@cheqd/did-provider-cheqd 3.7.0-develop.1 → 4.0.0-develop.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cjs/agent/ICheqd.d.ts +44 -2
- package/build/cjs/agent/ICheqd.d.ts.map +1 -1
- package/build/cjs/agent/ICheqd.js +451 -169
- package/build/cjs/agent/ICheqd.js.map +1 -1
- package/build/cjs/did-manager/cheqd-did-provider.d.ts +1 -2
- package/build/cjs/did-manager/cheqd-did-provider.d.ts.map +1 -1
- package/build/cjs/did-manager/cheqd-did-provider.js +5 -6
- package/build/cjs/did-manager/cheqd-did-provider.js.map +1 -1
- package/build/cjs/dkg-threshold/index.d.ts +1 -1
- package/build/cjs/dkg-threshold/index.d.ts.map +1 -1
- package/build/cjs/dkg-threshold/index.js +1 -1
- package/build/cjs/dkg-threshold/index.js.map +1 -1
- package/build/cjs/dkg-threshold/lit-protocol/v2.d.ts +95 -0
- package/build/cjs/dkg-threshold/lit-protocol/v2.d.ts.map +1 -0
- package/build/cjs/dkg-threshold/{lit-protocol.js → lit-protocol/v2.js} +39 -39
- package/build/cjs/dkg-threshold/lit-protocol/v2.js.map +1 -0
- package/build/cjs/dkg-threshold/{lit-protocol.d.ts → lit-protocol/v3.d.ts} +17 -17
- package/build/cjs/dkg-threshold/lit-protocol/v3.d.ts.map +1 -0
- package/build/cjs/dkg-threshold/lit-protocol/v3.js +231 -0
- package/build/cjs/dkg-threshold/lit-protocol/v3.js.map +1 -0
- package/build/cjs/utils/helpers.d.ts +5 -0
- package/build/cjs/utils/helpers.d.ts.map +1 -1
- package/build/cjs/utils/helpers.js +38 -1
- package/build/cjs/utils/helpers.js.map +1 -1
- package/build/esm/agent/ICheqd.d.ts +44 -2
- package/build/esm/agent/ICheqd.d.ts.map +1 -1
- package/build/esm/agent/ICheqd.js +425 -143
- package/build/esm/agent/ICheqd.js.map +1 -1
- package/build/esm/did-manager/cheqd-did-provider.d.ts +1 -2
- package/build/esm/did-manager/cheqd-did-provider.d.ts.map +1 -1
- package/build/esm/did-manager/cheqd-did-provider.js +3 -4
- package/build/esm/did-manager/cheqd-did-provider.js.map +1 -1
- package/build/esm/dkg-threshold/index.d.ts +1 -1
- package/build/esm/dkg-threshold/index.d.ts.map +1 -1
- package/build/esm/dkg-threshold/index.js +1 -1
- package/build/esm/dkg-threshold/index.js.map +1 -1
- package/build/esm/dkg-threshold/lit-protocol/v2.d.ts +95 -0
- package/build/esm/dkg-threshold/lit-protocol/v2.d.ts.map +1 -0
- package/build/esm/dkg-threshold/{lit-protocol.js → lit-protocol/v2.js} +31 -31
- package/build/esm/dkg-threshold/lit-protocol/v2.js.map +1 -0
- package/build/esm/dkg-threshold/{lit-protocol.d.ts → lit-protocol/v3.d.ts} +17 -17
- package/build/esm/dkg-threshold/lit-protocol/v3.d.ts.map +1 -0
- package/build/esm/dkg-threshold/lit-protocol/v3.js +227 -0
- package/build/esm/dkg-threshold/lit-protocol/v3.js.map +1 -0
- package/build/esm/utils/helpers.d.ts +5 -0
- package/build/esm/utils/helpers.d.ts.map +1 -1
- package/build/esm/utils/helpers.js +33 -0
- package/build/esm/utils/helpers.js.map +1 -1
- package/build/tsconfig.cjs.tsbuildinfo +1 -1
- package/build/tsconfig.esm.tsbuildinfo +1 -1
- package/build/tsconfig.types.tsbuildinfo +1 -1
- package/build/types/agent/ICheqd.d.ts +44 -2
- package/build/types/agent/ICheqd.d.ts.map +1 -1
- package/build/types/did-manager/cheqd-did-provider.d.ts +1 -2
- package/build/types/did-manager/cheqd-did-provider.d.ts.map +1 -1
- package/build/types/dkg-threshold/index.d.ts +1 -1
- package/build/types/dkg-threshold/index.d.ts.map +1 -1
- package/build/types/dkg-threshold/lit-protocol/v2.d.ts +95 -0
- package/build/types/dkg-threshold/lit-protocol/v2.d.ts.map +1 -0
- package/build/types/dkg-threshold/{lit-protocol.d.ts → lit-protocol/v3.d.ts} +17 -17
- package/build/types/dkg-threshold/lit-protocol/v3.d.ts.map +1 -0
- package/build/types/utils/helpers.d.ts +5 -0
- package/build/types/utils/helpers.d.ts.map +1 -1
- package/package.json +5 -3
- package/src/agent/ICheqd.ts +970 -202
- package/src/did-manager/cheqd-did-provider.ts +3 -4
- package/src/dkg-threshold/index.ts +1 -1
- package/src/dkg-threshold/lit-protocol/v2.ts +287 -0
- package/src/dkg-threshold/{lit-protocol.ts → lit-protocol/v3.ts} +114 -45
- package/src/utils/helpers.ts +45 -0
- package/build/cjs/dkg-threshold/lit-protocol.d.ts.map +0 -1
- package/build/cjs/dkg-threshold/lit-protocol.js.map +0 -1
- package/build/esm/dkg-threshold/lit-protocol.d.ts.map +0 -1
- package/build/esm/dkg-threshold/lit-protocol.js.map +0 -1
- package/build/types/dkg-threshold/lit-protocol.d.ts.map +0 -1
|
@@ -16,9 +16,10 @@ const vc_status_list_1 = require("@digitalbazaar/vc-status-list");
|
|
|
16
16
|
const uuid_1 = require("uuid");
|
|
17
17
|
const fs_1 = __importDefault(require("fs"));
|
|
18
18
|
const debug_1 = __importDefault(require("debug"));
|
|
19
|
-
const
|
|
19
|
+
const v3_js_1 = require("../dkg-threshold/lit-protocol/v3.js");
|
|
20
20
|
const helpers_js_1 = require("../utils/helpers.js");
|
|
21
21
|
const cheqd_did_resolver_js_1 = require("../did-manager/cheqd-did-resolver.js");
