@bedrock/vc-delivery 7.1.0 → 7.2.0

package/lib/helpers.js

@@ -188,6 +188,36 @@ export function deepEqual(obj1, obj2) {
   return true;
 }
 
+export function createVerifyOptions({
+  verifyPresentationOptions,
+  expectedChallenge,
+  verifiablePresentationRequest,
+  presentation,
+  domain,
+  checks
+}) {
+  // start with `verifyPresentationOptions`, then overwrite as needed
+  const options = {...verifyPresentationOptions};
+
+  // update `checks` with anything additional from `verifyPresentationOptions`
+  const checkSet = new Set(checks);
+  if(verifyPresentationOptions.checks) {
+    Object.entries(verifyPresentationOptions.checks)
+      .forEach(([check, enabled]) => enabled && checkSet.add(check));
+  }
+  options.checks = [...checkSet];
+
+  // update `challenge`
+  options.challenge = expectedChallenge ??
+    verifiablePresentationRequest.challenge ??
+    presentation?.proof?.challenge;
+
+  // update `domain`
+  options.domain = domain;
+
+  return options;
+}
+
 export function stripStacktrace(error) {
   // serialize error and allow-list specific properties
   const serialized = serializeError(error);

package/lib/index.js

@@ -1,12 +1,11 @@
 /*!
- * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import * as workflowSchemas from '../schemas/bedrock-vc-workflow.js';
 import {createService, schemas} from '@bedrock/service-core';
 import {addRoutes} from './http.js';
 import {initializeServiceAgent} from '@bedrock/service-agent';
-import {klona} from 'klona';
 import {MAX_ISSUER_INSTANCES} from './constants.js';
 import {parseLocalId} from './helpers.js';
 import '@bedrock/express';
@@ -24,8 +23,8 @@ bedrock.events.on('bedrock.init', async () => {
 
 async function _initService({serviceType, routePrefix}) {
   // add customizations to config validators...
-  const createConfigBody = klona(schemas.createConfigBody);
-  const updateConfigBody = klona(schemas.updateConfigBody);
+  const createConfigBody = structuredClone(schemas.createConfigBody);
+  const updateConfigBody = structuredClone(schemas.updateConfigBody);
   const schemasToUpdate = [createConfigBody, updateConfigBody];
   const {
     credentialTemplates, steps, initialStep, issuerInstances
@@ -37,7 +36,7 @@ async function _initService({serviceType, routePrefix}) {
     schema.properties.initialStep = initialStep;
     schema.properties.issuerInstances = issuerInstances;
     // allow zcaps by custom reference ID
-    schema.properties.zcaps = klona(schemas.zcaps);
+    schema.properties.zcaps = structuredClone(schemas.zcaps);
     // max of 4 basic zcaps + max issuer instances
     schema.properties.zcaps.maxProperties = 4 + MAX_ISSUER_INSTANCES;
     schema.properties.zcaps.additionalProperties = schemas.delegatedZcap;

package/lib/oid4/oid4vp.js

@@ -12,7 +12,6 @@ import {
   verifiablePresentation as verifiablePresentationSchema
 } from '../../schemas/bedrock-vc-workflow.js';
 import {compile} from '@bedrock/validation';
-import {klona} from 'klona';
 import {logger} from '../logger.js';
 import {oid4vp} from '@digitalbazaar/oid4-client';
 import {verify} from '../verify.js';
@@ -103,7 +102,8 @@ export async function getAuthorizationRequest({req}) {
           authorizationRequest.client_id_scheme = 'redirect_uri';
         }
         if(client_metadata) {
-          authorizationRequest.client_metadata = klona(client_metadata);
+          authorizationRequest.client_metadata = structuredClone(
+            client_metadata);
         } else if(client_metadata_uri) {
           authorizationRequest.client_metadata_uri = client_metadata_uri;
         } else {
@@ -193,9 +193,15 @@ export async function processAuthorizationResponse({req}) {
     // verify the received VP
     const {verifiablePresentationRequest} = await oid4vp.toVpr(
       {authorizationRequest});
-    const {allowUnprotectedPresentation = false} = step;
+    const {
+      allowUnprotectedPresentation = false,
+      verifyPresentationOptions = {},
+      verifyPresentationResultSchema
+    } = step;
     const verifyResult = await verify({
       workflow,
+      verifyPresentationOptions,
+      verifyPresentationResultSchema,
       verifiablePresentationRequest,
       presentation,
       allowUnprotectedPresentation,

package/lib/vcapi.js

@@ -11,7 +11,6 @@ import {
 import {exportJWK, generateKeyPair, importJWK} from 'jose';
 import {compile} from '@bedrock/validation';
 import {issue} from './issue.js';
-import {klona} from 'klona';
 import {logger} from './logger.js';
 
 const {util: {BedrockError}} = bedrock;
@@ -141,7 +140,7 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
 
