Package-level declarations

Decrypt a JweEncrypted object

Create a JweEncrypted, setting values for JweHeader.

Create a JweEncrypted, setting values for JweHeader.

Clients need to retrieve the URL passed in as the only argument, and parse the content to JsonWebKeySet.

Identify KeyMaterial with it's KeyMaterial.getCertificate in JwsHeader.certificateChain if it exists, or KeyMaterial.jsonWebKey in JwsHeader.jsonWebKey.

How to identify the key material in a JwsHeader

Identify KeyMaterial with it's KeyMaterial.jsonWebKey in JwsHeader.jsonWebKey.

Identify KeyMaterial with it's KeyMaterial.identifier set in JwsHeader.keyId, and URL set inJwsHeader.jsonWebKeySetUrl.

Identify KeyMaterial with it's KeyMaterial.identifier in JwsHeader.keyId.

Don't identify KeyMaterial at all in a JwsHeader, used for SD-JWT KB-JWS.

Clients get the parsed JwsSigned and need to provide a set of keys, which will be used for verification one-by-one.

Representation of a signed SD-JWT, as issued by an at.asitplus.wallet.lib.agent.Issuer or presented by an at.asitplus.wallet.lib.agent.Holder, i.e. consisting of an JWS (with header, payload is at.asitplus.wallet.lib.data.VerifiableCredentialSdJwt and signature) and several disclosures (SelectiveDisclosureItem) separated by a ~, possibly ending with a keyBindingJws, that is a JWS with payload KeyBindingJws.

Encodes SelectiveDisclosureItem as needed by SD-JWT spec, that is a JSON array with the values for salt, name, and the value itself, which in turn can be anything, e.g. number, boolean or string. We solve this challenge by serializing a list of JsonPrimitive, see implementation. Note, that when disclosing array items, the claim name may be missing.

Create a JwsSigned, setting JwsHeader.type to the specified value and applying JwsHeaderIdentifierFun.

Create a JwsSigned, setting JwsHeader.type to the specified value