protocols */ format: 'vp+sd-jwt' | 'jwt_vp' | 'ldp_vp'; /** * Internal stable representation of a Presentation without proofs, created based on https://www.w3.org/TR/vc-data-model/#jwt-decoding */ presentation: UniformVerifiablePresentation; /** * Wrapped Verifiable Credentials belonging to the Presentation */ vcs: WrappedW3CVerifiableCredential[]; } interface UniformVerifiablePresentation { '@context': ICredentialContextType | ICredentialContextType[]; type: string | string[]; verifiableCredential: WrappedW3CVerifiableCredential[]; presentation_submission?: PresentationSubmission; holder?: string; } interface JwtDecodedVerifiableCredential { vc: IVerifiableCredential; exp: string; iss: string; nbf: string; sub: string; jti: string; [x: string]: any; } interface JwtDecodedVerifiablePresentation { vp: IVerifiablePresentation; exp: string; iss: string; nbf: string; sub: string; jti: string; aud: string; iat: string; [x: string]: any; } interface IVerifyStatusResult { verified: boolean; /** * Optional Error object for the * but currently the machine readable errors are not exported from DID-JWT package to be imported here */ error?: IError | undefined; /** * Other options can be specified for verification. * They will be forwarded to the lower level modules. that performt the checks */ [x: string]: any; } interface IVerifySingleResultItem { credential?: OriginalVerifiableCredential; presentation?: IPresentation; verified: boolean; error?: IError; log: Array<IVerifySingleResultLog>; } interface IVerifySingleResultLog { id: string; valid: boolean; } interface IVerifyResult { /** * This value is used to transmit the global result of verification. */ verified: boolean; results?: Array<IVerifySingleResultItem>; statusResult?: IVerifyStatusResult; /** * Optional Error object for the * but currently the machine readable errors are not exported from DID-JWT package to be imported here */ error?: IError | undefined; /** * Other options can be specified for verification. * They will be forwarded to the lower level modules. that perform the checks */ [x: string]: any; } /** * An error object, which can contain a code. * @beta */ interface IError { name?: string; errors?: IError[]; /** * The details of the error being thrown or forwarded */ message?: string; /** * The stack of the error */ stack?: string | string[]; details?: IErrorDetails; /** * The code for the error being throw */ errorCode?: string; } interface IErrorDetails { code?: string; url?: string; cause?: IError; } type StatusPurpose2021 = 'revocation' | 'suspension' | string; type StatusListIndexingDirection = 'rightToLeft'; type StatusListFetcher = (uri: string) => Promise<string>; type StatusValidator = (status: number) => Promise<void>; /** * Configuration for SD-JWT-VC */ type SDJWTVCDM2Config = SDJWTConfig & { statusListFetcher?: StatusListFetcher; statusValidator?: StatusValidator; statusVerifier?: Verifier; loadTypeMetadataFormat?: boolean; timeout?: number; }; /** * Conversion functions to Cose available for TS in our @sphereon/ssi-sdk-ext.key-utils package */ interface BaseJWK { kty: JwkKeyType | JwkKeyTypeString; crv?: JoseCurve | JoseCurveString; alg?: JoseSignatureAlgorithm | JoseSignatureAlgorithmString; x?: string; y?: string; e?: string; n?: string; } type JoseSignatureAlgorithmString = 'RS256' | 'RS384' | 'RS512' | 'ES256' | 'ES256K' | 'ES384' | 'ES512' | 'EdDSA' | 'HS256' | 'HS384' | 'HS512' | 'PS256' | 'PS384' | 'PS512' | 'none'; interface JWK extends BaseJWK { d?: string; dp?: string; dq?: string; ext?: boolean; k?: string; key_ops?: (JoseKeyOperation | JoseKeyOperationString)[]; kid?: string; oth?: Array<{ d?: string; r?: string; t?: string; }>; p?: string; q?: string; qi?: string; use?: string; /** JWK "x5c" (X.509 Certificate Chain) Parameter. */ x5c?: string[]; /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */ x5t?: string; /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */ 'x5t#S256'?: string; /** JWK "x5u" (X.509 URL) Parameter. */ x5u?: string; iv?: string; [propName: string]: unknown; } type JwkKeyTypeString = 'EC' | 'RSA' | 'oct' | 'OKP'; type JoseKeyOperationString = 'sign' | 'verify' | 'encrypt' | 'decrypt' | 'wrapKey' | 'unwrapKey' | 'deriveKey' | 'deriveBits'; type JoseCurveString = 'P-256' | 'P-384' | 'P-521' | 'X25519' | 'X448' | 'EdDSA' | 'Ed25519' | 'Ed448' | 'secp256k1'; type SdJwtPayload = Record<string, unknown>; /** * The payload MAY contain the _sd_alg key described in Section 4.1.1. * The payload MAY contain one or more digests of Disclosures to enable selective disclosure of the respective claims, created and formatted as described in Section 4.2. * The payload MAY contain one or more decoy digests to obscure the actual number of claims in the SD-JWT, created and formatted as described in Section 4.2.5. * The payload MAY contain one or more permanently disclosed claims. * The payload MAY contain the Holder's public key(s) or reference(s) thereto, as explained in Section 4.1.2. * The payload MAY contain further claims such as iss, iat, etc. as defined or required by the application using SD-JWTs. * The payload MUST NOT contain the claims _sd or ... except for the purpose of conveying digests as described in Section 4.2.4.1 and Section 4.2.4.2 respectively below. */ interface SdJwtVcdm2Payload extends IVcdm2Credential, SdJwtPayload { _sd_alg?: string; _sd?: string[]; cnf?: { jwk?: JWK; kid?: string; }; } type JsonValue = string | number | boolean | { [x: string]: JsonValue | undefined; } | Array<JsonValue>; type SdJwtJsonValue = string | number | boolean | { [x: string]: SdJwtJsonValue | undefined; _sd?: string[]; } | Array<SdJwtJsonValue | { '...': string; }>; /** * Decoded 'pretty' SD JWT Verifiable Credential. This representation has all the `_sd` properties * removed, and includes the disclosures directly within the payload. */ interface SdJwtDecodedVerifiableCredentialPayload { vct: string; iss: string; iat: number; nbf?: number; exp?: number; cnf?: { jwk?: any; kid?: string; }; status?: { idx: number; uri: string; }; sub?: string; [key: string]: JsonValue | undefined; } /** * Represents a selective disclosure JWT vc in compact form. */ type CompactSdJwtVc = string; /** * The signed payload of an SD-JWT. Includes fields such as `_sd`, `...` and `_sd_alg` */ interface SdJwtSignedVerifiableCredentialPayload extends SdJwtDecodedVerifiableCredentialPayload { _sd?: string[]; _sd_alg?: string; [x: string]: SdJwtJsonValue | undefined; } type SdJwtFrameValue = boolean | Array<SdJwtFrameValue> | { [x: string]: SdJwtFrameValue; }; type SdJwtDisclosureFrame = Record<string, SdJwtFrameValue>; type SdJwtPresentationFrame = Record<string, SdJwtFrameValue>; /** * Input for creating a SD JWT Verifiable Credential. This representation optionally includes the disclosure frame, * (as `__disclosureFrame`) to indicate which fields in the signed SD-JWT should be selectively discloseable */ interface SdJwtCredentialInput extends SdJwtDecodedVerifiableCredentialPayload { /** * Disclosure frame, indicating which fields in the signed SD-JWT should be selectively discloseable * Will be removed from the actual SD-JWT payload before signing */ __disclosureFrame?: SdJwtDisclosureFrame; } type SdJwtDecodedDisclosure = [string, string, JsonValue] | [string, JsonValue]; interface SdJwtDisclosure { encoded: string; decoded: SdJwtDecodedDisclosure; digest: string; } /** * The decoded SD JWT Verifiable Credential. This representation includes multiple representations of the * same SD-JWT, and allows to fully process an SD-JWT, as well as create a presentation SD-JWT (minus the KB-JWT) by removing * certain disclosures from the compact SD-JWT. * * This representation is useful as it doesn't require a hasher implementation to match the different digests in the signed SD-JWT * payload, with the different disclosures. */ interface SdJwtDecodedVerifiableCredential { type: SdJwtType; /** * The compact sd jwt is the sd-jwt encoded as string. It is a normal JWT, * with the disclosures and kb-jwt appended separated by ~ */ compactSdJwtVc: string; /** * The disclosures included within the SD-JWT in both encoded and decoded format. * The digests are also included, and allows the disclosures to be linked against * the digests in the signed payload. */ disclosures: Array<SdJwtDisclosure>; /** * The signed payload is the payload of the sd-jwt that is actually signed, and that includes * the `_sd` and `...