openwallet-foundation · berendsliedrecht · Nov 3, 2023 · Oct 12, 2023 · Oct 12, 2023 · Oct 17, 2023
diff --git a/packages/core/src/crypto/jose/jwk/Jwk.ts b/packages/core/src/crypto/jose/jwk/Jwk.ts
@@ -28,10 +28,7 @@ export abstract class Jwk {
   public use?: string
 
   public toJson(): JwkJson {
-    return {
-      kty: this.kty,
-      use: this.use,
-    }
+    return { use: this.use, kty: this.kty }
   }
 
   public get key() {

diff --git a/packages/core/src/crypto/jose/jwk/index.ts b/packages/core/src/crypto/jose/jwk/index.ts
@@ -1,12 +1,7 @@
-export {
-  getJwkFromJson,
-  getJwkFromKey,
-  getJwkClassFromJwaSignatureAlgorithm,
-  getJwkClassFromKeyType,
-} from './transform'
+export * from './transform'
 export { Ed25519Jwk } from './Ed25519Jwk'
 export { X25519Jwk } from './X25519Jwk'
 export { P256Jwk } from './P256Jwk'
 export { P384Jwk } from './P384Jwk'
 export { P521Jwk } from './P521Jwk'
-export { Jwk } from './Jwk'
+export { Jwk, JwkJson } from './Jwk'
diff --git a/packages/core/src/crypto/jose/jwk/transform.ts b/packages/core/src/crypto/jose/jwk/transform.ts
@@ -2,6 +2,7 @@ import type { JwkJson, Jwk } from './Jwk'
 import type { Key } from '../../Key'
 import type { JwaSignatureAlgorithm } from '../jwa'
 
+import { AriesFrameworkError } from '../../../error'
 import { KeyType } from '../../KeyType'
 import { JwaCurve, JwaKeyType } from '../jwa'
 
@@ -37,7 +38,7 @@ export function getJwkFromKey(key: Key) {
   if (key.keyType === KeyType.P384) return P384Jwk.fromPublicKey(key.publicKey)
   if (key.keyType === KeyType.P521) return P521Jwk.fromPublicKey(key.publicKey)
 
-  throw new Error(`Cannot create JWK from key. Unsupported key with type '${key.keyType}'.`)
+  throw new AriesFrameworkError(`Cannot create JWK from key. Unsupported key with type '${key.keyType}'.`)
 }
 
 export function getJwkClassFromJwaSignatureAlgorithm(alg: JwaSignatureAlgorithm | string) {

diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts
@@ -61,18 +61,26 @@ export * from './modules/oob'
 export * from './modules/dids'
 export * from './modules/vc'
 export * from './modules/cache'
-export { JsonEncoder, JsonTransformer, isJsonObject, isValidJweStructure, TypedArrayEncoder, Buffer } from './utils'
+export {
+  JsonEncoder,
+  JsonTransformer,
+  isJsonObject,
+  isValidJweStructure,
+  TypedArrayEncoder,
+  Buffer,
+  deepEquality,
+} from './utils'
 export * from './logger'
 export * from './error'
 export * from './wallet/error'
 export { parseMessageType, IsValidMessageType, replaceLegacyDidSovPrefix } from './utils/messageType'
-export type { Constructor } from './utils/mixins'
+export type { Constructor, Constructable } from './utils/mixins'
 export * from './agent/Events'
 export * from './crypto/'
 
