import { CborStructure, CoseKey, CoseKey as CoseKey$1, CoseKeyDecodedStructure, CoseKeyEncodedStructure, CoseKeyOptions, Curve, DataItem, DateOnly, DecodedStructureType, DigestAlgorithm, EncodedStructureType, KeyOps, KeyType, Mac0, Mac0 as Mac0$1, Mac0Context, Mac0DecodedStructure, Mac0EncodedStructure, Mac0Options, MacAlgorithm, ProtectedHeaders, ProtectedHeaders as ProtectedHeaders$1, RegisteredCwtClaimKey, RegisteredCwtClaimKey as RegisteredCwtClaimKey$1, RegisteredCwtHeaderClaimKey, Sign1, Sign1 as Sign1$1, Sign1Context, Sign1DecodedStructure, Sign1EncodedStructure, Sign1Options, SignatureAlgorithm, SignatureAlgorithm as SignatureAlgorithm$1, TypedMap, UnprotectedHeaders, cborDecode, cborEncode } from "@owf/cose"; import { StatusListCwt, StatusListInfo, StatusListInfo as StatusListInfo$1, StatusListInfoOptions } from "@owf/token-status-list"; import z, { z as z$1 } from "zod"; //#region src/context.d.ts type MaybePromise = Promise | T; interface MdocContext { fetch: typeof fetch; crypto: { random: (length: number) => Uint8Array; digest: (input: { digestAlgorithm: DigestAlgorithm; bytes: Uint8Array; }) => MaybePromise; hdkf: (input: { digestAlgorithm?: DigestAlgorithm; privateKey: Uint8Array; publicKey: Uint8Array; salt: Uint8Array; info: Uint8Array; }) => MaybePromise; }; cose: { sign1: { sign: Sign1Context['sign']; verify: Sign1Context['verify']; }; mac0: Mac0Context; }; x509: { getIssuerNameField: (options: { certificate: Uint8Array; field: string; }) => string[]; getPublicKey: (options: { certificate: Uint8Array; algorithm?: SignatureAlgorithm$1 | MacAlgorithm; }) => Promise; /** * * Verify a X.509 certificate chain * * Return the parsed chain where index 0 is the leaf certificate and the last entry is the X.509 certificate found in the trusted certificates (root) * */ verifyCertificateChain: (input: { trustedCertificates: Uint8Array[]; x5chain: Uint8Array[]; now?: Date; }) => MaybePromise<{ chain: Uint8Array[]; }>; getCertificateData: (input: { certificate: Uint8Array; }) => MaybePromise<{ issuerName: string; subjectName: string; serialNumber: string; thumbprint: string; notBefore: Date; notAfter: Date; pem: string; }>; }; } //#endregion //#region src/mdoc/models/ble-options.d.ts declare enum BleOptionsKeys { PeripheralServerMode = 0, CentralClientMode = 1, PeripheralServerModeUuid = 10, CentralClientModeUuid = 11, PeripheralServerModeDeviceAddress = 20 } declare const bleOptionsSchema: z$1.ZodCodec, z$1.ZodCustom; 11: Uint8Array; 20: Uint8Array; }, BleOptionsKeys.PeripheralServerModeUuid | BleOptionsKeys.CentralClientModeUuid | BleOptionsKeys.PeripheralServerModeDeviceAddress>, import("@owf/cose").TypedMap<{ 0: boolean; 1: boolean; 10: Uint8Array; 11: Uint8Array; 20: Uint8Array; }, BleOptionsKeys.PeripheralServerModeUuid | BleOptionsKeys.CentralClientModeUuid | BleOptionsKeys.PeripheralServerModeDeviceAddress>>>; type BleOptionsEncodedStructure = z$1.input; type BleOptionsDecodedStructure = z$1.output; type BleOptionsOptions = { peripheralServerMode: boolean; centralClientMode: boolean; peripheralServerModeUuid?: Uint8Array; centralClientModeUuid?: Uint8Array; peripheralServerModeDeviceAddress?: Uint8Array; }; declare class BleOptions extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; 11: Uint8Array; 20: Uint8Array; }, BleOptionsKeys.PeripheralServerModeUuid | BleOptionsKeys.CentralClientModeUuid | BleOptionsKeys.PeripheralServerModeDeviceAddress>, import("@owf/cose").TypedMap<{ 0: boolean; 1: boolean; 10: Uint8Array; 11: Uint8Array; 20: Uint8Array; }, BleOptionsKeys.PeripheralServerModeUuid | BleOptionsKeys.CentralClientModeUuid | BleOptionsKeys.PeripheralServerModeDeviceAddress>>>; get peripheralServerMode(): boolean; get centralClientMode(): boolean; get peripheralServerModeUuid(): Uint8Array | undefined; get centralClientModeUuid(): Uint8Array | undefined; get peripheralServerModeDeviceAddress(): Uint8Array | undefined; static create(options: BleOptionsOptions): BleOptions; } //#endregion //#region src/mdoc/models/data-element-identifier.d.ts type DataElementIdentifier = string; //#endregion //#region src/mdoc/models/data-element-value.d.ts type DataElementValue = unknown; //#endregion //#region src/mdoc/check-callback.d.ts interface VerificationAssessment { status: 'PASSED' | 'FAILED' | 'WARNING'; category: 'DOCUMENT_FORMAT' | 'DEVICE_AUTH' | 'ISSUER_AUTH' | 'DATA_INTEGRITY' | 'READER_AUTH'; check: string; reason?: string; } type VerificationCallback = (item: VerificationAssessment) => void; declare const defaultVerificationCallback: VerificationCallback; declare const onCategoryCheck: (onCheck: VerificationCallback, category: VerificationAssessment["category"]) => (item: Omit) => void; //#endregion //#region src/mdoc/models/nfc-options.d.ts declare const nfcOptionsSchema: z$1.ZodCodec, z$1.ZodCustom, import("@owf/cose").TypedMap<{ 0: number; 1: number; }, never>>>; type NfcOptionsEncodedStructure = z$1.input; type NfcOptionsDecodedStructure = z$1.output; type NfcOptionsOptions = { maxCommandDataLength: number; maxResponseDataLength: number; }; declare class NfcOptions extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, import("@owf/cose").TypedMap<{ 0: number; 1: number; }, never>>>; get maxCommandDataLength(): number; get maxResponseDataLength(): number; static create(options: NfcOptionsOptions): NfcOptions; } //#endregion //#region src/mdoc/models/wifi-options.d.ts declare enum WifiOptionsKeys { Passphrase = 0, OperatingClass = 1, ChannelNumber = 2, SupportedBands = 3 } declare const wifiOptionsSchema: z$1.ZodCodec, z$1.ZodCustom; }, WifiOptionsKeys>, import("@owf/cose").TypedMap<{ 0: string; 1: number; 2: number; 3: Uint8Array; }, WifiOptionsKeys>>>; type WifiOptionsEncodedStructure = z$1.input; type WifiOptionsDecodedStructure = z$1.output; type WifiOptionsOptions = { passphrase?: string; channelInfoOperatingClass?: number; channelInfoChannelNumber?: number; bandInfoSupportedBands?: Uint8Array; }; declare class WifiOptions extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; }, WifiOptionsKeys>, import("@owf/cose").TypedMap<{ 0: string; 1: number; 2: number; 3: Uint8Array; }, WifiOptionsKeys>>>; get encodedStructure(): WifiOptionsEncodedStructure; get passphrase(): string | undefined; get channelInfoOperatingClass(): number | undefined; get channelInfoChannelNumber(): number | undefined; get bandInfoSupportedBands(): Uint8Array | undefined; static create(options: WifiOptionsOptions): WifiOptions; } //#endregion //#region src/mdoc/models/retrieval-options.d.ts type RetrievalOptions = WifiOptions | BleOptions | NfcOptions; //#endregion //#region src/mdoc/models/device-retrieval-method.d.ts declare enum DeviceRetrievalMethodType { Nfc = 1, Ble = 2, WifiAware = 3 } declare const deviceRetrievalMethodEncodedSchema: z$1.ZodTuple<[z$1.ZodUnion<[z$1.ZodEnum, z$1.ZodNumber]>, z$1.ZodNumber, z$1.ZodMap], null>; declare const deviceRetrievalMethodDecodedSchema: z$1.ZodObject<{ type: z$1.ZodUnion<[z$1.ZodEnum, z$1.ZodNumber]>; version: z$1.ZodNumber; retrievalOptions: z$1.ZodUnion, z$1.ZodCustom, z$1.ZodCustom, z$1.ZodMap]>; }, z$1.core.