UNPKG

web-identity-schemas

Version:

TypeScript types and validation schemas for Web Identity and JOSE standards, including:

github.com/catena-labs/web-identity-schemas

catena-labs/web-identity-schemas

1 lines 15.6 kB
1
import{bitstringStatusListContext as e,credentialStatusTypes as t,cryptographicCurves as n,didMethodRegex as r,didRegex as i,didUrlRegex as a,ellipticCurves as o,joseAlgorithms as ee,joseCompressionAlgorithms as te,joseSignatureAlgorithms as ne,joseUnsecuredAlgorithm as re,jweContentEncryptionAlgorithms as ie,jweKeyManagementAlgorithms as s,keyOperations as ae,keyTypes as oe,keyUses as c,legacyVerificationMethodTypes as se,octetKeyPairCurves as ce,proofPurposes as le,statusList2021Context as l,statusPurposes as u,vcV1CoreContext as d,vcV2CoreContext as f,verificationMethodTypes as ue}from"./constants-CjmJiblM.js";import*as p from"valibot";const m=p.pipe(p.string(),p.regex(/^[A-Za-z0-9_-]+$/),p.custom(()=>!0)),h=p.pipe(p.string(),p.regex(/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/),p.custom(()=>!0)),de=p.pipe(p.picklist(o),p.custom(()=>!0)),fe=p.pipe(p.picklist(ce),p.custom(()=>!0)),pe=p.pipe(p.picklist(n),p.custom(()=>!0)),g=p.pipe(p.string(),p.regex(/^[a-zA-Z][a-zA-Z0-9+.-]*:.+/,`Must be a valid URI with scheme`),p.custom(()=>!0)),me=p.pipe(p.picklist(ne),p.custom(()=>!0)),_=p.pipe(p.literal(re),p.custom(()=>!0)),v=p.pipe(p.picklist(ee),p.custom(()=>!0)),y=p.pipe(p.picklist(ie),p.custom(()=>!0)),b=p.pipe(p.picklist(s),p.custom(()=>!0)),he=p.pipe(p.picklist(te),p.custom(()=>!0)),ge=p.pipe(p.picklist(c),p.custom(()=>!0)),_e=p.pipe(p.picklist(ae),p.custom(()=>!0)),ve=p.array(_e),x=p.object({alg:p.optional(v),ext:p.optional(p.boolean()),key_ops:p.optional(ve),kid:p.optional(p.string()),use:p.optional(ge),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),x5u:p.optional(p.pipe(p.string(),p.url()))}),ye=p.object({...x.entries,kty:p.literal(`RSA`),n:m,e:m,d:p.optional(m),p:p.optional(m),q:p.optional(m),dp:p.optional(m),dq:p.optional(m),qi:p.optional(m),oth:p.optional(p.array(p.object({r:m,d:m,t:p.optional(m)})))}),be=p.object({...x.entries,kty:p.literal(`EC`),crv:de,x:m,y:m,d:p.optional(m)}),xe=p.object({...x.entries,kty:p.literal(`oct`),k:m}),Se=p.object({...x.entries,kty:p.literal(`OKP`),crv:fe,x:m,d:p.optional(m)}),S=p.pipe(p.variant(`kty`,[ye,be,xe,Se]),p.custom(()=>!0)),Ce=p.object({alg:b,enc:y,zip:p.optional(he),kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),typ:p.optional(p.string()),cty:p.optional(p.string()),crit:p.optional(p.array(p.string())),epk:p.optional(S),apu:p.optional(m),apv:p.optional(m),iv:p.optional(m),tag:p.optional(m),p2s:p.optional(m),p2c:p.optional(p.pipe(p.number(),p.integer(),p.minValue(1)))}),C=p.object({kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),crit:p.optional(p.array(p.string()))}),we=p.object({alg:p.optional(b),kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),crit:p.optional(p.array(p.string()))}),Te=p.object({header:p.optional(we),encrypted_key:m}),Ee=p.object({protected:m,encrypted_key:m,iv:m,ciphertext:m,tag:m}),De=p.object({protected:p.optional(m),unprotected:p.optional(C),iv:m,ciphertext:m,tag:m,aad:p.optional(m),recipients:p.array(Te)}),Oe=p.object({protected:p.optional(m),unprotected:p.optional(C),header:p.optional(we),encrypted_key:m,iv:m,ciphertext:m,tag:m,aad:p.optional(m)}),ke=p.pipe(p.string(),p.regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/),p.transform(e=>{let t=e.split(`.