Index

src/shared/trust/types.ts

_getIssuanceCert
_getIssuanceCert(entity: TrustedEntity)

Get the issuance certificate from a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
Returns : TrustedEntityServiceCert | undefined
findServiceByType
findServiceByType(entity: TrustedEntity, serviceType: ServiceTypeIdentifier)

Helper to find a specific service type within a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
serviceType ServiceTypeIdentifier No
Returns : TrustedEntityServiceCert | undefined
getRevocationCert
getRevocationCert(entity: TrustedEntity)

Get the revocation certificate from a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
Returns : TrustedEntityServiceCert | undefined

src/issuer/configuration/credentials/types/credential-config-types.ts

_isMsoMdocConfig
_isMsoMdocConfig(config)

Type guard to check if a config is for mso_mdoc format

Parameters :
Name Optional
config No
_isSdJwtDcConfig
_isSdJwtDcConfig(config)

Type guard to check if a config is for dc+sd-jwt format

Parameters :
Name Optional
config No
buildMsoMdocConfig
buildMsoMdocConfig(doctype: string, options: BuildCredentialConfigOptions, metadata?: CredentialMetadataInput, scope?: string)

Build an mso_mdoc credential configuration

Parameters :
Name Type Optional
doctype string No
options BuildCredentialConfigOptions No
metadata CredentialMetadataInput Yes
scope string Yes
buildSdJwtDcConfig
buildSdJwtDcConfig(vct: string, options: BuildCredentialConfigOptions, metadata?: CredentialMetadataInput, scope?: string)

Build a dc+sd-jwt credential configuration

Parameters :
Name Type Optional
vct string No
options BuildCredentialConfigOptions No
metadata CredentialMetadataInput Yes
scope string Yes
toCredentialConfigurationSupported
toCredentialConfigurationSupported(config: TypedCredentialConfig)

Converts a TypedCredentialConfig to CredentialConfigurationSupported This is a type assertion helper since our types are derived from the SDK

Parameters :
Name Type Optional
config TypedCredentialConfig No

src/issuer/configuration/credentials/entities/iae-action.dto.ts

_transformIaeActions
_transformIaeActions()

Helper function to validate and transform IAE actions array.