$strip>; type DeviceRetrievalMethodEncodedStructure = z$1.infer; type DeviceRetrievalMethodDecodedStructure = z$1.infer; type DeviceRetrievalMethodOptions = { type: DeviceRetrievalMethodType | number; version: number; retrievalOptions: RetrievalOptions; }; declare class DeviceRetrievalMethod extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodNumber]>, z$1.ZodNumber, z$1.ZodMap], null>, z$1.ZodObject<{ type: z$1.ZodUnion<[z$1.ZodEnum, z$1.ZodNumber]>; version: z$1.ZodNumber; retrievalOptions: z$1.ZodUnion, z$1.ZodCustom, z$1.ZodCustom, z$1.ZodMap]>; }, z$1.core.$strip>>; get type(): number; get version(): number; get retrievalOptions(): Map | NfcOptions | BleOptions | WifiOptions; static create(options: DeviceRetrievalMethodOptions): DeviceRetrievalMethod; } //#endregion //#region src/mdoc/models/protocol-info.d.ts declare const protocolInfoSchema: z.ZodUnknown; type ProtocolInfoStructure = z.infer; declare class ProtocolInfo extends CborStructure { static get encodingSchema(): z.ZodUnknown; } //#endregion //#region src/mdoc/models/e-device-key.d.ts type EDeviceKeyDecodedStructure = CoseKeyDecodedStructure; type EDeviceKeyEncodedStructure = CoseKeyEncodedStructure; type EDeviceKeyOptions = CoseKeyOptions; declare class EDeviceKey extends CoseKey$1 {} //#endregion //#region src/mdoc/models/security.d.ts declare const securityEncodedSchema: z$1.ZodTuple<[z$1.ZodNumber, z$1.ZodCustom, DataItem>], null>; declare const securityDecodedSchema: z$1.ZodObject<{ cipherSuiteIdentifier: z$1.ZodNumber; eDeviceKey: z$1.ZodCustom; }, z$1.core.$strip>; type SecurityEncodedStructure = z$1.infer; type SecurityDecodedStructure = z$1.infer; type SecurityOptions = { cipherSuiteIdentifier: number; eDeviceKey: EDeviceKey; }; declare class Security extends CborStructure { static get encodingSchema(): z$1.ZodCodec, DataItem>], null>, z$1.ZodObject<{ cipherSuiteIdentifier: z$1.ZodNumber; eDeviceKey: z$1.ZodCustom; }, z$1.core.$strip>>; get cipherSuiteIdentifier(): number; get eDeviceKey(): EDeviceKey; static create(options: SecurityOptions): Security; } //#endregion //#region src/mdoc/models/oidc.d.ts declare const oidcEncodedSchema: z$1.ZodTuple<[z$1.ZodNumber, z$1.ZodString, z$1.ZodString], null>; declare const oidcDecodedSchema: z$1.ZodObject<{ version: z$1.ZodNumber; issuerUrl: z$1.ZodString; serverRetrievalToken: z$1.ZodString; }, z$1.core.$strip>; type OidcEncodedStructure = z$1.infer; type OidcDecodedStructure = z$1.infer; type OidcOptions = OidcDecodedStructure; declare class Oidc extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodObject<{ version: z$1.ZodNumber; issuerUrl: z$1.ZodString; serverRetrievalToken: z$1.ZodString; }, z$1.core.$strip>>; get version(): number; get issuerUrl(): string; get serverRetrievalToken(): string; static create(options: OidcOptions): Oidc; } //#endregion //#region src/mdoc/models/web-api.d.ts declare const webApiEncodedSchema: z$1.ZodTuple<[z$1.ZodNumber, z$1.ZodString, z$1.ZodString], null>; declare const webApiDecodedSchema: z$1.ZodObject<{ version: z$1.ZodNumber; issuerUrl: z$1.ZodString; serverRetrievalToken: z$1.ZodString; }, z$1.core.$strip>; type WebApiEncodedStructure = z$1.infer; type WebApiDecodedStructure = z$1.infer; type WebApiOptions = WebApiDecodedStructure; declare class WebApi extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodObject<{ version: z$1.ZodNumber; issuerUrl: z$1.ZodString; serverRetrievalToken: z$1.ZodString; }, z$1.core.$strip>>; get version(): number; get issuerUrl(): string; get serverRetrievalToken(): string; static create(options: WebApiOptions): WebApi; } //#endregion //#region src/mdoc/models/server-retrieval-method.d.ts declare const serverRetrievalMethodSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ webApi: WebApi; oidc: Oidc; }, "webApi" | "oidc">>>; type ServerRetrievalMethodDecodedStructure = z$1.output; type ServerRetrievalMethodEncodedStructure = z$1.input; type ServerRetrievalMethodOptions = { webApi?: WebApi; oidc?: Oidc; }; declare class ServerRetrievalMethod extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ webApi: WebApi; oidc: Oidc; }, "webApi" | "oidc">>>; get webApi(): WebApi | undefined; get oidc(): Oidc | undefined; static create(options: ServerRetrievalMethodOptions): ServerRetrievalMethod; } //#endregion //#region src/mdoc/models/device-engagement.d.ts declare enum DeviceEngagementKeys { Version = 0, Security = 1, DeviceRetrievalMethods = 2, ServerRetrievalMethods = 3, ProtocolInfo = 4 } declare const deviceEngagementSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ 0: string; 1: Security; 2: DeviceRetrievalMethod[]; 3: ServerRetrievalMethod[]; 4: ProtocolInfo; }, DeviceEngagementKeys.DeviceRetrievalMethods | DeviceEngagementKeys.ServerRetrievalMethods | DeviceEngagementKeys.ProtocolInfo>>>; type DeviceEngagementEncodedStructure = z$1.input; type DeviceEngagementDecodedStructure = z$1.output; type DeviceEngagementOptions = { version: string; security: Security; deviceRetrievalMethods?: Array; serverRetrievalMethods?: Array; protocolInfo?: ProtocolInfo; }; declare class DeviceEngagement extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ 0: string; 1: Security; 2: DeviceRetrievalMethod[]; 3: ServerRetrievalMethod[]; 4: ProtocolInfo; }, DeviceEngagementKeys.DeviceRetrievalMethods | DeviceEngagementKeys.ServerRetrievalMethods | DeviceEngagementKeys.ProtocolInfo>>>; get version(): string; get security(): Security; get deviceRetrievalMethods(): DeviceRetrievalMethod[] | undefined; get serverRetrievalMethods(): ServerRetrievalMethod[] | undefined; get protocolInfo(): ProtocolInfo | undefined; static create(options: DeviceEngagementOptions): DeviceEngagement; } //#endregion //#region src/mdoc/models/e-reader-key.d.ts type EReaderKeyDecodedStructure = CoseKeyDecodedStructure; type EReaderKeyEncodedStructure = CoseKeyEncodedStructure; type EReaderKeyOptions = CoseKeyOptions; declare class EReaderKey extends CoseKey$1 {} //#endregion //#region src/mdoc/models/handover.d.ts declare abstract class Handover extends CborStructure { static tryDecodeHandover>(this: { new (structure: any): T; fromEncodedStructure: (encodedStructure: EncodedStructureType) => { decodedStructure: DecodedStructureType; }; }, structure: unknown): T | null; /** * Whether this handover structure requires a reader key. Can * be overridden in extending handover classes. */ get requiresReaderKey(): boolean; /** * Whether this handover structure requires device engagement structure. Can * be overridden in extending handover classes. */ get requiresDeviceEngagement(): boolean; } //#endregion //#region src/mdoc/models/iso-mdoc-dc-api-handover.d.ts type IsoMdocDcApiHandoverOptions = { encryptionInfoBase64Url: string; origin: string; }; //#endregion //#region src/mdoc/models/oid4vp-dc-api-draft24-handover-info.d.ts type Oid4vpDcApiDraft24HandoverInfoOptions = { origin: string; clientId: string; nonce: string; }; //#endregion //#region src/mdoc/models/oid4vp-dc-api-handover-info.d.ts type Oid4vpDcApiHandoverInfoOptions = { origin: string; nonce: string; jwkThumbprint?: Uint8Array; }; //#endregion //#region src/mdoc/models/oid4vp-handover-info.d.ts type Oid4vpHandoverInfoOptions = { clientId: string; nonce: string; jwkThumbprint?: Uint8Array; responseUri: string; }; //#endregion //#region src/mdoc/models/oid4vp-iae-handover-info.d.ts type Oid4vpIaeHandoverInfoOptions = { interactiveAuthorizationEndpoint: string; nonce: string; jwkThumbprint?: Uint8Array; }; //#endregion //#region src/mdoc/models/session-transcript.d.ts declare const sessionTranscriptEncodedSchema: z$1.ZodTuple<[z$1.ZodNullable>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>; declare const sessionTranscriptDecodedSchema: z$1.ZodObject<{ deviceEngagement: z$1.ZodNullable>; eReaderKey: z$1.ZodNullable>; handover: z$1.ZodCustom, Handover>; }, z$1.core.