|
|
22
|
+
const v2_js_1 = require("../dkg-threshold/lit-protocol/v2.js");
|
|
22
23
|
const debug = (0, debug_1.default)('veramo:did-provider-cheqd');
|
|
23
24
|
exports.AccessControlConditionTypes = {
|
|
24
25
|
timelockPayment: 'timelockPayment',
|
|
@@ -659,8 +660,10 @@ class Cheqd {
|
|
|
659
660
|
// construct data and metadata tuple
|
|
660
661
|
const data = args.encrypted
|
|
661
662
|
? await (async function (that) {
|
|
663
|
+
// encrypt bitstring - case: symmetric
|
|
664
|
+
const { encryptedString: symmetricEncryptionCiphertext, symmetricKey } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, args?.statusListEncoding || cheqd_did_provider_js_1.DefaultStatusList2021Encodings.base64url));
|
|
662
665
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
663
|
-
const lit = await
|
|
666
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
664
667
|
chain: args?.dkgOptions?.chain || that.didProvider.dkgOptions.chain,
|
|
665
668
|
litNetwork: args?.dkgOptions?.network || that.didProvider.dkgOptions.network,
|
|
666
669
|
});
|
|
@@ -668,7 +671,7 @@ class Cheqd {
|
|
|
668
671
|
const unifiedAccessControlConditions = await Promise.all(args.paymentConditions.map(async (condition) => {
|
|
669
672
|
switch (condition.type) {
|
|
670
673
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
671
|
-
return await
|
|
674
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
672
675
|
key: '$.tx_responses.*.timestamp',
|
|
673
676
|
comparator: '<=',
|
|
674
677
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -677,8 +680,10 @@ class Cheqd {
|
|
|
677
680
|
throw new Error(`[did-provider-cheqd]: unsupported access control condition type ${condition.type}`);
|
|
678
681
|
}
|
|
679
682
|
}));
|
|
680
|
-
// encrypt bitstring
|
|
681
|
-
const { encryptedString
|
|
683
|
+
// encrypt bitstring - case: threshold
|
|
684
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, args?.statusListEncoding || cheqd_did_provider_js_1.DefaultStatusList2021Encodings.base64url), unifiedAccessControlConditions);
|
|
685
|
+
// construct encoded list
|
|
686
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
682
687
|
// return result tuple
|
|
683
688
|
switch (args.statusPurpose) {
|
|
684
689
|
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation:
|
|
@@ -686,7 +691,7 @@ class Cheqd {
|
|
|
686
691
|
{
|
|
687
692
|
StatusList2021: {
|
|
688
693
|
statusPurpose: args.statusPurpose,
|
|
689
|
-
encodedList
|
|
694
|
+
encodedList,
|
|
690
695
|
validFrom: new Date().toISOString(),
|
|
691
696
|
validUntil: args?.validUntil,
|
|
692
697
|
},
|
|
@@ -694,14 +699,15 @@ class Cheqd {
|
|
|
694
699
|
type: cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.revocation,
|
|
695
700
|
encrypted: true,
|
|
696
701
|
encoding: args?.statusListEncoding || cheqd_did_provider_js_1.DefaultStatusList2021Encodings.base64url,
|
|
697
|
-
|
|
702
|
+
statusListHash: stringHash,
|
|
698
703
|
paymentConditions: args.paymentConditions,
|
|
699
704
|
},
|
|
700
705
|
},
|
|
701
706
|
{
|
|
707
|
+
symmetricEncryptionCiphertext: await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext),
|
|
708
|
+
thresholdEncryptionCiphertext: (0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex'),
|
|
709
|
+
stringHash,
|
|
702
710
|
symmetricKey: (0, uint8arrays_1.toString)(symmetricKey, 'hex'),
|
|
703
|
-
encryptedSymmetricKey,
|
|
704
|
-
encryptedString: await (0, helpers_js_1.blobToHexString)(encryptedString),
|
|
705
711
|
},
|
|
706
712
|
];
|
|
707
713
|
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension:
|
|
@@ -709,7 +715,7 @@ class Cheqd {
|
|
|
709
715
|
{
|
|
710
716
|
StatusList2021: {
|
|
711
717
|
statusPurpose: args.statusPurpose,
|
|
712
|
-
encodedList
|
|
718
|
+
encodedList,
|
|
713
719
|
validFrom: new Date().toISOString(),
|
|
714
720
|
validUntil: args?.validUntil,
|
|
715
721
|
},
|
|
@@ -717,14 +723,15 @@ class Cheqd {
|
|
|
717
723
|
type: cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension,
|
|
718
724
|
encrypted: true,
|
|
719
725
|
encoding: args?.statusListEncoding || cheqd_did_provider_js_1.DefaultStatusList2021Encodings.base64url,
|
|
720
|
-
|
|
726
|
+
statusListHash: stringHash,
|
|
721
727
|
paymentConditions: args.paymentConditions,
|
|
722
728
|
},
|
|
723
729
|
},
|
|
724
730
|
{
|
|
731
|
+
symmetricEncryptionCiphertext: await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext),
|
|
732
|
+
thresholdEncryptionCiphertext: (0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex'),
|
|
733
|
+
stringHash,
|
|
725
734
|
symmetricKey: (0, uint8arrays_1.toString)(symmetricKey, 'hex'),
|
|
726
|
-
encryptedSymmetricKey,
|
|
727
|
-
encryptedString: await (0, helpers_js_1.blobToHexString)(encryptedString),
|
|
728
735
|
},
|
|
729
736
|
];
|
|
730
737
|
default:
|
|
@@ -796,7 +803,7 @@ class Cheqd {
|
|
|