         // if no presentation was received in the body...
         if(!receivedPresentation) {
-          const verifiablePresentationRequest = klona(
+          const verifiablePresentationRequest = structuredClone(
             step.verifiablePresentationRequest);
           if(createChallenge) {
             /* Note: When creating a challenge, the initial step always
@@ -194,9 +193,15 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
 
         // verify the received VP
         const expectedChallenge = isInitialStep ? exchange.id : undefined;
-        const {allowUnprotectedPresentation = false} = step;
+        const {
+          allowUnprotectedPresentation = false,
+          verifyPresentationOptions = {},
+          verifyPresentationResultSchema
+        } = step;
         const verifyResult = await verify({
           workflow,
+          verifyPresentationOptions,
+          verifyPresentationResultSchema,
           verifiablePresentationRequest: step.verifiablePresentationRequest,
           presentation: receivedPresentation,
           allowUnprotectedPresentation,

package/lib/verify.js

@@ -4,8 +4,13 @@
 import * as bedrock from '@bedrock/core';
 import * as EcdsaMultikey from '@digitalbazaar/ecdsa-multikey';
 import * as Ed25519Multikey from '@digitalbazaar/ed25519-multikey';
-import {getZcapClient, stripStacktrace} from './helpers.js';
+import {
+  createVerifyOptions,
+  getZcapClient,
+  stripStacktrace
+} from './helpers.js';
 import {importJWK, jwtVerify} from 'jose';
+import {compile} from '@bedrock/validation';
 import {didIo} from '@bedrock/did-io';
 
 const {util: {BedrockError}} = bedrock;
@@ -25,8 +30,9 @@ export async function createChallenge({workflow} = {}) {
 }
 
 export async function verify({
-  workflow, verifiablePresentationRequest, presentation,
-  allowUnprotectedPresentation = false, expectedChallenge
+  workflow, verifyPresentationOptions, verifiablePresentationRequest,
+  presentation, allowUnprotectedPresentation = false, expectedChallenge,
+  verifyPresentationResultSchema
 } = {}) {
   // create zcap client for verifying
   const {zcapClient, zcaps} = await getZcapClient({workflow});
@@ -46,17 +52,18 @@ export async function verify({
     new URL(workflow.id).origin;
   let result;
   try {
+    const options = createVerifyOptions({
+      verifyPresentationOptions,
+      expectedChallenge,
+      verifiablePresentationRequest,
+      presentation,
+      domain,
+      checks
+    });
     result = await zcapClient.write({
       capability,
       json: {
-        options: {
-          // FIXME: support multi-proof presentations?
-          challenge: expectedChallenge ??
-            verifiablePresentationRequest.challenge ??
-            presentation?.proof?.challenge,
-          domain,
-          checks
-        },
+        options,
         verifiablePresentation: presentation
       }
     });
@@ -120,7 +127,15 @@ export async function verify({
   const verificationMethod = presentationResult?.results[0]
     .verificationMethod ?? null;
 
-  // FIXME: ensure VP satisfies VPR
+  // validate against the verify presentation result schema, if applicable
+  if(verifyPresentationResultSchema) {
+    const {jsonSchema: schema} = verifyPresentationResultSchema;
+    const validate = compile({schema});
+    const {valid, error} = validate(result.data);
+    if(!valid) {
+      throw error;
+    }
+  }
 
   return {
     verified,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "7.1.0",
+  "version": "7.2.0",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",
@@ -47,7 +47,6 @@
     "cors": "^2.8.5",
     "jose": "^5.10.0",
     "jsonata": "^2.0.6",
-    "klona": "^2.0.6",
     "serialize-error": "^12.0.0"
   },
   "peerDependencies": {
@@ -72,6 +71,6 @@
     "eslint-plugin-unicorn": "^56.0.1"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   }
 }

package/schemas/bedrock-vc-workflow.js

@@ -486,6 +486,28 @@ const step = {
     stepTemplate: typedTemplate,
     verifiablePresentationRequest: {
       type: 'object'
+    },
+    verifyPresentationOptions: {
+      type: 'object',
+      properties: {
+        checks: {
+          type: 'object'
+        }
+      },
+      additionalProperties: true
+    },
+    verifyPresentationResultSchema: {
+      type: 'object',
+      required: ['type', 'jsonSchema'],
+      additionalProperties: false,
+      properties: {
+        type: {
+          type: 'string'
+        },
+        jsonSchema: {
+          type: 'object'
+        }
+      }
     }
   }
 };