UNPKG

web-identity-schemas

Version:

TypeScript types and validation schemas for Web Identity and JOSE standards, including:

github.com/catena-labs/web-identity-schemas

catena-labs/web-identity-schemas

1 lines 14.9 kB
1
import{bitstringStatusListContext as e,credentialStatusTypes as t,cryptographicCurves as n,didMethodRegex as r,didRegex as i,didUrlRegex as a,ellipticCurves as o,joseAlgorithms as ee,joseCompressionAlgorithms as s,joseSignatureAlgorithms as te,joseUnsecuredAlgorithm as ne,jweContentEncryptionAlgorithms as re,jweKeyManagementAlgorithms as ie,keyOperations as ae,keyTypes as oe,keyUses as se,legacyVerificationMethodTypes as ce,octetKeyPairCurves as le,proofPurposes as ue,statusList2021Context as c,statusPurposes as l,vcV1CoreContext as u,vcV2CoreContext as d,verificationMethodTypes as de}from"./constants-CjmJiblM.js";import*as f from"zod";const p=f.string().regex(/^[A-Za-z0-9_-]+$/).pipe(f.custom()),m=f.string().regex(/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/).pipe(f.custom()),fe=f.enum(o).pipe(f.custom()),pe=f.enum(le).pipe(f.custom()),me=f.enum(n).pipe(f.custom()),h=f.string().regex(/^[a-zA-Z][a-zA-Z0-9+.-]*:.+/,`Must be a valid URI with scheme`).pipe(f.custom()),he=f.enum(te).pipe(f.custom()),ge=f.literal(ne).pipe(f.custom()),g=f.enum(ee).pipe(f.custom()),_e=f.enum(re).pipe(f.custom()),_=f.enum(ie).pipe(f.custom()),ve=f.enum(s).pipe(f.custom()),ye=f.enum(se).pipe(f.custom()),be=f.enum(ae).pipe(f.custom()),xe=f.array(be),v=f.object({alg:g.optional(),ext:f.boolean().optional(),key_ops:xe.optional(),kid:f.string().optional(),use:ye.optional(),x5c:f.array(m).optional(),x5t:f.string().optional(),"x5t#S256":f.string().optional(),x5u:f.url().optional()}),Se=f.object({...v.shape,kty:f.literal(`RSA`),n:p,e:p,d:p.optional(),p:p.optional(),q:p.optional(),dp:p.optional(),dq:p.optional(),qi:p.optional(),oth:f.array(f.object({r:p,d:p,t:p.optional()})).optional()}),Ce=f.object({...v.shape,kty:f.literal(`EC`),crv:fe,x:p,y:p,d:p.optional()}),we=f.object({...v.shape,kty:f.literal(`oct`),k:p}),Te=v.extend({kty:f.literal(`OKP`),crv:pe,x:p,d:p.optional()}),y=f.discriminatedUnion(`kty`,[Se,Ce,we,Te]),Ee=f.object({alg:_,enc:_e,zip:ve.optional(),kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),typ:f.string().optional(),cty:f.string().optional(),crit:f.array(f.string()).optional(),epk:y.optional(),apu:p.optional(),apv:p.optional(),iv:p.optional(),tag:p.optional(),p2s:p.optional(),p2c:f.number().int().min(1).optional()}),b=f.object({kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),crit:f.array(f.string()).optional()}),De=f.object({alg:_.optional(),kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),crit:f.array(f.string()).optional()}),Oe=f.object({header:De.optional(),encrypted_key:p}),ke=f.object({protected:p,encrypted_key:p,iv:p,ciphertext:p,tag:p}),Ae=f.object({protected:p.optional(),unprotected:b.optional(),iv:p,ciphertext:p,tag:p,aad:p.optional(),recipients:f.array(Oe)}),je=f.object({protected:p.optional(),unprotected:b.optional(),header:De.optional(),encrypted_key:p,iv:p,ciphertext:p,tag:p,aad:p.optional()}),Me=f.string().regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/).transform(e=>{let t=e.split(`.`);return{protected:t[0],encrypted_key:t[1],iv:t[2],ciphertext:t[3],tag:t[4]}}),Ne=f.object({protected:Ee,unprotected:b.optional(),encrypted_key:p,iv:p,ciphertext:p,tag:p}),Pe=f.object({keys:f.array(y)}),x=f.object({alg:g,kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),typ:f.string().optional(),cty:f.string().optional(),crit:f.array(f.string()).optional()}),S=f.object({kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),crit:f.array(f.string()).optional()}),C=f.object({protected:p.optional(),header:S.optional(),signature:p}),Fe=f.object({protected:p,payload:p,signature:p}),Ie=f.object({payload:p,signatures:f.array(C)}),Le=f.object({payload:p,protected:p.optional(),header:S.optional(),signature:p}),w=f.string().regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*\.