@bedrock/vc-delivery 3.4.1 → 3.5.1

package/lib/helpers.js

@@ -1,15 +1,24 @@
 /*!
- * Copyright (c) 2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import {decodeId, generateId} from 'bnid';
 import {Ed25519Signature2020} from '@digitalbazaar/ed25519-signature-2020';
 import {httpsAgent} from '@bedrock/https-agent';
+import jsonata from 'jsonata';
 import {serviceAgents} from '@bedrock/service-agent';
 import {ZcapClient} from '@digitalbazaar/ezcap';
 
 const {config} = bedrock;
 
+export async function evaluateTemplate({exchange, typedTemplate} = {}) {
+  // run jsonata compiler; only `jsonata` template type is supported and this
+  // assumes only this template type will be passed in
+  const {template} = typedTemplate;
+  const {variables = {}} = exchange;
+  return jsonata(template).evaluate(variables, variables);
+}
+
 export function getExchangerId({routePrefix, localId} = {}) {
   return `${config.server.baseUri}${routePrefix}/${localId}`;
 }

package/lib/http.js

@@ -8,12 +8,12 @@ import {createChallenge as _createChallenge, verify} from './verify.js';
 import {
   createExchangeBody, useExchangeBody
 } from '../schemas/bedrock-vc-exchanger.js';
+import {evaluateTemplate, generateRandom} from './helpers.js';
 import {exportJWK, generateKeyPair, importJWK} from 'jose';
 import {metering, middleware} from '@bedrock/service-core';
 import {asyncHandler} from '@bedrock/express';
 import bodyParser from 'body-parser';
 import cors from 'cors';
-import {generateRandom} from './helpers.js';
 import {issue} from './issue.js';
 import {klona} from 'klona';
 import {logger} from './logger.js';
@@ -31,6 +31,8 @@ bedrock.events.on('bedrock-express.configure.bodyParser', app => {
   }));
 });
 
+const MAXIMUM_STEPS = 100;
+
 export async function addRoutes({app, service} = {}) {
   const {routePrefix} = service;
 
@@ -170,15 +172,43 @@ export async function addRoutes({app, service} = {}) {
       let receivedPresentation = req?.body?.verifiablePresentation;
 
       // process exchange step(s)
+      let i = 0;
       let currentStep = exchange.step;
       while(true) {
+        if(i++ > MAXIMUM_STEPS) {
+          throw new BedrockError('Maximum steps exceeded.', {
+            name: 'DataError',
+            details: {httpStatusCode: 500, public: true}
+          });
+        }
+
         // no step present, break out to complete exchange
         if(!currentStep) {
           break;
         }
 
         // get current step details
-        const step = exchanger.steps[currentStep];
+        let step = exchanger.steps[currentStep];
+        if(step.stepTemplate) {
+          // generate step from the template; assume the template type is
+          // `jsonata` per the JSON schema
+          step = await evaluateTemplate(
+            {exchange, typedTemplate: step.stepTemplate});
+          if(Object.keys(step).length === 0) {
+            throw new BedrockError('Empty step detected.', {
+              name: 'DataError',
+              details: {httpStatusCode: 500, public: true}
+            });
+          }
+        }
+
+        // if next step is the same as the current step, throw an error
+        if(step.nextStep === currentStep) {
+          throw new BedrockError('Cyclical step detected.', {
+            name: 'DataError',
+            details: {httpStatusCode: 500, public: true}
+          });
+        }
 
         // handle VPR: if step requires it, then `verifiablePresentation` must
         // be in the request
@@ -213,11 +243,11 @@ export async function addRoutes({app, service} = {}) {
           // verify the received VP
           const expectedChallenge = isInitialStep ? exchange.id : undefined;
           const {verificationMethod} = await verify({
-            exchanger, presentation: receivedPresentation, expectedChallenge
+            exchanger,
+            verifiablePresentationRequest: step.verifiablePresentationRequest,
+            presentation: receivedPresentation, expectedChallenge
           });
 
-          // FIXME: ensure VP satisfies step VPR
-
           // store VP results in variables associated with current step
           if(!exchange.variables.results) {
             exchange.variables.results = {};
@@ -246,6 +276,16 @@ export async function addRoutes({app, service} = {}) {
             exchangerId: exchanger.id, exchange, expectedStep: currentStep
           });
           currentStep = exchange.step;
+
+          // FIXME: there may be VCs to issue during this step, do so before
+          // sending the VPR above
+        } else if(step.nextStep) {
+          // next steps without VPRs are prohibited
+          throw new BedrockError(
+            'Invalid step detected; continuing exchanges must include VPRs.', {
+              name: 'DataError',
+              details: {httpStatusCode: 500, public: true}
+            });
         }
       }
 
@@ -257,11 +297,12 @@ export async function addRoutes({app, service} = {}) {
       // FIXME: decide what the best recovery path is if delivery fails (but no
       // replay attack detected) after exchange has been marked complete
 
