@ajna-inc/openbadges 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/build/OpenBadgesModule.d.ts +10 -0
- package/build/OpenBadgesModule.js +75 -0
- package/build/OpenBadgesModule.js.map +1 -0
- package/build/OpenBadgesModuleConfig.d.ts +96 -0
- package/build/OpenBadgesModuleConfig.js +50 -0
- package/build/OpenBadgesModuleConfig.js.map +1 -0
- package/build/api/OpenBadgesApi.d.ts +48 -0
- package/build/api/OpenBadgesApi.js +81 -0
- package/build/api/OpenBadgesApi.js.map +1 -0
- package/build/api/index.d.ts +1 -0
- package/build/api/index.js +18 -0
- package/build/api/index.js.map +1 -0
- package/build/constants.d.ts +12 -0
- package/build/constants.js +27 -0
- package/build/constants.js.map +1 -0
- package/build/cryptosuites/EcdsaSd2023.d.ts +143 -0
- package/build/cryptosuites/EcdsaSd2023.js +518 -0
- package/build/cryptosuites/EcdsaSd2023.js.map +1 -0
- package/build/cryptosuites/EddsaRdfc2022.d.ts +112 -0
- package/build/cryptosuites/EddsaRdfc2022.js +356 -0
- package/build/cryptosuites/EddsaRdfc2022.js.map +1 -0
- package/build/cryptosuites/constants.d.ts +14 -0
- package/build/cryptosuites/constants.js +22 -0
- package/build/cryptosuites/constants.js.map +1 -0
- package/build/cryptosuites/contextPreprocessor.d.ts +24 -0
- package/build/cryptosuites/contextPreprocessor.js +127 -0
- package/build/cryptosuites/contextPreprocessor.js.map +1 -0
- package/build/cryptosuites/dataIntegrityV2Context.d.ts +144 -0
- package/build/cryptosuites/dataIntegrityV2Context.js +86 -0
- package/build/cryptosuites/dataIntegrityV2Context.js.map +1 -0
- package/build/cryptosuites/index.d.ts +11 -0
- package/build/cryptosuites/index.js +33 -0
- package/build/cryptosuites/index.js.map +1 -0
- package/build/http/OpenBadgesHttpModule.d.ts +9 -0
- package/build/http/OpenBadgesHttpModule.js +120 -0
- package/build/http/OpenBadgesHttpModule.js.map +1 -0
- package/build/http/OpenBadgesHttpModuleConfig.d.ts +55 -0
- package/build/http/OpenBadgesHttpModuleConfig.js +78 -0
- package/build/http/OpenBadgesHttpModuleConfig.js.map +1 -0
- package/build/http/endpoints/authorize.d.ts +3 -0
- package/build/http/endpoints/authorize.js +79 -0
- package/build/http/endpoints/authorize.js.map +1 -0
- package/build/http/endpoints/consent.d.ts +3 -0
- package/build/http/endpoints/consent.js +25 -0
- package/build/http/endpoints/consent.js.map +1 -0
- package/build/http/endpoints/credentials.d.ts +4 -0
- package/build/http/endpoints/credentials.js +85 -0
- package/build/http/endpoints/credentials.js.map +1 -0
- package/build/http/endpoints/did.d.ts +3 -0
- package/build/http/endpoints/did.js +48 -0
- package/build/http/endpoints/did.js.map +1 -0
- package/build/http/endpoints/introspect.d.ts +3 -0
- package/build/http/endpoints/introspect.js +37 -0
- package/build/http/endpoints/introspect.js.map +1 -0
- package/build/http/endpoints/jwks.d.ts +3 -0
- package/build/http/endpoints/jwks.js +46 -0
- package/build/http/endpoints/jwks.js.map +1 -0
- package/build/http/endpoints/profile.d.ts +4 -0
- package/build/http/endpoints/profile.js +58 -0
- package/build/http/endpoints/profile.js.map +1 -0
- package/build/http/endpoints/refresh.d.ts +15 -0
- package/build/http/endpoints/refresh.js +134 -0
- package/build/http/endpoints/refresh.js.map +1 -0
- package/build/http/endpoints/registration.d.ts +3 -0
- package/build/http/endpoints/registration.js +42 -0
- package/build/http/endpoints/registration.js.map +1 -0
- package/build/http/endpoints/revoke.d.ts +3 -0
- package/build/http/endpoints/revoke.js +38 -0
- package/build/http/endpoints/revoke.js.map +1 -0
- package/build/http/endpoints/serviceDescription.d.ts +3 -0
- package/build/http/endpoints/serviceDescription.js +52 -0
- package/build/http/endpoints/serviceDescription.js.map +1 -0
- package/build/http/endpoints/statusList.d.ts +10 -0
- package/build/http/endpoints/statusList.js +95 -0
- package/build/http/endpoints/statusList.js.map +1 -0
- package/build/http/endpoints/token.d.ts +3 -0
- package/build/http/endpoints/token.js +147 -0
- package/build/http/endpoints/token.js.map +1 -0
- package/build/http/middleware/auth.d.ts +5 -0
- package/build/http/middleware/auth.js +48 -0
- package/build/http/middleware/auth.js.map +1 -0
- package/build/http/router.d.ts +13 -0
- package/build/http/router.js +36 -0
- package/build/http/router.js.map +1 -0
- package/build/http/tenants.d.ts +2 -0
- package/build/http/tenants.js +20 -0
- package/build/http/tenants.js.map +1 -0
- package/build/http/util/auth.d.ts +8 -0
- package/build/http/util/auth.js +43 -0
- package/build/http/util/auth.js.map +1 -0
- package/build/index.d.ts +46 -0
- package/build/index.js +71 -0
- package/build/index.js.map +1 -0
- package/build/models/ClrCredential.d.ts +112 -0
- package/build/models/ClrCredential.js +52 -0
- package/build/models/ClrCredential.js.map +1 -0
- package/build/models/EndorsementCredential.d.ts +89 -0
- package/build/models/EndorsementCredential.js +11 -0
- package/build/models/EndorsementCredential.js.map +1 -0
- package/build/models/StatusListCredential.d.ts +81 -0
- package/build/models/StatusListCredential.js +28 -0
- package/build/models/StatusListCredential.js.map +1 -0
- package/build/models/index.d.ts +8 -0
- package/build/models/index.js +25 -0
- package/build/models/index.js.map +1 -0
- package/build/repository/OpenBadgeCredentialRecord.d.ts +44 -0
- package/build/repository/OpenBadgeCredentialRecord.js +46 -0
- package/build/repository/OpenBadgeCredentialRecord.js.map +1 -0
- package/build/repository/OpenBadgeCredentialRepository.d.ts +8 -0
- package/build/repository/OpenBadgeCredentialRepository.js +38 -0
- package/build/repository/OpenBadgeCredentialRepository.js.map +1 -0
- package/build/repository/OpenBadgesAuthCodeRecord.d.ts +35 -0
- package/build/repository/OpenBadgesAuthCodeRecord.js +28 -0
- package/build/repository/OpenBadgesAuthCodeRecord.js.map +1 -0
- package/build/repository/OpenBadgesAuthCodeRepository.d.ts +6 -0
- package/build/repository/OpenBadgesAuthCodeRepository.js +32 -0
- package/build/repository/OpenBadgesAuthCodeRepository.js.map +1 -0
- package/build/repository/OpenBadgesConsentRecord.d.ts +24 -0
- package/build/repository/OpenBadgesConsentRecord.js +23 -0
- package/build/repository/OpenBadgesConsentRecord.js.map +1 -0
- package/build/repository/OpenBadgesConsentRepository.d.ts +6 -0
- package/build/repository/OpenBadgesConsentRepository.js +32 -0
