import { DisclosureFrame, HasherAndAlgorithm, SaltGenerator, Verifier } from '../types'; import { Jwt, JwtAdditionalOptions, JwtVerificationResult } from '../jwt/jwt'; import { KeyBinding } from '../keyBinding'; import { ReturnSdJwtWithHeaderAndPayload, ReturnSdJwtWithKeyBinding, ReturnSdJwtWithPayload } from './types'; import { Disclosure } from './disclosures'; import { HasherAlgorithm } from '../hasherAlgorithm'; import { PresentationFrame } from '../types/present'; export type SdJwtToCompactOptions> = { disclosureFrame?: DisclosureFrame; shouldApplyFrame?: boolean; }; export type SdJwtOptions
, Payload extends Record> = { header?: Header; payload?: Payload; signature?: Uint8Array; keyBinding?: KeyBinding; disclosures?: Array; }; export type SdJwtAdditionalOptions> = JwtAdditionalOptions & { hasherAndAlgorithm?: HasherAndAlgorithm; saltGenerator?: SaltGenerator; disclosureFrame?: DisclosureFrame; }; export type SdJwtVerificationResult = JwtVerificationResult & { isKeyBindingValid?: boolean; }; export declare class SdJwt
= Record, Payload extends Record = Record> extends Jwt { disclosures?: Array; keyBinding?: KeyBinding; private saltGenerator?; private hasherAndAlgorithm?; disclosureFrame?: DisclosureFrame; constructor(options?: SdJwtOptions, additionalOptions?: SdJwtAdditionalOptions); /** * * Create an sd-jwt from a compact format. This will succeed for a normal jwt as well. * */ static fromCompact
= Record, Payload extends Record = Record>(compact: string): ReturnSdJwtWithHeaderAndPayload>; /** * * Add a salt generator. * * Recommended size is 128 bits (i.e. 16 bytes). * * Salts will not be seeded and a new one will be used for each claim. * * @example * * Node.js: `crypto.randomBytes(128 / 8)` * * React Native: `expo-standard-web-crypto` * * Browser: `crypto.getRandomValues(new Uint8Array(128 / 8))` * */ withSaltGenerator(saltGenerator: SaltGenerator): this; /** * * Add a hasher that will be used to hash the disclosures. * * @note Make sure to return a base64url encoded version of the hash. * * @example * * Node.js: `createHash('sha256').update(input).digest().toString('base64url')` * */ withHasher(hasherAndAlgorithm: HasherAndAlgorithm): ReturnSdJwtWithPayload; /** * * Adds the algorithm of the hasher to the payload. * * For convience, this also allows you to set the hasher. * * @throws when the hasher and algorithm are not set. * */ addHasherAlgorithmToPayload(hasherAndAlgorithm?: HasherAndAlgorithm): ReturnSdJwtWithPayload; /** * * Set the `KeyBinding` jwt. * * This can be done as a holder to provide proof of possession of key material * */ withKeyBinding(keyBinding: Jwt | KeyBinding | string): ReturnSdJwtWithKeyBinding; /** * * Set the disclosure frame which will be applied via `SdJwt.applyDisclosureFrame` or when `SdJwt.toCompact` is called. * */ withDisclosureFrame(disclosureFrame: DisclosureFrame): this; /** * * Apply the disclosure frame. * * @throws when the salt generator is not set * @throws when the hasher and algorithm is not set * @throws when the payload is not set * @throws when no disclosure frame is set * @throws when disclosures are included and a signature is set, but no signer is provided `*` * @throws when the disclosure frame is inconsistent with the payload * * * This is done as removing items from the payload alters the signature and it has to be resigned. * */ applyDisclosureFrame(): Promise; /** * * Assert that the disclosure frame is set. * */ assertDisclosureFrame(): void; /** * * Assert that the salt generator is set. * */ private assertSaltGenerator; /** * * Assert that the hasher and algorithm is set. * */ private assertHashAndAlgorithm; /** * * Assert that a certain claim is included in the disclosure frame. * * @throws when the disclosure frame is not set * */ assertClaimInDisclosureFrame(claimKey: string): void; /** * This function creates a presentation of an SD-JWT, based on the presentation frame. The * presentation frame is similar to the disclosure frame, and allows you to present a subset * of the disclosures. * * If no `presentationFrame` is passed, the entire SD-JWT will be presented. * To create a presentation without any of the disclosures, pass an empty object as the `presentationFrame`. * * @example * The following example will expose `name`, `a.nested`, and `orderItems[0]` and `orderItems[2]`. * Based on the disclosures it will also expose the parent and child disclosures when needed. * E.g. if `a` can only be disclosed as a whole, disclosing `a.nested` will also disclose `a`. * The same is true for child disclosures. If you expose `name`, and it potentially contains recursive * disclosures, all disclosures under name will be disclosed as well. * ```ts * await sdJwt.present({ * name: true, * a: { * nested: 'property' * } * orderItems: [true, false, true] * }) * ``` * * @throws when the presentation frame does not match the decoded/pretty payload of the sd-jwt * @throws when the presentation frame contains fields other than object, array or boolean * */ present(presentationFrame?: PresentationFrame): Promise; /** * * Verify the sd-jwt. * * It validates the following properties: * - sd-jwt issuer signature * - Optionally, the required claims * - The `nbf` and `exp` claims * - Whether the key binding is valid * */ verify(verifier: Verifier
, requiredClaimKeys?: Array, publicKeyJwk?: Record): Promise; /** * * Utility method to check whether the expected hasher algorithm is used. * */ checkHasher(expectedHasher: HasherAlgorithm | string): boolean; assertNonSelectivelyDisclosableClaim(claimKey: string): void; assertNonSelectivelyDisclosableClaims(): void; /** * * Return all claims from the payload and the disclosures on their original place. * */ getPrettyClaims = Payload>(): Promise; /** * * Create a compact format of the sd-jwt. * * This will * - Apply the disclosure frame * - Add a signature if there is none * * @throws When the signature and signer are not defined * @throws When a claim is requested to be selectively disclosable, but it was not found in the payload * */ toCompact(): Promise; private __toCompact; }