@bedrock/vc-delivery 7.2.0 → 7.4.0

package/lib/helpers.js

@@ -4,9 +4,12 @@
 import * as bedrock from '@bedrock/core';
 import * as vcjwt from './vcjwt.js';
 import {decodeId, generateId} from 'bnid';
+import {compile} from '@bedrock/validation';
 import {Ed25519Signature2020} from '@digitalbazaar/ed25519-signature-2020';
+import {httpClient} from '@digitalbazaar/http-client';
 import {httpsAgent} from '@bedrock/https-agent';
 import jsonata from 'jsonata';
+import {logger} from './logger.js';
 import {serializeError} from 'serialize-error';
 import {serviceAgents} from '@bedrock/service-agent';
 import {ZcapClient} from '@digitalbazaar/ezcap';
@@ -53,6 +56,27 @@ export function buildPresentationFromResults({
   return vp;
 }
 
+export function emitExchangeUpdated({workflow, exchange, step}) {
+  if(!step?.callback?.url) {
+    // no-op when there is no callback to notify
+    return;
+  }
+
+  const {url} = step.callback;
+  const exchangeId = `${workflow.id}/exchanges/${exchange.id}`;
+  httpClient.post(url, {
+    agent: httpsAgent,
+    json: {
+      event: {
+        data: {exchangeId}
+      }
+    }
+  }).catch(
+    error => logger.error(
+      'Could not send "exchangeUpdated" push notification: ' +
+      error.message, {error}));
+}
+
 export async function evaluateTemplate({
   workflow, exchange, typedTemplate, variables
 } = {}) {
@@ -329,3 +353,11 @@ function _getEnvelope({envelope, format}) {
       details: {httpStatusCode: 400, public: true}
     });
 }
+
+export function validateVerifiablePresentation({schema, presentation}) {
+  const validate = compile({schema});
+  const {valid, error} = validate(presentation);
+  if(!valid) {
+    throw error;
+  }
+}

package/lib/oid4/oid4vci.js

@@ -1,10 +1,11 @@
 /*!
- * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import * as exchanges from '../exchanges.js';
 import {
-  deepEqual, evaluateTemplate, getWorkflowIssuerInstances, validateStep
+  deepEqual, emitExchangeUpdated,
+  evaluateTemplate, getWorkflowIssuerInstances, validateStep
 } from '../helpers.js';
 import {importJWK, SignJWT} from 'jose';
 import {checkAccessToken} from '@bedrock/oauth2-verifier';
@@ -397,6 +398,7 @@ function _normalizeCredentialDefinitionTypes({credentialRequests}) {
 async function _processExchange({
   req, res, workflow, exchangeRecord, isBatchRequest
 }) {
+  let step;
   const {id: workflowId} = workflow;
   const {exchange, meta} = exchangeRecord;
   let {updated: lastUpdated} = meta;
@@ -428,7 +430,6 @@ async function _processExchange({
     });
 
     // process exchange step if present
-    let step;
     const currentStep = exchange.step;
     if(currentStep) {
       step = workflow.steps[exchange.step];
@@ -494,6 +495,7 @@ async function _processExchange({
     try {
       exchange.sequence++;
       await exchanges.complete({workflowId, exchange});
+      emitExchangeUpdated({workflow, exchange, step});
       lastUpdated = Date.now();
     } catch(e) {
       exchange.sequence--;
@@ -516,6 +518,7 @@ async function _processExchange({
     exchanges.setLastError({workflowId, exchange: copy, lastUpdated})
       .catch(error => logger.error(
         'Could not set last exchange error: ' + error.message, {error}));
+    emitExchangeUpdated({workflow, exchange, step});
     throw e;
   }
 }