- package/build/repository/OpenBadgesConsentRepository.js.map +1 -0
- package/build/repository/OpenBadgesKeyBindingRecord.d.ts +24 -0
- package/build/repository/OpenBadgesKeyBindingRecord.js +32 -0
- package/build/repository/OpenBadgesKeyBindingRecord.js.map +1 -0
- package/build/repository/OpenBadgesKeyBindingRepository.d.ts +7 -0
- package/build/repository/OpenBadgesKeyBindingRepository.js +35 -0
- package/build/repository/OpenBadgesKeyBindingRepository.js.map +1 -0
- package/build/repository/OpenBadgesOAuthRecord.d.ts +35 -0
- package/build/repository/OpenBadgesOAuthRecord.js +25 -0
- package/build/repository/OpenBadgesOAuthRecord.js.map +1 -0
- package/build/repository/OpenBadgesOAuthRepository.d.ts +8 -0
- package/build/repository/OpenBadgesOAuthRepository.js +38 -0
- package/build/repository/OpenBadgesOAuthRepository.js.map +1 -0
- package/build/repository/OpenBadgesProfileRecord.d.ts +21 -0
- package/build/repository/OpenBadgesProfileRecord.js +22 -0
- package/build/repository/OpenBadgesProfileRecord.js.map +1 -0
- package/build/repository/OpenBadgesProfileRepository.d.ts +6 -0
- package/build/repository/OpenBadgesProfileRepository.js +32 -0
- package/build/repository/OpenBadgesProfileRepository.js.map +1 -0
- package/build/repository/OpenBadgesRevocationCacheRecord.d.ts +23 -0
- package/build/repository/OpenBadgesRevocationCacheRecord.js +23 -0
- package/build/repository/OpenBadgesRevocationCacheRecord.js.map +1 -0
- package/build/repository/OpenBadgesRevocationCacheRepository.d.ts +6 -0
- package/build/repository/OpenBadgesRevocationCacheRepository.js +32 -0
- package/build/repository/OpenBadgesRevocationCacheRepository.js.map +1 -0
- package/build/repository/OpenBadgesServiceDescriptionRecord.d.ts +21 -0
- package/build/repository/OpenBadgesServiceDescriptionRecord.js +22 -0
- package/build/repository/OpenBadgesServiceDescriptionRecord.js.map +1 -0
- package/build/repository/OpenBadgesServiceDescriptionRepository.d.ts +6 -0
- package/build/repository/OpenBadgesServiceDescriptionRepository.js +32 -0
- package/build/repository/OpenBadgesServiceDescriptionRepository.js.map +1 -0
- package/build/repository/OpenBadgesTokenRecord.d.ts +39 -0
- package/build/repository/OpenBadgesTokenRecord.js +36 -0
- package/build/repository/OpenBadgesTokenRecord.js.map +1 -0
- package/build/repository/OpenBadgesTokenRepository.d.ts +9 -0
- package/build/repository/OpenBadgesTokenRepository.js +45 -0
- package/build/repository/OpenBadgesTokenRepository.js.map +1 -0
- package/build/repository/StatusListRecord.d.ts +49 -0
- package/build/repository/StatusListRecord.js +47 -0
- package/build/repository/StatusListRecord.js.map +1 -0
- package/build/repository/StatusListRepository.d.ts +24 -0
- package/build/repository/StatusListRepository.js +52 -0
- package/build/repository/StatusListRepository.js.map +1 -0
- package/build/repository/index.d.ts +18 -0
- package/build/repository/index.js +35 -0
- package/build/repository/index.js.map +1 -0
- package/build/services/AchievementValidator.d.ts +158 -0
- package/build/services/AchievementValidator.js +238 -0
- package/build/services/AchievementValidator.js.map +1 -0
- package/build/services/ConsumerService.d.ts +24 -0
- package/build/services/ConsumerService.js +143 -0
- package/build/services/ConsumerService.js.map +1 -0
- package/build/services/ContextService.d.ts +14 -0
- package/build/services/ContextService.js +54 -0
- package/build/services/ContextService.js.map +1 -0
- package/build/services/DataIntegrityService.d.ts +51 -0
- package/build/services/DataIntegrityService.js +134 -0
- package/build/services/DataIntegrityService.js.map +1 -0
- package/build/services/DidCommLinkService.d.ts +7 -0
- package/build/services/DidCommLinkService.js +20 -0
- package/build/services/DidCommLinkService.js.map +1 -0
- package/build/services/DisplayMapper.d.ts +9 -0
- package/build/services/DisplayMapper.js +26 -0
- package/build/services/DisplayMapper.js.map +1 -0
- package/build/services/IssuerService.d.ts +38 -0
- package/build/services/IssuerService.js +225 -0
- package/build/services/IssuerService.js.map +1 -0
- package/build/services/JwtService.d.ts +19 -0
- package/build/services/JwtService.js +229 -0
- package/build/services/JwtService.js.map +1 -0
- package/build/services/KeyService.d.ts +102 -0
- package/build/services/KeyService.js +439 -0
- package/build/services/KeyService.js.map +1 -0
- package/build/services/OAuthClient.d.ts +26 -0
- package/build/services/OAuthClient.js +127 -0
- package/build/services/OAuthClient.js.map +1 -0
- package/build/services/ProofService.d.ts +15 -0
- package/build/services/ProofService.js +43 -0
- package/build/services/ProofService.js.map +1 -0
- package/build/services/RevocationService.d.ts +59 -0
- package/build/services/RevocationService.js +319 -0
- package/build/services/RevocationService.js.map +1 -0
- package/build/services/VerifyService.d.ts +17 -0
- package/build/services/VerifyService.js +54 -0
- package/build/services/VerifyService.js.map +1 -0
- package/build/services/crypto/CryptoDriver.d.ts +9 -0
- package/build/services/crypto/CryptoDriver.js +7 -0
- package/build/services/crypto/CryptoDriver.js.map +1 -0
- package/build/services/crypto/JsonLdCryptoDriver.d.ts +17 -0
- package/build/services/crypto/JsonLdCryptoDriver.js +45 -0
- package/build/services/crypto/JsonLdCryptoDriver.js.map +1 -0
- package/build/services/crypto/JwtCryptoDriver.d.ts +13 -0
- package/build/services/crypto/JwtCryptoDriver.js +42 -0
- package/build/services/crypto/JwtCryptoDriver.js.map +1 -0
- package/build/services/index.d.ts +12 -0
- package/build/services/index.js +29 -0
- package/build/services/index.js.map +1 -0
- package/build/utils/validate.d.ts +17 -0
- package/build/utils/validate.js +107 -0
- package/build/utils/validate.js.map +1 -0
- package/package.json +57 -0
|
@@ -0,0 +1,225 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.IssuerService = void 0;
|
|
16
|
+
const core_1 = require("@credo-ts/core");
|
|
17
|
+
const OpenBadgeCredentialRepository_1 = require("../repository/OpenBadgeCredentialRepository");
|
|
18
|
+
const OpenBadgeCredentialRecord_1 = require("../repository/OpenBadgeCredentialRecord");
|
|
19
|
+
const validate_1 = require("../utils/validate");
|
|
20
|
+
const ClrCredential_1 = require("../models/ClrCredential");
|
|
21
|
+