-      // issue VCs
-      const {verifiablePresentation} = await issue({exchanger, exchange});
+      // issue any VCs; may return an empty result if the step defines no
+      // VCs to issue
+      const result = await issue({exchanger, exchange});
 
-      // send VP
-      res.json({verifiablePresentation});
+      // send result
+      res.json(result);
     }));
 
   // create OID4VCI routes to be used with each individual exchange

package/lib/issue.js

@@ -1,26 +1,26 @@
 /*!
- * Copyright (c) 2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved.
  */
+import {evaluateTemplate, getZcapClient} from './helpers.js';
 import {createPresentation} from '@digitalbazaar/vc';
-import {getZcapClient} from './helpers.js';
-import jsonata from 'jsonata';
 
 export async function issue({exchanger, exchange} = {}) {
   // use any templates from exchanger and variables from exchange to produce
   // credentials to be issued; issue via the configured issuer instance
   const verifiableCredential = [];
   const {credentialTemplates = []} = exchanger;
-  if(credentialTemplates) {
-    const {variables = {}} = exchange;
-    // run jsonata compiler; only `jsonata` template type is supported and this
-    // was validated when the exchanger was created
-    const credentials = await Promise.all(credentialTemplates.map(
-      ({template: t}) => jsonata(t).evaluate(variables, variables)));
-    // issue all VCs
-    const vcs = await _issue({exchanger, credentials});
-    verifiableCredential.push(...vcs);
+  if(!credentialTemplates || credentialTemplates.length === 0) {
+    // nothing to issue
+    return {};
   }
 
+  // evaluate template
+  const credentials = await Promise.all(credentialTemplates.map(
+    typedTemplate => evaluateTemplate({exchange, typedTemplate})));
+  // issue all VCs
+  const vcs = await _issue({exchanger, credentials});
+  verifiableCredential.push(...vcs);
+
   // generate VP to return VCs
   const verifiablePresentation = createPresentation();
   // FIXME: add any encrypted VCs to VP

package/lib/verify.js

@@ -22,7 +22,7 @@ export async function createChallenge({exchanger} = {}) {
 }
 
 export async function verify({
-  exchanger, presentation, expectedChallenge
+  exchanger, verifiablePresentationRequest, presentation, expectedChallenge
 } = {}) {
   // create zcap client for verifying
   const {zcapClient, zcaps} = await getZcapClient({exchanger});
@@ -34,13 +34,16 @@ export async function verify({
     checks.push('challenge');
   }
   const capability = zcaps.verifyPresentation;
-  const domain = new URL(exchanger.id).origin;
+  const domain = verifiablePresentationRequest.domain ??
+    new URL(exchanger.id).origin;
   const result = await zcapClient.write({
     capability,
     json: {
       options: {
         // FIXME: support multi-proof presentations?
-        challenge: expectedChallenge ?? presentation?.proof?.challenge,
+        challenge: expectedChallenge ??
+          verifiablePresentationRequest.challenge ??
+          presentation?.proof?.challenge,
         domain,
         checks
       },
@@ -55,6 +58,8 @@ export async function verify({
     }
   } = result;
 
+  // FIXME: ensure VP satisfies VPR
+
   return {verified, challengeUses, verificationMethod};
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "3.4.1",
+  "version": "3.5.1",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",

package/schemas/bedrock-vc-exchanger.js

@@ -109,8 +109,8 @@ export const createExchangeBody = {
   }
 };
 
-const credentialTemplate = {
-  title: 'Credential Template',
+const typedTemplate = {
+  title: 'Typed Template',
   type: 'object',
   required: ['type', 'template'],
   additionalProperties: false,
@@ -129,13 +129,33 @@ export const credentialTemplates = {
   title: 'Credential Templates',
   type: 'array',
   minItems: 1,
-  items: credentialTemplate
+  items: typedTemplate
 };
 
 const step = {
   title: 'Exchange Step',
   type: 'object',
+  minProperties: 1,
   additionalProperties: false,
+  // step can either use a template so it will be generated using variables
+  // associated with the exchange, or static values can be provided
+  oneOf: [{
+    // `stepTemplate` must be present and nothing else
+    required: ['stepTemplate'],
+    not: {
+      required: [
+        'createChallenge',
+        'verifiablePresentationRequest',
+        'jwtDidProofRequest',
+        'nextStep'
+      ]
+    }
+  }, {
+    // anything except `stepTemplate` can be used
+    not: {
+      required: ['stepTemplate']
+    }
+  }],
   properties: {
     createChallenge: {
       type: 'boolean'
@@ -174,10 +194,8 @@ const step = {
     },
     nextStep: {
       type: 'string'
-    }
-    // FIXME: add jsonata template to convert VPR or
-    // `jwtDidProofRequest` to more variables to be
-    // used when issuing VCs
+    },
+    stepTemplate: typedTemplate
   }
 };