`);return{protected:t[0],encrypted_key:t[1],iv:t[2],ciphertext:t[3],tag:t[4]}})),Ae=p.object({protected:Ce,unprotected:p.optional(C),encrypted_key:m,iv:m,ciphertext:m,tag:m}),je=p.object({keys:p.array(S)}),w=p.object({alg:v,kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),typ:p.optional(p.string()),cty:p.optional(p.string()),crit:p.optional(p.array(p.string()))}),T=p.object({kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),crit:p.optional(p.array(p.string()))}),E=p.object({protected:p.optional(m),header:p.optional(T),signature:m}),Me=p.object({protected:m,payload:m,signature:m}),Ne=p.object({payload:m,signatures:p.array(E)}),Pe=p.object({payload:m,protected:p.optional(m),header:p.optional(T),signature:m}),D=p.pipe(p.string(),p.regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+$/)),Fe=p.pipe(D,p.transform(e=>{let t=e.split(`.`);return{protected:t[0],payload:t[1],signature:t[2]}})),Ie=p.object({protected:w,unprotected:p.optional(T),payload:m,signature:m}),Le=p.pipe(p.string(),p.regex(/^[A-Za-z0-9_-]+\.\.[A-Za-z0-9_-]+$/)),O=p.pipe(p.string(),p.regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*$/)),Re=p.pipe(O,p.transform(e=>{let[t,n,r]=e.split(`.`);if(!t||!n)throw Error(`Invalid JWT string`);return{header:t,payload:n,signature:r??``}})),k=p.pipe(p.number(),p.integer(`Unix timestamp must be an integer`),p.minValue(0,`Unix timestamp must be non-negative`)),A=p.object({typ:p.optional(p.literal(`JWT`)),cty:p.optional(p.string()),kid:p.optional(p.string()),jku:p.optional(p.pipe(p.string(),p.url())),jwk:p.optional(S),x5u:p.optional(p.pipe(p.string(),p.url())),x5c:p.optional(p.array(h)),x5t:p.optional(m),"x5t#S256":p.optional(m),crit:p.optional(p.array(p.string()))}),ze=p.object({alg:_,...A.entries}),Be=p.object({alg:me,...A.entries}),j=p.looseObject({iss:p.optional(p.string()),sub:p.optional(p.string()),aud:p.optional(p.union([p.string(),p.array(p.string())])),exp:p.optional(k),nbf:p.optional(k),iat:p.optional(k),jti:p.optional(p.string())}),Ve=p.object({header:ze,payload:j,signature:p.literal(``)}),He=p.object({header:Be,payload:j,signature:m}),Ue=p.union([Ve,He]);function M(e){let t=Array.isArray(e)?e:[e],n=t.map(p.literal),r=t.length===1?n[0]:null,i=p.pipe(p.array(g),p.check(e=>t.every(t=>e.includes(t)),`Array must contain all required contexts: ${t.join(`, `)}`)),a=p.record(p.string(),p.union([...n,g])),o=r?[r,i,a]:[i,a];return p.pipe(p.union(o),p.custom(()=>!0))}const We=p.pipe(p.string(),p.regex(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?