796
803
|
},
|
|
797
804
|
}),
|
|
798
805
|
encrypted: args.encrypted,
|
|
799
|
-
symmetricKey: args
|
|
806
|
+
symmetricKey: args.encrypted && args.returnSymmetricKey ? data[1]?.symmetricKey : undefined,
|
|
800
807
|
};
|
|
801
808
|
}
|
|
802
809
|
async BroadcastStatusList2021(args, context) {
|
|
@@ -922,8 +929,6 @@ class Cheqd {
|
|
|
922
929
|
switch (args?.bitstringEncoding) {
|
|
923
930
|
case 'base64url':
|
|
924
931
|
return encoded;
|
|
925
|
-
case 'base64':
|
|
926
|
-
return (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(encoded, 'base64url'), 'base64');
|
|
927
932
|
case 'hex':
|
|
928
933
|
return (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(encoded, 'base64url'), 'hex');
|
|
929
934
|
default:
|
|
@@ -939,12 +944,12 @@ class Cheqd {
|
|
|
939
944
|
? args.issuanceOptions.credential.issuer.id
|
|
940
945
|
: args.issuanceOptions.credential.issuer;
|
|
941
946
|
// generate status list credential
|
|
942
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${issuer}?resourceName=${args.statusOptions.statusListName}&resourceType
|
|
947
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${issuer}?resourceName=${args.statusOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.revocation}`;
|
|
943
948
|
// construct credential status
|
|
944
949
|
const credentialStatus = {
|
|
945
950
|
id: `${statusListCredential}#${statusListIndex}`,
|
|
946
951
|
type: 'StatusList2021Entry',
|
|
947
|
-
statusPurpose:
|
|
952
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation,
|
|
948
953
|
statusListIndex: `${statusListIndex}`,
|
|
949
954
|
};
|
|
950
955
|
// add credential status to credential
|
|
@@ -981,12 +986,12 @@ class Cheqd {
|
|
|
981
986
|
? args.issuanceOptions.credential.issuer.id
|
|
982
987
|
: args.issuanceOptions.credential.issuer;
|
|
983
988
|
// generate status list credential
|
|
984
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${issuer}?resourceName=${args.statusOptions.statusListName}&resourceType
|
|
989
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${issuer}?resourceName=${args.statusOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension}`;
|
|
985
990
|
// construct credential status
|
|
986
991
|
const credentialStatus = {
|
|
987
992
|
id: `${statusListCredential}#${statusListIndex}`,
|
|
988
993
|
type: 'StatusList2021Entry',
|
|
989
|
-
statusPurpose:
|
|
994
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension,
|
|
990
995
|
statusListIndex: `${statusListIndex}`,
|
|
991
996
|
};
|
|
992
997
|
// add credential status to credential
|
|
@@ -1040,14 +1045,16 @@ class Cheqd {
|
|
|
1040
1045
|
args.dkgOptions ||= this.didProvider.dkgOptions;
|
|
1041
1046
|
// verify credential status
|
|
1042
1047
|
switch (credential.credentialStatus?.statusPurpose) {
|
|
1043
|
-
case
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1050
|
-
|
|
1048
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation:
|
|
1049
|
+
return {
|
|
1050
|
+
...verificationResult,
|
|
1051
|
+
revoked: await Cheqd.checkRevoked(credential, { ...args.options, topArgs: args }),
|
|
1052
|
+
};
|
|
1053
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension:
|
|
1054
|
+
return {
|
|
1055
|
+
...verificationResult,
|
|
1056
|
+
suspended: await Cheqd.checkSuspended(credential, { ...args.options, topArgs: args }),
|
|
1057
|
+
};
|
|
1051
1058
|
default:
|
|
1052
1059
|
throw new Error(`[did-provider-cheqd]: verify credential: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1053
1060
|
}
|
|
@@ -1083,14 +1090,16 @@ class Cheqd {
|
|
|
1083
1090
|
// define dkg options, if provided
|
|
1084
1091
|
args.dkgOptions ||= this.didProvider.dkgOptions;
|
|
1085
1092
|
switch (credential.credentialStatus?.statusPurpose) {
|
|
1086
|
-
case
|
|
1087
|
-
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1092
|
-
|
|
1093
|
-
|
|
1093
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation:
|
|
1094
|
+
return {
|
|
1095
|
+
...verificationResult,
|
|
1096
|
+
revoked: await Cheqd.checkRevoked(credential, { ...args.options, topArgs: args }),
|
|
1097
|
+
};
|
|
1098
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension:
|
|
1099
|
+
return {
|
|
1100
|
+
...verificationResult,
|
|
1101
|
+
suspended: await Cheqd.checkSuspended(credential, { ...args.options, topArgs: args }),
|
|
1102
|
+
};
|
|
1094
1103
|
default:
|
|
1095
1104
|
throw new Error(`[did-provider-cheqd]: verify presentation: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1096
1105
|
}
|
|
@@ -1127,9 +1136,9 @@ class Cheqd {
|
|
|
1127
1136
|
if (!args.statusOptions.statusListIndex)
|
|
1128
1137
|
throw new Error('[did-provider-cheqd]: check status: statusOptions.statusListIndex is required');
|
|
1129
1138
|
// generate resource type
|
|
1130
|
-
const resourceType = args.statusOptions.statusPurpose ===
|
|
1131
|
-
?