const uuid_1 = require("uuid");
|
|
22
|
+
const ProofService_1 = require("./ProofService");
|
|
23
|
+
const constants_1 = require("../constants");
|
|
24
|
+
const OpenBadgesModuleConfig_1 = require("../OpenBadgesModuleConfig");
|
|
25
|
+
const KeyService_1 = require("./KeyService");
|
|
26
|
+
let IssuerService = class IssuerService {
|
|
27
|
+
constructor(repository, proofs, keys, config) {
|
|
28
|
+
this.repository = repository;
|
|
29
|
+
this.proofs = proofs;
|
|
30
|
+
this.keys = keys;
|
|
31
|
+
this.config = config;
|
|
32
|
+
}
|
|
33
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
34
|
+
async issueCredential(agentContext, input) {
|
|
35
|
+
console.log('[OB] IssuerService.issueCredential() start');
|
|
36
|
+
// Ensure required contexts are present
|
|
37
|
+
const base = Array.isArray(input?.['@context']) ? input['@context'] : input?.['@context'] ? [input['@context']] : [];
|
|
38
|
+
const withCtx = { ...input, '@context': Array.from(new Set([constants_1.VC_V2_CONTEXT, constants_1.OBV3_CONTEXT, ...base])) };
|
|
39
|
+
// Never pass an existing proof into the signer; suites will create the proof
|
|
40
|
+
const toSign = { ...withCtx };
|
|
41
|
+
try {
|
|
42
|
+
delete toSign.proof;
|
|
43
|
+
}
|
|
44
|
+
catch { }
|
|
45
|
+
// Validate the envelope
|
|
46
|
+
const issues = (0, validate_1.validateObEnvelope)(withCtx);
|
|
47
|
+
if (issues.length) {
|
|
48
|
+
console.error('[OB] Invalid OBv3 envelope issues:', issues);
|
|
49
|
+
throw new Error(`Invalid OBv3 envelope: ${issues.map((i) => i.code).join(', ')}`);
|
|
50
|
+
}
|
|
51
|
+
// Resolve / ensure key binding for verificationMethod
|
|
52
|
+
const verificationMethod = input?.proof?.verificationMethod;
|
|
53
|
+
console.log('[OB] VM provided:', verificationMethod);
|
|
54
|
+
if (!verificationMethod) {
|
|
55
|
+
console.error('[OB] missing_verification_method_key');
|
|
56
|
+
throw new Error('missing_verification_method_key');
|
|
57
|
+
}
|
|
58
|
+
const controller = verificationMethod.split('#')[0];
|
|
59
|
+
try {
|
|
60
|
+
await this.keys.ensureBinding(agentContext, { controller, vmId: verificationMethod });
|
|
61
|
+
}
|
|
62
|
+
catch (e) {
|
|
63
|
+
console.warn('[OB] ensureBinding failed:', e?.message || e);
|
|
64
|
+
}
|
|
65
|
+
const signed = await this.proofs.sign(agentContext, toSign, { id: verificationMethod, controller });
|
|
66
|
+
const record = new OpenBadgeCredentialRecord_1.OpenBadgeCredentialRecord({
|
|
67
|
+
credential: signed,
|
|
68
|
+
derived: undefined,
|
|
69
|
+
status: 'unknown',
|
|
70
|
+
});
|
|
71
|
+
try {
|
|
72
|
+
await this.repository.save(agentContext, record);
|
|
73
|
+
console.log('[OB] Saved OpenBadgeCredentialRecord id:', record.id);
|
|
74
|
+
}
|
|
75
|
+
catch (e) {
|
|
76
|
+
console.error('[OB] repository.save failed:', e?.message || e);
|
|
77
|
+
throw e;
|
|
78
|
+
}
|
|
79
|
+
return record;
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Issues an EndorsementCredential - a third-party validation credential
|
|
83
|
+
*
|
|
84
|
+
* EndorsementCredentials allow external organizations or individuals to
|
|
85
|
+
* endorse achievements, profiles, or other credentials.
|
|
86
|
+
*
|
|
87
|
+
* @param agentContext - The agent context
|
|
88
|
+
* @param input - The endorsement credential input
|
|
89
|
+
* @returns The saved credential record
|
|
90
|
+
*/
|
|
91
|
+
async issueEndorsement(agentContext, input) {
|
|
92
|
+
console.log('[OB] IssuerService.issueEndorsement() start');
|
|
93
|
+
// Build the endorsement credential structure
|
|
94
|
+
const credentialId = input.id || `urn:uuid:${(0, uuid_1.v4)()}`;
|
|
95
|
+
const validFrom = input.validFrom || new Date().toISOString();
|
|
96
|
+
const endorsementCredential = {
|
|
97
|
+
'@context': [constants_1.VC_V2_CONTEXT, constants_1.OBV3_CONTEXT],
|
|
98
|
+
type: ['VerifiableCredential', 'EndorsementCredential'],
|
|
99
|
+
id: credentialId,
|
|
100
|
+
issuer: input.issuerProfile,
|
|
101
|
+
validFrom,
|
|
102
|
+
...(input.validUntil && { validUntil: input.validUntil }),
|
|
103
|
+
credentialSubject: {
|
|
104
|
+
id: input.endorsedEntity,
|
|
105
|
+
type: 'EndorsementSubject',
|
|
106
|
+
...(input.endorsementComment && { endorsementComment: input.endorsementComment }),
|
|
107
|
+
},
|
|
108
|
+
};
|
|
109
|
+
// Validate the envelope
|
|
110
|
+
const issues = (0, validate_1.validateEndorsementEnvelope)(endorsementCredential);
|
|
111
|
+
if (issues.length) {
|
|
112
|
+
console.error('[OB] Invalid EndorsementCredential envelope issues:', issues);
|
|
113
|
+
throw new Error(`Invalid EndorsementCredential envelope: ${issues.map((i) => i.code).join(', ')}`);
|
|
114
|
+
}
|
|
115
|
+
// Resolve / ensure key binding for verificationMethod
|
|
116
|
+
const verificationMethod = input.verificationMethod;
|
|
117
|
+
console.log('[OB] Endorsement VM provided:', verificationMethod);
|
|
118
|
+
if (!verificationMethod) {
|
|
119
|
+
console.error('[OB] missing_verification_method_key');
|
|
120
|
+
throw new Error('missing_verification_method_key');
|
|
121
|
+
}
|
|
122
|
+
const controller = verificationMethod.split('#')[0];
|
|
123
|
+
try {
|
|
124
|
+
await this.keys.ensureBinding(agentContext, { controller, vmId: verificationMethod });
|
|
125
|
+
}
|
|
126
|
+
catch (e) {
|
|
127
|
+
console.warn('[OB] ensureBinding failed:', e?.message || e);
|
|
128
|
+
}
|
|
129
|
+
const signed = await this.proofs.sign(agentContext, endorsementCredential, { id: verificationMethod, controller });
|
|
130
|
+
const record = new OpenBadgeCredentialRecord_1.OpenBadgeCredentialRecord({
|
|
131
|
+
credential: signed,
|
|
132
|
+
derived: undefined,
|
|
133
|
+
status: 'unknown',
|
|
134
|
+
});
|
|
135
|
+
try {
|
|
136
|
+
await this.repository.save(agentContext, record);
|
|
137
|
+
console.log('[OB] Saved EndorsementCredential record id:', record.id);
|
|
138
|
+
}
|
|
139
|
+
catch (e) {
|
|
140
|
+
console.error('[OB] repository.save failed:', e?.message || e);
|
|
141
|
+
throw e;
|
|
142
|
+
}
|
|
143
|
+
return record;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Issues a ClrCredential - a Comprehensive Learner Record bundling multiple credentials
|
|
147
|
+
*
|
|
148
|
+
* CLR credentials allow bundling multiple OpenBadgeCredentials into a single
|
|
149
|
+
* verifiable credential representing a learner's complete achievement record.
