Kill the Clipboard - SMART Health Cards Library - v1.0.0
    Preparing search index...

    Class JWSProcessor

    Handles JWT/JWS signing and verification with ES256 algorithm.

    Index

    Constructors

    Methods

    • Parses a Compact JWS without verifying its signature to extract protected header and payload. If the header indicates zip: 'DEF', the payload will be decompressed. This is safe for metadata discovery (e.g., resolving JWKS by iss/kid) but MUST NOT be used to trust content.

      Parameters

      • jws: string

        JWS string to parse

      Returns Promise<{ header: { kid?: string; zip?: string }; payload: SHCJWT }>

      Promise resolving to header and payload objects

      PayloadValidationError When JWS string is invalid

      JWSError When JWS parsing fails

    • Signs a JWT payload using ES256 algorithm.

      Parameters

      • payload: SHCJWT

        JWT payload to sign

      • privateKey: string | Uint8Array<ArrayBufferLike> | CryptoKey | JsonWebKey

        ES256 private key (CryptoKey, Uint8Array, PEM string, or JsonWebKey)

      • publicKey: string | Uint8Array<ArrayBufferLike> | CryptoKey | JsonWebKey

        ES256 public key for key ID derivation (CryptoKey, Uint8Array, PEM string, or JsonWebKey)

      • config: { enableCompression?: boolean } = {}
        • OptionalenableCompression?: boolean

          Whether to compress payload with raw DEFLATE (default: true). When enableCompression is true, compresses payload before signing and sets zip: "DEF".

      Returns Promise<string>

      Promise resolving to JWS string

      PayloadValidationError When payload structure validation fails

      JWSError When signing fails or key import fails

    • Verifies a JWS and returns the decoded payload.

      Parameters

      • jws: string

        JWS string to verify

      • publicKey: string | Uint8Array<ArrayBufferLike> | CryptoKey | JsonWebKey

        ES256 public key for verification (CryptoKey, Uint8Array, PEM string, or JsonWebKey)

      • Optionalconfig: { verifyExpiration?: boolean }
        • OptionalverifyExpiration?: boolean

          Whether to verify the JWT exp claim during verification. When true (default), expired health cards will be rejected. Set to false to allow expired cards to be accepted.

      Returns Promise<SHCJWT>

      Promise resolving to decoded JWT payload

      SignatureVerificationError When JWS signature verification fails

      ExpirationError When health card has expired

      PayloadValidationError When payload structure validation fails

      JWSError When other JWS processing fails

      To inspect headers without verification, use jose.decodeProtectedHeader(jws) from the jose library.