$strip>; type SessionTranscriptDecodedStructure = z$1.infer; type SessionTranscriptEncodedStructure = z$1.infer; type SessionTranscriptOptions = { deviceEngagement?: DeviceEngagement; eReaderKey?: EReaderKey; handover: Handover; }; declare class SessionTranscript extends CborStructure { static get encodingSchema(): z$1.ZodCodec>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>, z$1.ZodObject<{ deviceEngagement: z$1.ZodNullable>; eReaderKey: z$1.ZodNullable>; handover: z$1.ZodCustom, Handover>; }, z$1.core.$strip>>; get deviceEngagement(): DeviceEngagement | null; get eReaderKey(): EReaderKey | null; get handover(): Handover; static create(options: SessionTranscriptOptions): SessionTranscript; /** * Create a SessionTranscript for QR handover (ISO 18013-5 proximity presentation). * * For QR handover, exact CBOR bytes matter for session key derivation. * Use DeviceEngagement.decode() and EReaderKey.decode() to preserve original bytes - * calling encode() on decoded objects will return the identical bytes. */ static forQrHandover(options: { deviceEngagement: DeviceEngagement; eReaderKey: EReaderKey; }): SessionTranscript; static forOid4VpDcApiDraft24(options: Oid4vpDcApiDraft24HandoverInfoOptions, ctx: Pick): Promise; static forOid4VpDcApi(options: Oid4vpDcApiHandoverInfoOptions, ctx: Pick): Promise; /** * Create a SessionTranscript for the ISO 18013-7 Annex C * `org-iso-mdoc` DC API protocol. */ static forIsoMdocDcApi(options: IsoMdocDcApiHandoverOptions, ctx: Pick): Promise; static forOid4VpIae(options: Oid4vpIaeHandoverInfoOptions, ctx: Pick): Promise; static forOid4Vp(options: Oid4vpHandoverInfoOptions, ctx: Pick): Promise; /** * Calculate the session transcript bytes as defined in 18013-7 first edition, based * on OpenID4VP draft 18. */ static forOid4VpDraft18(options: { clientId: string; responseUri: string; verifierGeneratedNonce: string; mdocGeneratedNonce: string; }, ctx: Pick): Promise; } //#endregion //#region src/mdoc/models/device-mac.d.ts type DeviceMacEncodedStructure = Mac0EncodedStructure; type DeviceMacDecodedStructure = Mac0DecodedStructure; type DeviceMacOptions = Mac0Options; declare class DeviceMac extends Mac0$1 { verify(options: { publicKey: CoseKey$1; privateKey: CoseKey$1; info?: 'EMacKey' | 'SKReader' | 'SKDevice'; sessionTranscript: SessionTranscript | Uint8Array; detachedPayload?: Uint8Array; }, ctx: Pick): Promise; static create(options: DeviceMacOptions): DeviceMac; createDeviceMacKey(options: { publicKey: CoseKey$1; privateKey: CoseKey$1; sessionTranscript: SessionTranscript | Uint8Array; info?: 'EMacKey' | 'SKReader' | 'SKDevice'; }, ctx: Pick): Promise>; } //#endregion //#region src/mdoc/models/device-signature.d.ts type DeviceSignatureEncodedStructure = Sign1EncodedStructure; type DeviceSignatureDecodedStructure = Sign1DecodedStructure; type DeviceSignatureOptions = Sign1Options; declare class DeviceSignature extends Sign1$1 {} //#endregion //#region src/mdoc/models/identifier-list.d.ts declare const identifierListSchema: z$1.ZodCodec, z$1.ZodCustom, Map>; aggregation_uri: string; }, "aggregation_uri">, TypedMap<{ identifiers: Map, Map>; aggregation_uri: string; }, "aggregation_uri">>>; type IdentifierListDecodedStructure = z$1.output; type IdentifierListEncodedStructure = z$1.input; type IdentifierListOptions = { identifiers: Array; aggregationUri?: string; }; declare class IdentifierList extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, Map>; aggregation_uri: string; }, "aggregation_uri">, TypedMap<{ identifiers: Map, Map>; aggregation_uri: string; }, "aggregation_uri">>>; get identifiers(): Map, Map>; get aggregationUri(): string | undefined; includes(id: Uint8Array): boolean; static create(options: IdentifierListOptions): IdentifierList; } //#endregion //#region src/mdoc/models/identifier-list-cwt-payload.d.ts /** * CWT payload claim carrying the identifier list (ISO/IEC 18013-5 second * edition § 12.3.6). Mirrors `StatusListCwtPayload` from * `@owf/token-status-list`. */ declare enum IdentifierListCwtClaimKey { IdentifierList = 65530 } /** * Generic CWT registered claim keys not yet exposed by `@owf/cose`'s * `RegisteredCwtClaimKey`. Inline pending an upstream addition. */ declare enum CwtClaimKey { /** `typ` claim, RFC 9596 § 4.1. */ Typ = 16 } /** CWT content type strings used by ISO 18013-5 revocation lists. */ declare enum MediaTypes { IdentifierListCwt = "application/identifierlist+cwt" } declare const identifierListCwtPayloadSchema: z.ZodCodec, z.ZodCustom, TypedMap<{ 2: string; 4: number; 6: number; 16: MediaTypes; 65530: IdentifierList; }, RegisteredCwtClaimKey$1.Subject | RegisteredCwtClaimKey$1.IssuedAt>>>; type IdentifierListCwtPayloadEncodedStructure = z.infer; type IdentifierListCwtPayloadDecodedStructure = z.infer; type CreateIdentifierListCwtPayloadOptions = { identifierList: IdentifierList; subject?: string; issuedAt?: Date; expirationTime?: Date; }; declare class IdentifierListCwtPayload extends CborStructure { static get encodingSchema(): z.ZodCodec, z.ZodCustom, TypedMap<{ 2: string; 4: number; 6: number; 16: MediaTypes; 65530: IdentifierList; }, RegisteredCwtClaimKey$1.Subject | RegisteredCwtClaimKey$1.IssuedAt>>>; static create(options: CreateIdentifierListCwtPayloadOptions): IdentifierListCwtPayload; get identifierList(): IdentifierList; get subject(): string | undefined; get issuedAt(): Date | undefined; get expirationTime(): Date | undefined; } //#endregion //#region src/mdoc/models/identifier-list-cwt.d.ts /** * Signed CWT carrying the list of revoked MSO identifiers (ISO/IEC 18013-5 * second edition § 12.3.6). The payload is decoded as * `IdentifierListCwtPayload`; signature verification mirrors `StatusListCwt`. */ declare class IdentifierListCwt { private readonly cwt; readonly payload: IdentifierListCwtPayload; private constructor(); static fromBytes(bytes: Uint8Array): IdentifierListCwt; static fetch(uri: string, ctx: Pick): Promise; get protectedHeaders(): ProtectedHeaders$1 | undefined; /** Leaf cert + chain from the CWT's protected x5chain header, normalized to an array. */ get x5chain(): Array | undefined; get algorithm(): SignatureAlgorithm$1 | undefined; /** Verify the COSE_Sign1 signature against the provided public key. */ verifySignature(options: { key: CoseKey$1; }, ctx: Pick): Promise; /** True when `id` appears in the published list (and the credential is therefore revoked). */ includes(id: Uint8Array): boolean; } //#endregion //#region src/mdoc/models/device-key.d.ts type DeviceKeyDecodedStructure = CoseKeyDecodedStructure; type DeviceKeyEncodedStructure = CoseKeyEncodedStructure; type DeviceKeyOptions = CoseKeyOptions; declare class DeviceKey extends CoseKey$1 {} //#endregion //#region src/mdoc/models/namespace.d.ts type Namespace = string; //#endregion //#region src/mdoc/models/key-authorizations.d.ts declare const keyAuthorizationsSchema: z$1.ZodCodec, z$1.ZodCustom; }, "nameSpaces" | "dataElements">, TypedMap<{ nameSpaces: string[]; dataElements: Map; }, "nameSpaces" | "dataElements">>>; type KeyAuthorizationsEncodedStructure = z$1.input; type KeyAuthorizationsDecodedStructure = z$1.output; type KeyAuthorizationsOptions = { namespaces?: Array; dataElements?: Map>; }; declare class KeyAuthorizations extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; }, "nameSpaces" | "dataElements">, TypedMap<{ nameSpaces: string[]; dataElements: Map; }, "nameSpaces" | "dataElements">>>; get namespaces(): string[] | undefined; get dataElements(): Map | undefined; static create(options: KeyAuthorizationsOptions): KeyAuthorizations; } //#endregion //#region src/mdoc/models/key-info.d.ts declare const keyInfoSchema: z$1.ZodMap; type KeyInfoEncodedStructure = z$1.input; type KeyInfoDecodedStructure = z$1.output; type KeyInfoOptions = { keyInfo: Map; }; declare class KeyInfo extends CborStructure { static get encodingSchema(): z$1.ZodMap; get keyInfo(): Map; static create(options: KeyInfoOptions): KeyInfo; } //#endregion //#region src/mdoc/models/device-key-info.d.ts declare const deviceKeyInfoSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ deviceKey: DeviceKey; keyAuthorizations: KeyAuthorizations; keyInfo: KeyInfo; }, "keyAuthorizations" | "keyInfo">>>; type DeviceKeyInfoDecodedStructure = z$1.output; type DeviceKeyInfoEncodedStructure = z$1.input; type DeviceKeyInfoOptions = { deviceKey: DeviceKey; keyAuthorizations?: KeyAuthorizations; keyInfo?: KeyInfo; }; declare class DeviceKeyInfo extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ deviceKey: DeviceKey; keyAuthorizations: KeyAuthorizations; keyInfo: KeyInfo; }, "keyAuthorizations" | "keyInfo">>>; get deviceKey(): DeviceKey; get keyAuthorizations(): KeyAuthorizations | undefined; get keyInfo(): KeyInfo | undefined; static create(options: DeviceKeyInfoOptions): DeviceKeyInfo; } //#endregion //#region src/mdoc/models/doctype.d.ts type DocType = string; //#endregion //#region src/mdoc/models/identifier-list-info.d.ts /** * IdentifierListInfo carries an opaque per-MSO identifier and the location of * the published list of revoked identifiers. * * Defined in ISO/IEC 18013-5 second edition (CD), 12.3.6. * * The `id` is an opaque byte string the issuer assigns to this MSO (recommended * unique and random per credential). Revocation is signalled by publishing the * id in the identifier list at `uri`. Absence from the list means the credential * is valid. */ declare const identifierListInfoSchema: z$1.ZodCodec, z$1.ZodCustom; certificate: Uint8Array; uri: string; }, "certificate">, TypedMap<{ id: Uint8Array; certificate: Uint8Array; uri: string; }, "certificate">>>; type IdentifierListInfoDecodedStructure = z$1.output; type IdentifierListInfoEncodedStructure = z$1.input; type IdentifierListInfoOptions = { id: Uint8Array; uri: string; certificate?: Uint8Array; }; declare class IdentifierListInfo extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; certificate: Uint8Array; uri: string; }, "certificate">, TypedMap<{ id: Uint8Array; certificate: Uint8Array; uri: string; }, "certificate">>>; get id(): Uint8Array; get uri(): string; get certificate(): Uint8Array | undefined; static create(options: IdentifierListInfoOptions): IdentifierListInfo; } //#endregion //#region src/mdoc/models/status.d.ts /** * Status references one or both of the revocation mechanisms defined in * ISO/IEC 18013-5 second edition (CD), 12.3.6: * * Status = { * ? "status_list": StatusListInfo, ; IETF Token Status List entry * ? "identifier_list": IdentifierListInfo, * * tstr => RFU, * } * * Either or both members may be present. The mDL profile uses only the * VALID / INVALID states (no temporary suspension). * * Status is embedded inside the MobileSecurityObject as an optional member * so issuers can publish revocation status for issued credentials, and * verifiers can check it during presentation. */ declare const statusSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ status_list: StatusListInfo$1; identifier_list: IdentifierListInfo; }, "status_list" | "identifier_list">>>; type StatusDecodedStructure = z$1.output; type StatusEncodedStructure = z$1.input; type StatusOptions = { statusList?: StatusListInfo$1 | StatusListInfoOptions; identifierList?: IdentifierListInfo | IdentifierListInfoOptions; }; declare class Status extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ status_list: StatusListInfo$1; identifier_list: IdentifierListInfo; }, "status_list" | "identifier_list">>>; get statusList(): StatusListInfo$1 | undefined; get identifierList(): IdentifierListInfo | undefined; static create(options: StatusOptions): Status; } //#endregion //#region src/mdoc/models/validity-info.d.ts declare const validityInfoSchema: z$1.ZodCodec, z$1.ZodCustom, import("@owf/cose").TypedMap<{ signed: Date; validFrom: Date; validUntil: Date; expectedUpdate: Date; }, "expectedUpdate">>>; type ValidityInfoEncodedStructure = z$1.input; type ValidityInfoDecodedStructure = z$1.output; type ValidityInfoOptions = { signed: Date; validFrom: Date; validUntil: Date; expectedUpdate?: Date; }; declare class ValidityInfo extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, import("@owf/cose").TypedMap<{ signed: Date; validFrom: Date; validUntil: Date; expectedUpdate: Date; }, "expectedUpdate">>>; get signed(): Date; get validFrom(): Date; get validUntil(): Date; get expectedUpdate(): Date | undefined; isSignedBetweenDates(notBefore: Date, notAfter: Date, skewSeconds?: number): boolean; isValidUntilAfterNow(now?: Date, skewSeconds?: number): boolean; isValidFromBeforeNow(now?: Date, skewSeconds?: number): boolean; static create(options: ValidityInfoOptions): ValidityInfo; } //#endregion //#region src/mdoc/models/digest-id.d.ts type DigestId = number; //#endregion //#region src/mdoc/models/value-digests.d.ts declare const valueDigestsSchema: z$1.ZodMap, Uint8Array>>>; type ValueDigestsStructure = z$1.infer; type ValueDigestOptions = { digests: ValueDigestsStructure; }; declare class ValueDigests extends CborStructure { static get encodingSchema(): z$1.ZodMap, Uint8Array>>>; get valueDigests(): Map>>; static create(options: ValueDigestOptions): ValueDigests; getDigestForNamespace(namespace: Namespace, digestId: DigestId): Uint8Array | undefined; hasDigestForNamespace(namespace: Namespace, digestId: DigestId): boolean; getNamespaces(): Namespace[]; getDigestIdsForNamespace(namespace: Namespace): DigestId[]; } //#endregion //#region src/mdoc/models/mobile-security-object.d.ts declare const mobileSecurityObjectSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: "1.0"; status: Status; docType: string; digestAlgorithm: "SHA-256" | "SHA-384" | "SHA-512"; valueDigests: ValueDigests; deviceKeyInfo: DeviceKeyInfo; validityInfo: ValidityInfo; }, "status">>>; type MobileSecurityObjectDecodedStructure = z$1.output; type MobileSecurityObjectEncodedStructure = z$1.input; type MobileSecurityObjectOptions = { version?: '1.0'; digestAlgorithm: DigestAlgorithm; docType: DocType; valueDigests: ValueDigests; validityInfo: ValidityInfo; deviceKeyInfo: DeviceKeyInfo; status?: Status; }; declare class MobileSecurityObject extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: "1.0"; status: Status; docType: string; digestAlgorithm: "SHA-256" | "SHA-384" | "SHA-512"; valueDigests: ValueDigests; deviceKeyInfo: DeviceKeyInfo; validityInfo: ValidityInfo; }, "status">>>; get version(): "1.0"; get digestAlgorithm(): "SHA-256" | "SHA-384" | "SHA-512"; get docType(): string; get validityInfo(): ValidityInfo; get valueDigests(): ValueDigests; get