 // TODO: clean up util exports
 export { encodeAttachment, isLinkedAttachment } from './utils/attachment'
-export { Hasher } from './utils/Hasher'
+export { Hasher, HashName } from './utils/Hasher'
 export { MessageValidator } from './utils/MessageValidator'
 export { LinkedAttachment, LinkedAttachmentOptions } from './utils/LinkedAttachment'
 import { parseInvitationUrl } from './utils/parseInvitation'

diff --git a/packages/core/src/modules/generic-records/repository/GenericRecord.ts b/packages/core/src/modules/generic-records/repository/GenericRecord.ts
@@ -1,12 +1,10 @@
-import type { RecordTags, TagsBase } from '../../../storage/BaseRecord'
+import type { TagsBase } from '../../../storage/BaseRecord'
 
 import { BaseRecord } from '../../../storage/BaseRecord'
 import { uuid } from '../../../utils/uuid'
 
 export type GenericRecordTags = TagsBase
 
-export type BasicMessageTags = RecordTags<GenericRecord>
-
 export interface GenericRecordStorageProps {
   id?: string
   createdAt?: Date

diff --git a/packages/openid4vc-client/src/OpenId4VcClientModule.ts b/packages/openid4vc-client/src/OpenId4VcClientModule.ts
@@ -12,7 +12,7 @@ export class OpenId4VcClientModule implements Module {
   public readonly api = OpenId4VcClientApi
 
   /**
-   * Registers the dependencies of the question answer module on the dependency manager.
+   * Registers the dependencies of the openid4vc-client module on the dependency manager.
    */
   public register(dependencyManager: DependencyManager) {
     // Warn about experimental module

