Feat/type metadata (#247)

feat: add type metadata fetching and validation via vct URL
Signed-off-by: Mirko Mollik <[email protected]>

examples/sd-jwt-vc-example/all.ts

@@ -57,7 +57,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

examples/sd-jwt-vc-example/basic.ts

@@ -34,7 +34,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

examples/sd-jwt-vc-example/custom.ts

@@ -34,7 +34,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

examples/sd-jwt-vc-example/custom_header.ts

@@ -34,7 +34,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

examples/sd-jwt-vc-example/decoy.ts

@@ -30,7 +30,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

examples/sd-jwt-vc-example/kb.ts

@@ -37,7 +37,7 @@ import { createSignerVerifier, digest, generateSalt } from './utils';
     {
       iss: 'Issuer',
       iat: new Date().getTime(),
-      vct: 'https://example.com',
+      vct: 'ExampleCredentials',
       ...claims,
     },
     disclosureFrame,

packages/browser-crypto/src/crypto.ts

@@ -14,11 +14,14 @@ export const generateSalt = (length: number): string => {
 };
 
 export async function digest(
-  data: string,
+  data: string | ArrayBuffer,
   algorithm = 'SHA-256',
 ): Promise<Uint8Array> {
   const ec = new TextEncoder();
-  const digest = await window.crypto.subtle.digest(algorithm, ec.encode(data));
+  const digest = await window.crypto.subtle.digest(
+    algorithm,
+    typeof data === 'string' ? ec.encode(data) : data,
+  );
   return new Uint8Array(digest);
 }
 

packages/core/src/index.ts

@@ -10,9 +10,9 @@ import {
   type PresentationFrame,
   type SDJWTCompact,
   type SDJWTConfig,
+  type JwtPayload,
 } from '@sd-jwt/types';
 import { getSDAlgAndPayload } from '@sd-jwt/decode';
-import type { JwtPayload } from '@sd-jwt/types';
 
 export * from './sdjwt';
 export * from './kbjwt';
@@ -25,7 +25,7 @@ export class SDJwtInstance<ExtendedPayload extends SdJwtPayload> {
   //header type
   protected type?: string;
 
-  public static DEFAULT_hashAlg = 'sha-256';
+  public static readonly DEFAULT_hashAlg = 'sha-256';
 
   protected userConfig: SDJWTConfig = {};
 

packages/node-crypto/src/crypto.ts

@@ -9,10 +9,17 @@ export const generateSalt = (length: number): string => {
   return salt.substring(0, length);
 };
 
-export const digest = (data: string, algorithm = 'SHA-256'): Uint8Array => {
+export const digest = (
+  data: string | ArrayBuffer,
+  algorithm = 'SHA-256',
+): Uint8Array => {
   const nodeAlg = toNodeCryptoAlg(algorithm);
   const hash = createHash(nodeAlg);
-  hash.update(data);
+  if (typeof data === 'string') {
+    hash.update(data);
+  } else {
+    hash.update(Buffer.from(data));
+  }
   const hashBuffer = hash.digest();
   return new Uint8Array(hashBuffer);
 };

packages/sd-jwt-vc/README.md

@@ -84,8 +84,28 @@ const verified = await sdjwt.verify(presentation);
 Check out more details in our [documentation](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/main/docs) or [examples](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/main/examples)
 
 ### Revocation
+
 To add revocation capabilities, you can use the `@sd-jwt/jwt-status-list` library to create a JWT Status List and include it in the SD-JWT-VC.
 
+### Type Metadata
+
+By setting the `loadTypeMetadataFormat` to `true` like this:
+
+```typescript
+const sdjwt = new SDJwtVcInstance({
+  signer,
+  signAlg: 'EdDSA',
+  verifier,
+  hasher: digest,
+  hashAlg: 'SHA-256',
+  saltGenerator: generateSalt,
+  loadTypeMetadataFormat: true,
+});
+```
+
+The library will load load the type metadata format based on the `vct` value according to the [SD-JWT-VC specification](https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-04.html#name-type-metadata) and validate this schema.
+
+Since at this point the display is not yet implemented, the library will only validate the schema and return the type metadata format. In the future the values of the type metadata can be fetched via a function call.
 
 ### Dependencies
 

packages/sd-jwt-vc/package.json

@@ -15,7 +15,7 @@
     "build": "rm -rf **/dist && tsup",
     "lint": "biome lint ./src",
     "test": "pnpm run test:node && pnpm run test:browser && pnpm run test:e2e && pnpm run test:cov",
-    "test:node": "vitest run ./src/test/*.spec.ts && vitest run ./src/test/*.spec.ts --environment jsdom",
+    "test:node": "vitest run ./src/test/*.spec.ts",
     "test:browser": "vitest run ./src/test/*.spec.ts --environment jsdom",
     "test:e2e": "vitest run ./test/*e2e.spec.ts --environment node",
     "test:cov": "vitest run --coverage"
@@ -37,12 +37,15 @@
   "dependencies": {
     "@sd-jwt/core": "workspace:*",
     "@sd-jwt/jwt-status-list": "workspace:*",
-    "@sd-jwt/utils": "workspace:*"
+    "@sd-jwt/utils": "workspace:*",
+    "ajv": "^8.17.1",
+    "ajv-formats": "^3.0.1"
   },
   "devDependencies": {
     "@sd-jwt/crypto-nodejs": "workspace:*",
     "@sd-jwt/types": "workspace:*",
-    "jose": "^5.2.2"
+    "jose": "^5.2.2",
+    "msw": "^2.3.5"
   },
   "publishConfig": {
     "access": "public"

packages/sd-jwt-vc/src/sd-jwt-vc-config.ts

@@ -1,11 +1,19 @@
 import type { SDJWTConfig } from '@sd-jwt/types';
+import type { VcTFetcher } from './sd-jwt-vc-vct';
+
+export type StatusListFetcher = (uri: string) => Promise<string>;
+export type StatusValidator = (status: number) => Promise<void>;
 
 /**
  * Configuration for SD-JWT-VC
  */
 export type SDJWTVCConfig = SDJWTConfig & {
   // A function that fetches the status list from the uri. If not provided, the library will assume that the response is a compact JWT.
-  statusListFetcher?: (uri: string) => Promise<string>;
+  statusListFetcher?: StatusListFetcher;
   // validte the status and decide if the status is valid or not. If not provided, the code will continue if it is 0, otherwise it will throw an error.
-  statusValidator?: (status: number) => Promise<void>;
+  statusValidator?: StatusValidator;
+  // a function that fetches the type metadata format from the uri. If not provided, the library will assume that the response is a TypeMetadataFormat. Caching has to be implemented in this function. If the integrity value is passed, it to be validated according to https://www.w3.org/TR/SRI/
+  vctFetcher?: VcTFetcher;
+  // if set to true, it will load the metadata format based on the vct value. If not provided, it will default to false.
+  loadTypeMetadataFormat?: boolean;
 };