@ajna-inc/openbadges 0.1.0

package/build/services/ConsumerService.js

@@ -0,0 +1,143 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ConsumerService = void 0;
+const core_1 = require("@credo-ts/core");
+const OpenBadgesServiceDescriptionRepository_1 = require("../repository/OpenBadgesServiceDescriptionRepository");
+const OpenBadgesOAuthRepository_1 = require("../repository/OpenBadgesOAuthRepository");
+const OAuthClient_1 = require("./OAuthClient");
+let ConsumerService = class ConsumerService {
+    constructor(sddRepo, oauthRepo, oauth) {
+        this.sddRepo = sddRepo;
+        this.oauthRepo = oauthRepo;
+        this.oauth = oauth;
+    }
+    async importFromUrl(agentContext, url, options) {
+        const discoveryUrl = options?.discoveryUrl ?? new URL('/ims/ob/v3p0/discovery', url).toString();
+        const sdd = await this.ensureServiceDescription(agentContext, discoveryUrl);
+        const regUrl = sdd?.components?.securitySchemes?.OAuth2ACG?.['x-imssf-registrationUrl'];
+        const authUrl = sdd?.components?.securitySchemes?.OAuth2ACG?.flows?.authorizationCode?.authorizationUrl;
+        if (!regUrl || !authUrl)
+            throw new Error('discovery_incomplete');
+        const registration = await this.oauth.registerClient(agentContext, regUrl, {
+            client_name: agentContext.config.label ?? 'Credo OB Client',
+            redirect_uris: ['http://localhost/callback'],
+            scope: Object.keys(sdd.components?.securitySchemes?.OAuth2ACG?.flows?.authorizationCode?.scopes ?? {}).join(' '),
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+            application_type: 'web',
+        });
+        const authorizationUrl = this.oauth.buildAuthorizationUrl(authUrl, {
+            response_type: 'code',
+            client_id: registration.client_id,
+            redirect_uri: registration.redirect_uris?.[0] ?? '',
+            scope: registration.scope ?? '',
+            state: Math.random().toString(36).slice(2),
+            code_challenge_method: 'S256',
+            code_challenge: Math.random().toString(36).slice(2),
+        });
+        return { discovery: sdd, registration, authorizationUrl, host: new URL(url).origin };
+    }
+    async ensureServiceDescription(agentContext, discoveryUrl) {
+        try {
+            const existing = await this.sddRepo.findByDiscoveryUrl(agentContext, discoveryUrl);
+            if (existing)
+                return existing.serviceDescription;
+        }
+        catch { }
+        const res = await fetch(discoveryUrl);
+        if (!res.ok)
+            throw new Error(`discovery_failed: ${res.status}`);
+        const json = await res.json();
+        await this.sddRepo.save(agentContext, {
+            discoveryUrl,
+            serviceDescription: json,
+        });
+        return json;
+    }
+    async upsertToRemote(agentContext, baseUrl, credential) {
+        const host = new URL(baseUrl).origin;
+        const oauth = await this.oauthRepo.findByHost(agentContext, host);
+        if (!oauth?.[0]?.clientRegistration)
+            throw new Error('no_client_registration');
+        const reg = oauth[0].clientRegistration;
+        const tokenUrl = reg?.token_endpoint || reg?.tokenUrl || new URL('/token', baseUrl).toString();
+        const clientId = reg.client_id;
+        const clientSecret = reg.client_secret;
+        if (!clientId || !clientSecret)
+            throw new Error('missing_client_credentials');
+        // Try to get a valid access token from token repository
+        const { OpenBadgesTokenRepository } = await Promise.resolve().then(() => __importStar(require('../repository/OpenBadgesTokenRepository')));
+        const tokens = agentContext.dependencyManager.resolve(OpenBadgesTokenRepository);
+        let access = await tokens.findValidAccessByClientHost(agentContext, clientId, host);
+        if (!access) {
+            // refresh
+            const refresh = await tokens.findRefreshByClientHost(agentContext, clientId, host);
+            if (!refresh)
+                throw new Error('no_refresh_token');
+            const refreshed = await this.oauth.getAccessToken(agentContext, tokenUrl, {
+                client_id: clientId,
+                client_secret: clientSecret,
+                refresh_token: refresh.token,
+                host,
+            });
+            access = await tokens.findValidAccessByClientHost(agentContext, clientId, host);
+            if (!access)
+                throw new Error('refresh_failed');
+        }
+        const url = new URL('/ims/ob/v3p0/credentials', baseUrl).toString();
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: { authorization: `Bearer ${access.token}`, 'content-type': 'application/json' },
+            body: JSON.stringify(credential),
+        });
+        if (!res.ok)
+            throw new Error(`upsert_failed: ${res.status}`);
+        return res.json();
+    }
+};
+exports.ConsumerService = ConsumerService;
+exports.ConsumerService = ConsumerService = __decorate([
+    (0, core_1.injectable)(),
+    __param(0, (0, core_1.inject)(OpenBadgesServiceDescriptionRepository_1.OpenBadgesServiceDescriptionRepository)),
+    __param(1, (0, core_1.inject)(OpenBadgesOAuthRepository_1.OpenBadgesOAuthRepository)),
+    __param(2, (0, core_1.inject)(OAuthClient_1.OAuthClient)),
+    __metadata("design:paramtypes", [OpenBadgesServiceDescriptionRepository_1.OpenBadgesServiceDescriptionRepository,
+        OpenBadgesOAuthRepository_1.OpenBadgesOAuthRepository,
+        OAuthClient_1.OAuthClient])
+], ConsumerService);
+//# sourceMappingURL=ConsumerService.js.map

