{"version":3,"file":"W3cV2JwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/jwt-vc/W3cV2JwtVerifiableCredential.ts"],"sourcesContent":["import { Jwt } from '../../../crypto/jose/jwt/Jwt'\nimport { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\nimport { W3cV2Credential } from '../models/credential/W3cV2Credential'\n\nexport interface W3cV2JwtVerifiableCredentialOptions {\n  jwt: Jwt\n}\n\n/**\n * Represents a Verifiable Credential encoded as a JWT.\n *\n * @see https://www.w3.org/TR/vc-jose-cose/#securing-with-jose\n */\nexport class W3cV2JwtVerifiableCredential {\n  public constructor(options: W3cV2JwtVerifiableCredentialOptions) {\n    this.jwt = options.jwt\n    this.resolvedCredential = JsonTransformer.fromJSON(options.jwt.payload.additionalClaims, W3cV2Credential, {\n      validate: false,\n    })\n\n    // Validates the JWT and resolved credential\n    this.validate()\n  }\n\n  public static fromCompact(compact: string) {\n    const jwt = Jwt.fromSerializedJwt(compact)\n\n    return new W3cV2JwtVerifiableCredential({\n      jwt,\n    })\n  }\n\n  /**\n   * The original JWT.\n   */\n  public readonly jwt: Jwt\n\n  /**\n   * Resolved credential is the fully resolved {@link W3cV2Credential} instance.\n   */\n  public readonly resolvedCredential: W3cV2Credential\n\n  /**\n   * The encoded version of this credential.\n   */\n  public get encoded() {\n    return this.jwt.serializedJwt\n  }\n\n  /**\n   * The {@link ClaimFormat} of the credential.\n   *\n   * For W3C VC JWT credentials this is always `vc+jwt`.\n   */\n  public get claimFormat(): ClaimFormat.JwtW3cVc {\n    return ClaimFormat.JwtW3cVc\n  }\n\n  /**\n   * Validates the JWT and the resolved credential contained.\n   */\n  public validate() {\n    // Validate the resolved credential according to the data model\n    MessageValidator.validateSync(this.resolvedCredential)\n\n    // Basic JWT validations to ensure compliance to the specification\n    const jwt = this.jwt\n    const header = jwt.header\n    const payload = jwt.payload\n\n    if ('typ' in header && header.typ !== 'vc+jwt') {\n      throw new CredoError(`The provided W3C VC JWT does not have the correct 'typ' header.`)\n    }\n\n    if ('cyt' in header && header.cyt !== 'vc') {\n      throw new CredoError(`The provided W3C VC JWT does not have the correct 'cyt' header.`)\n    }\n\n    const iss = header.iss ?? payload.iss\n    if (iss) {\n      if (this.resolvedCredential.issuerId !== iss) {\n        throw new CredoError(`The provided W3C VC JWT has both 'iss' and 'issuer' claims, but they differ.`)\n      }\n    }\n\n    if (payload.jti) {\n      if (this.resolvedCredential.id && this.resolvedCredential.id !== payload.jti) {\n        throw new CredoError(`The provided W3C VC JWT has both 'jti' and 'id' claims, but they differ.`)\n      }\n    }\n\n    if (payload.sub) {\n      if (!this.resolvedCredential.credentialSubjectIds.includes(payload.sub)) {\n        throw new CredoError(`The provided W3C VC JWT has a 'sub' claim, but it does not match any credentialSubject.`)\n      }\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,+BAAb,MAAa,6BAA6B;CACxC,AAAO,YAAY,SAA8C;AAC/D,OAAK,MAAM,QAAQ;AACnB,OAAK,qBAAqB,gBAAgB,SAAS,QAAQ,IAAI,QAAQ,kBAAkB,iBAAiB,EACxG,UAAU,OACX,CAAC;AAGF,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,6BAA6B,EACtC,KAHU,IAAI,kBAAkB,QAAQ,EAIzC,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,IAAI;;;;;;;CAQlB,IAAW,cAAoC;AAC7C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,mBAAmB;EAGtD,MAAM,MAAM,KAAK;EACjB,MAAM,SAAS,IAAI;EACnB,MAAM,UAAU,IAAI;AAEpB,MAAI,SAAS,UAAU,OAAO,QAAQ,SACpC,OAAM,IAAI,WAAW,kEAAkE;AAGzF,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,kEAAkE;EAGzF,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,KACF;OAAI,KAAK,mBAAmB,aAAa,IACvC,OAAM,IAAI,WAAW,+EAA+E;;AAIxG,MAAI,QAAQ,KACV;OAAI,KAAK,mBAAmB,MAAM,KAAK,mBAAmB,OAAO,QAAQ,IACvE,OAAM,IAAI,WAAW,2EAA2E;;AAIpG,MAAI,QAAQ,KACV;OAAI,CAAC,KAAK,mBAAmB,qBAAqB,SAAS,QAAQ,IAAI,CACrE,OAAM,IAAI,WAAW,0FAA0F"}