|
|
1132
|
-
:
|
|
1139
|
+
const resourceType = args.statusOptions.statusPurpose === cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation
|
|
1140
|
+
? cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.revocation
|
|
1141
|
+
: cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension;
|
|
1133
1142
|
// construct status list credential
|
|
1134
1143
|
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.statusOptions.issuerDid}?resourceName=${args.statusOptions.statusListName}&resourceType=${resourceType}`;
|
|
1135
1144
|
// construct credential status
|
|
@@ -1161,14 +1170,10 @@ class Cheqd {
|
|
|
1161
1170
|
// define dkg options, if provided
|
|
1162
1171
|
args.dkgOptions ||= this.didProvider.dkgOptions;
|
|
1163
1172
|
switch (credential.credentialStatus?.statusPurpose) {
|
|
1164
|
-
case
|
|
1165
|
-
|
|
1166
|
-
|
|
1167
|
-
return {
|
|
1168
|
-
case 'suspension':
|
|
1169
|
-
if (await Cheqd.checkSuspended(credential, { ...args.options, topArgs: args }))
|
|
1170
|
-
return { suspended: true };
|
|
1171
|
-
return { suspended: false };
|
|
1173
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation:
|
|
1174
|
+
return { revoked: await Cheqd.checkRevoked(credential, { ...args.options, topArgs: args }) };
|
|
1175
|
+
case cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension:
|
|
1176
|
+
return { suspended: await Cheqd.checkSuspended(credential, { ...args.options, topArgs: args }) };
|
|
1172
1177
|
default:
|
|
1173
1178
|
throw new Error(`[did-provider-cheqd]: check status: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1174
1179
|
}
|
|
@@ -1200,7 +1205,7 @@ class Cheqd {
|
|
|
1200
1205
|
if (!args.revocationOptions.statusListIndex)
|
|
1201
1206
|
throw new Error('[did-provider-cheqd]: revocation: revocationOptions.statusListIndex is required');
|
|
1202
1207
|
// construct status list credential
|
|
1203
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.revocationOptions.issuerDid}?resourceName=${args.revocationOptions.statusListName}&resourceType
|
|
1208
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.revocationOptions.issuerDid}?resourceName=${args.revocationOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.revocation}`;
|
|
1204
1209
|
// construct credential status
|
|
1205
1210
|
args.credential = {
|
|
1206
1211
|
'@context': [],
|
|
@@ -1209,7 +1214,7 @@ class Cheqd {
|
|
|
1209
1214
|
credentialStatus: {
|
|
1210
1215
|
id: `${statusListCredential}#${args.revocationOptions.statusListIndex}`,
|
|
1211
1216
|
type: 'StatusList2021Entry',
|
|
1212
|
-
statusPurpose:
|
|
1217
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation,
|
|
1213
1218
|
statusListIndex: `${args.revocationOptions.statusListIndex}`,
|
|
1214
1219
|
},
|
|
1215
1220
|
issuanceDate: '',
|
|
@@ -1222,7 +1227,7 @@ class Cheqd {
|
|
|
1222
1227
|
// if jwt credential, decode it
|
|
1223
1228
|
const credential = typeof args.credential === 'string' ? await Cheqd.decodeCredentialJWT(args.credential) : args.credential;
|
|
1224
1229
|
// validate status purpose
|
|
1225
|
-
if (credential.credentialStatus?.statusPurpose !==
|
|
1230
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation) {
|
|
1226
1231
|
throw new Error(`[did-provider-cheqd]: revocation: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1227
1232
|
}
|
|
1228
1233
|
// validate args in pairs - case: statusListFile and statusList
|
|
@@ -1303,7 +1308,7 @@ class Cheqd {
|
|
|
1303
1308
|
!args.revocationOptions.statusListIndices.every((index) => !isNaN(+index)))
|
|
1304
1309
|
throw new Error('[did-provider-cheqd]: revocation: revocationOptions.statusListIndex is required and must be an array of indices');
|
|
1305
1310
|
// construct status list credential
|
|
1306
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.revocationOptions.issuerDid}?resourceName=${args.revocationOptions.statusListName}&resourceType
|
|
1311
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.revocationOptions.issuerDid}?resourceName=${args.revocationOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.revocation}`;
|
|
1307
1312
|
// construct credential status
|
|
1308
1313
|
args.credentials = args.revocationOptions.statusListIndices.map((index) => ({
|
|
1309
1314
|
'@context': [],
|
|
@@ -1312,7 +1317,7 @@ class Cheqd {
|
|
|
1312
1317
|
credentialStatus: {
|
|
1313
1318
|
id: `${statusListCredential}#${index}`,
|
|
1314
1319
|
type: 'StatusList2021Entry',
|
|
1315
|
-
statusPurpose:
|
|
1320
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation,
|
|
1316
1321
|
statusListIndex: `${index}`,
|
|
1317
1322
|
},
|
|
1318
1323
|
issuanceDate: '',
|
|
@@ -1391,7 +1396,7 @@ class Cheqd {
|
|
|
1391
1396
|
if (!args.suspensionOptions.statusListIndex)
|
|
1392
1397
|
throw new Error('[did-provider-cheqd]: suspension: suspensionOptions.statusListIndex is required');
|
|
1393
1398
|
// construct status list credential
|
|
1394
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.suspensionOptions.issuerDid}?resourceName=${args.suspensionOptions.statusListName}&resourceType
|
|
1399
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.suspensionOptions.issuerDid}?resourceName=${args.suspensionOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension}`;
|
|
1395
1400
|
// construct credential status
|
|
1396
1401
|
args.credential = {
|
|
1397
1402
|
'@context': [],
|
|
@@ -1400,7 +1405,7 @@ class Cheqd {
|
|
|
1400
1405
|
credentialStatus: {
|
|
1401