package/build/services/ConsumerService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConsumerService.js","sourceRoot":"","sources":["../../src/services/ConsumerService.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yCAAmD;AACnD,iHAA6G;AAC7G,uFAAmF;AACnF,+CAA2C;AAGpC,IAAM,eAAe,GAArB,MAAM,eAAe;IAC1B,YACmE,OAA+C,EAC5D,SAAoC,EAClD,KAAkB;QAFS,YAAO,GAAP,OAAO,CAAwC;QAC5D,cAAS,GAAT,SAAS,CAA2B;QAClD,UAAK,GAAL,KAAK,CAAa;IACvD,CAAC;IAEG,KAAK,CAAC,aAAa,CAAC,YAA0B,EAAE,GAAW,EAAE,OAAmC;QACrG,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,GAAG,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAA;QAC/F,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;QAC3E,MAAM,MAAM,GAAG,GAAG,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,yBAAyB,CAAW,CAAA;QACjG,MAAM,OAAO,GAAG,GAAG,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,KAAK,EAAE,iBAAiB,EAAE,gBAA0B,CAAA;QACjH,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QAChE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,MAAM,EAAE;YACzE,WAAW,EAAE,YAAY,CAAC,MAAM,CAAC,KAAK,IAAI,iBAAiB;YAC3D,aAAa,EAAE,CAAC,2BAA2B,CAAC;YAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CACf,GAAG,CAAC,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAiC,IAAI,EAAE,CAC/G,CAAC,IAAI,CAAC,GAAG,CAAC;YACX,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,gBAAgB,EAAE,KAAK;SACxB,CAAoE,CAAA;QACrE,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,OAAO,EAAE;YACjE,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,YAAY,CAAC,SAAS;YACjC,YAAY,EAAE,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE;YACnD,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,EAAE;YAC/B,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,qBAAqB,EAAE,MAAM;YAC7B,cAAc,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;SACpD,CAAC,CAAA;QACF,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,YAAY,EAAE,gBAAgB,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAA;IACtF,CAAC;IAEM,KAAK,CAAC,wBAAwB,CAAC,YAA0B,EAAE,YAAoB;QACpF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,YAAmB,EAAE,YAAY,CAAC,CAAA;YACzF,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC,kBAAyB,CAAA;QACzD,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QACV,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;QAC/D,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7B,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAmB,EAAE;YAC3C,YAAY;YACZ,kBAAkB,EAAE,IAAI;SAClB,CAAC,CAAA;QACT,OAAO,IAAI,CAAA;IACb,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,YAA0B,EAAE,OAAe,EAAE,UAAmB;QAC1F,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAA;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,YAAmB,EAAE,IAAI,CAAC,CAAA;QACxE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,kBAAkB;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;QAC9E,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAyB,CAAA;QAC9C,MAAM,QAAQ,GAAG,GAAG,EAAE,cAAc,IAAI,GAAG,EAAE,QAAQ,IAAI,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;QAC9F,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAA;QAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,aAAa,CAAA;QACtC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAE7E,wDAAwD;QACxD,MAAM,EAAE,yBAAyB,EAAE,GAAG,wDAAa,yCAAyC,GAAC,CAAA;QAC7F,MAAM,MAAM,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;QAChF,IAAI,MAAM,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,YAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;QAC1F,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,UAAU;YACV,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,YAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;YACzF,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;YACjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,QAAQ,EAAE;gBACxE,SAAS,EAAE,QAAQ;gBACnB,aAAa,EAAE,YAAY;gBAC3B,aAAa,EAAE,OAAO,CAAC,KAAK;gBAC5B,IAAI;aACL,CAAC,CAAA;YACF,MAAM,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,YAAmB,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;YACtF,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;QAChD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;QACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,KAAK,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YACxF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;QAC5D,OAAO,GAAG,CAAC,IAAI,EAAE,CAAA;IACnB,CAAC;CACF,CAAA;AAvFY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,iBAAU,GAAE;IAGR,WAAA,IAAA,aAAM,EAAC,+EAAsC,CAAC,CAAA;IAC9C,WAAA,IAAA,aAAM,EAAC,qDAAyB,CAAC,CAAA;IACjC,WAAA,IAAA,aAAM,EAAC,yBAAW,CAAC,CAAA;qCAFsD,+EAAsC;QACjD,qDAAyB;QAC3C,yBAAW;GAJ/C,eAAe,CAuF3B"}