package/lib/oid4/oid4vp.js

@@ -4,7 +4,8 @@
 import * as bedrock from '@bedrock/core';
 import * as exchanges from '../exchanges.js';
 import {
-  buildPresentationFromResults, evaluateTemplate, unenvelopePresentation,
+  buildPresentationFromResults, emitExchangeUpdated,
+  evaluateTemplate, unenvelopePresentation,
   validateStep
 } from '../helpers.js';
 import {
@@ -141,6 +142,7 @@ export async function getAuthorizationRequest({req}) {
       try {
         exchange.sequence++;
         await exchanges.update({workflowId: workflow.id, exchange});
+        emitExchangeUpdated({workflow, exchange, step});
       } catch(e) {
         exchange.sequence--;
         if(e.name !== 'InvalidStateError') {
@@ -168,11 +170,12 @@ export async function processAuthorizationResponse({req}) {
   const exchangeRecord = await req.getExchange();
   let {exchange} = exchangeRecord;
   let {meta: {updated: lastUpdated}} = exchangeRecord;
+  let step;
   try {
     // get authorization request and updated exchange associated with exchange
     const arRequest = await getAuthorizationRequest({req});
-    const {authorizationRequest, step} = arRequest;
-    ({exchange} = arRequest);
+    const {authorizationRequest} = arRequest;
+    ({exchange, step} = arRequest);
 
     // FIXME: check the VP against the presentation submission if requested
     // FIXME: check the VP against "trustedIssuer" in VPR, if provided
@@ -250,6 +253,7 @@ export async function processAuthorizationResponse({req}) {
         exchange.state = 'complete';
         await exchanges.complete({workflowId: workflow.id, exchange});
       }
+      emitExchangeUpdated({workflow, exchange, step});
       lastUpdated = Date.now();
     } catch(e) {
       exchange.sequence--;
@@ -277,6 +281,7 @@ export async function processAuthorizationResponse({req}) {
     exchanges.setLastError({workflowId, exchange: copy, lastUpdated})
       .catch(error => logger.error(
         'Could not set last exchange error: ' + error.message, {error}));
+    emitExchangeUpdated({workflow, exchange, step});
     throw e;
   }
 }

package/lib/vcapi.js

@@ -4,12 +4,10 @@
 import * as bedrock from '@bedrock/core';
 import * as exchanges from './exchanges.js';
 import {createChallenge as _createChallenge, verify} from './verify.js';
-import {
-  buildPresentationFromResults, evaluateTemplate, generateRandom,
-  unenvelopePresentation, validateStep
+import {buildPresentationFromResults, emitExchangeUpdated, evaluateTemplate,
+  generateRandom, validateStep, validateVerifiablePresentation
 } from './helpers.js';
 import {exportJWK, generateKeyPair, importJWK} from 'jose';
-import {compile} from '@bedrock/validation';
 import {issue} from './issue.js';
 import {logger} from './logger.js';
 
@@ -93,6 +91,8 @@ export async function createExchange({workflow, exchange}) {
 export async function processExchange({req, res, workflow, exchangeRecord}) {
   const {exchange, meta} = exchangeRecord;
   let {updated: lastUpdated} = meta;
+  let step;
+
   try {
     // get any `verifiablePresentation` from the body...
     let receivedPresentation = req?.body?.verifiablePresentation;
@@ -100,7 +100,6 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
     // process exchange step(s)
     let i = 0;
     let currentStep = exchange.step;
-    let step;
     while(true) {
       if(i++ > MAXIMUM_STEPS) {
         throw new BedrockError('Maximum steps exceeded.', {
@@ -171,24 +170,15 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
         }
 
         const {presentationSchema} = step;
-        if(presentationSchema) {
-          // if the VP is enveloped, get the presentation from the envelope
-          let presentation;
-          if(receivedPresentation?.type === 'EnvelopedVerifiablePresentation') {
-            ({presentation} = await unenvelopePresentation({
-              envelopedPresentation: receivedPresentation
-            }));
-          } else {
-            presentation = receivedPresentation;
-          }
 
-          // validate the received VP
-          const {jsonSchema: schema} = presentationSchema;
-          const validate = compile({schema});
-          const {valid, error} = validate(presentation);
-          if(!valid) {
-            throw error;
-          }
+        const isEnvelopedVP =
+          receivedPresentation?.type === 'EnvelopedVerifiablePresentation';
+
+        if(presentationSchema && !isEnvelopedVP) {
+          validateVerifiablePresentation({
+            schema: presentationSchema.jsonSchema,
+            presentation: receivedPresentation
+          });
         }
 