deviceKeyInfo(): DeviceKeyInfo; get status(): Status | undefined; static create(options: MobileSecurityObjectOptions): MobileSecurityObject; } //#endregion //#region src/mdoc/models/issuer-auth.d.ts type IssuerAuthEncodedStructure = Sign1EncodedStructure; type IssuerAuthOptions = Omit & { payload?: Sign1Options['payload'] | MobileSecurityObject; }; type IssuerAuthVerificationResult = { trustedIssuanceChain: Uint8Array[]; statusList?: StatusListCwt; trustedStatusListChain?: Uint8Array[]; identifierList?: IdentifierListCwt; trustedIdentifierListChain?: Uint8Array[]; }; declare class IssuerAuth extends Sign1$1 { static create(options: IssuerAuthOptions): IssuerAuth; get mobileSecurityObject(): MobileSecurityObject; getIssuingCountry(ctx: Pick): string; getIssuingStateOrProvince(ctx: Pick): string; /** * Verifies the MSO's revocation status. Throws on revocation or * a CWT-signature failure; succeeds silently otherwise. * * @todo return the full verified chain for audit / compliance. */ verifyStatus({ now, checkFreshness, trustedStatusCertificates }: { now?: Date; checkFreshness?: boolean; trustedStatusCertificates?: Uint8Array[]; }, ctx: Pick): Promise<{ statusList?: StatusListCwt; trustedStatusListChain?: Uint8Array[]; identifierList?: IdentifierListCwt; trustedIdentifierListChain?: Uint8Array[]; }>; verify(options: { verificationCallback?: VerificationCallback; now?: Date; trustedCertificates?: Array<{ issuance: Uint8Array[]; status?: Uint8Array[]; }>; disableCertificateChainValidation?: boolean; disableStatusValidation?: boolean; skewSeconds?: number; }, ctx: Pick): Promise; } //#endregion //#region src/mdoc/models/issuer-signed-item.d.ts declare const issuerSignedItemSchema: z$1.ZodCodec, z$1.ZodCustom; elementIdentifier: string; elementValue: unknown; }, never>, import("@owf/cose").TypedMap<{ digestID: number; random: Uint8Array; elementIdentifier: string; elementValue: unknown; }, never>>>; type IssuerSignedItemEncodedStructure = z$1.input; type IssuerSignedItemDecodedStructure = z$1.output; type IssuerSignedItemOptions = { digestId: number; random: Uint8Array; elementIdentifier: DataElementIdentifier; elementValue: DataElementValue; }; declare class IssuerSignedItem extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; elementIdentifier: string; elementValue: unknown; }, never>, import("@owf/cose").TypedMap<{ digestID: number; random: Uint8Array; elementIdentifier: string; elementValue: unknown; }, never>>>; get random(): Uint8Array; get elementIdentifier(): string; get elementValue(): unknown; get digestId(): number; isValid(namespace: Namespace, issuerAuth: IssuerAuth, ctx: Pick): Promise; matchCertificate(issuerAuth: IssuerAuth, ctx: Pick): boolean; static fromOptions(options: IssuerSignedItemOptions): IssuerSignedItem; } //#endregion //#region src/mdoc/models/device-signed-items.d.ts declare const deviceSignedItemsSchema: z$1.ZodMap; type DeviceSignedItemsStructure = z$1.infer; type DeviceSignedItemsOptions = { deviceSignedItems: Map; }; declare class DeviceSignedItems extends CborStructure { static get encodingSchema(): z$1.ZodMap; get deviceSignedItems(): Map; static create(options: DeviceSignedItemsOptions): DeviceSignedItems; } //#endregion //#region src/mdoc/models/device-namespaces.d.ts declare const deviceNamespacesEncodedSchema: z$1.ZodMap>; declare const deviceNamespacesDecodedSchema: z$1.ZodMap>; type DeviceNamespacesDecodedStructure = z$1.infer; type DeviceNamespacesEncodedStructure = z$1.infer; type DeviceNamespacesOptions = { deviceNamespaces: Map; }; declare class DeviceNamespaces extends CborStructure { static get encodingSchema(): z$1.ZodCodec>, z$1.ZodMap>>; get deviceNamespaces(): Map; static create(options: DeviceNamespacesOptions): DeviceNamespaces; } //#endregion //#region src/mdoc/models/device-signed.d.ts declare const deviceSignedSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ nameSpaces: DeviceNamespaces; deviceAuth: DeviceAuth; }, never>>>; type DeviceSignedDecodedStructure = z$1.output; type DeviceSignedEncodedStructure = z$1.input; type DeviceSignedOptions = { deviceNamespaces: DeviceNamespaces; deviceAuth: DeviceAuth; }; declare class DeviceSigned extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ nameSpaces: DeviceNamespaces; deviceAuth: DeviceAuth; }, never>>>; get deviceNamespaces(): DeviceNamespaces; get deviceAuth(): DeviceAuth; static create(options: DeviceSignedOptions): DeviceSigned; } //#endregion //#region src/mdoc/models/error-code.d.ts type ErrorCode = number; //#endregion //#region src/mdoc/models/error-items.d.ts declare const errorItemsSchema: z.ZodMap; type ErrorItemsStructure = Map; type ErrorItemsOptions = { errorItems: ErrorItemsStructure; }; declare class ErrorItems extends CborStructure { static get encodingSchema(): z.ZodMap; static create(options: ErrorItemsOptions): ErrorItems; } //#endregion //#region src/mdoc/models/issuer-namespaces.d.ts declare const issuerNamespacesEncodedSchema: z.ZodMap, DataItem>>>; declare const issuerNamespacesDecodedSchema: z.ZodMap>>; type IssuerNamespacesEncodedStructure = z.infer; type IssuerNamespacesDecodedStructure = z.infer; type IssuerNamespacesOptions = { issuerNamespaces: IssuerNamespacesDecodedStructure; }; declare class IssuerNamespaces extends CborStructure { static get encodingSchema(): z.ZodCodec, DataItem>>>, z.ZodMap>>>; get issuerNamespaces(): Map; getIssuerNamespace(namespace: string): IssuerSignedItem[] | undefined; setIssuerNamespace(namespace: string, issuerSignedItems: IssuerSignedItem[]): Map; static create(options: IssuerNamespacesOptions): IssuerNamespaces; } //#endregion //#region src/mdoc/models/issuer-signed.d.ts declare const issuerSignedSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ nameSpaces: IssuerNamespaces; issuerAuth: IssuerAuth; }, never>>>; type IssuerSignedDecodedStructure = z$1.output; type IssuerSignedEncodedStructure = z$1.input; type IssuerSignedOptions = { issuerNamespaces?: IssuerNamespaces; issuerAuth: IssuerAuth; }; type IssuerSignedVerificationResult = IssuerAuthVerificationResult; declare class IssuerSigned extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ nameSpaces: IssuerNamespaces; issuerAuth: IssuerAuth; }, never>>>; get issuerNamespaces(): IssuerNamespaces; get issuerAuth(): IssuerAuth; getIssuerNamespace(namespace: Namespace): IssuerSignedItem[] | undefined; getPrettyClaims(namespace: Namespace): {} | undefined; get encodedForOid4Vci(): string; static fromEncodedForOid4Vci(encoded: string): IssuerSigned; verify(options: { verificationCallback?: VerificationCallback; now?: Date; trustedCertificates?: Array<{ issuance: Uint8Array[]; status?: Uint8Array[]; }>; disableCertificateChainValidation?: boolean; disableStatusValidation?: boolean; skewSeconds?: number; }, ctx: Pick): Promise; static create(options: IssuerSignedOptions): IssuerSigned; } //#endregion //#region src/mdoc/models/document.d.ts declare const documentSchema: z$1.ZodCodec, z$1.ZodCustom; docType: string; issuerSigned: IssuerSigned; deviceSigned: DeviceSigned; }, "errors">, TypedMap<{ errors: Map; docType: string; issuerSigned: IssuerSigned; deviceSigned: DeviceSigned; }, "errors">>>; type DocumentDecodedStructure = z$1.output; type DocumentEncodedStructure = z$1.input; type DocumentOptions = { docType: DocType; issuerSigned: IssuerSigned; deviceSigned: DeviceSigned; errors?: Map; }; declare class Document extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom; docType: string; issuerSigned: IssuerSigned; deviceSigned: DeviceSigned; }, "errors">, TypedMap<{ errors: Map; docType: string; issuerSigned: IssuerSigned; deviceSigned: DeviceSigned; }, "errors">>>; get docType(): string; get issuerSigned(): IssuerSigned; get deviceSigned(): DeviceSigned; get errors(): Map | undefined; getIssuerNamespace(namespace: Namespace): IssuerSignedItem[] | undefined; static create(options: DocumentOptions): Document; } //#endregion //#region src/mdoc/models/device-auth.d.ts declare const deviceAuthSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ deviceSignature: DeviceSignature; deviceMac: DeviceMac; }, "deviceSignature" | "deviceMac">>>; type DeviceAuthDecodedStructure = z$1.output; type DeviceAuthEncodedStructure = z$1.input; type DeviceAuthOptions = { deviceSignature?: DeviceSignature; deviceMac?: DeviceMac; }; declare class DeviceAuth extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ deviceSignature: DeviceSignature; deviceMac: DeviceMac; }, "deviceSignature" | "deviceMac">>>; get deviceSignature(): DeviceSignature | undefined; get deviceMac(): DeviceMac | undefined; verify(options: { document: Document; verificationCallback?: VerificationCallback; ephemeralMacPrivateKey?: CoseKey$1; sessionTranscript: SessionTranscript | Uint8Array; }, ctx: Pick): Promise; static create(options: DeviceAuthOptions): DeviceAuth; } //#endregion //#region src/mdoc/models/device-authentication.d.ts declare const deviceAuthenticationEncodedSchema: z$1.ZodTuple<[z$1.ZodLiteral<"DeviceAuthentication">, z$1.ZodTuple<[z$1.ZodNullable>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>, z$1.ZodString, z$1.ZodCustom>>, DataItem>>>], null>; declare const deviceAuthenticationDecodedSchema: z$1.ZodObject<{ sessionTranscript: z$1.ZodCustom; docType: z$1.ZodString; deviceNamespaces: z$1.ZodCustom; }, z$1.core.$strip>; type DeviceAuthenticationDecodedStructure = z$1.infer; type DeviceAuthenticationEncodedStructure = z$1.infer; type DeviceAuthenticationOptions = { sessionTranscript: SessionTranscript | Uint8Array; docType: DocType; deviceNamespaces: DeviceNamespaces; }; declare class DeviceAuthentication extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodTuple<[z$1.ZodNullable>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>, z$1.ZodString, z$1.ZodCustom>>, DataItem>>>], null>, z$1.ZodObject<{ sessionTranscript: z$1.ZodCustom; docType: z$1.ZodString; deviceNamespaces: z$1.ZodCustom; }, z$1.core.$strip>>; get sessionTranscript(): SessionTranscript; get docType(): string; get deviceNamespaces(): DeviceNamespaces; static create(options: DeviceAuthenticationOptions): DeviceAuthentication; } //#endregion //#region src/mdoc/models/intent-to-retain.d.ts type IntentToRetain = boolean; //#endregion //#region src/mdoc/models/items-request.d.ts declare const namespacesSchema: z$1.ZodMap>; declare const itemsRequestSchema: z$1.ZodCodec, z$1.ZodCustom>; }, never>, import("@owf/cose").TypedMap<{ docType: string; nameSpaces: Map>; }, never>>>; type ItemsRequestEncodedStructure = z$1.input; type ItemsRequestDecodedStructure = z$1.output; type NamespacesStructure = z$1.infer; type ItemsRequestOptions = { docType: DocType; namespaces: NamespacesStructure | Record>; }; declare class ItemsRequest extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom>; }, never>, import("@owf/cose").TypedMap<{ docType: string; nameSpaces: Map>; }, never>>>; get docType(): string; get namespaces(): Map>; static create(options: ItemsRequestOptions): ItemsRequest; } //#endregion //#region src/mdoc/models/reader-authentication.d.ts declare const readerAuthenticationEncodedSchema: z$1.ZodTuple<[z$1.ZodLiteral<"ReaderAuthentication">, z$1.ZodTuple<[z$1.ZodNullable>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>, z$1.ZodCustom>, DataItem>>], null>; declare const readerAuthenticationDecodedSchema: z$1.ZodObject<{ sessionTranscript: z$1.ZodCustom; itemsRequest: z$1.ZodCustom; }, z$1.core.$strip>; type ReaderAuthenticationDecodedStructure = z$1.infer; type ReaderAuthenticationEncodedStructure = z$1.infer; type ReaderAuthenticationOptions = { sessionTranscript: SessionTranscript; itemsRequest: ItemsRequest; }; declare class ReaderAuthentication extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodTuple<[z$1.ZodNullable>, DataItem>>>, z$1.ZodNullable>, DataItem>>>, z$1.ZodUnknown], null>, z$1.ZodCustom>, DataItem>>], null>, z$1.ZodObject<{ sessionTranscript: z$1.ZodCustom; itemsRequest: z$1.ZodCustom; }, z$1.core.$strip>>; get sessionTranscript(): SessionTranscript; get itemsRequest(): ItemsRequest; static create(options: ReaderAuthenticationOptions): ReaderAuthentication; } //#endregion //#region src/mdoc/models/reader-auth.d.ts type ReaderAuthEncodedStructure = Sign1EncodedStructure; type ReaderAuthDecodedStructure = Sign1DecodedStructure; type ReaderAuthOptions = Sign1Options; declare class ReaderAuth extends Sign1$1 { verify(options: { readerAuthentication: ReaderAuthentication | ReaderAuthenticationOptions; verificationCallback?: VerificationCallback; /** * Trust anchors for the reader's certificate chain (e.g. CAs listed in a * RICAL). When provided, the chain in this Sign1's x5chain header is * validated against these anchors per RFC 5280. When omitted, only the * detached signature is verified — chain trust is not established. */ trustedCertificates?: Array; now?: Date; }, ctx: Pick): Promise; static create(options: ReaderAuthOptions): ReaderAuth; } //#endregion //#region src/mdoc/models/doc-request.d.ts declare const docRequestSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ itemsRequest: ItemsRequest; readerAuth: ReaderAuth; }, "readerAuth">>>; type DocRequestDecodedStructure = z$1.output; type DocRequestEncodedStructure = z$1.input; type DocRequestOptions = { itemsRequest: ItemsRequest; readerAuth?: ReaderAuth; }; declare class DocRequest extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ itemsRequest: ItemsRequest; readerAuth: ReaderAuth; }, "readerAuth">>>; get itemsRequest(): ItemsRequest; get readerAuth(): ReaderAuth | undefined; static create(options: DocRequestOptions): DocRequest; } //#endregion //#region src/mdoc/models/device-request.d.ts declare const deviceRequestSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: string; docRequests: DocRequest[]; }, never>>>; type DeviceRequestDecodedStructure = z$1.output; type DeviceRequestEncodedStructure = z$1.input; type DeviceRequestOptions = { version?: string; docRequests: Array; }; declare class DeviceRequest extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: string; docRequests: DocRequest[]; }, never>>>; get version(): string; get docRequests(): DocRequest[]; static create(options: DeviceRequestOptions): DeviceRequest; } //#endregion //#region src/mdoc/models/document-error.d.ts declare const documentErrorSchema: z$1.ZodMap; type DocumentErrorStructure = z$1.infer; type DocumentErrorOptions = { documentError: DocumentErrorStructure; }; declare class DocumentError extends CborStructure { static get encodingSchema(): z$1.ZodMap; /** * Map where keys are namespaces and values are error codes */ get documentError(): Map; static create(options: DocumentErrorOptions): DocumentError; } //#endregion //#region src/mdoc/models/device-response.d.ts declare const deviceResponseEncodedSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: string; status: number; documents: unknown[]; documentErrors: unknown[]; }, "documents" | "documentErrors">>>; declare const deviceResponseDecodedSchema: z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: string; status: number; documents: Document[]; documentErrors: DocumentError[]; }, "documents" | "documentErrors">>>; type DeviceResponseEncodedStructure = z$1.input; type DeviceResponseDecodedStructure = z$1.output; type DeviceResponseOptions = { version?: string; documents?: Array; documentErrors?: Array; status?: number; }; type DeviceResponseVerificationResult = Array; declare class DeviceResponse extends CborStructure { static get encodingSchema(): z$1.ZodCodec, z$1.ZodCustom, TypedMap<{ version: string; status: number; documents: Document[]; documentErrors: DocumentError[]; }, "documents" | "documentErrors">>>; get version(): string; get documents(): Document[] | undefined; get documentErrors(): DocumentError[] | undefined; get status(): number; verify(options: { deviceRequest?: DeviceRequest; sessionTranscript: SessionTranscript | Uint8Array; ephemeralReaderKey?: CoseKey$1; disableCertificateChainValidation?: boolean; disableStatusValidation?: boolean; trustedCertificates: Array<{ issuance: Uint8Array[]; status?: Uint8Array[]; }>; now?: Date; onCheck?: VerificationCallback; skewSeconds?: number; }, ctx: Pick): Promise; get encodedForOid4Vp(): string; static fromEncodedForOid4Vp(encoded: string): DeviceResponse; private static create; static createWithDeviceRequest(options: { deviceRequest: DeviceRequest; sessionTranscript: SessionTranscript | Uint8Array; issuerSigned: Array; deviceNamespaces?: DeviceNamespaces; mac?: { ephemeralKey: CoseKey$1; signingKey: CoseKey$1; }; signature?: { signingKey: CoseKey$1; }; }, ctx: Pick): Promise; static createSimple(options: DeviceResponseOptions): DeviceResponse; } //#endregion //#region src/mdoc/models/digest.d.ts type Digest = Uint8Array; //#endregion //#region src/mdoc/models/errors.d.ts declare const errorsEncodedSchema: z.ZodMap>; declare const errorsDecodedSchema: z.ZodMap>; type ErrorsEncodedStructure = z.infer; type ErrorsDecodedStructure = z.infer; type ErrorsOptions = { errors: ErrorsDecodedStructure; }; declare class Errors extends CborStructure { static get encodingSchema(): z.ZodCodec>, z.ZodMap>>; } //#endregion //#region src/mdoc/models/nfc-handover.d.ts declare const nfcHandoverEncodedSchema: z.ZodTuple<[z.ZodCustom, Uint8Array>, z.ZodNullable, Uint8Array>>], null>; declare const nfcHandoverDecodedSchema: z.ZodObject<{ selectMessage: z.ZodCustom, Uint8Array>; requestMessage: z.ZodNullable, Uint8Array>>; }, z.core.$strip>; type NfcHandoverEncodedStructure = z.infer; type NfcHandoverDecodedStructure = z.infer; type NfcHandoverOptions = { selectMessage: Uint8Array; requestMessage?: Uint8Array; }; declare class NfcHandover extends Handover { static get encodingSchema(): z.ZodCodec, Uint8Array>, z.ZodNullable, Uint8Array>>], null>, z.ZodObject<{ selectMessage: z.ZodCustom, Uint8Array>; requestMessage: z.ZodNullable, Uint8Array>>; }, z.core.$strip>>; get selectMessage(): Uint8Array; get requestMessage(): Uint8Array | null; static create(options: NfcHandoverOptions): NfcHandover; get requiresReaderKey(): boolean; get requiresDeviceEngagement(): boolean; } //#endregion //#region src/mdoc/models/qr-handover.d.ts declare const qrHandoverSchema: z.ZodNull; type QrHandoverStructure = z.infer; declare class QrHandover extends Handover { static get encodingSchema(): z.ZodNull; get requiresReaderKey(): boolean; get requiresDeviceEngagement(): boolean; static create(): QrHandover; } //#endregion //#region src/mdoc/builders/device-signed-builder.d.ts declare class DeviceSignedBuilder { private docType; private namespaces; private ctx; constructor(docType: DocType, ctx: Pick); addDeviceNamespace(namespace: Namespace, value: Record): this; sign(options: { signingKey: CoseKey$1; algorithm: SignatureAlgorithm$1; sessionTranscript: SessionTranscript; certificate: Uint8Array; }): Promise; tag(options: { publicKey: CoseKey$1; privateKey: CoseKey$1; sessionTranscript: SessionTranscript; algorithm: MacAlgorithm; certificate: Uint8Array; }): Promise; } //#endregion //#region src/mdoc/builders/issuer-signed-builder.d.ts declare class IssuerSignedBuilder { private docType; private namespaces; private ctx; constructor(docType: DocType, ctx: Pick); addIssuerNamespace(namespace: Namespace, values: Record | Map): this; private convertIssuerNamespacesIntoValueDigests; sign(options: { signingKey: CoseKey$1; algorithm: SignatureAlgorithm$1; digestAlgorithm: DigestAlgorithm; validityInfo: ValidityInfo | ValidityInfoOptions; deviceKeyInfo: DeviceKeyInfo | DeviceKeyInfoOptions; certificates: Uint8Array[]; /** * Optional Status structure to embed in the MSO. See * ISO/IEC 18013-5 second edition (CD), 12.3.6. Allows the issuer to * publish revocation information via a status list and/or identifier * list referenced from inside the signed MSO. */ status?: Status | StatusOptions; }): Promise; } //#endregion //#region src/mdoc/errors.d.ts declare class MdlError extends Error { constructor(message?: string); } declare class MdlParseError extends MdlError {} declare class EitherSignatureOrMacMustBeProvidedError extends MdlError {} declare class AtLeastOneCertificateRequiredError extends MdlError {} declare class SignatureAlgorithmDoesNotMatchSigningKeyAlgorithmError extends MdlError {} declare class UnableToExtractX5ChainFromCwtError extends MdlError {} declare class NoPublicKeySetOnStatusListError extends MdlError {} declare class InvalidAlgorithmError extends MdlError {} declare class InvalidMessageAuthenticationCode extends MdlError {} declare class InvalidSignatureError extends MdlError {} declare class JwtNotSupportForStatusListError extends MdlError {} declare class TrustedRevocationCertificatesMustContainAtleastOneCertificateError extends MdlError {} declare class UnableToExtractX5ChainFromIdentifierListError extends MdlError {} declare class InvalidIdentifierListSignatureError extends MdlError {} declare class IdentifierFoundInRevokedListError extends MdlError {} //#endregion //#region src/holder.d.ts declare class Holder { /** * * string should be base64url encoded as defined in openid4vci * */ static verifyIssuerSigned(options: { issuerSigned: Uint8Array | string | IssuerSigned; verificationCallback?: VerificationCallback; now?: Date; disableCertificateChainValidation?: boolean; disableStatusValidation?: boolean; trustedCertificates?: Array<{ issuance: Uint8Array[]; status?: Uint8Array[]; }>; skewSeconds?: number; }, ctx: Pick): Promise; static verifyDeviceRequest(options: { deviceRequest: Uint8Array | DeviceRequest; sessionTranscript: Uint8Array | SessionTranscript; verificationCallback?: VerificationCallback; /** * Trust anchors for the reader's certificate chain. When provided, each * `DocRequest.readerAuth` chain is validated against these anchors (e.g. * CAs listed in a RICAL — Reader Identification CA List, defined in * ISO/IEC 18013-5 second edition Annex F). * * When omitted, reader-auth signatures are verified but chain trust is * not established — equivalent to first-edition behaviour. */ trustedCertificates?: Array; /** * Reference time for certificate `notBefore`/`notAfter` checks during * chain