@bedrock/vc-delivery 7.1.1 → 7.2.0

package/lib/helpers.js

@@ -188,6 +188,36 @@ export function deepEqual(obj1, obj2) {
   return true;
 }
 
+export function createVerifyOptions({
+  verifyPresentationOptions,
+  expectedChallenge,
+  verifiablePresentationRequest,
+  presentation,
+  domain,
+  checks
+}) {
+  // start with `verifyPresentationOptions`, then overwrite as needed
+  const options = {...verifyPresentationOptions};
+
+  // update `checks` with anything additional from `verifyPresentationOptions`
+  const checkSet = new Set(checks);
+  if(verifyPresentationOptions.checks) {
+    Object.entries(verifyPresentationOptions.checks)
+      .forEach(([check, enabled]) => enabled && checkSet.add(check));
+  }
+  options.checks = [...checkSet];
+
+  // update `challenge`
+  options.challenge = expectedChallenge ??
+    verifiablePresentationRequest.challenge ??
+    presentation?.proof?.challenge;
+
+  // update `domain`
+  options.domain = domain;
+
+  return options;
+}
+
 export function stripStacktrace(error) {
   // serialize error and allow-list specific properties
   const serialized = serializeError(error);

package/lib/oid4/oid4vp.js

@@ -193,9 +193,15 @@ export async function processAuthorizationResponse({req}) {
     // verify the received VP
     const {verifiablePresentationRequest} = await oid4vp.toVpr(
       {authorizationRequest});
-    const {allowUnprotectedPresentation = false} = step;
+    const {
+      allowUnprotectedPresentation = false,
+      verifyPresentationOptions = {},
+      verifyPresentationResultSchema
+    } = step;
     const verifyResult = await verify({
       workflow,
+      verifyPresentationOptions,
+      verifyPresentationResultSchema,
       verifiablePresentationRequest,
       presentation,
       allowUnprotectedPresentation,

package/lib/vcapi.js

@@ -193,9 +193,15 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
 
         // verify the received VP
         const expectedChallenge = isInitialStep ? exchange.id : undefined;
-        const {allowUnprotectedPresentation = false} = step;
+        const {
+          allowUnprotectedPresentation = false,
+          verifyPresentationOptions = {},
+          verifyPresentationResultSchema
+        } = step;
         const verifyResult = await verify({
           workflow,
+          verifyPresentationOptions,
+          verifyPresentationResultSchema,
           verifiablePresentationRequest: step.verifiablePresentationRequest,
           presentation: receivedPresentation,
           allowUnprotectedPresentation,

package/lib/verify.js

@@ -4,8 +4,13 @@
 import * as bedrock from '@bedrock/core';
 import * as EcdsaMultikey from '@digitalbazaar/ecdsa-multikey';
 import * as Ed25519Multikey from '@digitalbazaar/ed25519-multikey';
-import {getZcapClient, stripStacktrace} from './helpers.js';
+import {
+  createVerifyOptions,
+  getZcapClient,
+  stripStacktrace
+} from './helpers.js';
 import {importJWK, jwtVerify} from 'jose';
+import {compile} from '@bedrock/validation';
 import {didIo} from '@bedrock/did-io';
 
 const {util: {BedrockError}} = bedrock;
@@ -25,8 +30,9 @@ export async function createChallenge({workflow} = {}) {
 }
 
 export async function verify({
-  workflow, verifiablePresentationRequest, presentation,
-  allowUnprotectedPresentation = false, expectedChallenge
+  workflow, verifyPresentationOptions, verifiablePresentationRequest,
+  presentation, allowUnprotectedPresentation = false, expectedChallenge,
+  verifyPresentationResultSchema
 } = {}) {
   // create zcap client for verifying
   const {zcapClient, zcaps} = await getZcapClient({workflow});
@@ -46,17 +52,18 @@ export async function verify({
     new URL(workflow.id).origin;
   let result;
   try {
+    const options = createVerifyOptions({
+      verifyPresentationOptions,
+      expectedChallenge,
+      verifiablePresentationRequest,
+      presentation,
+      domain,
+      checks
+    });
     result = await zcapClient.write({
       capability,
       json: {
-        options: {
-          // FIXME: support multi-proof presentations?
-          challenge: expectedChallenge ??
-            verifiablePresentationRequest.challenge ??
-            presentation?.proof?.challenge,
-          domain,
-          checks
-        },
+        options,
         verifiablePresentation: presentation
       }
     });
@@ -120,7 +127,15 @@ export async function verify({
   const verificationMethod = presentationResult?.results[0]
     .verificationMethod ?? null;
 
-  // FIXME: ensure VP satisfies VPR
+  // validate against the verify presentation result schema, if applicable
+  if(verifyPresentationResultSchema) {
+    const {jsonSchema: schema} = verifyPresentationResultSchema;
+    const validate = compile({schema});
+    const {valid, error} = validate(result.data);
+    if(!valid) {
+      throw error;
+    }
+  }
 
   return {
     verified,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "7.1.1",
+  "version": "7.2.0",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",

package/schemas/bedrock-vc-workflow.js

@@ -486,6 +486,28 @@ const step = {
     stepTemplate: typedTemplate,
     verifiablePresentationRequest: {
       type: 'object'
+    },
+    verifyPresentationOptions: {
+      type: 'object',
+      properties: {
+        checks: {
+          type: 'object'
+        }
+      },
+      additionalProperties: true
+    },
+    verifyPresentationResultSchema: {
+      type: 'object',
+      required: ['type', 'jsonSchema'],
+      additionalProperties: false,
+      properties: {
+        type: {
+          type: 'string'
+        },
+        jsonSchema: {
+          type: 'object'
+        }
+      }
     }
   }
 };