1406
|
id: `${statusListCredential}#${args.suspensionOptions.statusListIndex}`,
|
|
1402
1407
|
type: 'StatusList2021Entry',
|
|
1403
|
-
statusPurpose:
|
|
1408
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension,
|
|
1404
1409
|
statusListIndex: `${args.suspensionOptions.statusListIndex}`,
|
|
1405
1410
|
},
|
|
1406
1411
|
issuanceDate: '',
|
|
@@ -1413,7 +1418,7 @@ class Cheqd {
|
|
|
1413
1418
|
// if jwt credential, decode it
|
|
1414
1419
|
const credential = typeof args.credential === 'string' ? await Cheqd.decodeCredentialJWT(args.credential) : args.credential;
|
|
1415
1420
|
// validate status purpose
|
|
1416
|
-
if (credential.credentialStatus?.statusPurpose !==
|
|
1421
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension) {
|
|
1417
1422
|
throw new Error(`[did-provider-cheqd]: suspension: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1418
1423
|
}
|
|
1419
1424
|
// validate args in pairs - case: statusListFile and statusList
|
|
@@ -1494,7 +1499,7 @@ class Cheqd {
|
|
|
1494
1499
|
!args.suspensionOptions.statusListIndices.every((index) => !isNaN(+index)))
|
|
1495
1500
|
throw new Error('[did-provider-cheqd]: suspension: suspensionOptions.statusListIndex is required and must be an array of indices');
|
|
1496
1501
|
// construct status list credential
|
|
1497
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.suspensionOptions.issuerDid}?resourceName=${args.suspensionOptions.statusListName}&resourceType
|
|
1502
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.suspensionOptions.issuerDid}?resourceName=${args.suspensionOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension}`;
|
|
1498
1503
|
// construct credential status
|
|
1499
1504
|
args.credentials = args.suspensionOptions.statusListIndices.map((index) => ({
|
|
1500
1505
|
'@context': [],
|
|
@@ -1503,7 +1508,7 @@ class Cheqd {
|
|
|
1503
1508
|
credentialStatus: {
|
|
1504
1509
|
id: `${statusListCredential}#${index}`,
|
|
1505
1510
|
type: 'StatusList2021Entry',
|
|
1506
|
-
statusPurpose:
|
|
1511
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension,
|
|
1507
1512
|
statusListIndex: `${index}`,
|
|
1508
1513
|
},
|
|
1509
1514
|
issuanceDate: '',
|
|
@@ -1582,7 +1587,7 @@ class Cheqd {
|
|
|
1582
1587
|
if (!args.unsuspensionOptions.statusListIndex)
|
|
1583
1588
|
throw new Error('[did-provider-cheqd]: unsuspension: unsuspensionOptions.statusListIndex is required');
|
|
1584
1589
|
// construct status list credential
|
|
1585
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.unsuspensionOptions.issuerDid}?resourceName=${args.unsuspensionOptions.statusListName}&resourceType
|
|
1590
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.unsuspensionOptions.issuerDid}?resourceName=${args.unsuspensionOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension}`;
|
|
1586
1591
|
// construct credential status
|
|
1587
1592
|
args.credential = {
|
|
1588
1593
|
'@context': [],
|
|
@@ -1591,7 +1596,7 @@ class Cheqd {
|
|
|
1591
1596
|
credentialStatus: {
|
|
1592
1597
|
id: `${statusListCredential}#${args.unsuspensionOptions.statusListIndex}`,
|
|
1593
1598
|
type: 'StatusList2021Entry',
|
|
1594
|
-
statusPurpose:
|
|
1599
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension,
|
|
1595
1600
|
statusListIndex: `${args.unsuspensionOptions.statusListIndex}`,
|
|
1596
1601
|
},
|
|
1597
1602
|
issuanceDate: '',
|
|
@@ -1604,7 +1609,7 @@ class Cheqd {
|
|
|
1604
1609
|
// if jwt credential, decode it
|
|
1605
1610
|
const credential = typeof args.credential === 'string' ? await Cheqd.decodeCredentialJWT(args.credential) : args.credential;
|
|
1606
1611
|
// validate status purpose
|
|
1607
|
-
if (credential.credentialStatus?.statusPurpose !==
|
|
1612
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension) {
|
|
1608
1613
|
throw new Error(`[did-provider-cheqd]: suspension: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
1609
1614
|
}
|
|
1610
1615
|
// validate args in pairs - case: statusListFile and statusList
|
|
@@ -1685,7 +1690,7 @@ class Cheqd {
|
|
|
1685
1690
|
!args.unsuspensionOptions.statusListIndices.every((index) => !isNaN(+index)))
|
|
1686
1691
|
throw new Error('[did-provider-cheqd]: unsuspension: unsuspensionOptions.statusListIndex is required and must be an array of indices');
|
|
1687
1692
|
// construct status list credential
|
|
1688
|
-
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.unsuspensionOptions.issuerDid}?resourceName=${args.unsuspensionOptions.statusListName}&resourceType
|
|
1693
|
+
const statusListCredential = `${cheqd_did_resolver_js_1.DefaultResolverUrl}${args.unsuspensionOptions.issuerDid}?resourceName=${args.unsuspensionOptions.statusListName}&resourceType=${cheqd_did_provider_js_1.DefaultStatusList2021ResourceTypes.suspension}`;
|
|
1689
1694
|
// construct credential status
|
|
1690
1695
|
args.credentials = args.unsuspensionOptions.statusListIndices.map((index) => ({
|
|
1691
1696
|
'@context': [],
|
|
@@ -1694,7 +1699,7 @@ class Cheqd {
|
|
|
1694
1699
|
credentialStatus: {
|
|
1695
1700
|
id: `${statusListCredential}#${index}`,
|
|
1696
1701
|
type: 'StatusList2021Entry',
|
|
1697
|
-
statusPurpose:
|
|
1702
|
+
statusPurpose: cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension,
|
|
1698
1703
|
statusListIndex: `${index}`,
|
|
1699
1704
|
},
|
|
1700
1705
|
issuanceDate: '',
|
|
@@ -1785,7 +1790,7 @@ class Cheqd {
|
|
|
1785
1790
|
if (args?.unifiedAccessControlCondition) {
