{"version":3,"file":"W3cV2SdJwtVerifiableCredential.mjs","names":[],"sources":["../../../../src/modules/vc/sd-jwt-vc/W3cV2SdJwtVerifiableCredential.ts"],"sourcesContent":["import { CredoError } from '../../../error'\nimport { JsonTransformer, MessageValidator } from '../../../utils'\nimport { ClaimFormat } from '../models/ClaimFormat'\nimport { W3cV2Credential } from '../models/credential/W3cV2Credential'\nimport { decodeSdJwt, type W3cV2SdJwt } from './W3cV2SdJwt'\n\nexport interface W3cV2SdJwtVerifiableCredentialOptions {\n sdJwt: W3cV2SdJwt\n}\n\n/**\n * Represents a Verifiable Credential encoded as a SD-JWT.\n *\n * @see https://www.w3.org/TR/vc-jose-cose/#securing-with-sd-jwt\n */\nexport class W3cV2SdJwtVerifiableCredential {\n public constructor(options: W3cV2SdJwtVerifiableCredentialOptions) {\n this.sdJwt = options.sdJwt\n this.resolvedCredential = JsonTransformer.fromJSON(options.sdJwt.prettyClaims, W3cV2Credential, { validate: false })\n\n // Validates the SD-JWT and resolved credential\n this.validate()\n }\n\n public static fromCompact(compact: string) {\n const sdJwt = decodeSdJwt(compact, ClaimFormat.SdJwtW3cVc)\n\n return new W3cV2SdJwtVerifiableCredential({\n sdJwt,\n })\n }\n\n /**\n * The original SD-JWT.\n */\n public readonly sdJwt: W3cV2SdJwt\n\n /**\n * Resolved credential is the fully resolved {@link W3cV2Credential} instance.\n */\n public readonly resolvedCredential: W3cV2Credential\n\n /**\n * The encoded version of this credential.\n */\n public get encoded() {\n return this.sdJwt.compact\n }\n\n /**\n * The {@link ClaimFormat} of the credential.\n *\n * For W3C VC SD-JWT credentials this is always `vc+sd-jwt`.\n */\n public get claimFormat(): ClaimFormat.SdJwtW3cVc {\n return ClaimFormat.SdJwtW3cVc\n }\n\n /**\n * Validates the SD-JWT and the resolved credential.\n */\n public validate() {\n // Validate the resolved credential according to the data model\n MessageValidator.validateSync(this.resolvedCredential)\n\n // Basic JWT validations to ensure compliance to the specification\n const sdJwt = this.sdJwt\n const header = sdJwt.header\n const payload = sdJwt.prettyClaims\n\n if ('typ' in header && header.typ !== 'vc+sd-jwt') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'typ' header.`)\n }\n\n if ('cyt' in header && header.cyt !== 'vc') {\n throw new CredoError(`The provided W3C VC SD-JWT does not have the correct 'cyt' header.`)\n }\n\n const iss = header.iss ?? payload.iss\n if (iss) {\n if (this.resolvedCredential.issuerId !== iss) {\n throw new CredoError(`The provided W3C VC SD-JWT has both 'iss' and 'issuer' claims, but they differ.`)\n }\n }\n\n if (payload.jti) {\n if (this.resolvedCredential.id && this.resolvedCredential.id !== payload.jti) {\n throw new CredoError(`The provided W3C VC JWT has both 'jti' and 'id' claims, but they differ.`)\n }\n }\n\n if (payload.sub) {\n if (!this.resolvedCredential.credentialSubjectIds.includes(payload.sub as string)) {\n throw new CredoError(\n `The provided W3C VC SD-JWT has a 'sub' claim, but it does not match any credentialSubject.`\n )\n }\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAeA,IAAa,iCAAb,MAAa,+BAA+B;CAC1C,AAAO,YAAY,SAAgD;AACjE,OAAK,QAAQ,QAAQ;AACrB,OAAK,qBAAqB,gBAAgB,SAAS,QAAQ,MAAM,cAAc,iBAAiB,EAAE,UAAU,OAAO,CAAC;AAGpH,OAAK,UAAU;;CAGjB,OAAc,YAAY,SAAiB;AAGzC,SAAO,IAAI,+BAA+B,EACxC,OAHY,YAAY,SAAS,YAAY,WAAW,EAIzD,CAAC;;;;;CAgBJ,IAAW,UAAU;AACnB,SAAO,KAAK,MAAM;;;;;;;CAQpB,IAAW,cAAsC;AAC/C,SAAO,YAAY;;;;;CAMrB,AAAO,WAAW;AAEhB,mBAAiB,aAAa,KAAK,mBAAmB;EAGtD,MAAM,QAAQ,KAAK;EACnB,MAAM,SAAS,MAAM;EACrB,MAAM,UAAU,MAAM;AAEtB,MAAI,SAAS,UAAU,OAAO,QAAQ,YACpC,OAAM,IAAI,WAAW,qEAAqE;AAG5F,MAAI,SAAS,UAAU,OAAO,QAAQ,KACpC,OAAM,IAAI,WAAW,qEAAqE;EAG5F,MAAM,MAAM,OAAO,OAAO,QAAQ;AAClC,MAAI,KACF;OAAI,KAAK,mBAAmB,aAAa,IACvC,OAAM,IAAI,WAAW,kFAAkF;;AAI3G,MAAI,QAAQ,KACV;OAAI,KAAK,mBAAmB,MAAM,KAAK,mBAAmB,OAAO,QAAQ,IACvE,OAAM,IAAI,WAAW,2EAA2E;;AAIpG,MAAI,QAAQ,KACV;OAAI,CAAC,KAAK,mBAAmB,qBAAqB,SAAS,QAAQ,IAAc,CAC/E,OAAM,IAAI,WACR,6FACD"}