[A-Za-z0-9_-]+$/).pipe(f.custom()),Re=w.transform(e=>{let t=e.split(`.`);return{protected:t[0],payload:t[1],signature:t[2]}}),ze=f.string().regex(/^[A-Za-z0-9_-]+\.\.[A-Za-z0-9_-]+$/),Be=f.object({protected:x,unprotected:S.optional(),payload:p,signature:p}),Ve=f.string().regex(/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]*$/).pipe(f.custom()),He=Ve.transform(e=>{let[t,n,r]=e.split(`.`);if(!t||!n)throw Error(`Invalid JWT string`);return{header:t,payload:n,signature:r??``}}),T=f.number().int(`Unix timestamp must be an integer`).min(0,`Unix timestamp must be non-negative`).pipe(f.custom()),Ue=f.object({typ:f.literal(`JWT`).optional(),cty:f.string().optional(),kid:f.string().optional(),jku:f.url().optional(),jwk:y.optional(),x5u:f.url().optional(),x5c:f.array(m).optional(),x5t:p.optional(),"x5t#S256":p.optional(),crit:f.array(f.string()).optional()}),We=f.object({...Ue.shape,alg:ge}),E=f.object({...Ue.shape,alg:he}),Ge=f.union([We,E]),D=f.object({iss:f.string().optional(),sub:f.string().optional(),aud:f.union([f.string(),f.array(f.string())]).optional(),exp:T.optional(),nbf:T.optional(),iat:T.optional(),jti:f.string().optional()}).loose(),Ke=f.object({header:We,payload:D,signature:f.literal(``)}),qe=f.object({header:E,payload:D,signature:p}),Je=f.union([Ke,qe]);function O(e){let t=Array.isArray(e)?e:[e],n=t.map(e=>f.literal(e)),r=t.length===1?n[0]:null,i=f.array(h).refine(e=>t.every(t=>e.includes(t)),{message:`Array must contain all required contexts: ${t.join(`, `)}`}),a=f.record(f.string(),f.union([...n,h])),o=r?[r,i,a]:[i,a];return f.union(o).pipe(f.custom())}const Ye=f.string().regex(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?([+-]\d{2}:\d{2}|Z)$/,`Must be a valid ISO 8601 date-time string`).pipe(f.custom()),k=f.string().regex(i,`Must be a valid DID`).pipe(f.custom());function Xe(e){return k.safeParse(e).success}const A=f.string().regex(a,`Must be a valid DID URL`).pipe(f.custom()),j=e=>f.string().regex(i,`Must be a valid DID`).startsWith(`did:${e}:`).pipe(f.custom());function Ze(e,t){return j(e).safeParse(t).success}const Qe=f.string().regex(r).pipe(f.custom()),$e=f.enum(de),et=f.enum(ce),M=f.object({id:A,controller:k}),tt=f.object({...M.shape,type:f.literal(`JsonWebKey`),publicKeyJwk:y}),nt=f.object({...M.shape,type:f.literal(`Multikey`),publicKeyMultibase:f.string()}),rt=f.object({...M.shape,type:et,publicKeyMultibase:f.string().optional(),publicKeyJwk:y.optional(),publicKeyBase58:f.string().optional()}),N=f.discriminatedUnion(`type`,[tt,nt,rt]),P=f.record(f.string(),f.union([f.string(),f.array(f.string()),h,f.array(h),f.lazy(()=>P)])),it=f.union([h,P,f.array(f.union([h,P]))]),at=f.object({id:h,type:f.union([f.string(),f.array(f.string())]),serviceEndpoint:it}),ot=f.object({"@context":O(`https://www.w3.org/ns/did/v1`),id:k,alsoKnownAs:f.array(h).optional(),controller:f.union([k,f.array(k)]).optional(),verificationMethod:f.array(N).optional(),authentication:f.array(f.union([A,N])).optional(),assertionMethod:f.array(f.union([A,N])).optional(),keyAgreement:f.array(f.union([A,N])).optional(),capabilityInvocation:f.array(f.union([A,N])).optional(),capabilityDelegation:f.array(f.union([A,N])).optional(),service:f.array(at).optional()});function st(e){return f.union([e,f.array(e)]).transform(e=>[e].flat())}function ct(e){return t=>e.every(e=>t.includes(e))}const lt=f.literal(`VerifiableCredential`),ut=F();function F(e){let t=e?