EUDI SD-JWT/eu.europa.ec.eudi.sdjwt

Package-level declarations

Types

typealias Claim = Pair<String, JsonElement>

A claim is an attribute of an entity. The claim name, or key, as it would be used in a regular JWT body. The claim value, as it would be used in a regular JWT body. The value MAY be of any type allowed in JSON, including numbers, strings, booleans, arrays, and objects

ClaimVisitor

fun interface ClaimVisitor

Visitor for selectively disclosed claims.

DecoyGen

fun interface DecoyGen

Generates decoy DisclosureDigest

DefaultSdJwtOps

object DefaultSdJwtOps : SdJwtVerifier<JwtAndClaims> , SdJwtSerializationOps<JwtAndClaims> , SdJwtPresentationOps<JwtAndClaims> , UnverifiedIssuanceFrom<JwtAndClaims>

Disclosable

enum Disclosable : Enum<Disclosable>

Specifies whether something is claim always or Disclosable.Selectively disclosable.

DisclosableArray

class DisclosableArray(content: List<DisclosableElement>, val minimumDigests: MinimumDigests?) : List<DisclosableElement>

An array of disclosable claims

DisclosableArraySpecBuilder

class DisclosableArraySpecBuilder(val elements: MutableList<DisclosableElement>) : MutableList<DisclosableElement>

DisclosableArray is actually a List of elements

DisclosableElement

data class DisclosableElement(val disclosable: Disclosable, val element: DisclosableValue)

A disclosable claim (value)

DisclosableObject

class DisclosableObject(content: Map<String, DisclosableElement>, val minimumDigests: MinimumDigests?) : Map<String, DisclosableElement>

A disclosable object which contains disclosable claims.

DisclosableObjectSpecBuilder

class DisclosableObjectSpecBuilder(val elements: MutableMap<String, DisclosableElement>) : MutableMap<String, DisclosableElement>

DisclosableObject is actually a Map of elements

DisclosableValue

sealed interface DisclosableValue

Values that can be disclosed:

Disclosure

sealed interface Disclosure

A combination of a salt, a cleartext claim name, and a cleartext claim value, all of which are used to calculate a digest for the respective claim.

DisclosureDigest

@JvmInline

value class DisclosureDigest

The digest of a disclosure

DisclosuresPerClaimPath

typealias DisclosuresPerClaimPath = Map<ClaimPath, List<Disclosure>>

Represents a map which contains all the claims - selectively disclosable or not - found in a SD-JWT. Each entry contains the path and the disclosures required to revel the claim

HashAlgorithm

enum HashAlgorithm : Enum<HashAlgorithm>

Hashing algorithms, used to produce the DisclosureDigest of a Disclosure

JwsSerializationOption

enum JwsSerializationOption : Enum<JwsSerializationOption>

Jwt

typealias Jwt = String

JwtAndClaims

typealias JwtAndClaims = Pair<Jwt, JsonObject>

Representation of a JWT both as string and its payload claims

JwtBase64

object JwtBase64

JwtSignatureVerifier

fun interface JwtSignatureVerifier<out JWT>

An interface that abstracts the verification of JWT signature

KeyBindingError

sealed interface KeyBindingError

Errors related to Key Binding

KeyBindingSigner

interface ~~KeyBindingSigner~~ : JWSSigner

Representation of a function used to sign the Keybinding JWT of a Presentation SD-JWT.

KeyBindingVerifier

sealed interface KeyBindingVerifier<out JWT>

This represents the two kinds of Key Binding verification

MinimumDigests

@JvmInline

value class MinimumDigests(val value: Int)

NimbusSdJwtOps

object NimbusSdJwtOps : SdJwtSerializationOps<SignedJWT> , SdJwtPresentationOps<SignedJWT> , SdJwtVerifier<SignedJWT>

RFC7515

object RFC7515

JSON Web Signature (JWS)

RFC7519

object RFC7519

JSON Web Token (JWT)

Salt

typealias Salt = String

Salt to be included in a Disclosure claim.

SaltProvider

fun interface SaltProvider

An interface for generating Salt values.

SdJwt

data class SdJwt<out JWT>(val jwt: JWT, val disclosures: List<Disclosure>)

A parameterized representation of the SD-JWT

SdJwtAndKbJwt

data class SdJwtAndKbJwt<out JWT>(val sdJwt: SdJwt<JWT>, val keyBindingJwt: JWT)

A parameterized representation of a presented SD-JWT with a keyBindingJwt

SdJwtDigest

@JvmInline

value class SdJwtDigest

The digest of a presentation. It contains the base64-url encoded digest of a presentation with all padding characters removed.

SdJwtFactory

class SdJwtFactory(hashAlgorithm: HashAlgorithm = HashAlgorithm.SHA_256, saltProvider: SaltProvider = SaltProvider.Default, decoyGen: DecoyGen = DecoyGen.Default, fallbackMinimumDigests: MinimumDigests? = null)

Factory for creating an UnsignedSdJwt

SdJwtIssuer

fun interface SdJwtIssuer<out SIGNED_JWT>

Representation of a function capable of producing an issuance SD-JWT

SdJwtPresentationOps

interface SdJwtPresentationOps<JWT> : SdJwtRecreateClaimsOps<JWT>

SdJwtRecreateClaimsOps

fun interface SdJwtRecreateClaimsOps<in JWT>

Operations related to recreating claims

SdJwtSerializationOps

interface SdJwtSerializationOps<JWT>

SdJwtSpec

object SdJwtSpec

Selective Disclosure for JWTs (SD-JWT)

SdJwtVcSpec

object SdJwtVcSpec

SD-JWT-based Verifiable Credentials

SdJwtVerificationException

data class SdJwtVerificationException(val reason: VerificationError) : Exception

An exception carrying a verification error

SdJwtVerifier

interface SdJwtVerifier<JWT>

A single point for verifying SD-JWTs in both SD-JWT and SD-JWT+KB formats, using either compact or JWS JSON serialization.