|
|
1786
1791
|
// validate args - case: unifiedAccessControlCondition.chain
|
|
1787
1792
|
if (!args.unifiedAccessControlCondition.chain ||
|
|
1788
|
-
!Object.values(
|
|
1793
|
+
!Object.values(v3_js_1.LitCompatibleCosmosChains).includes(args.unifiedAccessControlCondition.chain))
|
|
1789
1794
|
throw new Error('[did-provider-cheqd]: observe: unifiedAccessControlCondition.chain is required and must be a valid Lit-compatible chain');
|
|
1790
1795
|
// validate args - case: unifiedAccessControlCondition.path
|
|
1791
1796
|
if (!args.unifiedAccessControlCondition.path)
|
|
@@ -1812,9 +1817,9 @@ class Cheqd {
|
|
|
1812
1817
|
// define network
|
|
1813
1818
|
const network = (function () {
|
|
1814
1819
|
switch (args.unifiedAccessControlCondition.chain) {
|
|
1815
|
-
case
|
|
1820
|
+
case v3_js_1.LitCompatibleCosmosChains.cheqdMainnet:
|
|
1816
1821
|
return sdk_1.CheqdNetwork.Mainnet;
|
|
1817
|
-
case
|
|
1822
|
+
case v3_js_1.LitCompatibleCosmosChains.cheqdTestnet:
|
|
1818
1823
|
return sdk_1.CheqdNetwork.Testnet;
|
|
1819
1824
|
default:
|
|
1820
1825
|
throw new Error(`[did-provider-cheqd]: observe: Unsupported chain: ${args.unifiedAccessControlCondition.chain}`);
|
|
@@ -1962,7 +1967,7 @@ class Cheqd {
|
|
|
1962
1967
|
static async revokeCredential(credential, options) {
|
|
1963
1968
|
try {
|
|
1964
1969
|
// validate status purpose
|
|
1965
|
-
if (credential?.credentialStatus?.statusPurpose !==
|
|
1970
|
+
if (credential?.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation)
|
|
1966
1971
|
throw new Error('[did-provider-cheqd]: revocation: Invalid status purpose');
|
|
1967
1972
|
// fetch status list 2021
|
|
1968
1973
|
const publishedList = (await Cheqd.fetchStatusList2021(credential));
|
|
@@ -1977,10 +1982,17 @@ class Cheqd {
|
|
|
1977
1982
|
return publishedList.metadata.encoding === 'base64url'
|
|
1978
1983
|
? publishedList.StatusList2021.encodedList
|
|
1979
1984
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
1985
|
+
// decrypt + return bitstring, if qualified for migration
|
|
1986
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
1987
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
1988
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
1989
|
+
// validate encoded list
|
|
1990
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
1991
|
+
throw new Error('[did-provider-cheqd]: revocation: Invalid encoded list');
|
|
1980
1992
|
// otherwise, decrypt and return raw bitstring
|
|
1981
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
1993
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
1982
1994
|
// decrypt
|
|
1983
|
-
return await
|
|
1995
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
1984
1996
|
})()
|
|
1985
1997
|
: await (async function () {
|
|
1986
1998
|
// transcode to base64url, if needed
|
|
@@ -2004,7 +2016,7 @@ class Cheqd {
|
|
|
2004
2016
|
// otherwise, decrypt and return bitstring
|
|
2005
2017
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
2006
2018
|
// decrypt
|
|
2007
|
-
const decrypted = await
|
|
2019
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2008
2020
|
// validate against published list
|
|
2009
2021
|
if (decrypted !== publishedListTranscoded)
|
|
2010
2022
|
throw new Error('[did-provider-cheqd]: revocation: statusListFile does not match published status list 2021');
|
|
@@ -2023,7 +2035,7 @@ class Cheqd {
|
|
|
2023
2035
|
const statusList = await vc_status_list_1.StatusList.decode({ encodedList: statusList2021 });
|
|
2024
2036
|
// early exit, if credential is already revoked
|
|
2025
2037
|
if (statusList.getStatus(Number(credential.credentialStatus.statusListIndex)))
|
|
2026
|
-
return { revoked:
|
|
2038
|
+
return { revoked: true };
|
|
2027
2039
|
// update revocation status
|
|
2028
2040
|
statusList.setStatus(Number(credential.credentialStatus.statusListIndex), true);
|
|
2029
2041
|
// set in-memory status list ref
|
|
@@ -2085,8 +2097,10 @@ class Cheqd {
|
|
|
2085
2097
|
!topArgs?.dkgOptions?.network) {
|
|
2086
2098
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
2087
2099
|
}
|
|
2100
|
+
// encrypt bitstring - case: symmetric
|
|
2101
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
2088
2102
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
2089
|
-
const lit = await
|
|
2103
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
2090
2104
|
chain: topArgs?.dkgOptions?.chain,
|
|
2091
2105
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
2092
2106
|
});
|
|
@@ -2101,7 +2115,7 @@ class Cheqd {
|
|
|
2101
2115
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
2102
2116
|
switch (condition.type) {
|
|
2103
2117
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2104
|
-
return await
|
|
2118
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2105
2119
|
key: '$.tx_responses.*.timestamp',
|
|
2106
2120
|
comparator: '<=',
|
|
2107
2121
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2123,7 +2137,7 @@ class Cheqd {
|
|
|
2123
2137
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
2124
2138
|
switch (condition.type) {
|
|
2125
2139
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2126
|
-
return await
|
|
2140
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2127
2141
|
key: '$.tx_responses.*.timestamp',
|
|
2128
2142
|
comparator: '<=',
|
|
2129
2143
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2135,13 +2149,15 @@ class Cheqd {
|
|
|
2135
2149
|
topArgs.paymentConditions,