[`VerifiableCredential`,...[e].flat()]:[`VerifiableCredential`];return f.pipe(st(f.string()),f.array(f.string()).refine(ct(t))).pipe(f.custom(()=>!0))}const dt=f.union([f.enum(ue),f.string()]).pipe(f.custom()),I=f.object({type:f.string(),created:Ye.optional(),verificationMethod:h,proofPurpose:dt,challenge:f.string().optional(),domain:f.union([f.string(),f.array(f.string())]).optional(),nonce:f.string().optional(),jws:f.custom(e=>w.safeParse(e).success).optional(),signatureValue:f.string().optional(),proofValue:f.string().optional()}),ft=f.union([f.enum(t),f.string()]).pipe(f.custom()),L=f.object({id:f.string().optional(),type:ft,statusListCredential:f.string().optional(),statusListIndex:f.union([f.string(),f.number()]).optional(),statusPurpose:f.union([f.enum(l),f.string()]).pipe(f.custom()).optional()}),R=f.object({id:h,type:f.string()}),z=f.object({id:f.union([h,f.string()]).optional(),type:f.union([f.string(),f.array(f.string())])}),pt=f.union([h,f.object({id:h})]),B=f.object({id:f.union([h,f.string()]).optional()}).loose(),V=f.object({id:h.optional(),type:F(),issuer:pt,credentialStatus:f.union([L,f.array(L)]).optional(),credentialSchema:f.union([R,f.array(R)]).optional(),credentialSubject:f.union([B,f.array(B)]),evidence:f.union([z,f.array(z)]).optional(),refreshService:f.union([z,f.array(z)]).optional(),termsOfUse:f.union([z,f.array(z)]).optional()}).loose();function H(e){return e.extend({proof:f.union([I,f.array(I)])}).loose().pipe(f.custom(()=>!0))}const U=f.literal(u),W=f.union([U,f.array(f.string()).nonempty().refine(e=>e.includes(u),`Array must contain V1 core context`)]),G=(e=B,t,n)=>V.extend({"@context":n?O(n):f.union([W,f.array(W)]),type:F(t),issuanceDate:f.iso.datetime(),expirationDate:f.iso.datetime().optional(),credentialSubject:f.union([e,f.array(e)])}).loose(),K=(e=B,t,n)=>H(G(e,t,n)),mt=G(),ht=K(),gt=f.literal(c),_t=f.object({id:k.optional(),type:f.literal(`StatusList2021`),statusPurpose:f.enum(l),encodedList:p}),vt=f.union([f.tuple([U,gt]),f.array(f.string()).nonempty().refine(e=>e.includes(u)&&e.includes(c),`Array must contain both V1 core context and StatusList2021 context`)]),yt=V.extend({"@context":vt,issuanceDate:f.iso.datetime(),expirationDate:f.iso.datetime().optional(),credentialSubject:_t}).strict(),q=f.literal(d),bt=f.union([q,f.array(f.string()).nonempty().refine(e=>e.includes(d),`Array must contain V2 core context`)]),J=(e=B,t,n)=>V.extend({"@context":O(n?[d,...[n].flat()]:d),type:F(t),validFrom:f.iso.datetime().optional(),validUntil:f.iso.datetime().optional(),credentialSubject:f.union([e,f.array(e)])}).strict(),Y=(e=B,t,n)=>H(J(e,t,n)),xt=J(),St=Y(),Ct=f.literal(e),wt=f.object({id:k.optional(),type:f.literal(`BitstringStatusList`),statusPurpose:f.enum(l),encodedList:p,ttl:f.number().optional()}),Tt=f.union([f.tuple([q,Ct]),f.array(f.string()).nonempty().refine(t=>t.includes(d)&&t.includes(e),`Array must contain both V2 core context and BitstringStatusList context`)]),Et=V.extend({"@context":Tt,validFrom:f.iso.datetime().optional(),validUntil:f.iso.datetime().optional(),credentialSubject:wt}).strict(),X=f.union([W,bt]),Dt=(e=B,t)=>f.union([G(e,t),J(e,t)]),Ot=(e=B,t)=>f.union([K(e,t),Y(e,t)]),Z=Dt(),kt=Ot(),At=f.literal(`VerifiablePresentation`),jt=Q();function Q(e){if(e){if(typeof e==`string`)return f.tuple([f.literal(e)]).rest(f.string());if(e.length===0)return f.never();if(e.length===1)return f.tuple([f.literal(e[0])]);{let[t,...n]=e;return f.tuple([f.literal(t),...n.map(e=>f.literal(e))])}}else return f.union([f.literal(`VerifiablePresentation`),f.array(f.string()).min(1).refine(e=>e[0]===`VerifiablePresentation`,`First