Returns : ReturnType<typeof Type>

src/issuer/configuration/credentials/utils/derive.ts

addRequired
addRequired(parent: JsonSchema, key: string)
Parameters :
Name Type Optional
parent JsonSchema No
key string No
Returns : void
applyLeafSchema
applyLeafSchema(root: JsonSchema, field: ClaimFieldDefinition)
Parameters :
Name Type Optional
root JsonSchema No
field ClaimFieldDefinition No
Returns : void
buildClaims
buildClaims(fields)
Parameters :
Name Optional
fields No
Returns : Record<string, unknown>
buildClaimsByNamespace
buildClaimsByNamespace(fields)
Parameters :
Name Optional
fields No
Returns : Record<string, Record<string, unknown>>
buildClaimsMetadata
buildClaimsMetadata(fields)
Parameters :
Name Optional
fields No
Returns : ClaimMetadata[]
buildDisclosureFrame
buildDisclosureFrame(fields)
Parameters :
Name Optional
fields No
Returns : Record | undefined
buildJsonSchema
buildJsonSchema(fields)
Parameters :
Name Optional
fields No
Returns : JsonSchema
buildLeafSchema
buildLeafSchema(field: ClaimFieldDefinition)
Parameters :
Name Type Optional
field ClaimFieldDefinition No
Returns : JsonSchema
ensureFrameNode
ensureFrameNode(root: Record, path)
Parameters :
Name Type Optional
root Record No
path No
Returns : Record<string, unknown>
ensureSchemaNode
ensureSchemaNode(root: JsonSchema, path: Array)
Parameters :
Name Type Optional
root JsonSchema No
path Array No
Returns : JsonSchema
flattenFields
flattenFields(fields)
Parameters :
Name Optional
fields No
getArrayIndex
getArrayIndex(segment: Segment)
Parameters :
Name Type Optional
segment Segment No
Returns : number | undefined
getDisplayTitle
getDisplayTitle(display)
Parameters :
Name Optional
display No
Returns : string | undefined
getFieldNamespace
getFieldNamespace(field: ClaimFieldDefinition)
Parameters :
Name Type Optional
field ClaimFieldDefinition No
Returns : string | undefined
getOrCreateChild
getOrCreateChild(target: Record, key: string, nextIsArray: boolean)
Parameters :
Name Type Optional
target Record No
key string No
nextIsArray boolean No
Returns : PathCursor
isArrayPathSegment
isArrayPathSegment(segment)
Parameters :
Name Optional
segment No
Returns : boolean
mergeArrayLeafSchema
mergeArrayLeafSchema(parent: JsonSchema, leafSchema: JsonSchema)
Parameters :
Name Type Optional
parent JsonSchema No
leafSchema JsonSchema No
Returns : void
mergeLeafSchema
mergeLeafSchema(existing: JsonSchema, next: JsonSchema)
Parameters :
Name Type Optional
existing JsonSchema No
next JsonSchema No
Returns : JsonSchema
mergeObjectLeafSchema
mergeObjectLeafSchema(parent: JsonSchema, leafSegment, leafSchema: JsonSchema, mandatory)
Parameters :
Name Type Optional
parent JsonSchema No
leafSegment No
leafSchema JsonSchema No
mandatory No
Returns : void
normalizeDisplayInfo
normalizeDisplayInfo(display)
Parameters :
Name Optional
display No
Returns : [] | undefined
resolveChildPath
resolveChildPath(parentPath, childPath)
Parameters :
Name Optional
parentPath No
childPath No
Returns : Segment[]
segmentToKey
segmentToKey(segment: Segment)
Parameters :
Name Type Optional
segment Segment No
Returns : string
setArrayPathValue
setArrayPathValue(cursor, segment: Segment, isLast: boolean, next: Segment, value)
Parameters :
Name Type Optional
cursor No
segment Segment No
isLast boolean No
next Segment No
value No
setObjectPathValue
setObjectPathValue(cursor: Record, segment: Segment, isLast: boolean, next: Segment, value)
Parameters :
Name Type Optional
cursor Record No
segment Segment No
isLast boolean No
next Segment No
value No
setValueAtPath
setValueAtPath(target: Record, path, value)
Parameters :
Name Type Optional
target Record No
path No
value No
Returns : void

src/verifier/oid4vp/dcql-trusted-authorities.util.ts

applyTrustedAuthoritiesPolicy
applyTrustedAuthoritiesPolicy<T extends { credentials: Array> }>(dcqlQuery: T, removeTrustedAuthorities: boolean)
Type parameters :
  • T extends { credentials: Array<Record<string, unknown>> }

Conditionally strips trusted_authorities from each credential query in a DCQL query object.

Some wallets do not yet correctly handle trusted_authorities in the DCQL query of an OID4VP authorization request. removeTrustedAuthorities is an escape hatch (controlled by the VP_REMOVE_TA env flag) for deployments that need to work around such wallets; it is disabled by default so trusted_authorities is sent to wallets as configured.

Parameters :
Name Type Optional Description
dcqlQuery T No

the DCQL query to (optionally) strip trusted_authorities from

removeTrustedAuthorities boolean No

when true, strips trusted_authorities from every credential

Returns : T

a DCQL query with credentials stripped of trusted_authorities when removeTrustedAuthorities is true, otherwise the original query

src/shared/trust/x509-validation.service.ts

arrayBufferToHex
arrayBufferToHex(buffer: ArrayBuffer)
Parameters :
Name Type Optional
buffer ArrayBuffer No
Returns : string
certFromBase64Der
certFromBase64Der(val: string)

