@bedrock/vc-verifier 19.1.0 → 20.0.0

package/README.md

@@ -1,6 +1,6 @@
 # Bedrock VC Verifier API module _(@bedrock/vc-verifier)_
 
-[![Build Status](https://img.shields.io/github/workflow/status/digitalbazaar/bedrock-vc-verifier/Bedrock%20Node.js%20CI)](https://github.com/digitalbazaar/bedrock-vc-verifier/actions?query=workflow%3A%22Bedrock+Node.js+CI%22)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/digitalbazaar/bedrock-vc-verifier/main.yml)](https://github.com/digitalbazaar/bedrock-vc-verifier/actions/workflows/main.yml)
 [![NPM Version](https://img.shields.io/npm/v/bedrock-vc-verifier.svg)](https://npm.im/bedrock-vc-verifier)
 
 > A VC Verifier API library for use with Bedrock applications.

package/lib/config.js

@@ -17,9 +17,11 @@ cfg.challenges = {
 // also allow any verifier instance to optionally load `http` and `https`
 // documents directly from the Web
 cfg.documentLoader = {
-  // `true` enables all verifiers to fetch `http` documents from the Web
+  // `true` enables all verifier instances that do not have document loader
+  // instance-specific constraints to fetch `http` documents from the Web
   http: false,
-  // `true` enables all verifiers to fetch `https` documents from the Web
+  // `true` enables all verifier instances that do not have document loader
+  // instance-specific constraints to fetch `https` documents from the Web
   https: true
 };
 

package/lib/documentLoader.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2019-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2024 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
 import {
@@ -9,6 +9,7 @@ import {
 } from '@bedrock/jsonld-document-loader';
 import {createContextDocumentLoader} from '@bedrock/service-context-store';
 import {didIo} from '@bedrock/did-io';
+import {klona} from 'klona';
 import '@bedrock/credentials-context';
 import '@bedrock/data-integrity-context';
 import '@bedrock/did-context';
@@ -53,9 +54,17 @@ export async function createDocumentLoader({config} = {}) {
     {config, serviceType});
 
   return async function documentLoader(url) {
-    // resolve all DID URLs through did-io
+    // handle DID URLs...
     if(url.startsWith('did:')) {
-      const document = await didIo.get({url});
+      let document;
+      if(config.verifyOptions?.didResolver) {
+        // resolve via configured DID resolver
+        const {verifyOptions: {didResolver}} = config;
+        document = await _resolve({didResolver, didUrl: url});
+      } else {
+        // resolve via did-io
+        document = await didIo.get({url});
+      }
       return {
         contextUrl: null,
         documentUrl: url,
@@ -75,11 +84,74 @@ export async function createDocumentLoader({config} = {}) {
       // try to resolve URL through context doc loader
       return await contextDocumentLoader(url);
     } catch(e) {
-      // use web loader if configured
-      if(url.startsWith('http') && e.name === 'NotFoundError' && webLoader) {
+      // use web loader if configured and instance config allows it and
+      // the url starts with `http`, and the core config allows it
+      const allowRemoteContexts = !config.verifyOptions?.documentLoader ||
+        config.verifyOptions.documentLoader.allowRemoteContexts;
+      if(allowRemoteContexts &&
+        url.startsWith('http') && e.name === 'NotFoundError' && webLoader) {
         return webLoader(url);
       }
       throw e;
     }
   };
 }
+
+async function _resolve({didResolver, didUrl}) {
+  // split on `?` query or `#` fragment
+  const [did] = didUrl.split(/(?=[\?#])/);
+
+  // fetch DID document using DID resolver, assume DID param is prepended
+  const url = didResolver.url.endsWith('/') ?
+    `${didResolver.url}${encodeURIComponent(did)}` :
+    `${didResolver.url}/${encodeURIComponent(did)}`;
+  const data = await httpClientHandler.get({url});
+
+  if(data?.didDocument?.id !== did) {
+    throw new Error(`DID document for DID "${did}" not found.`);
+  }
+
+  // FIXME: perform DID document validation
+  // FIXME: handle URL query param / services
+  const {didDocument} = data;
+
+  // if a fragment was found use the fragment to dereference a subnode
+  // in the did doc
+  const [, fragment] = didUrl.split('#');
+  if(fragment) {
+    const id = `${didDocument.id}#${fragment}`;
+    return _getNode({didDocument, id});
+  }
+  // resolve the full DID Document
+  return didDocument;
+}
+
+function _getNode({didDocument, id}) {
+  // do verification method search first
+  let match = didDocument?.verificationMethod?.find(vm => vm?.id === id);
+  if(!match) {
+    // check other top-level nodes
+    for(const [key, value] of Object.entries(didDocument)) {
+      if(key === '@context' || key === 'verificationMethod') {
+        continue;
+      }
+      if(Array.isArray(value)) {
+        match = value.find(e => e?.id === id);
+      } else if(value?.id === id) {
+        match = value;
+      }
+      if(match) {
+        break;
+      }
+    }
+  }
+
+  if(!match) {
+    throw new Error(`DID document entity with id "${id}" not found.`);
+  }
+
+  return {
+    '@context': klona(didDocument['@context']),
+    ...klona(match)
+  };
+}