package/build/services/ContextService.d.ts

@@ -0,0 +1,14 @@
+type LoaderResult = {
+    contextUrl: null;
+    documentUrl: string;
+    document: any;
+};
+export declare class ContextService {
+    private cache;
+    private allowNetwork;
+    addCached(url: string, document: any): void;
+    setAllowNetwork(allow: boolean): void;
+    getDocumentLoader(): (url: string) => Promise<LoaderResult>;
+    exportCache(): Record<string, any>;
+}
+export {};

package/build/services/ContextService.js

@@ -0,0 +1,54 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContextService = void 0;
+const core_1 = require("@credo-ts/core");
+let ContextService = class ContextService {
+    constructor() {
+        this.cache = new Map();
+        this.allowNetwork = true;
+    }
+    addCached(url, document) {
+        this.cache.set(url, document);
+    }
+    setAllowNetwork(allow) {
+        this.allowNetwork = allow;
+    }
+    getDocumentLoader() {
+        const self = this;
+        return async function documentLoader(url) {
+            if (self.cache.has(url)) {
+                return { contextUrl: null, documentUrl: url, document: self.cache.get(url) };
+            }
+            if (!self.allowNetwork)
+                throw new Error(`Context not cached: ${url}`);
+            // pin to https and specific hosts by default; allow did:web document resolution via https
+            const allowed = url.startsWith('https://www.w3.org/') || url.startsWith('https://purl.imsglobal.org/') || url.startsWith('https://w3id.org/') || url.startsWith('https://');
+            if (!allowed)
+                throw new Error(`Blocked remote context: ${url}`);
+            const res = await fetch(url);
+            if (!res.ok)
+                throw new Error(`Failed to fetch context ${url}: ${res.status}`);
+            const json = await res.json();
+            self.cache.set(url, json);
+            return { contextUrl: null, documentUrl: url, document: json };
+        };
+    }
+    // Export cached contexts for external runners (testing)
+    exportCache() {
+        const out = {};
+        for (const [k, v] of this.cache.entries())
+            out[k] = v;
+        return out;
+    }
+};
+exports.ContextService = ContextService;
+exports.ContextService = ContextService = __decorate([
+    (0, core_1.injectable)()
+], ContextService);
+//# sourceMappingURL=ContextService.js.map