         // verify the received VP
@@ -208,6 +198,14 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
           expectedChallenge
         });
 
+        // validate enveloped VP after verification
+        if(presentationSchema && isEnvelopedVP) {
+          validateVerifiablePresentation({
+            schema: presentationSchema.jsonSchema,
+            presentation: verifyResult?.presentationResult?.presentation ?? {}
+          });
+        }
+
         // store VP results in variables associated with current step
         if(!exchange.variables.results) {
           exchange.variables.results = {};
@@ -255,6 +253,7 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
         try {
           exchange.sequence++;
           await exchanges.update({workflowId: workflow.id, exchange});
+          emitExchangeUpdated({workflow, exchange, step});
           lastUpdated = Date.now();
         } catch(e) {
           exchange.sequence--;
@@ -279,6 +278,7 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
     try {
       exchange.sequence++;
       await exchanges.complete({workflowId: workflow.id, exchange});
+      emitExchangeUpdated({workflow, exchange, step});
     } catch(e) {
       exchange.sequence--;
       throw e;
@@ -311,6 +311,7 @@ export async function processExchange({req, res, workflow, exchangeRecord}) {
     exchanges.setLastError({workflowId, exchange: copy, lastUpdated})
       .catch(error => logger.error(
         'Could not set last exchange error: ' + error.message, {error}));
+    emitExchangeUpdated({workflow, exchange, step});
     throw e;
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-delivery",
-  "version": "7.2.0",
+  "version": "7.4.0",
   "type": "module",
   "description": "Bedrock Verifiable Credential Delivery",
   "main": "./lib/index.js",
@@ -39,6 +39,7 @@
     "@digitalbazaar/ed25519-multikey": "^1.3.1",
     "@digitalbazaar/ed25519-signature-2020": "^5.4.0",
     "@digitalbazaar/ezcap": "^4.1.0",
+    "@digitalbazaar/http-client": "^4.2.0",
     "@digitalbazaar/oid4-client": "^4.3.0",
     "@digitalbazaar/vc": "^7.2.0",
     "assert-plus": "^1.0.0",

package/schemas/bedrock-vc-workflow.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2025 Digital Bazaar, Inc. All rights reserved.
  */
 import {MAX_ISSUER_INSTANCES} from '../lib/constants.js';
 import {schemas} from '@bedrock/validation';
@@ -116,6 +116,26 @@ const envelopedVerifiableCredential = {
   ]
 };
 
+const envelopedVerifiablePresentation = {
+  title: 'Enveloped Verifiable Presentation',
+  type: 'object',
+  additionalProperties: true,
+  properties: {
+    '@context': vcContext2StringOrArray,
+    id: {
+      type: 'string'
+    },
+    type: {
+      const: 'EnvelopedVerifiablePresentation'
+    }
+  },
+  required: [
+    '@context',
+    'id',
+    'type'
+  ]
+};
+
 export function verifiablePresentation() {
   return {
     title: 'Verifiable Presentation',
@@ -381,6 +401,7 @@ const step = {
     not: {
       required: [
         'allowUnprotectedPresentation',
+        'callback',
         'createChallenge',
         'issueRequests',
         'jwtDidProofRequest',
@@ -400,6 +421,16 @@ const step = {
     allowUnprotectedPresentation: {
       type: 'boolean'
     },
+    callback: {
+      type: 'object',
+      required: ['url'],
+      additionalProperties: false,
+      properties: {
+        url: {
+          type: 'string'
+        }
+      }
+    },
     createChallenge: {
       type: 'boolean'
     },
@@ -532,7 +563,12 @@ export function useExchangeBody() {
     type: 'object',
     additionalProperties: false,
     properties: {
-      verifiablePresentation: verifiablePresentation()
+      verifiablePresentation: {
+        anyOf: [
+          envelopedVerifiablePresentation,
+          verifiablePresentation()
+        ]
+      }
     }
   };
 }