Parse a certificate from a Base64-encoded DER string (as used in LoTE trust lists). Converts to PEM format which is more reliably parsed by

Parameters :
Name Type Optional
val string No
Returns : x509.X509Certificate

src/issuer/issuance/oid4vci/authorization/shared/chained-as-token.util.ts

assertTokenRequestSessionValid
assertTokenRequestSessionValid(sessionRepository: Repository, session: ChainedAsSessionEntity, request: ChainedAsTokenRequestDto)
Parameters :
Name Type Optional
sessionRepository Repository No
session ChainedAsSessionEntity No
request ChainedAsTokenRequestDto No
Returns : Promise<void>
issueRefreshTokenIfEnabled
issueRefreshTokenIfEnabled(session: ChainedAsSessionEntity, issuanceConfig: RefreshTokenIssuanceConfig)
Parameters :
Name Type Optional
session ChainedAsSessionEntity No
issuanceConfig RefreshTokenIssuanceConfig No
Returns : string | undefined
resolveSessionForTokenRequest
resolveSessionForTokenRequest(sessionRepository: Repository, tenantId: string, request: ChainedAsTokenRequestDto)
Parameters :
Name Type Optional
sessionRepository Repository No
tenantId string No
request ChainedAsTokenRequestDto No
Returns : Promise<ChainedAsSessionEntity>
resolveTokenBinding
resolveTokenBinding(requireDPoP, session: ChainedAsSessionEntity, dpopJwt?: string)
Parameters :
Name Type Optional
requireDPoP No
session ChainedAsSessionEntity No
dpopJwt string Yes
Returns : { tokenType: string; dpopJkt?: string }

src/shared/utils/logger/logger.factory.ts

attachResponseBodyCapture
attachResponseBodyCapture(req: any, res: any)
Parameters :
Name Type Optional
req any No
res any No
Returns : void
isLoggableContentType
isLoggableContentType(contentType)

Content types we consider safe to buffer and stringify for logs. Anything else (binary uploads/downloads, streaming) is skipped entirely.

Parameters :
Name Optional
contentType No
Returns : boolean
serializeResponseBody
serializeResponseBody(rawBody: Buffer, contentType)
Parameters :
Name Type Optional
rawBody Buffer No
contentType No
Returns : unknown
truncate
truncate(value: string)
Parameters :
Name Type Optional
value string No
Returns : string

src/crypto/key/key-chain-signing.service.ts

base64url
base64url(input: string)
Parameters :
Name Type Optional
input string No
Returns : string

src/crypto/key/kms/adapters/csc-kms.adapter.ts

base64UrlOrBase64ToBytes
base64UrlOrBase64ToBytes(s: string)
Parameters :
Name Type Optional
s string No
Returns : Uint8Array
derEcdsaToRaw
derEcdsaToRaw(der: Uint8Array, coordLength: number)
Parameters :
Name Type Optional
der Uint8Array No
coordLength number No
Returns : Uint8Array
extractFirstCertificate
extractFirstCertificate(data: Record)
Parameters :
Name Type Optional
data Record No
Returns : string | undefined
normalizeCertificateToPem
normalizeCertificateToPem(value: string)
Parameters :
Name Type Optional
value string No
Returns : string

src/crypto/key/kms/adapters/vault-kms.adapter.ts

base64UrlOrBase64ToBytes
base64UrlOrBase64ToBytes(s: string)
Parameters :
Name Type Optional
s string No
Returns : Uint8Array
pemToDer
pemToDer(pem: string)
Parameters :
Name Type Optional
pem string No
Returns : ArrayBuffer
stripPrivateComponents
stripPrivateComponents(jwk: JWK)
Parameters :
Name Type Optional
jwk JWK No
Returns : JWK
vaultKeyType
vaultKeyType(alg: KmsSigningAlg)
Parameters :
Name Type Optional
alg KmsSigningAlg No
Returns : string

src/crypto/key/kms/adapters/http-kms.adapter.ts

base64UrlToBytes
base64UrlToBytes(encoded: string)

Convert base64url or base64 string to Uint8Array.