package/build/services/ContextService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ContextService.js","sourceRoot":"","sources":["../../src/services/ContextService.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAA2C;AAKpC,IAAM,cAAc,GAApB,MAAM,cAAc;IAApB;QACG,UAAK,GAAG,IAAI,GAAG,EAAe,CAAA;QAC9B,iBAAY,GAAG,IAAI,CAAA;IAkC7B,CAAC;IAhCQ,SAAS,CAAC,GAAW,EAAE,QAAa;QACzC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IAEM,eAAe,CAAC,KAAc;QACnC,IAAI,CAAC,YAAY,GAAG,KAAK,CAAA;IAC3B,CAAC;IAEM,iBAAiB;QACtB,MAAM,IAAI,GAAG,IAAI,CAAA;QACjB,OAAO,KAAK,UAAU,cAAc,CAAC,GAAW;YAC9C,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;YAC9E,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAA;YACrE,0FAA0F;YAC1F,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,6BAA6B,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;YAC3K,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAA;YAC/D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;YAC5B,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;YAC7E,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;YAC7B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YACzB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;QAC/D,CAAC,CAAA;IACH,CAAC;IAED,wDAAwD;IACjD,WAAW;QAChB,MAAM,GAAG,GAAwB,EAAE,CAAA;QACnC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QACrD,OAAO,GAAG,CAAA;IACZ,CAAC;CACF,CAAA;AApCY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,iBAAU,GAAE;GACA,cAAc,CAoC1B"}

package/build/services/DataIntegrityService.d.ts

@@ -0,0 +1,51 @@
+import type { AgentContext } from '@credo-ts/core';
+import { ContextService } from './ContextService';
+/**
+ * DataIntegrityService
+ *
+ * Handles signing and verification of credentials using the eddsa-rdfc-2022 cryptosuite.
+ * This produces DataIntegrityProof proofs compatible with Credly and other OBv3 issuers.
+ */
+export declare class DataIntegrityService {
+    private readonly contextService;
+    private readonly eddsaRdfc2022;
+    constructor(contextService: ContextService);
+    /**
+     * Sign a document using eddsa-rdfc-2022 cryptosuite
+     *
+     * Produces a DataIntegrityProof with:
+     * - type: "DataIntegrityProof"
+     * - cryptosuite: "eddsa-rdfc-2022"
+     * - RDFC-1.0 canonicalization
+     * - Ed25519 signature
+     */
+    sign(_agentContext: AgentContext, document: Record<string, unknown>, keyPair: {
+        id: string;
+        controller: string;
+        publicKeyMultibase?: string;
+        privateKeyMultibase: string;
+    }): Promise<Record<string, unknown>>;
+    /**
+     * Verify a signed document with DataIntegrityProof
+     *
+     * Supports verification of eddsa-rdfc-2022 proofs by:
+     * 1. Resolving the public key from the verificationMethod DID
+     * 2. Using RDFC-1.0 canonicalization to recreate the signed hash
+     * 3. Verifying the Ed25519 signature
+     */
+    verify(document: Record<string, unknown>): Promise<{
+        verified: boolean;
+        error?: string;
+    }>;
+    /**
+     * Get the default cryptosuite identifier
+     */
+    getDefaultCryptosuite(): string;
+    /**
+     * Resolve public key from a verification method ID
+     *
+     * This fetches the DID document and extracts the publicKeyMultibase
+     * from the matching verification method.
+     */
+    private resolvePublicKey;
+}