|
|
150
|
+
*
|
|
151
|
+
* @param agentContext - The agent context
|
|
152
|
+
* @param input - The CLR credential input
|
|
153
|
+
* @returns The saved credential record
|
|
154
|
+
*/
|
|
155
|
+
async issueClr(agentContext, input) {
|
|
156
|
+
console.log('[OB] IssuerService.issueClr() start');
|
|
157
|
+
// Build the CLR credential structure
|
|
158
|
+
const credentialId = input.id || `urn:uuid:${(0, uuid_1.v4)()}`;
|
|
159
|
+
const validFrom = input.validFrom || new Date().toISOString();
|
|
160
|
+
const clrCredential = {
|
|
161
|
+
'@context': (0, ClrCredential_1.buildClrContexts)(),
|
|
162
|
+
type: ['VerifiableCredential', 'ClrCredential'],
|
|
163
|
+
id: credentialId,
|
|
164
|
+
issuer: input.issuerProfile,
|
|
165
|
+
validFrom,
|
|
166
|
+
...(input.validUntil && { validUntil: input.validUntil }),
|
|
167
|
+
...(input.name && { name: input.name }),
|
|
168
|
+
...(input.description && { description: input.description }),
|
|
169
|
+
credentialSubject: {
|
|
170
|
+
id: input.learnerId,
|
|
171
|
+
type: 'ClrSubject',
|
|
172
|
+
verifiableCredential: input.verifiableCredentials,
|
|
173
|
+
...(input.associations && input.associations.length > 0 && { association: input.associations }),
|
|
174
|
+
},
|
|
175
|
+
};
|
|
176
|
+
// Validate the CLR structure
|
|
177
|
+
const issues = (0, ClrCredential_1.validateClrCredential)(clrCredential);
|
|
178
|
+
if (issues.length) {
|
|
179
|
+
console.error('[OB] Invalid ClrCredential envelope issues:', issues);
|
|
180
|
+
throw new Error(`Invalid ClrCredential envelope: ${issues.join(', ')}`);
|
|
181
|
+
}
|
|
182
|
+
// Resolve / ensure key binding for verificationMethod
|
|
183
|
+
const verificationMethod = input.verificationMethod;
|
|
184
|
+
console.log('[OB] CLR VM provided:', verificationMethod);
|
|
185
|
+
if (!verificationMethod) {
|
|
186
|
+
console.error('[OB] missing_verification_method_key');
|
|
187
|
+
throw new Error('missing_verification_method_key');
|
|
188
|
+
}
|
|
189
|
+
const controller = verificationMethod.split('#')[0];
|
|
190
|
+
try {
|
|
191
|
+
await this.keys.ensureBinding(agentContext, { controller, vmId: verificationMethod });
|
|
192
|
+
}
|
|
193
|
+
catch (e) {
|
|
194
|
+
console.warn('[OB] ensureBinding failed:', e?.message || e);
|
|
195
|
+
}
|
|
196
|
+
const signed = await this.proofs.sign(agentContext, clrCredential, { id: verificationMethod, controller });
|
|
197
|
+
const record = new OpenBadgeCredentialRecord_1.OpenBadgeCredentialRecord({
|
|
198
|
+
credential: signed,
|
|
199
|
+
derived: undefined,
|
|
200
|
+
status: 'unknown',
|
|
201
|
+
});
|
|
202
|
+
try {
|
|
203
|
+
await this.repository.save(agentContext, record);
|
|
204
|
+
console.log('[OB] Saved ClrCredential record id:', record.id);
|
|
205
|
+
}
|
|
206
|
+
catch (e) {
|
|
207
|
+
console.error('[OB] repository.save failed:', e?.message || e);
|
|
208
|
+
throw e;
|
|
209
|
+
}
|
|
210
|
+
return record;
|
|
211
|
+
}
|
|
212
|
+
};
|
|
213
|
+
exports.IssuerService = IssuerService;
|
|
214
|
+
exports.IssuerService = IssuerService = __decorate([
|
|
215
|
+
(0, core_1.injectable)(),
|
|
216
|
+
__param(0, (0, core_1.inject)(OpenBadgeCredentialRepository_1.OpenBadgeCredentialRepository)),
|
|
217
|
+
__param(1, (0, core_1.inject)(ProofService_1.ProofService)),
|
|
218
|
+
__param(2, (0, core_1.inject)(KeyService_1.KeyService)),
|
|
219
|
+
__param(3, (0, core_1.inject)(OpenBadgesModuleConfig_1.OpenBadgesModuleConfig)),
|
|
220
|
+
__metadata("design:paramtypes", [OpenBadgeCredentialRepository_1.OpenBadgeCredentialRepository,
|
|
221
|
+
ProofService_1.ProofService,
|
|
222
|
+
KeyService_1.KeyService,
|
|
223
|
+
OpenBadgesModuleConfig_1.OpenBadgesModuleConfig])
|
|
224
|
+
], IssuerService);
|
|
225
|
+
//# sourceMappingURL=IssuerService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"IssuerService.js","sourceRoot":"","sources":["../../src/services/IssuerService.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,yCAAmD;AACnD,+FAA2F;AAC3F,uFAAmF;AACnF,gDAAmF;AAGnF,2DAAiF;AAEjF,+BAAmC;AACnC,iDAA6C;AAC7C,4CAA0D;AAC1D,sEAAkE;AAClE,6CAAyC;AAGlC,IAAM,aAAa,GAAnB,MAAM,aAAa;IACxB,YAC0D,UAAyC,EAC1D,MAAoB,EACtB,IAAgB,EACJ,MAA8B;QAHvB,eAAU,GAAV,UAAU,CAA+B;QAC1D,WAAM,GAAN,MAAM,CAAc;QACtB,SAAI,GAAJ,IAAI,CAAY;QACJ,WAAM,GAAN,MAAM,CAAwB;IAC9E,CAAC;IAEJ,8DAA8D;IACvD,KAAK,CAAC,eAAe,CAAC,YAA0B,EAAE,KAAU;QACjE,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAA;QACzD,uCAAuC;QACvC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QACpH,MAAM,OAAO,GAAG,EAAE,GAAG,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,yBAAa,EAAE,wBAAY,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;QACrG,6EAA6E;QAC7E,MAAM,MAAM,GAAG,EAAE,GAAG,OAAO,EAAE,CAAA;QAC7B,IAAI,CAAC;YAAC,OAAQ,MAAc,CAAC,KAAK,CAAA;QAAC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAE7C,wBAAwB;QACxB,MAAM,MAAM,GAAG,IAAA,6BAAkB,EAAC,OAAO,CAAC,CAAA;QAC1C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,MAAM,CAAC,CAAA;YAC3D,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACnF,CAAC;QAED,sDAAsD;QACtD,MAAM,kBAAkB,GAAuB,KAAK,EAAE,KAAK,EAAE,kBAAkB,CAAA;QAC/E,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,CAAA;QACpD,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;YACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QACpD,CAAC;QACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACnD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAA;QACvF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,kBAAkB,EAAE,UAAU,EAAE,CAAC,CAAA;QAEnG,MAAM,MAAM,GAAG,IAAI,qDAAyB,CAAC;YAC3C,UAAU,EAAE,MAAM;YAClB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;YAChD,OAAO,CAAC,GAAG,CAAC,0CAA0C,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;QACpE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;YACvE,MAAM,CAAC,CAAA;QACT,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,gBAAgB,CAAC,YAA0B,EAAE,KAAiC;QACzF,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAA;QAE1D,6CAA6C;QAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,IAAI,YAAY,IAAA,SAAM,GAAE,EAAE,CAAA;QACvD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAE7D,MAAM,qBAAqB,GAAG;YAC5B,UAAU,EAAE,CAAC,yBAAa,EAAE,wBAAY,CAAC;YACzC,IAAI,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAU;YAChE,EAAE,EAAE,YAAY;YAChB,MAAM,EAAE,KAAK,CAAC,aAAa;YAC3B,SAAS;YACT,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;YACzD,iBAAiB,EAAE;gBACjB,EAAE,EAAE,KAAK,CAAC,cAAc;gBACxB,IAAI,EAAE,oBAA6B;gBACnC,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,EAAE,