Parameters :
Name Type Optional
encoded string No
Returns : Uint8Array

src/main.ts

bootstrap
bootstrap()

Bootstrap function to initialize the NestJS application.

loadTlsOptions
loadTlsOptions()

Load TLS options from certificate and key files. Returns undefined if TLS is not enabled or files are not found.

src/issuer/issuance/oid4vci/authorization/shared/authorization-server-metadata.util.ts

buildAuthorizationServerMetadata
buildAuthorizationServerMetadata(options: AuthorizationServerMetadataBuildOptions)
Parameters :
Name Type Optional
options AuthorizationServerMetadataBuildOptions No
Returns : Record<string, unknown>
buildJwksResponse
buildJwksResponse(publicKey: JwkWithOptionalKid, fallbackKid: string)
Parameters :
Name Type Optional
publicKey JwkWithOptionalKid No
fallbackKid string No
Returns : { keys: Record[] }
buildWalletAttestationMetadata
buildWalletAttestationMetadata(walletAttestationRequired: boolean)
Parameters :
Name Type Optional
walletAttestationRequired boolean No
Returns : { tokenEndpointAuthMethodsSupported: readonly string[]; clientAttestationSigningAlgValuesSupported?: readonly string[]; clientAttestationPopSigningAlgValuesSupported?: readonly string[] }

src/verifier/iso18013/cbor-request.ts

buildCoseKeyMap
buildCoseKeyMap(xB64: string, yB64: string)

Build a COSE_Key map (integer-keyed) for a P-256 public key from JWK base64url components.

Parameters :
Name Type Optional
xB64 string No
yB64 string No
Returns : Map<number, unknown>
buildDeviceRequestCbor
buildDeviceRequestCbor(docType: string, namespaces: Record)

Build the CBOR DeviceRequest per ISO 18013-5 §8.3.2.1.2.1.

Parameters :
Name Type Optional Description
docType string No

mDOC document type (e.g. "org.iso.18013.5.1.mDL")

namespaces Record No

Map of namespace → { claimName: intentToRetain }

Returns : Buffer
buildEncryptionInfo
buildEncryptionInfo(xB64: string, yB64: string, nonce: Buffer)

Build the CBOR-encoded EncryptionInfo per ISO/IEC TS 18013-7:2025 Annex C:

EncryptionInfo = ["dcapi", EncryptionParameters] EncryptionParameters = {"nonce": bstr, "recipientPublicKey": COSE_Key}

Parameters :
Name Type Optional
xB64 string No
yB64 string No
nonce Buffer No
Returns : Buffer
buildIsoMdocDcApiTranscript
buildIsoMdocDcApiTranscript(encryptionInfoB64u: string, origin: string)

Build the DCAPIHandover SessionTranscript per ISO/IEC TS 18013-7:2025 Annex C:

SessionTranscript = [null, null, ["dcapi", SHA-256(CBOR([encInfoB64u, origin]))]]

The transcript is used in two places:

  • hpkeInfo: plain CBOR encoding — the HPKE RFC 9180 info parameter used by the wallet when encrypting and by the verifier when decrypting.
  • sessionTranscript: the structure passed to Verifier.verifyDeviceResponse for DeviceAuth verification.
Parameters :
Name Type Optional Description
encryptionInfoB64u string No

base64url (no padding) encoding of the EncryptionInfo CBOR exactly as sent in the DC API request

origin string No

browser origin, e.g. "https://example.com"

parseEncryptedResponse
parseEncryptedResponse(encryptedResponse: Buffer)

Parse the wallet's EncryptedResponse per ISO/IEC TS 18013-7:2025 Annex C:

EncryptedResponse = ["dcapi", {"enc": bstr, "cipherText": bstr}]

enc is the wallet's ephemeral P-256 public key (uncompressed, 65 bytes) and cipherText the HPKE AES-128-GCM output (GCM tag in the last 16 bytes).