package/build/services/DataIntegrityService.js

@@ -0,0 +1,134 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataIntegrityService = void 0;
+const core_1 = require("@credo-ts/core");
+const ContextService_1 = require("./ContextService");
+const constants_1 = require("../constants");
+const EddsaRdfc2022_1 = require("../cryptosuites/EddsaRdfc2022");
+/**
+ * DataIntegrityService
+ *
+ * Handles signing and verification of credentials using the eddsa-rdfc-2022 cryptosuite.
+ * This produces DataIntegrityProof proofs compatible with Credly and other OBv3 issuers.
+ */
+let DataIntegrityService = class DataIntegrityService {
+    constructor(contextService) {
+        this.contextService = contextService;
+        this.eddsaRdfc2022 = new EddsaRdfc2022_1.EddsaRdfc2022Cryptosuite();
+    }
+    /**
+     * Sign a document using eddsa-rdfc-2022 cryptosuite
+     *
+     * Produces a DataIntegrityProof with:
+     * - type: "DataIntegrityProof"
+     * - cryptosuite: "eddsa-rdfc-2022"
+     * - RDFC-1.0 canonicalization
+     * - Ed25519 signature
+     */
+    async sign(_agentContext, document, keyPair) {
+        return this.eddsaRdfc2022.sign({
+            document,
+            keyPair: {
+                id: keyPair.id,
+                controller: keyPair.controller,
+                publicKeyMultibase: keyPair.publicKeyMultibase || '',
+                privateKeyMultibase: keyPair.privateKeyMultibase,
+            },
+            purpose: 'assertionMethod',
+        });
+    }
+    /**
+     * Verify a signed document with DataIntegrityProof
+     *
+     * Supports verification of eddsa-rdfc-2022 proofs by:
+     * 1. Resolving the public key from the verificationMethod DID
+     * 2. Using RDFC-1.0 canonicalization to recreate the signed hash
+     * 3. Verifying the Ed25519 signature
+     */
+    async verify(document) {
+        try {
+            const proof = document.proof;
+            if (!proof) {
+                return { verified: false, error: 'No proof found in document' };
+            }
+            const proofs = Array.isArray(proof) ? proof : [proof];
+            for (const p of proofs) {
+                // Check if this is an eddsa-rdfc-2022 proof
+                if (this.eddsaRdfc2022.matchProof(p)) {
+                    // Resolve public key from verification method
+                    const publicKeyMultibase = await this.resolvePublicKey(p.verificationMethod);
+                    if (!publicKeyMultibase) {
+                        return { verified: false, error: `Could not resolve public key from ${p.verificationMethod}` };
+                    }
+                    return this.eddsaRdfc2022.verify({
+                        document,
+                        proof: p,
+                        publicKeyMultibase,
+                        // Use internal cached contexts for verification
+                        // Network contexts are fetched during real-world usage by the cryptosuite
+                        useNetworkContexts: false,
+                    });
+                }
+            }
+            return { verified: false, error: 'No matching eddsa-rdfc-2022 proof found' };
+        }
+        catch (e) {
+            const error = e;
+            return { verified: false, error: error?.message || String(e) };
+        }
+    }
+    /**
+     * Get the default cryptosuite identifier
+     */
+    getDefaultCryptosuite() {
+        return constants_1.DI_EDDSA_RDFC_2022;
+    }
+    /**
+     * Resolve public key from a verification method ID
+     *
+     * This fetches the DID document and extracts the publicKeyMultibase
+     * from the matching verification method.
+     */
+    async resolvePublicKey(verificationMethodId) {
+        try {
+            const documentLoader = this.contextService.getDocumentLoader();
+            const result = await documentLoader(verificationMethodId);
+            // The document loader should return the verification method object
+            const vm = result.document;
+            if (vm.publicKeyMultibase) {
+                return vm.publicKeyMultibase;
+            }
+            // If we got a full DID document, find the verification method
+            const didDoc = result.document;
+            if (didDoc.verificationMethod) {
+                const method = didDoc.verificationMethod.find((m) => m.id === verificationMethodId);
+                if (method?.publicKeyMultibase) {
+                    return method.publicKeyMultibase;
+                }
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+};
+exports.DataIntegrityService = DataIntegrityService;
+exports.DataIntegrityService = DataIntegrityService = __decorate([
+    (0, core_1.injectable)(),
+    __param(0, (0, core_1.inject)(ContextService_1.ContextService)),
+    __metadata("design:paramtypes", [ContextService_1.ContextService])
+], DataIntegrityService);
+//# sourceMappingURL=DataIntegrityService.js.map