package/lib/index.js

@@ -1,13 +1,15 @@
 /*!
- * Copyright (c) 2021-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Digital Bazaar, Inc. All rights reserved.
  */
 import * as bedrock from '@bedrock/core';
+import {createService, schemas} from '@bedrock/service-core';
 import {
   addRoutes as addContextStoreRoutes
 } from '@bedrock/service-context-store';
 import {addRoutes} from './http.js';
-import {createService} from '@bedrock/service-core';
 import {initializeServiceAgent} from '@bedrock/service-agent';
+import {klona} from 'klona';
+import {verifyOptions} from '../schemas/bedrock-vc-verifier.js';
 
 // load config defaults
 import './config.js';
@@ -15,6 +17,15 @@ import './config.js';
 const serviceType = 'vc-verifier';
 
 bedrock.events.on('bedrock.init', async () => {
+  // add customizations to config validators...
+  const createConfigBody = klona(schemas.createConfigBody);
+  const updateConfigBody = klona(schemas.updateConfigBody);
+  const schemasToUpdate = [createConfigBody, updateConfigBody];
+  for(const schema of schemasToUpdate) {
+    // verify options
+    schema.properties.verifyOptions = verifyOptions;
+  }
+
   // create `vc-verifier` service
   const service = await createService({
     serviceType,
@@ -24,6 +35,8 @@ bedrock.events.on('bedrock.init', async () => {
       revocation: 1
     },
     validation: {
+      createConfigBody,
+      updateConfigBody,
       // require these zcaps (by reference ID)
       zcapReferenceIds: [{
         referenceId: 'edv',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bedrock/vc-verifier",
-  "version": "19.1.0",
+  "version": "20.0.0",
   "type": "module",
   "description": "Bedrock VC Verifier",
   "main": "./lib/index.js",
@@ -9,7 +9,7 @@
     "schemas/**/*.js"
   ],
   "scripts": {
-    "lint": "eslint ."
+    "lint": "eslint --ext .cjs,.js ."
   },
   "repository": {
     "type": "git",
@@ -25,52 +25,51 @@
   },
   "homepage": "https://github.com/digitalbazaar/bedrock-vc-verifier",
   "dependencies": {
-    "@digitalbazaar/bbs-2023-cryptosuite": "^1.1.0",
-    "@digitalbazaar/data-integrity": "^2.0.0",
+    "@digitalbazaar/bbs-2023-cryptosuite": "^1.2.0",
+    "@digitalbazaar/data-integrity": "^2.2.0",
     "@digitalbazaar/ecdsa-2019-cryptosuite": "^2.0.0",
-    "@digitalbazaar/ecdsa-rdfc-2019-cryptosuite": "^1.0.1",
-    "@digitalbazaar/ecdsa-sd-2023-cryptosuite": "^3.2.0",
+    "@digitalbazaar/ecdsa-rdfc-2019-cryptosuite": "^1.1.0",
+    "@digitalbazaar/ecdsa-sd-2023-cryptosuite": "^3.2.1",
     "@digitalbazaar/ed25519-signature-2018": "^4.0.0",
-    "@digitalbazaar/ed25519-signature-2020": "^5.0.0",
+    "@digitalbazaar/ed25519-signature-2020": "^5.4.0",
     "@digitalbazaar/eddsa-2022-cryptosuite": "^1.0.0",
-    "@digitalbazaar/eddsa-rdfc-2022-cryptosuite": "^1.0.1",
-    "@digitalbazaar/vc": "^6.0.0",
-    "@digitalbazaar/vc-revocation-list": "^6.0.0",
-    "@digitalbazaar/vc-status-list": "^7.0.0",
+    "@digitalbazaar/eddsa-rdfc-2022-cryptosuite": "^1.1.0",
+    "@digitalbazaar/vc": "^7.0.0",
+    "@digitalbazaar/vc-revocation-list": "^7.0.0",
+    "@digitalbazaar/vc-status-list": "^8.0.0",
     "assert-plus": "^1.0.0",
     "bnid": "^3.0.0",
-    "body-parser": "^1.20.0",
+    "body-parser": "^1.20.2",