([+-]\d{2}:\d{2}|Z)$/,`Must be a valid ISO 8601 date-time string`),p.custom(()=>!0)),N=p.pipe(g,p.startsWith(`did:`),p.regex(i,`Must be a valid DID`),p.custom(()=>!0));function Ge(e){return p.is(N,e)}const Ke=e=>p.pipe(N,p.startsWith(`did:${e}:`),p.custom(()=>!0));function qe(e,t){return p.is(Ke(e),t)}const P=p.pipe(p.string(),p.regex(a,`Must be a valid DID URL`),p.custom(()=>!0)),Je=p.pipe(p.string(),p.regex(r,`Must be a valid DID method`),p.custom(()=>!0)),Ye=p.pipe(p.picklist(ue),p.custom(()=>!0)),Xe=p.pipe(p.picklist(se),p.custom(()=>!0)),F=p.object({id:P,controller:N}),Ze=p.object({...F.entries,type:p.literal(`JsonWebKey`),publicKeyJwk:S}),Qe=p.object({...F.entries,type:p.literal(`Multikey`),publicKeyMultibase:p.string()}),$e=p.object({...F.entries,type:Xe,publicKeyMultibase:p.optional(p.string()),publicKeyJwk:p.optional(S),publicKeyBase58:p.optional(p.string())}),I=p.variant(`type`,[Ze,Qe,$e]),et=p.pipe(p.union([g,p.record(p.string(),p.unknown()),p.array(p.union([g,p.record(p.string(),p.unknown())]))]),p.custom(()=>!0)),tt=p.object({id:g,type:p.union([p.string(),p.array(p.string())]),serviceEndpoint:et}),nt=p.object({"@context":M(`https://www.w3.org/ns/did/v1`),id:N,alsoKnownAs:p.optional(p.array(g)),controller:p.optional(p.union([N,p.array(N)])),verificationMethod:p.optional(p.array(I)),authentication:p.optional(p.array(p.union([P,I]))),assertionMethod:p.optional(p.array(p.union([P,I]))),keyAgreement:p.optional(p.array(p.union([P,I]))),capabilityInvocation:p.optional(p.array(p.union([P,I]))),capabilityDelegation:p.optional(p.array(p.union([P,I]))),service:p.optional(p.array(tt))});function rt(e){return p.pipe(p.union([e,p.array(e)]),p.transform(e=>[e].flat()))}function it(e){return p.check(t=>e.every(e=>t.includes(e)),`Must include all of: ${e.join(`, `)}`)}const at=p.literal(`VerifiableCredential`);function L(e){let t=e?[`VerifiableCredential`,...[e].flat()]:[`VerifiableCredential`];return p.pipe(rt(p.string()),it(t),p.custom(()=>!0))}const ot=L(),st=p.pipe(p.union([p.picklist(le),p.string()]),p.custom(()=>!0)),R=p.object({type:p.string(),created:p.optional(We),verificationMethod:g,proofPurpose:st,challenge:p.optional(p.string()),domain:p.optional(p.union([p.string(),p.array(p.string())])),nonce:p.optional(p.string()),jws:p.optional(p.pipe(D,p.custom(()=>!0))),signatureValue:p.optional(p.string()),proofValue:p.optional(p.string())}),ct=p.pipe(p.union([p.picklist(t),p.string()]),p.custom(()=>!0)),z=p.object({id:p.optional(p.string()),type:ct,statusListCredential:p.optional(p.string()),statusListIndex:p.optional(p.union([p.string(),p.number()])),statusPurpose:p.optional(p.pipe(p.union([p.picklist(u),p.string()]),p.custom(()=>!0)))}),B=p.object({id:g,type:p.string()}),V=p.object({id:p.optional(p.union([g,p.string()])),type:p.union([p.string(),p.array(p.string())])}),lt=p.pipe(p.union([g,p.object({id:g})]),p.custom(()=>!0)),H=p.pipe(p.looseObject({id:p.optional(p.union([g,p.string()]))}),p.custom(()=>!0)),U=p.looseObject({id:p.optional(g),type:L(),issuer:lt,credentialStatus:p.optional(p.union([z,p.array(z)])),credentialSchema:p.optional(p.union([B,p.array(B)])),credentialSubject:p.union([H,p.array(H)]),evidence:p.optional(p.union([V,p.array(V)])),refreshService:p.optional(p.union([V,p.array(V)])),termsOfUse:p.optional(p.union([V,p.array(V)]))});function