type must be VerifiablePresentation`)])}const $=f.object({"@context":f.union([X,f.array(X)]),id:f.string().optional(),type:Q(),holder:k.optional(),verifiableCredential:f.union([Z,f.array(Z)]).optional()}),Mt=$.extend({proof:f.union([I,f.array(I)])});export{m as Base64Schema,p as Base64UrlSchema,V as BaseCredentialSchema,v as BaseJwkSchema,Ct as BitstringStatusListContextSchema,Et as BitstringStatusListCredentialSchema,wt as BitstringStatusListCredentialSubjectSchema,R as CredentialSchemaTypeSchema,L as CredentialStatusSchema,ft as CredentialStatusTypeSchema,B as CredentialSubjectSchema,mt as CredentialV1Schema,xt as CredentialV2Schema,me as CryptographicCurveSchema,ze as DetachedJwsStringSchema,ot as DidDocumentSchema,Qe as DidMethodSchema,k as DidSchema,A as DidUrlSchema,Ce as EcJwkSchema,fe as EllipticCurveSchema,z as GenericResourceSchema,pt as IdOrObjectSchema,g as JoseAlgorithmSchema,ve as JoseCompressionAlgorithmSchema,he as JoseSignatureAlgorithmSchema,ge as JoseUnsecuredAlgorithmSchema,y as JsonWebKeySchema,Pe as JsonWebKeySetSchema,ke as JweCompactSerializationSchema,_e as JweContentEncryptionAlgorithmSchema,je as JweFlattenedJsonSerializationSchema,Ae as JweJsonSerializationSchema,_ as JweKeyManagementAlgorithmSchema,Ne as JweObjectSchema,Me as JweStringSchema,Fe as JwsCompactSerializationSchema,Le as JwsFlattenedJsonSerializationSchema,Ie as JwsJsonSerializationSchema,Be as JwsObjectSchema,Re as JwsParsedSchema,x as JwsProtectedHeaderSchema,C as JwsSignatureSchema,w as JwsStringSchema,S as JwsUnprotectedHeaderSchema,Ge as JwtHeaderSchema,E as JwtHeaderSignedSchema,Je as JwtObjectSchema,D as JwtPayloadSchema,He as JwtStringPartsSchema,Ve as JwtStringSchema,be as KeyOperationSchema,xe as KeyOpsSchema,ye as KeyUseSchema,et as LegacyVerificationMethodTypeSchema,we as OctJwkSchema,pe as OctetKeyPairCurveSchema,Te as OkpJwkSchema,$ as PresentationSchema,dt as ProofPurposeSchema,I as ProofSchema,Se as RsaJwkSchema,P as ServiceEndpointMapSchema,it as ServiceEndpointSchema,at as ServiceSchema,gt as StatusList2021ContextSchema,yt as StatusList2021CredentialSchema,_t as StatusList2021CredentialSubjectSchema,h as UriSchema,X as VcContextSchema,lt as VcTypeLiteralSchema,ut as VcTypeSchema,W as VcV1ContextSchema,U as VcV1CoreContextSchema,bt as VcV2ContextSchema,q as VcV2CoreContextSchema,kt as VerifiableCredentialSchema,ht as VerifiableCredentialV1Schema,St as VerifiableCredentialV2Schema,Mt as VerifiablePresentationSchema,tt as VerificationMethodJsonWebKeySchema,rt as VerificationMethodLegacySchema,nt as VerificationMethodMultikeySchema,N as VerificationMethodSchema,$e as VerificationMethodTypeSchema,At as VpTypeLiteralSchema,jt as VpTypeSchema,Z as W3CCredentialSchema,e as bitstringStatusListContext,Dt as createCredentialSchema,G as createCredentialV1Schema,J as createCredentialV2Schema,j as createDidSchema,Ot as createVerifiableCredentialSchema,K as createVerifiableCredentialV1Schema,Y as createVerifiableCredentialV2Schema,t as credentialStatusTypes,F as credentialTypeSchema,n as cryptographicCurves,r as didMethodRegex,i as didRegex,a as didUrlRegex,o as ellipticCurves,Xe as isDid,Ze as isDidWithMethod,ee as joseAlgorithms,s as joseCompressionAlgorithms,te as joseSignatureAlgorithms,ne as joseUnsecuredAlgorithm,re as jweContentEncryptionAlgorithms,ie as jweKeyManagementAlgorithms,ae as keyOperations,oe as keyTypes,se as keyUses,ce as legacyVerificationMethodTypes,H as makeVerifiable,le as octetKeyPairCurves,Q as presentationTypeSchema,ue as proofPurposes,c as statusList2021Context,l as statusPurposes,u as vcV1CoreContext,d as vcV2CoreContext,de as verificationMethodTypes};