     "cors": "^2.8.5",
-    "serialize-error": "^11.0.0"
+    "klona": "^2.0.6",
+    "serialize-error": "^11.0.3"
   },
   "peerDependencies": {
     "@bedrock/app-identity": "^4.0.0",
-    "@bedrock/core": "^6.0.1",
-    "@bedrock/credentials-context": "^4.0.0",
-    "@bedrock/data-integrity-context": "^3.0.0",
-    "@bedrock/did-context": "^5.0.0",
-    "@bedrock/did-io": "^10.2.0",
-    "@bedrock/express": "^8.0.0",
-    "@bedrock/https-agent": "^4.0.0",
-    "@bedrock/jsonld-document-loader": "^4.0.0",
-    "@bedrock/mongodb": "^10.0.0",
-    "@bedrock/multikey-context": "^2.0.0",
-    "@bedrock/security-context": "^8.0.0",
-    "@bedrock/service-agent": "^8.0.0",
-    "@bedrock/service-context-store": "^11.0.0",
-    "@bedrock/service-core": "^9.0.0",
-    "@bedrock/validation": "^7.0.0",
-    "@bedrock/vc-revocation-list-context": "^4.0.0",
-    "@bedrock/vc-status-list-context": "^5.0.0",
-    "@bedrock/veres-one-context": "^15.0.0"
+    "@bedrock/core": "^6.1.3",
+    "@bedrock/credentials-context": "^5.0.2",
+    "@bedrock/data-integrity-context": "^4.0.3",
+    "@bedrock/did-context": "^6.0.0",
+    "@bedrock/did-io": "^10.3.1",
+    "@bedrock/express": "^8.3.1",
+    "@bedrock/https-agent": "^4.1.0",
+    "@bedrock/jsonld-document-loader": "^5.1.0",
+    "@bedrock/mongodb": "^10.2.0",
+    "@bedrock/multikey-context": "^3.0.0",
+    "@bedrock/security-context": "^9.0.0",
+    "@bedrock/service-agent": "^9.0.2",
+    "@bedrock/service-context-store": "^12.0.0",
+    "@bedrock/service-core": "^10.0.0",
+    "@bedrock/validation": "^7.1.0",
+    "@bedrock/vc-revocation-list-context": "^5.0.0",
+    "@bedrock/vc-status-list-context": "^6.0.2",
+    "@bedrock/veres-one-context": "^16.0.0"
   },
   "devDependencies": {
-    "eslint": "^8.47.0",
-    "eslint-config-digitalbazaar": "^5.0.1",
-    "eslint-plugin-jsdoc": "^48.0.3",
-    "eslint-plugin-unicorn": "^50.0.1",
-    "jsdoc": "^4.0.2",
-    "jsdoc-to-markdown": "^8.0.0"
+    "eslint": "^8.57.0",
+    "eslint-config-digitalbazaar": "^5.2.0",
+    "eslint-plugin-jsdoc": "^48.11.0",
+    "eslint-plugin-unicorn": "^55.0.0"
   },
   "engines": {
     "node": ">=18"

package/schemas/bedrock-vc-verifier.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Digital Bazaar, Inc. All rights reserved.
  */
 const context = {
   title: '@context',
@@ -10,6 +10,42 @@ const context = {
   }
 };
 
+export const verifyOptions = {
+  title: 'Verify Options',
+  type: 'object',
+  oneOf: [{
+    required: ['didResolver']
+  }, {
+    required: ['documentLoader']
+  }],
+  additionalProperties: false,
+  properties: {
+    didResolver: {
+      title: 'DID Resolver',
+      type: 'object',
+      required: ['url'],
+      additionalProperties: false,
+      properties: {
+        url: {
+          type: 'string',
+          pattern: '^https://[^.]+.[^.]+'
+        }
+      }
+    },
+    documentLoader: {
+      title: 'Document Loader',
+      type: 'object',
+      required: ['allowRemoteContexts'],
+      additionalProperties: false,
+      properties: {
+        allowRemoteContexts: {
+          type: 'boolean'
+        }
+      }
+    }
+  }
+};
+
 export const createChallengeBody = {
   title: 'Create Challenge Body',
   type: 'object',