Parameters :
Name Type Optional
encryptedResponse Buffer No

src/crypto/key/kms/adapters/pkcs11-kms.adapter.ts

buildP256Spki
buildP256Spki(x: Buffer, y: Buffer)

Build a P-256 SubjectPublicKeyInfo around the raw uncompressed EC point so we can hand it to WebCrypto's SPKI importer.

Layout (DER): SEQUENCE { AlgorithmIdentifier, BIT STRING { 04 || x || y } } where AlgorithmIdentifier = SEQUENCE { id-ecPublicKey, prime256v1 OID }.

Parameters :
Name Type Optional
x Buffer No
y Buffer No
Returns : Buffer
loadPkcs11
loadPkcs11()
toConstants
toConstants(mod: Pkcs11Module)
Parameters :
Name Type Optional
mod Pkcs11Module No
Returns : Pkcs11Constants
unwrapEcPoint
unwrapEcPoint(raw: Buffer)

CKA_EC_POINT is specified as a DER-encoded OCTET STRING wrapping the raw ECPoint. Some HSM vendors return the unwrapped ECPoint directly, so we accept both.

Parameters :
Name Type Optional
raw Buffer No
Returns : Buffer

src/database/postgres-ssl-options.ts

buildPostgresSslOptions
buildPostgresSslOptions(readValue)

Build PostgreSQL SSL settings from environment/config values.

Supported variables:

  • DB_SSL=true|false
  • DB_SSL_REJECT_UNAUTHORIZED=true|false
  • DB_SSL_CA_PATH=/path/to/ca.crt
  • DB_SSL_CERT_PATH=/path/to/client.crt
  • DB_SSL_KEY_PATH=/path/to/client.key
  • DB_SSL_KEY_PASSPHRASE=secret
Parameters :
Name Optional
readValue No
parseBoolean
parseBoolean(value)
Parameters :
Name Optional
value No
Returns : boolean | undefined
parseOptionalString
parseOptionalString(value)
Parameters :
Name Optional
value No
Returns : string | undefined
readOptionalFile
readOptionalFile(path: string, variableName: string)
Parameters :
Name Type Optional
path string No
variableName string No
Returns : Buffer

src/verifier/iso18013/hpke.ts

concat
concat(...parts: undefined)
Parameters :
Name Optional
parts No
Returns : Buffer
dhkemDecap
dhkemDecap(encKey: Buffer, recipientPrivateKeyJwk)

DHKEM(P-256) Decap: derive shared secret using recipient's private key and the sender's encapsulated public key (enc = 65-byte uncompressed P-256 point). RFC 9180 §4.1

Parameters :
Name Type Optional
encKey Buffer No
recipientPrivateKeyJwk No
Returns : Buffer
hkdfExpand
hkdfExpand(prk: Buffer, info: Buffer, len: number)
Parameters :
Name Type Optional
prk Buffer No
info Buffer No
len number No
Returns : Buffer
hkdfExtract
hkdfExtract(salt, ikm: Buffer)
Parameters :
Name Type Optional
salt No
ikm Buffer No
Returns : Buffer
hpkeOpen
hpkeOpen(encKey: Buffer, ciphertext: Buffer, recipientPriv, info: Buffer, aad: Buffer)

Decrypt an HPKE Base Mode ciphertext (RFC 9180 §6.1 OpenBase).