package/build/services/DataIntegrityService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DataIntegrityService.js","sourceRoot":"","sources":["../../src/services/DataIntegrityService.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,yCAAmD;AACnD,qDAAiD;AACjD,4CAAiD;AACjD,iEAAiG;AAEjG;;;;;GAKG;AAEI,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAG/B,YAA2C,cAA+C;QAA9B,mBAAc,GAAd,cAAc,CAAgB;QAFzE,kBAAa,GAAG,IAAI,wCAAwB,EAAE,CAAA;IAE8B,CAAC;IAE9F;;;;;;;;OAQG;IACI,KAAK,CAAC,IAAI,CACf,aAA2B,EAC3B,QAAiC,EACjC,OAKC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;YAC7B,QAAQ;YACR,OAAO,EAAE;gBACP,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE;gBACpD,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;aACjD;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC,CAAA;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,MAAM,CAAC,QAAiC;QACnD,IAAI,CAAC;YACH,MAAM,KAAK,GAAI,QAAkE,CAAC,KAAK,CAAA;YAEvF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAA;YACjE,CAAC;YAED,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAErD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,4CAA4C;gBAC5C,IAAI,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAuC,CAAC,EAAE,CAAC;oBAC3E,8CAA8C;oBAC9C,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAA;oBAE5E,IAAI,CAAC,kBAAkB,EAAE,CAAC;wBACxB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAA;oBAChG,CAAC;oBAED,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;wBAC/B,QAAQ;wBACR,KAAK,EAAE,CAAC;wBACR,kBAAkB;wBAClB,gDAAgD;wBAChD,0EAA0E;wBAC1E,kBAAkB,EAAE,KAAK;qBAC1B,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAA;QAC9E,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,MAAM,KAAK,GAAG,CAAU,CAAA;YACxB,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAA;QAChE,CAAC;IACH,CAAC;IAED;;OAEG;IACI,qBAAqB;QAC1B,OAAO,8BAAkB,CAAA;IAC3B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,gBAAgB,CAAC,oBAA4B;QACzD,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,CAAA;YAC9D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAAC,CAAA;YAEzD,mEAAmE;YACnE,MAAM,EAAE,GAAG,MAAM,CAAC,QAA2C,CAAA;YAE7D,IAAI,EAAE,CAAC,kBAAkB,EAAE,CAAC;gBAC1B,OAAO,EAAE,CAAC,kBAAkB,CAAA;YAC9B,CAAC;YAED,8DAA8D;YAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,QAErB,CAAA;YAED,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,oBAAoB,CAAC,CAAA;gBACnF,IAAI,MAAM,EAAE,kBAAkB,EAAE,CAAC;oBAC/B,OAAO,MAAM,CAAC,kBAAkB,CAAA;gBAClC,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;CACF,CAAA;AA5HY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,iBAAU,GAAE;IAIS,WAAA,IAAA,aAAM,EAAC,+BAAc,CAAC,CAAA;qCAAkC,+BAAc;GAH/E,oBAAoB,CA4HhC"}

package/build/services/DidCommLinkService.d.ts

@@ -0,0 +1,7 @@
+import type { AgentContext } from '@credo-ts/core';
+export declare class DidCommLinkService {
+    sendCredentialUrl(_agentContext: AgentContext, _connectionId: string, _payload: {
+        url: string;
+        discoveryUrl?: string;
+    }): Promise<void>;
+}

package/build/services/DidCommLinkService.js

@@ -0,0 +1,20 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DidCommLinkService = void 0;
+const core_1 = require("@credo-ts/core");
+let DidCommLinkService = class DidCommLinkService {
+    async sendCredentialUrl(_agentContext, _connectionId, _payload) {
+        throw new Error('DidCommLinkService.sendCredentialUrl not implemented yet');
+    }
+};
+exports.DidCommLinkService = DidCommLinkService;
+exports.DidCommLinkService = DidCommLinkService = __decorate([
+    (0, core_1.injectable)()
+], DidCommLinkService);
+//# sourceMappingURL=DidCommLinkService.js.map

package/build/services/DidCommLinkService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DidCommLinkService.js","sourceRoot":"","sources":["../../src/services/DidCommLinkService.ts"],"names":[],"mappings":";;;;;;;;;AACA,yCAA2C;AAGpC,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IACtB,KAAK,CAAC,iBAAiB,CAAC,aAA2B,EAAE,aAAqB,EAAE,QAAgD;QACjI,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;IAC7E,CAAC;CACF,CAAA;AAJY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,iBAAU,GAAE;GACA,kBAAkB,CAI9B"}

package/build/services/DisplayMapper.d.ts

@@ -0,0 +1,9 @@
+export declare class DisplayMapper {
+    toDisplay(credential: any): {
+        title: any;
+        description: any;
+        issuerName: any;
+        issuedOn: any;
+        image: any;
+    };
+}