diff --git a/packages/sd-jwt/README.md b/packages/sd-jwt/README.md
@@ -0,0 +1,58 @@
+<p align="center">
+  <br />
+  <img
+    alt="Hyperledger Aries logo"
+    src="https://raw.githubusercontent.com/hyperledger/aries-framework-javascript/aa31131825e3331dc93694bc58414d955dcb1129/images/aries-logo.png"
+    height="250px"
+  />
+</p>
+<h1 align="center"><b>Aries Framework JavaScript Selective Disclosure JWT Module</b></h1>
+<p align="center">
+  <a
+    href="https://raw.githubusercontent.com/hyperledger/aries-framework-javascript/main/LICENSE"
+    ><img
+      alt="License"
+      src="https://img.shields.io/badge/License-Apache%202.0-blue.svg"
+  /></a>
+  <a href="https://www.typescriptlang.org/"
+    ><img
+      alt="typescript"
+      src="https://img.shields.io/badge/%3C%2F%3E-TypeScript-%230074c1.svg"
+  /></a>
+    <a href="https://www.npmjs.com/package/@aries-framework/sd-jwt"
+    ><img
+      alt="@aries-framework/sd-jwt version"
+      src="https://img.shields.io/npm/v/@aries-framework/sd-jwt"
+  /></a>
+
+</p>
+<br />
+
+### Installation
+
+Add the `sd-jwt` module to your project.
+
+```sh
+yarn add @aries-framework/sd-jwt
+```
+
+### Quick start
+
+After the installation you can follow the [guide to setup your agent](https://aries.js.org/guides/0.4/getting-started/set-up) and add the following to your agent modules.
+
+```ts
+import { SdJwtModule } from '@aries-framework/sd-jwt'
+
+const agent = new Agent({
+  config: {
+    /* config */
+  },
+  dependencies: agentDependencies,
+  modules: {
+    sdJwt: new SdJwtModule(),
+    /* other custom modules */
+  },
+})
+
+await agent.initialize()
+```
diff --git a/packages/sd-jwt/jest.config.ts b/packages/sd-jwt/jest.config.ts
@@ -0,0 +1,13 @@
+import type { Config } from '@jest/types'
+
+import base from '../../jest.config.base'
+
+import packageJson from './package.json'
+
+const config: Config.InitialOptions = {
+  ...base,
+  displayName: packageJson.name,
+  setupFilesAfterEnv: ['./tests/setup.ts'],
+}
+
+export default config
diff --git a/packages/sd-jwt/package.json b/packages/sd-jwt/package.json
@@ -0,0 +1,39 @@
+{
+  "name": "@aries-framework/sd-jwt",
+  "main": "build/index",
+  "types": "build/index",
+  "version": "0.4.2",
+  "files": [
+    "build"
+  ],
+  "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "homepage": "https://github.com/hyperledger/aries-framework-javascript/tree/main/packages/sd-jwt",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hyperledger/aries-framework-javascript",
+    "directory": "packages/sd-jwt"
+  },
+  "scripts": {
+    "build": "yarn run clean && yarn run compile",
+    "clean": "rimraf ./build",
+    "compile": "tsc -p tsconfig.build.json",
+    "prepublishOnly": "yarn run build",
+    "test": "jest"
+  },
+  "dependencies": {
+    "@aries-framework/askar": "^0.4.2",
+    "@aries-framework/core": "^0.4.2",
+    "class-transformer": "0.5.1",
+    "class-validator": "0.14.0",
+    "jwt-sd": "^0.1.0"
+  },
+  "devDependencies": {
+    "@hyperledger/aries-askar-nodejs": "^0.2.0-dev.1",
+    "reflect-metadata": "^0.1.13",
+    "rimraf": "^4.4.0",
+    "typescript": "~4.9.5"
+  }
+}
diff --git a/packages/sd-jwt/src/SdJwtApi.ts b/packages/sd-jwt/src/SdJwtApi.ts
@@ -0,0 +1,88 @@
+import type { SdJwtCreateOptions, SdJwtPresentOptions, SdJwtReceiveOptions, SdJwtVerifyOptions } from './SdJwtOptions'
+import type { SdJwtVcVerificationResult } from './SdJwtService'
+import type { SdJwtRecord } from './repository'
+import type { Query } from '@aries-framework/core'
+
+import { AgentContext, injectable } from '@aries-framework/core'
+
+import { SdJwtService } from './SdJwtService'
+
+/**
+ * @public
+ */
+@injectable()
+export class SdJwtApi {
+  private agentContext: AgentContext
+  private sdJwtService: SdJwtService
+
+  public constructor(agentContext: AgentContext, sdJwtService: SdJwtService) {
+    this.agentContext = agentContext
+    this.sdJwtService = sdJwtService
+  }
+
+  public async create<Payload extends Record<string, unknown> = Record<string, unknown>>(
+    payload: Payload,
+    options: SdJwtCreateOptions<Payload>
+  ): Promise<{ sdJwtRecord: SdJwtRecord; compact: string }> {
+    return await this.sdJwtService.create<Payload>(this.agentContext, payload, options)
+  }
+
+  /**
+   *
+   * Validates and stores an sd-jwt from the perspective of an holder
+   *
+   */
+  public async receive(sdJwtCompact: string, options: SdJwtReceiveOptions): Promise<SdJwtRecord> {
+    return await this.sdJwtService.receive(this.agentContext, sdJwtCompact, options)
+  }
+
+  /**
+   *
+   * Create a compact presentation of the sd-jwt.
+   * This presentation can be send in- or out-of-band to the verifier.
+   *