Parameters :
Name Type Optional Default value Description
encKey Buffer No

65-byte uncompressed P-256 sender ephemeral public key

ciphertext Buffer No

AEAD ciphertext (plaintext + 16-byte GCM auth tag)

recipientPriv No

Recipient private key as JWK

info Buffer No Buffer.alloc(0)

HPKE info parameter (may be empty)

aad Buffer No Buffer.alloc(0)

Additional authenticated data (may be empty)

Returns : Buffer
i2osp
i2osp(n: number, len: number)
Parameters :
Name Type Optional
n number No
len number No
Returns : Uint8Array
keySchedule
keySchedule(sharedSecret: Buffer, info: Buffer)

HPKE KeyScheduleBase: derive AEAD key and nonce from the KEM shared secret. RFC 9180 §5.1 (mode_base = 0x00, psk="" psk_id="")

Parameters :
Name Type Optional
sharedSecret Buffer No
info Buffer No
Returns : { key: Buffer; baseNonce: Buffer }
labeledExpand
labeledExpand(suiteId: Buffer, prk: Buffer, label: string, info: Buffer, len: number)
Parameters :
Name Type Optional
suiteId Buffer No
prk Buffer No
label string No
info Buffer No
len number No
Returns : Buffer
labeledExtract
labeledExtract(suiteId: Buffer, salt, label: string, ikm: Buffer)
Parameters :
Name Type Optional
suiteId Buffer No
salt No
label string No
ikm Buffer No
Returns : Buffer

src/crypto/key/kms/kms-config.service.ts

defaultConfig
defaultConfig()
Returns : KmsConfigDto
mergeConfigs
mergeConfigs(global: KmsConfigDto, tenant: KmsConfigDto)
Parameters :
Name Type Optional
global KmsConfigDto No
tenant KmsConfigDto No
Returns : KmsConfigDto
resolveEnvPlaceholders
resolveEnvPlaceholders<T>(value: T)
Type parameters :
  • T
Parameters :
Name Type Optional
value T No
Returns : T

src/crypto/key/kms/adapters/aws-kms.adapter.ts

derEcdsaToRaw
derEcdsaToRaw(der: Uint8Array, coordLength: number)

Convert an ASN.1 DER-encoded ECDSA-Sig-Value (SEQUENCE { r, s }) to the raw r || s representation used by JOSE/COSE. coordLength is the curve coordinate size in bytes (32 for P-256).

Parameters :
Name Type Optional
der Uint8Array No
coordLength number No
Returns : Uint8Array

src/issuer/issuance/oid4vci/authorization/shared/dpop.util.ts

extractDpopJkt
extractDpopJkt(dpopJwt?: string)

Extract DPoP JWK thumbprint from DPoP JWT. Returns undefined if parsing fails or DPoP is not provided.

Parameters :
Name Type Optional
dpopJwt string Yes
Returns : string | undefined

src/shared/utils/webhook/webhook.utils.ts

extractRawTokenFromSubmission
extractRawTokenFromSubmission(id: string, payload)

Extracts the raw cryptographic token from the presentation payload. Supporting Multi-Credential-Flows by evaluating the descriptor_map or falling back to ID-mapping.

Parameters :
Name Type Optional
id string No
payload No
Returns : string | undefined

src/shared/utils/audit-log-context.util.ts

extractRequestMeta
extractRequestMeta(req?: Request)
Parameters :
Name Type Optional
req Request Yes
getChangedFields
getChangedFields(before?: Record, after?: Record)
Parameters :
Name Type Optional
before Record Yes
after Record Yes
Returns : string[]
getChangedFieldsForKeys
getChangedFieldsForKeys<T extends object>(before: T, after: T, keys: Array)
Type parameters :
  • T extends object
Parameters :
Name Type Optional
before T No
after T No
keys Array No
Returns : string[]
resolveAuditActor
resolveAuditActor(token: TokenPayload)
Parameters :
Name Type Optional
token TokenPayload No
Returns : AuditLogActor

src/main.helpers.ts

filterOpenApiPaths
filterOpenApiPaths(document: OpenAPIObject, predicate)

Filter an OpenAPI document to only include paths matching (or not matching) a given predicate. Also prunes the tag list to only include tags that are actually referenced by the remaining paths.

Parameters :
Name Type Optional
document OpenAPIObject No
predicate No
Returns : OpenAPIObject

src/shared/utils/encryption/encrypted-column.transformer.ts

getEncryptionService
getEncryptionService()

Get the encryption service instance. Throws if not initialized.