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,EAAE,CAAC;aAClF;SACF,CAAA;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,IAAA,sCAA2B,EAAC,qBAAqB,CAAC,CAAA;QACjE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,qDAAqD,EAAE,MAAM,CAAC,CAAA;YAC5E,MAAM,IAAI,KAAK,CAAC,2CAA2C,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpG,CAAC;QAED,sDAAsD;QACtD,MAAM,kBAAkB,GAAG,KAAK,CAAC,kBAAkB,CAAA;QACnD,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,kBAAkB,CAAC,CAAA;QAChE,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;YACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACnD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAA;QACvF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,qBAAqB,EAAE,EAAE,EAAE,EAAE,kBAAkB,EAAE,UAAU,EAAE,CAAC,CAAA;QAElH,MAAM,MAAM,GAAG,IAAI,qDAAyB,CAAC;YAC3C,UAAU,EAAE,MAAM;YAClB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;YAChD,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;QACvE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;YACvE,MAAM,CAAC,CAAA;QACT,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,QAAQ,CAAC,YAA0B,EAAE,KAAyB;QACzE,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAA;QAElD,qCAAqC;QACrC,MAAM,YAAY,GAAG,KAAK,CAAC,EAAE,IAAI,YAAY,IAAA,SAAM,GAAE,EAAE,CAAA;QACvD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QAE7D,MAAM,aAAa,GAAG;YACpB,UAAU,EAAE,IAAA,gCAAgB,GAAE;YAC9B,IAAI,EAAE,CAAC,sBAAsB,EAAE,eAAe,CAA8C;YAC5F,EAAE,EAAE,YAAY;YAChB,MAAM,EAAE,KAAK,CAAC,aAAa;YAC3B,SAAS;YACT,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC;YACzD,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;YACvC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;YAC5D,iBAAiB,EAAE;gBACjB,EAAE,EAAE,KAAK,CAAC,SAAS;gBACnB,IAAI,EAAE,YAAqB;gBAC3B,oBAAoB,EAAE,KAAK,CAAC,qBAAqB;gBACjD,GAAG,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;aAChG;SACF,CAAA;QAED,6BAA6B;QAC7B,MAAM,MAAM,GAAG,IAAA,qCAAqB,EAAC,aAAa,CAAC,CAAA;QACnD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,MAAM,CAAC,CAAA;YACpE,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACzE,CAAC;QAED,sDAAsD;QACtD,MAAM,kBAAkB,GAAG,KAAK,CAAC,kBAAkB,CAAA;QACnD,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,kBAAkB,CAAC,CAAA;QACxD,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;YACrD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACnD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAA;QACvF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,kBAAkB,EAAE,UAAU,EAAE,CAAC,CAAA;QAE1G,MAAM,MAAM,GAAG,IAAI,qDAAyB,CAAC;YAC3C,UAAU,EAAE,MAAM;YAClB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;YAChD,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAG,CAAS,EAAE,OAAO,IAAI,CAAC,CAAC,CAAA;YACvE,MAAM,CAAC,CAAA;QACT,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;CACF,CAAA;AA1MY,sCAAa;wBAAb,aAAa;IADzB,IAAA,iBAAU,GAAE;IAGR,WAAA,IAAA,aAAM,EAAC,6DAA6B,CAAC,CAAA;IACrC,WAAA,IAAA,aAAM,EAAC,2BAAY,CAAC,CAAA;IACpB,WAAA,IAAA,aAAM,EAAC,uBAAU,CAAC,CAAA;IAClB,WAAA,IAAA,aAAM,EAAC,+CAAsB,CAAC,CAAA;qCAHqC,6DAA6B;QAClD,2BAAY;QAChB,uBAAU;QACI,+CAAsB;GALtE,aAAa,CA0MzB"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { AgentContext } from '@credo-ts/core';
|
|
2
|
+
import { KeyService } from './KeyService';
|
|
3
|
+
import { JwsService } from '@credo-ts/core';
|
|
4
|
+
type KeyHint = {
|
|
5
|
+
id: string;
|
|
6
|
+
controller: string;
|
|
7
|
+
};
|
|
8
|
+
export declare class JwtService {
|
|
9
|
+
private readonly keys;
|
|
10
|
+
private readonly jws;
|
|
11
|
+
constructor(keys: KeyService, jws: JwsService);
|
|
12
|
+
signVcJwt(agentContext: AgentContext, document: any, key?: KeyHint): Promise<string>;
|
|
13
|
+
verifyVcJwt(agentContext: AgentContext, jwt: string): Promise<{
|
|
14
|
+
verified: boolean;
|
|
15
|
+
payload?: any;
|
|
16
|
+
error?: string;
|
|
17
|
+
}>;
|
|
18
|
+
}
|
|
19
|
+
export {};
|
|
@@ -0,0 +1,229 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
25
|
+
if (mod && mod.__esModule) return mod;
|
|
26
|
+
var result = {};
|
|
27
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
28
|
+
__setModuleDefault(result, mod);
|
|
29
|
+
return result;
|
|
30
|
+
};
|
|
31
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
32
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
33
|
+
};
|
|
34
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
35
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
36
|
+
};
|
|
37
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
38
|
+
exports.JwtService = void 0;
|
|
39
|
+
const core_1 = require("@credo-ts/core");
|
|
40
|
+
const KeyService_1 = require("./KeyService");
|
|
41
|
+
const core_2 = require("@credo-ts/core");
|
|
42
|
+
/**
|
|
43
|
+
* Get the DID method from a kid string
|
|
44
|
+
*/
|
|
45
|
+
function getDidMethod(kid) {
|
|
46
|
+
if (kid?.startsWith('did:web:'))
|
|
47
|
+
return 'did:web';
|
|
48
|
+
if (kid?.startsWith('did:key:'))
|
|
49
|
+
return 'did:key';
|
|
50
|
+
if (kid?.startsWith('did:jwk:'))
|
|
51
|
+
return 'did:jwk';
|
|
52
|
+
return null;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Derive JWKS URL from did:web kid
|
|
56
|
+
*/
|
|
57
|
+
function jwksUrlFromDidWebKid(kid) {
|
|
58
|
+
if (!kid || !kid.startsWith('did:web:'))
|
|
59
|
+
return null;
|
|
60
|
+
let rest = kid.slice('did:web:'.length);
|
|
61
|
+
const hashIdx = rest.indexOf('#');
|
|
62
|
+
if (hashIdx !== -1)
|
|
63
|
+
rest = rest.slice(0, hashIdx);
|
|
64
|
+
const segs = rest.split(':');
|
|
65
|
+
const hostEnc = segs.shift() || '';
|
|
66
|
+
const host = decodeURIComponent(hostEnc);
|
|
67
|
+
// For localhost or host with port, default to http, else https
|
|
68
|
+
const protocol = host.includes('localhost') || host.includes(':') ? 'http' : 'https';
|
|
69
|
+
return `${protocol}://${host}/.well-known/jwks.json`;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Get algorithm string for key type
|
|
73
|
+
*/
|
|
74
|
+
function getAlgForKeyType(jwk) {
|
|
75
|
+
if (jwk?.kty === 'OKP' && jwk?.crv === 'Ed25519')
|
|
76
|
+
return 'EdDSA';
|
|
77
|
+
if (jwk?.kty === 'EC' && jwk?.crv === 'P-256')
|
|
78
|
+
return 'ES256';
|
|
79
|
+
if (jwk?.kty === 'EC' && jwk?.crv === 'P-384')
|
|
80
|
+
return 'ES384';
|
|
81
|
+
return 'EdDSA'; // Default
|
|
82
|
+
}
|
|
83
|
+
let JwtService = class JwtService {
|
|
84
|
+
constructor(keys, jws) {
|
|
85
|
+
this.keys = keys;
|
|
86
|
+
this.jws = jws;
|
|
87
|
+
}
|
|
88
|
+
// Signs a VC as a JWT (VC-JWT). For simplicity in dev, embeds public JWK in header when no known key is provided.