package/build/services/DisplayMapper.js

@@ -0,0 +1,26 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DisplayMapper = void 0;
+const core_1 = require("@credo-ts/core");
+let DisplayMapper = class DisplayMapper {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    toDisplay(credential) {
+        const issuerName = credential?.issuer?.name;
+        const issuedOn = credential?.validFrom ?? credential?.issuanceDate;
+        const title = credential?.name ?? credential?.credentialSubject?.achievement?.name;
+        const description = credential?.credentialSubject?.achievement?.description;
+        const image = credential?.credentialSubject?.achievement?.image?.id;
+        return { title, description, issuerName, issuedOn, image };
+    }
+};
+exports.DisplayMapper = DisplayMapper;
+exports.DisplayMapper = DisplayMapper = __decorate([
+    (0, core_1.injectable)()
+], DisplayMapper);
+//# sourceMappingURL=DisplayMapper.js.map

package/build/services/DisplayMapper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DisplayMapper.js","sourceRoot":"","sources":["../../src/services/DisplayMapper.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAA2C;AAGpC,IAAM,aAAa,GAAnB,MAAM,aAAa;IACxB,8DAA8D;IACvD,SAAS,CAAC,UAAe;QAC9B,MAAM,UAAU,GAAG,UAAU,EAAE,MAAM,EAAE,IAAI,CAAA;QAC3C,MAAM,QAAQ,GAAG,UAAU,EAAE,SAAS,IAAI,UAAU,EAAE,YAAY,CAAA;QAClE,MAAM,KAAK,GAAG,UAAU,EAAE,IAAI,IAAI,UAAU,EAAE,iBAAiB,EAAE,WAAW,EAAE,IAAI,CAAA;QAClF,MAAM,WAAW,GAAG,UAAU,EAAE,iBAAiB,EAAE,WAAW,EAAE,WAAW,CAAA;QAC3E,MAAM,KAAK,GAAG,UAAU,EAAE,iBAAiB,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,CAAA;QACnE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAA;IAC5D,CAAC;CACF,CAAA;AAVY,sCAAa;wBAAb,aAAa;IADzB,IAAA,iBAAU,GAAE;GACA,aAAa,CAUzB"}

package/build/services/IssuerService.d.ts

@@ -0,0 +1,38 @@
+import type { AgentContext } from '@credo-ts/core';
+import { OpenBadgeCredentialRepository } from '../repository/OpenBadgeCredentialRepository';
+import { OpenBadgeCredentialRecord } from '../repository/OpenBadgeCredentialRecord';
+import type { EndorsementCredentialInput } from '../models/EndorsementCredential';
+import type { ClrCredentialInput } from '../models/ClrCredential';
+import { ProofService } from './ProofService';
+import { OpenBadgesModuleConfig } from '../OpenBadgesModuleConfig';
+import { KeyService } from './KeyService';
+export declare class IssuerService {
+    private readonly repository;
+    private readonly proofs;
+    private readonly keys;
+    private readonly config;
+    constructor(repository: OpenBadgeCredentialRepository, proofs: ProofService, keys: KeyService, config: OpenBadgesModuleConfig);
+    issueCredential(agentContext: AgentContext, input: any): Promise<OpenBadgeCredentialRecord>;
+    /**
+     * Issues an EndorsementCredential - a third-party validation credential
+     *
+     * EndorsementCredentials allow external organizations or individuals to
+     * endorse achievements, profiles, or other credentials.
+     *
+     * @param agentContext - The agent context
+     * @param input - The endorsement credential input
+     * @returns The saved credential record
+     */
+    issueEndorsement(agentContext: AgentContext, input: EndorsementCredentialInput): Promise<OpenBadgeCredentialRecord>;
+    /**
+     * Issues a ClrCredential - a Comprehensive Learner Record bundling multiple credentials
+     *
+     * CLR credentials allow bundling multiple OpenBadgeCredentials into a single
+     * verifiable credential representing a learner's complete achievement record.
+     *
+     * @param agentContext - The agent context
+     * @param input - The CLR credential input
+     * @returns The saved credential record
+     */
+    issueClr(agentContext: AgentContext, input: ClrCredentialInput): Promise<OpenBadgeCredentialRecord>;
+}