Returns : EncryptionService
initializeEncryptionTransformer
initializeEncryptionTransformer(service: EncryptionService)

Initialize the encryption transformer with an EncryptionService instance. Must be called during application bootstrap before any database operations.

Parameters :
Name Type Optional
service EncryptionService No
Returns : void

src/issuer/issuance/oid4vci/util.ts

getHeadersFromRequest
getHeadersFromRequest(req: Request)

Utility function to extract headers from an Express request

Parameters :
Name Type Optional
req Request No
Returns : globalThis.Headers

src/crypto/key/kms/kms-crypto-provider.ts

importPublicCryptoKey
importPublicCryptoKey(publicJwk: JWK, alg: KmsSigningAlg)

Convenience: derive a real WebCrypto public CryptoKey from a public JWK. Used by the cert builder to populate SubjectPublicKeyInfo / compute Subject- and AuthorityKeyIdentifier extensions.

Parameters :
Name Type Optional Default value
publicJwk JWK No
alg KmsSigningAlg No "ES256"
Returns : Promise<CryptoKey>
isKmsKey
isKmsKey(key: CryptoKey)
Parameters :
Name Type Optional
key CryptoKey No
makeKmsSigningKey
makeKmsSigningKey(adapter: KmsAdapter, ref: KmsKeyRef, alg: KmsSigningAlg)

Build an opaque CryptoKey-shaped value that routes WebCrypto sign operations through a KmsAdapter.

The returned object is NEVER usable for export, verify or any other native subtle operation — only for signing, and only when the KmsCryptoProvider is active (which is the default once the KmsProviderRegistry boots).

Parameters :
Name Type Optional Default value
adapter KmsAdapter No
ref KmsKeyRef No
alg KmsSigningAlg No "ES256"
Returns : CryptoKey

src/verifier/presentations/validators/transaction-data.validator.ts

IsTransactionData
IsTransactionData(validationOptions?: ValidationOptions)
Parameters :
Name Type Optional
validationOptions ValidationOptions Yes

src/shared/utils/config-file-loader.util.ts

loadConfigDto
loadConfigDto<T extends object>(filePath: string, validationClass: ClassConstructor)
Type parameters :
  • T extends object
Parameters :
Name Type Optional
filePath string No
validationClass ClassConstructor No
Returns : T
loadJsonFile
loadJsonFile<T>(filePath: string)
Type parameters :
  • T
Parameters :
Name Type Optional
filePath string No
Returns : T

src/shared/utils/x509-tolerant-extensions.ts

registerTolerantX509Extensions
registerTolerantX509Extensions()

Register the tolerant issuerAltName parser globally. Call once at bootstrap (idempotent — re-registering simply overwrites the factory entry).

Returns : void

src/auth/tenant-context.util.ts

requireTenantContext
requireTenantContext(user: TokenPayload)
Parameters :
Name Type Optional
user TokenPayload No
Returns : string

src/auth/secure.decorator.ts

Secured
Secured(roles)
Parameters :
Name Optional
roles No

src/crypto/key/cert/certificate-builder.service.ts

signatureAlgFor
signatureAlgFor(alg: KmsSigningAlg)
Parameters :
Name Type Optional
alg KmsSigningAlg No

src/crypto/key/kms/adapters/db-kms.adapter.ts

stripPrivateComponents
stripPrivateComponents(jwk: JWK)
Parameters :
Name Type Optional
jwk JWK No
Returns : JWK

src/issuer/issuance/oid4vci/authorization/shared/pkce.util.ts

verifyPkceCodeChallenge
verifyPkceCodeChallenge(codeChallenge?: string, codeChallengeMethod?: string, codeVerifier?: string)
Parameters :
Name Type Optional
codeChallenge string Yes
codeChallengeMethod string Yes
codeVerifier string Yes
Returns : void

results matching ""

    No results matching ""