|
|
89
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
90
|
+
async signVcJwt(agentContext, document, key) {
|
|
91
|
+
const { SignJWT, generateKeyPair, exportJWK, importJWK, calculateJwkThumbprint } = await Promise.resolve().then(() => __importStar(require('jose')));
|
|
92
|
+
// Claims
|
|
93
|
+
const issuer = typeof document?.issuer === 'string' ? document.issuer : document?.issuer?.id;
|
|
94
|
+
const subject = document?.credentialSubject?.id;
|
|
95
|
+
const nbf = document?.validFrom ? Math.floor(Date.parse(document.validFrom) / 1000) : undefined;
|
|
96
|
+
// For production, you’d import your Ed25519 key. For dev simplicity, generate ephemeral if no key provided.
|
|
97
|
+
let privateKey;
|
|
98
|
+
let header = { alg: 'EdDSA', typ: 'JWT' };
|
|
99
|
+
if (key?.id) {
|
|
100
|
+
// Use KMS-backed key via JwsService; header will contain kid and jku; JwsService signs with KMS key id mapping
|
|
101
|
+
const vmId = key.id;
|
|
102
|
+
console.log('[OB][JwtService] sign with vmId:', vmId);
|
|
103
|
+
// Find binding to get KMS key id
|
|
104
|
+
const binding = await this.keys.getBindingByVm(agentContext, vmId);
|
|
105
|
+
if (!binding)
|
|
106
|
+
throw new Error('vm_not_bound_to_kms_key');
|
|
107
|
+
const payload = new core_2.JwtPayload({ iss: issuer, sub: subject, nbf, additionalClaims: { vc: document } });
|
|
108
|
+
const walletKey = await this.keys.getKeyForVm(agentContext, vmId);
|
|
109
|
+
console.log('[OB][JwtService] walletKey available?', !!walletKey);
|
|
110
|
+
if (!walletKey)
|
|
111
|
+
throw new Error('wallet_key_not_found');
|
|
112
|
+
const jku = jwksUrlFromDidWebKid(vmId) || undefined;
|
|
113
|
+
const compact = await this.jws.createJwsCompact(agentContext, {
|
|
114
|
+
payload,
|
|
115
|
+
key: walletKey,
|
|
116
|
+
protectedHeaderOptions: { alg: 'EdDSA', kid: vmId, ...(jku ? { jku } : {}) },
|
|
117
|
+
});
|
|
118
|
+
// jose SignJWT also can be used, but we leverage KMS-backed signing via JwsService
|
|
119
|
+
return compact;
|
|
120
|
+
}
|
|
121
|
+
else {
|
|
122
|
+
// Dev mode: ephemeral JWK embedded
|
|
123
|
+
const { privateKey: pk, publicKey } = await generateKeyPair('EdDSA');
|
|
124
|
+
privateKey = pk;
|
|
125
|
+
const jwk = (await exportJWK(publicKey));
|
|
126
|
+
jwk.kty = 'OKP';
|
|
127
|
+
jwk.crv = 'Ed25519';
|
|
128
|
+
const kid = await calculateJwkThumbprint(jwk);
|
|
129
|
+
header = { ...header, jwk, kid };
|
|
130
|
+
}
|
|
131
|
+
const signer = new SignJWT({ vc: document })
|
|
132
|
+
.setProtectedHeader(header)
|
|
133
|
+
.setIssuedAt();
|
|
134
|
+
if (issuer)
|
|
135
|
+
signer.setIssuer(issuer);
|
|
136
|
+
if (subject)
|
|
137
|
+
signer.setSubject(subject);
|
|
138
|
+
if (nbf != null && !Number.isNaN(nbf))
|
|
139
|
+
signer.setNotBefore(nbf);
|
|
140
|
+
return signer.sign(privateKey);
|
|
141
|
+
}
|
|
142
|
+
async verifyVcJwt(agentContext, jwt) {
|
|
143
|
+
try {
|
|
144
|
+
const { decodeProtectedHeader, importJWK, jwtVerify } = await Promise.resolve().then(() => __importStar(require('jose')));
|
|
145
|
+
const header = decodeProtectedHeader(jwt);
|
|
146
|
+
let alg = header.alg || 'EdDSA';
|
|
147
|
+
// Resolve verification key
|
|
148
|
+
let keyLike;
|
|
149
|
+
// 1. Try embedded JWK in header
|
|
150
|
+
if (header.jwk && typeof header.jwk === 'object') {
|
|
151
|
+
alg = getAlgForKeyType(header.jwk);
|
|
152
|
+
keyLike = await importJWK(header.jwk, alg);
|
|
153
|
+
}
|
|
154
|
+
// 2. Try to resolve from kid
|
|
155
|
+
if (!keyLike && typeof header.kid === 'string') {
|
|
156
|
+
const kid = header.kid;
|
|
157
|
+
const didMethod = getDidMethod(kid);
|
|
158
|
+
console.log('[OB][JwtService] verify header.kid:', kid, 'didMethod:', didMethod);
|
|
159
|
+
// 2a. Try did:key or did:jwk - key material is embedded in the DID
|
|
160
|
+
if (didMethod === 'did:key' || didMethod === 'did:jwk') {
|
|
161
|
+
const did = kid.split('#')[0];
|
|
162
|
+
const jwk = this.keys.getJwkForDid(did);
|
|
163
|
+
console.log('[OB][JwtService] verify resolved JWK from DID?', !!jwk);
|
|
164
|
+
if (jwk) {
|
|
165
|
+
alg = getAlgForKeyType(jwk);
|
|
166
|
+
keyLike = await importJWK(jwk, alg);
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
// 2b. Try local KeyService by VM id
|
|
170
|
+
if (!keyLike) {
|
|
171
|
+
try {
|
|
172
|
+
const publicJwk = await this.keys.getPublicJwkByVm(agentContext, kid);
|
|
173
|
+
console.log('[OB][JwtService] verify local publicJwk found?', !!publicJwk);
|
|
174
|
+
if (publicJwk) {
|
|
175
|
+
alg = getAlgForKeyType(publicJwk);
|
|
176
|
+
keyLike = await importJWK(publicJwk, alg);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
catch { /* ignore */ }
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
// 3. If we still don't have a key, try jku (JWKS URL) if present or derive from did:web kid
|
|
183
|
+
if (!keyLike && typeof header.kid === 'string') {
|
|
184
|
+
const derivedJku = jwksUrlFromDidWebKid(header.kid);
|
|
185
|
+
const jkuHeader = header.jku;
|
|
186
|
+
const candidateJku = jkuHeader || derivedJku || undefined;
|
|
187
|
+
console.log('[OB][JwtService] verify candidateJku:', candidateJku);
|
|
188
|
+
if (candidateJku) {
|
|
189
|
+
try {
|
|
190
|
+
const res = await fetch(candidateJku);
|
|
191
|
+
if (res.ok) {
|
|
192
|
+
const jwks = (await res.json());
|
|
193
|
+
const kid = header.kid;
|
|
194
|
+
const match = Array.isArray(jwks?.keys) ? jwks.keys.find((k) => k.kid === kid) : undefined;
|
|
195
|
+
console.log('[OB][JwtService] verify matched jwk from jku?', !!match);
|
|
196
|
+
if (match) {
|
|
197
|
+
alg = getAlgForKeyType(match);
|
|
198
|
+
keyLike = await importJWK(match, alg);
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
catch { }
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
if (!keyLike)
|
|
206
|
+
return { verified: false, error: 'no_verification_key' };
|
|
207
|
+
// Determine allowed algorithms based on resolved key