validation. Defaults to the current time. */ now?: Date; }, ctx: Pick): Promise; static createDeviceResponseForDeviceRequest(options: { deviceRequest: DeviceRequest; sessionTranscript: SessionTranscript | Uint8Array; issuerSigned: Array; deviceNamespaces?: DeviceNamespaces; mac?: { ephemeralKey: CoseKey$1; signingKey: CoseKey$1; }; signature?: { signingKey: CoseKey$1; }; }, context: Pick): Promise; } //#endregion //#region src/issuer.d.ts declare class Issuer { private isb; constructor(docType: DocType, ctx: Pick); addIssuerNamespace(namespace: Namespace, value: Record): this; sign(options: { signingKey: CoseKey$1 | Record; algorithm: SignatureAlgorithm$1; digestAlgorithm: DigestAlgorithm; validityInfo: ValidityInfo | ValidityInfoOptions; deviceKeyInfo: DeviceKeyInfo | DeviceKeyInfoOptions; certificates: Uint8Array[]; /** * Optional Status structure to embed in the MSO. See * ISO/IEC 18013-5 second edition (CD), 12.3.6. */ status?: Status | StatusOptions; }): Promise; } //#endregion //#region src/utils/limitDisclosure.d.ts declare const limitDisclosureToDeviceRequestNameSpaces: (issuerSigned: IssuerSigned, docRequest: DocRequest) => IssuerNamespaces; //#endregion //#region src/verifier.d.ts declare class Verifier { static verifyDeviceResponse(options: { deviceRequest?: DeviceRequest; deviceResponse: Uint8Array | DeviceResponse; sessionTranscript: SessionTranscript | Uint8Array; ephemeralReaderKey?: CoseKey$1; disableCertificateChainValidation?: boolean; disableStatusValidation?: boolean; trustedCertificates: Array<{ issuance: Uint8Array[]; status?: Uint8Array[]; }>; now?: Date; onCheck?: VerificationCallback; skewSeconds?: number; }, ctx: Pick): Promise; } //#endregion export { AtLeastOneCertificateRequiredError, BleOptions, BleOptionsDecodedStructure, BleOptionsEncodedStructure, BleOptionsOptions, CoseKey, CreateIdentifierListCwtPayloadOptions, Curve, CwtClaimKey, DataElementIdentifier, DataElementValue, DateOnly, DeviceAuth, DeviceAuthDecodedStructure, DeviceAuthEncodedStructure, DeviceAuthOptions, DeviceAuthentication, DeviceAuthenticationDecodedStructure, DeviceAuthenticationEncodedStructure, DeviceAuthenticationOptions, DeviceEngagement, DeviceEngagementDecodedStructure, DeviceEngagementEncodedStructure, DeviceEngagementOptions, DeviceKey, DeviceKeyDecodedStructure, DeviceKeyEncodedStructure, DeviceKeyInfo, DeviceKeyInfoDecodedStructure, DeviceKeyInfoEncodedStructure, DeviceKeyInfoOptions, DeviceKeyOptions, DeviceMac, DeviceMacDecodedStructure, DeviceMacEncodedStructure, DeviceMacOptions, DeviceNamespaces, DeviceNamespacesDecodedStructure, DeviceNamespacesEncodedStructure, DeviceNamespacesOptions, DeviceRequest, DeviceRequestDecodedStructure, DeviceRequestEncodedStructure, DeviceRequestOptions, DeviceResponse, DeviceResponseDecodedStructure, DeviceResponseEncodedStructure, DeviceResponseOptions, DeviceResponseVerificationResult, DeviceRetrievalMethod, DeviceRetrievalMethodDecodedStructure, DeviceRetrievalMethodEncodedStructure, DeviceRetrievalMethodOptions, DeviceRetrievalMethodType, DeviceSignature, DeviceSignatureDecodedStructure, DeviceSignatureEncodedStructure, DeviceSignatureOptions, DeviceSigned, DeviceSignedBuilder, DeviceSignedDecodedStructure, DeviceSignedEncodedStructure, DeviceSignedItems, DeviceSignedItemsOptions, DeviceSignedItemsStructure, DeviceSignedOptions, Digest, DigestId, DocRequest, DocRequestDecodedStructure, DocRequestEncodedStructure, DocRequestOptions, DocType, Document, DocumentDecodedStructure, DocumentEncodedStructure, DocumentError, DocumentErrorOptions, DocumentErrorStructure, DocumentOptions, EDeviceKey, EDeviceKeyDecodedStructure, EDeviceKeyEncodedStructure, EDeviceKeyOptions, EReaderKey, EReaderKeyDecodedStructure, EReaderKeyEncodedStructure, EReaderKeyOptions, EitherSignatureOrMacMustBeProvidedError, ErrorCode, ErrorItems, ErrorItemsOptions, ErrorItemsStructure, Errors, ErrorsDecodedStructure, ErrorsEncodedStructure, ErrorsOptions, Holder, IdentifierFoundInRevokedListError, IdentifierList, IdentifierListCwt, IdentifierListCwtClaimKey, IdentifierListCwtPayload, IdentifierListCwtPayloadDecodedStructure, IdentifierListCwtPayloadEncodedStructure, IdentifierListDecodedStructure, IdentifierListEncodedStructure, IdentifierListInfo, IdentifierListInfoDecodedStructure, IdentifierListInfoEncodedStructure, IdentifierListInfoOptions, IdentifierListOptions, IntentToRetain, InvalidAlgorithmError, InvalidIdentifierListSignatureError, InvalidMessageAuthenticationCode, InvalidSignatureError, Issuer, IssuerAuth, IssuerAuthEncodedStructure, IssuerAuthOptions, IssuerAuthVerificationResult, IssuerNamespaces, IssuerNamespacesDecodedStructure, IssuerNamespacesEncodedStructure, IssuerNamespacesOptions, IssuerSigned, IssuerSignedBuilder, IssuerSignedDecodedStructure, IssuerSignedEncodedStructure, IssuerSignedItem, IssuerSignedItemDecodedStructure, IssuerSignedItemEncodedStructure, IssuerSignedItemOptions, IssuerSignedOptions, IssuerSignedVerificationResult, ItemsRequest, ItemsRequestDecodedStructure, ItemsRequestEncodedStructure, ItemsRequestOptions, JwtNotSupportForStatusListError, KeyAuthorizations, KeyAuthorizationsDecodedStructure, KeyAuthorizationsEncodedStructure, KeyAuthorizationsOptions, KeyInfo, KeyInfoDecodedStructure, KeyInfoEncodedStructure, KeyInfoOptions, KeyOps, KeyType, Mac0, MdlError, MdlParseError, MdocContext, MediaTypes, MobileSecurityObject, MobileSecurityObjectDecodedStructure, MobileSecurityObjectEncodedStructure, MobileSecurityObjectOptions, Namespace, NfcHandover, NfcHandoverDecodedStructure, NfcHandoverEncodedStructure, NfcHandoverOptions, NfcOptions, NfcOptionsDecodedStructure, NfcOptionsEncodedStructure, NfcOptionsOptions, NoPublicKeySetOnStatusListError, Oidc, OidcDecodedStructure, OidcEncodedStructure, OidcOptions, ProtectedHeaders, ProtocolInfo, ProtocolInfoStructure, QrHandover, QrHandoverStructure, ReaderAuth, ReaderAuthDecodedStructure, ReaderAuthEncodedStructure, ReaderAuthOptions, RegisteredCwtClaimKey, RegisteredCwtHeaderClaimKey, RetrievalOptions, Security, SecurityDecodedStructure, SecurityEncodedStructure, SecurityOptions, ServerRetrievalMethod, ServerRetrievalMethodDecodedStructure, ServerRetrievalMethodEncodedStructure, ServerRetrievalMethodOptions, SessionTranscript, SessionTranscriptDecodedStructure, SessionTranscriptEncodedStructure, SessionTranscriptOptions, Sign1, SignatureAlgorithm, SignatureAlgorithmDoesNotMatchSigningKeyAlgorithmError, Status, StatusDecodedStructure, StatusEncodedStructure, StatusListInfo, StatusOptions, TrustedRevocationCertificatesMustContainAtleastOneCertificateError, UnableToExtractX5ChainFromCwtError, UnableToExtractX5ChainFromIdentifierListError, UnprotectedHeaders, ValidityInfo, ValidityInfoDecodedStructure, ValidityInfoEncodedStructure, ValidityInfoOptions, ValueDigestOptions, ValueDigests, ValueDigestsStructure, VerificationAssessment, VerificationCallback, Verifier, WebApi, WebApiDecodedStructure, WebApiEncodedStructure, WebApiOptions, WifiOptions, WifiOptionsDecodedStructure, WifiOptionsEncodedStructure, WifiOptionsOptions, cborDecode, cborEncode, defaultVerificationCallback, deviceSignedItemsSchema, errorItemsSchema, issuerNamespacesDecodedSchema, issuerNamespacesEncodedSchema, issuerSignedItemSchema, limitDisclosureToDeviceRequestNameSpaces, onCategoryCheck, sessionTranscriptEncodedSchema }; //# sourceMappingURL=index.d.mts.map