` digests. */ signedPayload: SdJwtSignedVerifiableCredentialPayload | SdJwtVcdm2Payload; /** * The decoded payload is the payload when all `_sd` and `...` digests have been replaced * by the actual values from the disclosures. This format could also be seen as the 'pretty` * version of the SD JWT payload. * * This is useful for displaying the contents of the SD JWT VC to the user, or for example * for querying the contents of the SD JWT VC using a PEX presentation definition path. */ decodedPayload: SdJwtDecodedVerifiableCredentialPayload | SdJwtVcdm2Payload; /** * Key binding JWT */ kbJwt?: { header: SdJwtVcKbJwtHeader; payload: SdJwtVcKbJwtPayload; compact?: CompactJWT; }; } interface SdJwtVcKbJwtHeader { typ: 'kb+jwt'; alg: string; [x: string]: any; } interface SdJwtVcKbJwtPayload { iat: number; aud: string; nonce: string; sd_hash: string; [key: string]: unknown; } interface WrappedSdJwtVerifiableCredential { /** * Original VC that we've received. Can be either the encoded or decoded variant. */ original: SdJwtDecodedVerifiableCredential | SdJwtVcdm2Payload | CompactSdJwtVc; /** * Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT as the `decoded` property * is used in e.g. PEX to check for path filters from fields. The full decoded credential can be found in the `credential` field. */ decoded: SdJwtDecodedVerifiableCredentialPayload | SdJwtVcdm2Payload; /** * Type of this credential. */ type: OriginalType.SD_JWT_VC_DECODED | OriginalType.SD_JWT_VC_ENCODED; /** * The claim format, typically used during exchange transport protocols */ format: SdJwtType; /** * Internal stable representation of a Credential */ credential: SdJwtDecodedVerifiableCredential; } type HasherSync = (data: string | ArrayBuffer | SharedArrayBuffer, alg: string) => Uint8Array; type Hasher = (data: string | ArrayBuffer | SharedArrayBuffer, alg: string) => OrPromise<Uint8Array>; interface WrappedSdJwtVerifiablePresentation { /** * Original VP that we've received. Can be either the encoded or decoded variant. */ original: SdJwtDecodedVerifiableCredential | SdJwtVcdm2Payload | CompactSdJwtVc; /** * Decoded version of the SD-JWT payload. This is the decoded payload, rather than the whole SD-JWT. */ decoded: SdJwtDecodedVerifiableCredentialPayload | SdJwtVcdm2Payload; /** * Type of this Presentation. */ type: OriginalType.SD_JWT_VC_DECODED | OriginalType.SD_JWT_VC_ENCODED; /** * The claim format, typically used during exchange transport protocols */ format: 'dc+sd-jwt'; /** * Internal stable representation of a Presentation */ presentation: SdJwtDecodedVerifiableCredential; /** * Wrapped Verifiable Credentials belonging to the Presentation. Will always be an array * with a single SdJwtVerifiableCredential entry. */ vcs: [WrappedSdJwtVerifiableCredential]; } type SdJwtVcType = 'dc+sd-jwt' | 'vc+sd-jwt'; type SdJwtVpType = 'dc+sd-jwt' | 'vp+sd-jwt'; type SdJwtType = SdJwtVcType | SdJwtVpType; type WrappedVerifiableCredential = WrappedW3CVerifiableCredential | WrappedSdJwtVerifiableCredential | WrappedMdocCredential; type WrappedVerifiablePresentation = WrappedW3CVerifiablePresentation | WrappedSdJwtVerifiablePresentation | WrappedMdocPresentation; type CredentialProofFormat = 'jwt' | 'lds' | 'vc+jwt' | 'cbor'; type CredentialFormat = 'jwt_vc' | 'ldp_vc' | 'vc+jwt' | 'dc+sd-jwt' | 'jwt' | 'ldp' | 'mso_mdoc' | string; type PresentationFormat = 'jwt_vp' | 'ldp_vp' | 'vp+jwt' | 'vp+sd-jwt' | 'dc+sd-jwt' | 'jwt' | 'ldp' | 'mso_mdoc' | string; type ClaimFormat = CredentialFormat | PresentationFormat; type