W(e){return p.pipe(p.looseObject({...e.entries,proof:p.union([R,p.array(R)])}),p.custom(()=>!0))}const ut=p.literal(l),dt=p.object({id:p.optional(N),type:p.literal(`StatusList2021`),statusPurpose:p.picklist(u),encodedList:m}),ft=p.strictObject({...U.entries,"@context":M([d,l]),type:p.pipe(L(`StatusList2021Credential`),p.custom(()=>!0)),issuanceDate:p.pipe(p.string(),p.isoTimestamp()),expirationDate:p.optional(p.pipe(p.string(),p.isoTimestamp())),credentialSubject:dt}),pt=p.literal(e),mt=p.object({id:p.optional(N),type:p.literal(`BitstringStatusList`),statusPurpose:p.picklist(u),encodedList:m,ttl:p.optional(p.number())}),ht=p.strictObject({...U.entries,"@context":M([f,e]),type:p.pipe(L(`BitstringStatusListCredential`),p.custom(()=>!0)),validFrom:p.optional(p.pipe(p.string(),p.isoTimestamp())),validUntil:p.optional(p.pipe(p.string(),p.isoTimestamp())),credentialSubject:mt}),gt=p.literal(d),_t=p.union([gt,p.pipe(p.pipe(p.array(p.string()),p.nonEmpty()),p.check(e=>e.includes(d),`Array must contain V1 core context`))]),G=(e=H,t,n)=>p.pipe(p.looseObject({...U.entries,"@context":M(n?[d,...[n].flat()]:d),type:L(t),issuanceDate:p.pipe(p.string(),p.isoTimestamp()),expirationDate:p.optional(p.pipe(p.string(),p.isoTimestamp())),credentialSubject:p.union([e,p.array(e)])}),p.custom(()=>!0)),K=(e=H,t,n)=>W(G(e,t,n)),vt=G(),yt=K(),q=p.literal(f),bt=p.union([q,p.pipe(p.tupleWithRest([q],p.string()),p.check(e=>e.includes(f),`Array must contain V2 core context`))]),J=(e=H,t,n)=>p.pipe(p.looseObject({...U.entries,"@context":M(n?[f,...[n].flat()]:f),type:L(t),validFrom:p.optional(p.pipe(p.string(),p.isoTimestamp())),validUntil:p.optional(p.pipe(p.string(),p.isoTimestamp())),credentialSubject:p.union([e,p.array(e)])}),p.custom(()=>!0)),Y=(e=H,t,n)=>W(J(e,t,n)),xt=J(),St=Y(),X=p.union([_t,bt]),Ct=(e=H,t,n)=>p.union([G(e,t,n),J(e,t,n)]),wt=(e=H,t,n)=>p.union([K(e,t,n),Y(e,t,n)]),Z=Ct(),Tt=wt(),Q=p.literal(`VerifiablePresentation`),$=e=>e?p.tuple([Q,...[e].flat().map(e=>p.literal(e))]):p.union([Q,p.pipe(p.array(p.string()),p.minLength(1),p.check(e=>e[0]===`VerifiablePresentation`,`First type must be VerifiablePresentation`))]),Et=$(),Dt=p.object({"@context":p.union([X,p.array(X)]),id:p.optional(p.string()),type:$(),holder:p.optional(N),verifiableCredential:p.optional(p.union([Z,p.array(Z)]))}),Ot=p.object({...Dt.entries,proof:p.union([R,p.array(R)])});export{h as Base64Schema,m as Base64UrlSchema,U as BaseCredentialSchema,x as BaseJwkSchema,pt as BitstringStatusListContextSchema,ht as BitstringStatusListCredentialSchema,mt as BitstringStatusListCredentialSubjectSchema,B as CredentialSchemaTypeSchema,z as CredentialStatusSchema,ct as CredentialStatusTypeSchema,H as CredentialSubjectSchema,vt as CredentialV1Schema,xt as