|
|
2136
2150
|
];
|
|
2137
2151
|
})();
|
|
2138
|
-
// encrypt bitstring
|
|
2139
|
-
const { encryptedString,
|
|
2152
|
+
// encrypt bitstring - case: threshold
|
|
2153
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
2154
|
+
// construct encoded list
|
|
2155
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
2140
2156
|
// define status list content
|
|
2141
2157
|
const content = {
|
|
2142
2158
|
StatusList2021: {
|
|
2143
2159
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
2144
|
-
encodedList
|
|
2160
|
+
encodedList,
|
|
2145
2161
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
2146
2162
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
2147
2163
|
publishedList.StatusList2021.validUntil,
|
|
@@ -2150,7 +2166,11 @@ class Cheqd {
|
|
|
2150
2166
|
type: publishedList.metadata.type,
|
|
2151
2167
|
encrypted: true,
|
|
2152
2168
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
2153
|
-
|
|
2169
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
2170
|
+
? symmetricEncryptionStringHash
|
|
2171
|
+
: (function () {
|
|
2172
|
+
throw new Error('[did-provider-cheqd]: revocation: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
2173
|
+
})(),
|
|
2154
2174
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
2155
2175
|
},
|
|
2156
2176
|
};
|
|
@@ -2158,9 +2178,10 @@ class Cheqd {
|
|
|
2158
2178
|
return [
|
|
2159
2179
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
2160
2180
|
{
|
|
2161
|
-
|
|
2162
|
-
|
|
2163
|
-
|
|
2181
|
+
symmetricEncryptionCiphertext,
|
|
2182
|
+
thresholdEncryptionCiphertext,
|
|
2183
|
+
stringHash: symmetricEncryptionStringHash,
|
|
2184
|
+
symmetricKey,
|
|
2164
2185
|
},
|
|
2165
2186
|
];
|
|
2166
2187
|
})()
|
|
@@ -2224,7 +2245,7 @@ class Cheqd {
|
|
|
2224
2245
|
? (await Cheqd.fetchStatusList2021(credential))
|
|
2225
2246
|
: undefined,
|
|
2226
2247
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
2227
|
-
? published?.[1]?.symmetricKey
|
|
2248
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
2228
2249
|
: undefined,
|
|
2229
2250
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
2230
2251
|
? await Cheqd.fetchStatusList2021Metadata(credential)
|
|
@@ -2256,7 +2277,7 @@ class Cheqd {
|
|
|
2256
2277
|
.filter((value, index, self) => self.indexOf(value) !== index).length > 0)
|
|
2257
2278
|
throw new Error('[did-provider-cheqd]: revocation: Credentials must have unique status list index');
|
|
2258
2279
|
// validate credentials - case: status purpose
|
|
2259
|
-
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose ===
|
|
2280
|
+
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose === cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation))
|
|
2260
2281
|
throw new Error('[did-provider-cheqd]: revocation: Invalid status purpose');
|
|
2261
2282
|
// validate credentials - case: status list id
|
|
2262
2283
|
const remote = credentials[0].credentialStatus?.id
|
|
@@ -2288,10 +2309,17 @@ class Cheqd {
|
|
|
2288
2309
|
return publishedList.metadata.encoding === 'base64url'
|
|
2289
2310
|
? publishedList.StatusList2021.encodedList
|
|
2290
2311
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
2312
|
+
// decrypt + return bitstring, if qualified for migration
|
|
2313
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
2314
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
2315
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
2316
|
+
// validate encoded list
|
|
2317
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
2318
|
+
throw new Error('[did-provider-cheqd]: revocation: Invalid encoded list');
|
|
2291
2319
|
// otherwise, decrypt and return raw bitstring
|
|
2292
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
2320
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
2293
2321
|
// decrypt
|
|
2294
|
-
return await
|
|
2322
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2295
2323
|
})()
|
|
2296
2324
|
: await (async function () {
|
|
2297
2325
|
// transcode to base64url, if needed
|
|
@@ -2315,7 +2343,7 @@ class Cheqd {
|
|
|
2315
2343
|
// otherwise, decrypt and return bitstring
|
|
2316
2344
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
2317
2345
|
// decrypt
|
|
2318
|
-
const decrypted = await
|
|
2346
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2319
2347
|
// validate against published list
|
|
2320
2348
|
if (decrypted !== publishedListTranscoded)
|
|
2321
2349
|
throw new Error('[did-provider-cheqd]: revocation: statusListFile does not match published status list 2021');
|
|
@@ -2411,8 +2439,10 @@ class Cheqd {
|
|
|
2411
2439
|
!topArgs?.dkgOptions?.network) {
|
|
2412
2440
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
2413
2441
|
}
|
|
2442
|
+
// encrypt bitstring - case: symmetric
|
|
2443
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
2414
2444
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
2415
|
-
const lit = await
|
|
2445
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
2416
2446
|
chain: topArgs?.dkgOptions?.chain,
|
|
2417
2447
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
2418
2448
|
});
|
|
@@ -2427,7 +2457,7 @@ class Cheqd {
|
|
|
2427
2457
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
2428
2458
|
switch (condition.type) {
|
|
2429
2459
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2430
|
-
return await
|
|
2460
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2431
2461
|
key: '$.tx_responses.*.timestamp',