OriginalVerifiableCredential = W3CVerifiableCredential | JwtDecodedVerifiableCredential | SdJwtDecodedVerifiableCredential | MdocOid4vpIssuerSigned | MdocDocument; type OriginalVerifiablePresentation = W3CVerifiablePresentation | JwtDecodedVerifiablePresentation | SdJwtDecodedVerifiableCredential | MdocOid4vpMdocVpToken | MdocDeviceResponse; type Original = OriginalVerifiablePresentation | OriginalVerifiableCredential; type JwtObject = { alg_values: Array<string>; }; type LdpObject = { proof_type_values: Array<string>; }; type DiObject = { proof_type_values: Array<string>; cryptosuite: Array<string>; }; type SdJwtObject = { ['sd-jwt_alg_values']?: Array<string>; ['kb-jwt_alg_values']?: Array<string>; }; type MsoMdocObject = { ['issuerauth_alg_values']?: Array<number>; ['deviceauth_alg_values']?: Array<number>; }; type Format = { jwt?: JwtObject; jwt_vc?: JwtObject; jwt_vc_json?: JwtObject; jwt_vp?: JwtObject; jwt_vp_json?: JwtObject; ldp?: LdpObject; ldp_vc?: LdpObject; ldp_vp?: LdpObject; di?: DiObject; di_vc?: DiObject; di_vp?: DiObject; ['vc+sd-jwt']?: SdJwtObject; ['dc+sd-jwt']?: SdJwtObject; mso_mdoc?: MsoMdocObject; }; /** * Represents the metadata associated with a specific SD-JWT VC type. */ interface SdJwtTypeMetadata { /** * REQUIRED. The VC type URI. */ vct: string; /** * OPTIONAL. A human-readable name for the type. */ name?: string; /** * OPTIONAL. A human-readable description for the type. */ description?: string; /** * OPTIONAL. A URI of another type that this type extends. */ extends?: string; /** * OPTIONAL. Integrity metadata string for the 'extends' field. */ ['extends#integrity']?: string; /** * OPTIONAL. URL pointing towards a JSON Schema document describing the VC's structure. */ schema_uri?: string; /** * OPTIONAL. Integrity metadata string for the 'schema_uri' field. */ ['schema_uri#integrity']?: string; /** * OPTIONAL. Display metadata for various languages. */ display?: Array<SdJwtTypeDisplayMetadata>; /** * OPTIONAL. Metadata for the claims within the VC. */ claims?: Array<SdJwtClaimMetadata>; } /** * Represents the metadata associated with a specific SD-JWT claim. */ interface SdJwtClaimMetadata { /** * REQUIRED. An array indicating the claim or claims that are being addressed. */ path: Array<SdJwtClaimPath>; /** * OPTIONAL. Display information for the claim. */ display?: Array<SdJwtClaimDisplayMetadata>; /** * OPTIONAL. A string indicating whether the claim is selectively disclosable. */ sd?: SdJwtClaimSelectiveDisclosure; /** * OPTIONAL. A string defining the ID of the claim for reference in the SVG template. */ svg_id?: string; } /** * Represents claim display metadata for a specific language. */ interface SdJwtClaimDisplayMetadata { /** * REQUIRED. Language tag for the display information. */ lang: string; /** * OPTIONAL. Locale identifier for the display information. */ locale?: string; /** * REQUIRED. A human-readable label for the claim, intended for end users. */ label: string; /** * REQUIRED. A human-readable description for the claim, intended for end users. */ description?: string; } /** * Represents display metadata for a specific language. */ interface SdJwtTypeDisplayMetadata { /** * REQUIRED. Language tag for the display information. */ lang: string; /** * OPTIONAL. Locale identifier for the display information. */ locale?: string; /** * REQUIRED. Human-readable name for the type. */ name: string; /** * OPTIONAL. Human-readable description for the type. */ description?: string; /** * OPTIONAL. Rendering metadata for the type. */ rendering?: SdJwtTypeRenderingMetadata; } /** * Contains rendering metadata for different methods. */ interface SdJwtTypeRenderingMetadata { /** * OPTIONAL. Simple rendering method metadata. */ simple?: SdJwtSimpleRenderingMetadata; /** * OPTIONAL. Metadata for SVG templates. */ svg_template?: Array<SdJwtSVGTemplateMetadata>; } /** * Represents metadata for simple rendering. */ interface SdJwtSimpleRenderingMetadata { /** * OPTIONAL. Metadata for the logo image.