CredentialV2Schema,pe as CryptographicCurveSchema,Le as DetachedJwsStringSchema,nt as DidDocumentSchema,Je as DidMethodSchema,N as DidSchema,P as DidUrlSchema,be as EcJwkSchema,de as EllipticCurveSchema,V as GenericResourceSchema,lt as IdOrObjectSchema,v as JoseAlgorithmSchema,he as JoseCompressionAlgorithmSchema,me as JoseSignatureAlgorithmSchema,_ as JoseUnsecuredAlgorithmSchema,S as JsonWebKeySchema,je as JsonWebKeySetSchema,Ee as JweCompactSerializationSchema,y as JweContentEncryptionAlgorithmSchema,Oe as JweFlattenedJsonSerializationSchema,De as JweJsonSerializationSchema,b as JweKeyManagementAlgorithmSchema,Ae as JweObjectSchema,ke as JweStringSchema,Me as JwsCompactSerializationSchema,Pe as JwsFlattenedJsonSerializationSchema,Ne as JwsJsonSerializationSchema,Ie as JwsObjectSchema,Fe as JwsParsedSchema,w as JwsProtectedHeaderSchema,E as JwsSignatureSchema,D as JwsStringSchema,T as JwsUnprotectedHeaderSchema,Be as JwtHeaderSignedSchema,Ue as JwtObjectSchema,He as JwtObjectSignedSchema,Ve as JwtObjectUnsecuredSchema,j as JwtPayloadSchema,Re as JwtStringPartsSchema,O as JwtStringSchema,_e as KeyOperationSchema,ve as KeyOpsSchema,ge as KeyUseSchema,Xe as LegacyVerificationMethodTypeSchema,xe as OctJwkSchema,fe as OctetKeyPairCurveSchema,Se as OkpJwkSchema,Dt as PresentationSchema,st as ProofPurposeSchema,R as ProofSchema,ye as RsaJwkSchema,et as ServiceEndpointSchema,tt as ServiceSchema,ut as StatusList2021ContextSchema,ft as StatusList2021CredentialSchema,dt as StatusList2021CredentialSubjectSchema,g as UriSchema,X as VcContextSchema,at as VcTypeLiteralSchema,ot as VcTypeSchema,_t as VcV1ContextSchema,gt as VcV1CoreContextSchema,bt as VcV2ContextSchema,q as VcV2CoreContextSchema,Tt as VerifiableCredentialSchema,yt as VerifiableCredentialV1Schema,St as VerifiableCredentialV2Schema,Ot as VerifiablePresentationSchema,Ze as VerificationMethodJsonWebKeySchema,$e as VerificationMethodLegacySchema,Qe as VerificationMethodMultikeySchema,I as VerificationMethodSchema,Ye as VerificationMethodTypeSchema,Q as VpTypeLiteralSchema,Et as VpTypeSchema,Z as W3CCredentialSchema,e as bitstringStatusListContext,Ct as createCredentialSchema,G as createCredentialV1Schema,J as createCredentialV2Schema,Ke as createDidSchema,wt as createVerifiableCredentialSchema,K as createVerifiableCredentialV1Schema,Y as createVerifiableCredentialV2Schema,t as credentialStatusTypes,L as credentialTypeSchema,n as cryptographicCurves,r as didMethodRegex,i as didRegex,a as didUrlRegex,o as ellipticCurves,Ge as isDid,qe as isDidWithMethod,ee as joseAlgorithms,te as joseCompressionAlgorithms,ne as joseSignatureAlgorithms,re as joseUnsecuredAlgorithm,ie as jweContentEncryptionAlgorithms,s as jweKeyManagementAlgorithms,ae as keyOperations,oe as keyTypes,c as keyUses,se as legacyVerificationMethodTypes,W as makeVerifiable,ce as octetKeyPairCurves,le as proofPurposes,l as statusList2021Context,u as statusPurposes,d as vcV1CoreContext,f as vcV2CoreContext,ue as verificationMethodTypes,$ as vpTypeSchema};