+   * Within the `options` field, you can supply the indicies of the disclosures you would like to share with the verifier.
+   * Also, whether to include the holder key binding.
+   *
+   */
+  public async present(sdJwtRecord: SdJwtRecord, options: SdJwtPresentOptions): Promise<string> {
+    return await this.sdJwtService.present(this.agentContext, sdJwtRecord, options)
+  }
+
+  /**
+   *
+   * Verify an incoming sd-jwt. It will check whether everything is valid, but also returns parts of the validation.
+   *
+   * For example, you might still want to continue with a flow if not all the claims are included, but the signature is valid.
+   *
+   */
+  public async verify<
+    Header extends Record<string, unknown> = Record<string, unknown>,
+    Payload extends Record<string, unknown> = Record<string, unknown>
+  >(
+    sdJwtCompact: string,
+    options: SdJwtVerifyOptions
+  ): Promise<{ sdJwtRecord: SdJwtRecord<Header, Payload>; validation: SdJwtVcVerificationResult }> {
+    return await this.sdJwtService.verify<Header, Payload>(this.agentContext, sdJwtCompact, options)
+  }
+
+  public async getCredentialRecordById(id: string): Promise<SdJwtRecord> {
+    return await this.sdJwtService.getCredentialRecordById(this.agentContext, id)
+  }
+
+  public async getAllCredentialRecords(): Promise<Array<SdJwtRecord>> {
+    return await this.sdJwtService.getAllCredentialRecords(this.agentContext)
+  }
+
+  public async findCredentialRecordsByQuery(query: Query<SdJwtRecord>): Promise<Array<SdJwtRecord>> {
+    return await this.sdJwtService.findCredentialRecordsByQuery(this.agentContext, query)
+  }
+
+  public async removeCredentialRecord(id: string) {
+    return await this.sdJwtService.removeCredentialRecord(this.agentContext, id)
+  }
+
+  public async updateCredentialRecord(sdJwtRecord: SdJwtRecord) {
+    return await this.sdJwtService.updateCredentialRecord(this.agentContext, sdJwtRecord)
+  }
+}
diff --git a/packages/sd-jwt/src/SdJwtError.ts b/packages/sd-jwt/src/SdJwtError.ts
@@ -0,0 +1,3 @@
+import { AriesFrameworkError } from '@aries-framework/core'
+
+export class SdJwtError extends AriesFrameworkError {}
diff --git a/packages/sd-jwt/src/SdJwtModule.ts b/packages/sd-jwt/src/SdJwtModule.ts
@@ -0,0 +1,35 @@
+import type { DependencyManager, Module } from '@aries-framework/core'
+
+import { AgentConfig } from '@aries-framework/core'
+
+import { SdJwtApi } from './SdJwtApi'
+import { SdJwtService } from './SdJwtService'
+import { SdJwtRepository } from './repository'
+
+/**
+ * @public
+ */
+export class SdJwtModule implements Module {
+  public readonly api = SdJwtApi
+
+  /**
+   * Registers the dependencies of the sd-jwt module on the dependency manager.
+   */
+  public register(dependencyManager: DependencyManager) {
+    // Warn about experimental module
+    dependencyManager
+      .resolve(AgentConfig)
+      .logger.warn(
+        "The '@aries-framework/sd-jwt' module is experimental and could have unexpected breaking changes. When using this module, make sure to use strict versions for all @aries-framework packages."
+      )
+
+    // Api
+    dependencyManager.registerContextScoped(this.api)
+
+    // Services
+    dependencyManager.registerSingleton(SdJwtService)
+
+    // Repositories
+    dependencyManager.registerSingleton(SdJwtRepository)
+  }
+}
diff --git a/packages/sd-jwt/src/SdJwtOptions.ts b/packages/sd-jwt/src/SdJwtOptions.ts
@@ -0,0 +1,42 @@
+import type { HashName, JwaSignatureAlgorithm } from '@aries-framework/core'
+import type { DisclosureFrame } from 'jwt-sd'
+
+export type SdJwtCreateOptions<Payload extends Record<string, unknown> = Record<string, unknown>> = {
+  holderDidUrl: string
+  issuerDidUrl: string
+  jsonWebAlgorithm?: JwaSignatureAlgorithm
+  disclosureFrame?: DisclosureFrame<Payload>
+  hashingAlgorithm?: HashName
+}
+
+export type SdJwtReceiveOptions = {
+  issuerDidUrl: string
+  holderDidUrl: string
+}
+
+/**
+ * `includedDisclosureIndices` is not the best API, but it is the best alternative until something like `PEX` is supported
+ */
+export type SdJwtPresentOptions = {
+  jsonWebAlgorithm?: JwaSignatureAlgorithm
+  includedDisclosureIndices?: Array<number>
+
+  /**
+   * This information is received out-of-band from the verifier.
+   * The claims will be used to create a normal JWT, used for key binding.
+   */
+  verifierMetadata: {
+    verifierDid: string
+    nonce: string
+    issuedAt: number
+  }
+}
+
+/**
+ * `requiredClaimKeys` is not the best API, but it is the best alternative until something like `PEX` is supported
+ */
+export type SdJwtVerifyOptions = {
+  holderDidUrl: string
+  verifierDid: string
+  requiredClaimKeys?: Array<string>
+}