|
|
208
|
+
const allowedAlgs = ['EdDSA', 'ES256', 'ES384'];
|
|
209
|
+
const { payload } = await jwtVerify(jwt, keyLike, { algorithms: allowedAlgs, clockTolerance: 60 });
|
|
210
|
+
return { verified: true, payload };
|
|
211
|
+
}
|
|
212
|
+
catch (e) {
|
|
213
|
+
const msg = e?.message ? String(e.message).split('\n')[0]?.slice(0, 200) : String(e);
|
|
214
|
+
try {
|
|
215
|
+
console.warn('[OB][JwtService] jwtVerify failed:', msg);
|
|
216
|
+
}
|
|
217
|
+
catch { }
|
|
218
|
+
return { verified: false, error: msg };
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
};
|
|
222
|
+
exports.JwtService = JwtService;
|
|
223
|
+
exports.JwtService = JwtService = __decorate([
|
|
224
|
+
(0, core_1.injectable)(),
|
|
225
|
+
__param(0, (0, core_1.inject)(KeyService_1.KeyService)),
|
|
226
|
+
__param(1, (0, core_1.inject)(core_2.JwsService)),
|
|
227
|
+
__metadata("design:paramtypes", [KeyService_1.KeyService, core_2.JwsService])
|
|
228
|
+
], JwtService);
|
|
229
|
+
//# sourceMappingURL=JwtService.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"JwtService.js","sourceRoot":"","sources":["../../src/services/JwtService.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yCAAmD;AAEnD,6CAAyC;AACzC,yCAAuD;AAOvD;;GAEG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,IAAI,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,SAAS,CAAA;IACjD,IAAI,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,SAAS,CAAA;IACjD,IAAI,GAAG,EAAE,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,SAAS,CAAA;IACjD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,GAAW;IACvC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAA;IACpD,IAAI,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;IACjD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAA;IAClC,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAA;IACxC,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAA;IACpF,OAAO,GAAG,QAAQ,MAAM,IAAI,wBAAwB,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAQ;IAChC,IAAI,GAAG,EAAE,GAAG,KAAK,KAAK,IAAI,GAAG,EAAE,GAAG,KAAK,SAAS;QAAE,OAAO,OAAO,CAAA;IAChE,IAAI,GAAG,EAAE,GAAG,KAAK,IAAI,IAAI,GAAG,EAAE,GAAG,KAAK,OAAO;QAAE,OAAO,OAAO,CAAA;IAC7D,IAAI,GAAG,EAAE,GAAG,KAAK,IAAI,IAAI,GAAG,EAAE,GAAG,KAAK,OAAO;QAAE,OAAO,OAAO,CAAA;IAC7D,OAAO,OAAO,CAAA,CAAC,UAAU;AAC3B,CAAC;AAGM,IAAM,UAAU,GAAhB,MAAM,UAAU;IACrB,YAAwD,IAAgB,EAAuC,GAAe;QAAtE,SAAI,GAAJ,IAAI,CAAY;QAAuC,QAAG,GAAH,GAAG,CAAY;IAAG,CAAC;IAElI,kHAAkH;IAClH,8DAA8D;IACvD,KAAK,CAAC,SAAS,CAAC,YAA0B,EAAE,QAAa,EAAE,GAAa;QAC7E,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,SAAS,EAAE,sBAAsB,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAA;QAEvG,SAAS;QACT,MAAM,MAAM,GAAG,OAAO,QAAQ,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,CAAA;QAC5F,MAAM,OAAO,GAAG,QAAQ,EAAE,iBAAiB,EAAE,EAAE,CAAA;QAC/C,MAAM,GAAG,GAAG,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAE/F,4GAA4G;QAC5G,IAAI,UAAe,CAAA;QACnB,IAAI,MAAM,GAAwB,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;QAE9D,IAAI,GAAG,EAAE,EAAE,EAAE,CAAC;YACZ,+GAA+G;YAC/G,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,CAAA;YACnB,OAAO,CAAC,GAAG,CAAC,kCAAkC,EAAE,IAAI,CAAC,CAAA;YACrD,iCAAiC;YACjC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,CAAC,CAAA;YAClE,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;YACxD,MAAM,OAAO,GAAG,IAAI,iBAAU,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;YACtG,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAmB,EAAE,IAAI,CAAC,CAAA;YACxE,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAA;YACjE,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;YACvD,MAAM,GAAG,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,SAAS,CAAA;YACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAmB,EAAE;gBACnE,OAAO;gBACP,GAAG,EAAE,SAAS;gBACd,sBAAsB,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;aAC7E,CAAC,CAAA;YACF,mFAAmF;YACnF,OAAO,OAAO,CAAA;QAChB,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAA;YACpE,UAAU,GAAG,EAAE,CAAA;YACf,MAAM,GAAG,GAAG,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,CAAQ,CAC9C;YAAC,GAAW,CAAC,GAAG,GAAG,KAAK,CACxB;YAAC,GAAW,CAAC,GAAG,GAAG,SAAS,CAAA;YAC7B,MAAM,GAAG,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAA;YAC7C,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;aACzC,kBAAkB,CAAC,MAAM,CAAC;aAC1B,WAAW,EAAE,CAAA;QAEhB,IAAI,MAAM;YAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,OAAO;YAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QACvC,IAAI,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;QAE/D,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAChC,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,YAA0B,EAAE,GAAW;QAE9D,IAAI,CAAC;YACH,MAAM,EAAE,qBAAqB,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAA;YAC5E,MAAM,MAAM,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAA;YACzC,IAAI,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,OAAO,CAAA;YAE/B,2BAA2B;YAC3B,IAAI,OAAwB,CAAA;YAE5B,gCAAgC;YAChC,IAAI,MAAM,CAAC,GAAG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACjD,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAClC,OAAO,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,GAAU,EAAE,GAAG,CAAC,CAAA;YACnD,CAAC;YAED,6BAA6B;YAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;gBACtB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;gBACnC,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAA;gBAEhF,mEAAmE;gBACnE,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;oBACvD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;oBAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA;oBACvC,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,CAAC,CAAC,GAAG,CAAC,CAAA;oBACpE,IAAI,GAAG,EAAE,CAAC;wBACR,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAA;wBAC3B,OAAO,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;oBACrC,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,IAAI,CAAC;wBACH,MAAM,SAAS,GAAQ,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE,GAAG,CAAC,CAAA;wBAC1E,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,CAAC,CAAC,SAAS,CAAC,CAAA;wBAC1E,IAAI,SAAS,EAAE,CAAC;4BACd,GAAG,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA;4BACjC,OAAO,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,GAAG,CAAC,CAAA;wBAC3C,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YAED,4FAA4F;YAC5F,IAAI,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC/C,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBACnD,MAAM,SAAS,GAAI,MAAc,CAAC,GAAyB,CAAA;gBAC3D,MAAM,YAAY,GAAG,SAAS,IAAI,UAAU,IAAI,SAAS,CAAA;gBACzD,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,YAAY,CAAC,CAAA;gBAElE,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAA;wBACrC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;4BACX,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA+D,CAAA;4BAC7F,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;4BACtB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;4BAC1F,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,CAAC,CAAC,KAAK,CAAC,CAAA;4BACrE,IAAI,KAAK,EAAE,CAAC;gCACV,GAAG,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;gCAC7B,OAAO,GAAG,MAAM,SAAS,CAAC,KAAY,EAAE,GAAG,CAAC,CAAA;4BAC9C,CAAC;wBACH,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAA,CAAC;gBACZ,CAAC;YACH,CAAC;YAED,IAAI,CAAC,OAAO;gBAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAA;YAEtE,qDAAqD;YACrD,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;YAC/C,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAA;YAClG,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAA;QACpC,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;YACpF,IAAI,CAAC;gBAAC,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YACxE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAA;QACxC,CAAC;IACH,CAAC;CACF,CAAA;AA5IY,gCAAU;qBAAV,UAAU;IADtB,IAAA,iBAAU,GAAE;IAES,WAAA,IAAA,aAAM,EAAC,uBAAU,CAAC,CAAA;IAAqC,WAAA,IAAA,aAAM,EAAC,iBAAU,CAAC,CAAA;qCAA/B,uBAAU,EAA4C,iBAAU;GADnH,UAAU,CA4ItB"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
import type { AgentContext } from '@credo-ts/core';
|
|
2
|
+
import { KeyType, Key } from '@credo-ts/core';
|
|
3
|
+
import { OpenBadgesKeyBindingRepository } from '../repository/OpenBadgesKeyBindingRepository';
|
|
4
|
+
import { OpenBadgesKeyBindingRecord } from '../repository/OpenBadgesKeyBindingRecord';
|
|
5
|
+
import { ContextService } from './ContextService';
|
|
6
|
+
/**
|
|
7
|
+
* Supported DID methods for key binding
|
|
8
|
+
*/
|
|
9
|
+
export type SupportedDidMethod = 'did:web' | 'did:key' | 'did:jwk';
|
|
10
|
+
/**
|
|
11
|
+
* Options for ensuring a key binding
|
|
12
|
+
*/
|
|
13
|
+
export interface EnsureBindingOptions {
|
|
14
|
+
controller: string;
|
|
15
|
+
vmId: string;
|
|
16
|
+
keyType?: KeyType;
|
|
17
|
+
didMethod?: SupportedDidMethod;
|
|
18
|
+
}
|
|
19
|
+
export declare class KeyService {
|
|
20
|
+
private readonly bindings;
|
|
21
|
+
private readonly contexts;
|
|
22
|
+
constructor(bindings: OpenBadgesKeyBindingRepository, contexts: ContextService);
|
|
23
|
+
private bindingId;
|
|
24
|
+
/**
|
|
25
|
+
* Get the multicodec prefix for a key type
|
|
26
|
+
*/
|
|
27
|
+
private getMulticodecPrefix;
|
|
28
|
+
/**
|
|
29
|
+
* Get the verification method type for a key type
|
|
30
|
+
*/
|
|
31
|
+
private getVerificationMethodType;
|
|
32
|
+
/**
|
|
33
|
+
* Generate a did:key DID from public key material
|
|
34
|
+
*/
|
|
35
|
+
generateDidKey(publicKey: Buffer, keyType: KeyType): {
|
|
36
|
+
did: string;
|
|
37
|
+
vmId: string;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Generate a did:jwk DID from public key material
|
|
41
|
+
*/
|
|
42
|
+
generateDidJwk(publicKey: Buffer, keyType: KeyType): {
|
|
43
|
+
did: string;
|
|
44
|
+
vmId: string;
|
|
45
|
+
};
|
|
46
|
+
/**
|
|
47
|
+
* Parse a did:key to extract public key bytes and determine key type
|
|
48
|
+
*/
|
|
49
|
+
parseDidKey(did: string): {
|
|
50
|
+
publicKey: Buffer;
|
|
51
|
+
keyType: KeyType;
|
|
52
|
+
} | null;
|
|
53
|
+
/**
|
|
54
|
+
* Parse a did:jwk to extract the JWK and determine key type
|
|
55
|
+
*/
|
|
56
|
+
parseDidJwk(did: string): {
|
|
57
|
+
jwk: any;
|
|
58
|
+
keyType: KeyType;
|
|
59
|
+
} | null;
|
|
60
|
+
/**
|
|
61
|
+
* Ensure a KMS-backed key exists and is bound to a verificationMethod id
|
|
62
|
+
* Supports Ed25519, P-256, and P-384 key types
|
|
63
|
+
* Supports did:web, did:key, and did:jwk DID methods
|
|
64
|
+
*/
|
|
65
|
+
ensureBinding(agentContext: AgentContext, opts: EnsureBindingOptions): Promise<OpenBadgesKeyBindingRecord>;
|
|
66
|
+
getBindingByVm(agentContext: AgentContext, vmId: string): Promise<any>;
|
|
67
|
+
getPublicJwkByVm(agentContext: AgentContext, vmId: string): Promise<{
|
|
68
|
+
kty: string;
|
|
69
|
+
crv: string;
|
|
70
|
+
x: string;
|
|
71
|
+
y?: undefined;
|
|
72
|
+
} | {
|
|
73
|
+
kty: string;
|
|
74
|
+
crv: string;
|
|
75
|
+
x: string;
|
|
76
|
+
y: string;
|
|
77
|
+
} | null>;
|
|
78
|
+
getKeyForVm(agentContext: AgentContext, vmId: string): Promise<Key | null>;
|
|
79
|
+
private seedVerificationMethodDocument;
|
|
80
|
+
/**
|
|
81
|
+
* Create a new key binding with a did:key DID
|
|
82
|
+
* Returns the generated DID and verification method ID
|
|
83
|
+
*/
|
|
84
|
+
createDidKeyBinding(agentContext: AgentContext, keyType?: KeyType): Promise<{
|
|
85
|
+
did: string;
|
|
86
|
+
vmId: string;
|
|
87
|
+
publicKeyMultibase: string;
|
|
88
|
+
}>;
|
|
89
|
+
/**
|
|
90
|
+
* Create a new key binding with a did:jwk DID
|
|
91
|
+
* Returns the generated DID and verification method ID
|
|
92
|
+
*/
|
|
93
|
+
createDidJwkBinding(agentContext: AgentContext, keyType?: KeyType): Promise<{
|
|
94
|
+
did: string;
|
|
95
|
+
vmId: string;
|
|
96
|
+
publicKeyMultibase: string;
|
|
97
|
+
}>;
|
|
98
|
+
/**
|
|
99
|
+
* Get a JWK for a did:key or did:jwk DID
|
|
100
|
+
*/
|
|
101
|
+
getJwkForDid(did: string): any | null;
|
|
102
|
+
}
|