SignSdJwt

typealias SignSdJwt<SIGNED_JWT> = suspend (SdJwt<JsonObject>) -> SdJwt<SIGNED_JWT>

Signs an SD-JWT

UnsignedSdJwt

typealias ~~UnsignedSdJwt~~ = SdJwt<JsonObject>

UnverifiedIssuanceFrom

fun interface UnverifiedIssuanceFrom<out JWT>

VerificationError

sealed interface VerificationError

Errors that may occur during SD-JWT verification

Functions

asException

fun VerificationError.asException(): SdJwtVerificationException

Creates a SdJwtVerificationException for the given error

asJwsJsonObject

fun <JWT> SdJwt<JWT>.~~asJwsJsonObject~~(option: JwsSerializationOption = JwsSerializationOption.Flattened, kbJwt: Jwt?, getParts: (JWT) -> Triple<String, String, String>): JsonObject

atLeastDigests

fun Int?.atLeastDigests(): MinimumDigests?

buildDisclosableArray

inline fun buildDisclosableArray(minimumDigests: Int?, builderAction: DisclosableArraySpecBuilder.() -> Unit): DisclosableArray

A convenient method for building a DisclosableArray given a builderAction

buildDisclosableObject

inline fun buildDisclosableObject(minimumDigests: Int? = null, builderAction: DisclosableObjectSpecBuilder.() -> Unit): DisclosableObject

Factory method for creating a DisclosableObject using the DisclosableObjectSpecBuilder

cnf

fun DisclosableObjectSpecBuilder.cnf(jwk: JWK)

Adds the confirmation claim (cnf) as a plain (always disclosable) which contains the jwk

jsonObject

fun JWTClaimsSet.jsonObject(): JsonObject

An adapter that transforms the payload of a Nimbus JWT to a KotlinX Serialization compatible representation

map

fun <JWT, JWT1> JwtSignatureVerifier<JWT>.map(f: (JWT) -> JWT1): JwtSignatureVerifier<JWT1>

fun <JWT, JWT1> KeyBindingVerifier<JWT>.map(f: (JWT) -> JWT1): KeyBindingVerifier<JWT1>

inline fun <JWT, JWT1> SdJwtAndKbJwt<JWT>.map(f: (JWT) -> JWT1): SdJwtAndKbJwt<JWT1>

inline fun <JWT, JWT1> SdJwt<JWT>.map(f: (JWT) -> JWT1): SdJwt<JWT1>

mustBePresentAndValid

fun KeyBindingVerifier.Companion.~~mustBePresentAndValid~~(holderPubKeyExtractor: (JsonObject) -> AsymmetricJWK? = NimbusSdJwtOps.HolderPubKeyInConfirmationClaim, challenge: JsonObject? = null): KeyBindingVerifier.MustBePresentAndValid<SignedJWT>

Factory method for creating a KeyBindingVerifier which applies the rules described in keyBindingJWTProcess.

name

fun Claim.name(): String

The claim name, or key, as it would be used in a regular JWT body

nimbus

fun SdJwtIssuer.Companion.~~nimbus~~(sdJwtFactory: SdJwtFactory = SdJwtFactory.Default, signer: JWSSigner, signAlgorithm: JWSAlgorithm, jwsHeaderCustomization: JWSHeader.Builder.() -> Unit = fun NimbusJWSHeader.Builder.() { }): SdJwtIssuer<SignedJWT>

Factory method for creating a SdJwtIssuer that uses Nimbus

nimbusToJwtAndClaims

fun nimbusToJwtAndClaims(signedJWT: SignedJWT): JwtAndClaims

recreateClaims

fun <JWT> SdJwt<JWT>.~~recreateClaims~~(claimsOf: (JWT) -> JsonObject): JsonObject

fun <JWT> SdJwt<JWT>.~~recreateClaims~~(visitor: ClaimVisitor? = null, claimsOf: (JWT) -> JsonObject): JsonObject

Recreates the claims, used to produce the SD-JWT That are:

recreateClaimsAndDisclosuresPerClaim

fun <JWT> SdJwt<JWT>.~~recreateClaimsAndDisclosuresPerClaim~~(claimsOf: (JWT) -> JsonObject): Pair<JsonObject, DisclosuresPerClaimPath>

Recreates the claims, used to produce the SD-JWT and at the same time calculates DisclosuresPerClaim

sdJwt

inline fun sdJwt(minimumDigests: Int? = null, builderAction: DisclosableObjectSpecBuilder.() -> Unit): DisclosableObject

Factory method for creating a DisclosableObject using the DisclosableObjectSpecBuilder

serialize

fun SdJwt<SignedJWT>.~~serialize~~(): String

fun <JWT> SdJwt<JWT>.~~serialize~~(serializeJwt: (JWT) -> String): String

Serializes an SdJwt in combined format without key binding

serializeAsJwsJson

fun SdJwt<SignedJWT>.~~serializeAsJwsJson~~(option: JwsSerializationOption = JwsSerializationOption.Flattened): JsonObject

value

fun Claim.value(): JsonElement

The claim value, as it would be used in a regular JWT body. The value MAY be of any type allowed in JSON