|
|
2432
2462
|
comparator: '<=',
|
|
2433
2463
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2449,7 +2479,7 @@ class Cheqd {
|
|
|
2449
2479
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
2450
2480
|
switch (condition.type) {
|
|
2451
2481
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2452
|
-
return await
|
|
2482
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2453
2483
|
key: '$.tx_responses.*.timestamp',
|
|
2454
2484
|
comparator: '<=',
|
|
2455
2485
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2461,13 +2491,15 @@ class Cheqd {
|
|
|
2461
2491
|
topArgs.paymentConditions,
|
|
2462
2492
|
];
|
|
2463
2493
|
})();
|
|
2464
|
-
// encrypt bitstring
|
|
2465
|
-
const { encryptedString,
|
|
2494
|
+
// encrypt bitstring - case: threshold
|
|
2495
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
2496
|
+
// construct encoded list
|
|
2497
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
2466
2498
|
// define status list content
|
|
2467
2499
|
const content = {
|
|
2468
2500
|
StatusList2021: {
|
|
2469
2501
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
2470
|
-
encodedList
|
|
2502
|
+
encodedList,
|
|
2471
2503
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
2472
2504
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
2473
2505
|
publishedList.StatusList2021.validUntil,
|
|
@@ -2476,7 +2508,11 @@ class Cheqd {
|
|
|
2476
2508
|
type: publishedList.metadata.type,
|
|
2477
2509
|
encrypted: true,
|
|
2478
2510
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
2479
|
-
|
|
2511
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
2512
|
+
? symmetricEncryptionStringHash
|
|
2513
|
+
: (function () {
|
|
2514
|
+
throw new Error('[did-provider-cheqd]: revocation: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
2515
|
+
})(),
|
|
2480
2516
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
2481
2517
|
},
|
|
2482
2518
|
};
|
|
@@ -2484,9 +2520,10 @@ class Cheqd {
|
|
|
2484
2520
|
return [
|
|
2485
2521
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
2486
2522
|
{
|
|
2487
|
-
|
|
2488
|
-
|
|
2489
|
-
|
|
2523
|
+
symmetricEncryptionCiphertext,
|
|
2524
|
+
thresholdEncryptionCiphertext,
|
|
2525
|
+
stringHash: symmetricEncryptionStringHash,
|
|
2526
|
+
symmetricKey,
|
|
2490
2527
|
},
|
|
2491
2528
|
];
|
|
2492
2529
|
})()
|
|
@@ -2550,7 +2587,7 @@ class Cheqd {
|
|
|
2550
2587
|
? (await Cheqd.fetchStatusList2021(credentials[0]))
|
|
2551
2588
|
: undefined,
|
|
2552
2589
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
2553
|
-
? published?.[1]?.symmetricKey
|
|
2590
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
2554
2591
|
: undefined,
|
|
2555
2592
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
2556
2593
|
? await Cheqd.fetchStatusList2021Metadata(credentials[0])
|
|
@@ -2566,7 +2603,7 @@ class Cheqd {
|
|
|
2566
2603
|
static async suspendCredential(credential, options) {
|
|
2567
2604
|
try {
|
|
2568
2605
|
// validate status purpose
|
|
2569
|
-
if (credential?.credentialStatus?.statusPurpose !==
|
|
2606
|
+
if (credential?.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension)
|
|
2570
2607
|
throw new Error('[did-provider-cheqd]: suspension: Invalid status purpose');
|
|
2571
2608
|
// fetch status list 2021
|
|
2572
2609
|
const publishedList = (await Cheqd.fetchStatusList2021(credential));
|
|
@@ -2581,10 +2618,17 @@ class Cheqd {
|
|
|
2581
2618
|
return publishedList.metadata.encoding === 'base64url'
|
|
2582
2619
|
? publishedList.StatusList2021.encodedList
|
|
2583
2620
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
2621
|
+
// decrypt + return bitstring, if qualified for migration
|
|
2622
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
2623
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
2624
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
2625
|
+
// validate encoded list
|
|
2626
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
2627
|
+
throw new Error('[did-provider-cheqd]: suspension: Invalid encoded list');
|
|
2584
2628
|
// otherwise, decrypt and return raw bitstring
|
|
2585
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
2629
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
2586
2630
|
// decrypt
|
|
2587
|
-
return await
|
|
2631
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2588
2632
|
})()
|
|
2589
2633
|
: await (async function () {
|
|
2590
2634
|
// transcode to base64url, if needed
|
|
@@ -2608,7 +2652,7 @@ class Cheqd {
|
|
|
2608
2652
|
// otherwise, decrypt and return bitstring
|
|
2609
2653
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
2610
2654
|
// decrypt
|
|
2611
|
-
const decrypted = await
|
|
2655
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2612
2656
|
// validate against published list
|
|
2613
2657
|
if (decrypted !== publishedListTranscoded)
|
|
2614
2658
|
throw new Error('[did-provider-cheqd]: suspension: statusListFile does not match published status list 2021');
|
|
@@ -2689,8 +2733,10 @@ class Cheqd {
|
|
|
2689
2733
|
!topArgs?.dkgOptions?.network) {
|
|
2690
2734
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
2691
2735
|
}
|
|
2736
|
+
// encrypt bitstring - case: symmetric
|
|
2737
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
2692
2738
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
2693
|
-
const lit = await
|
|
2739
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
2694
2740
|
chain: topArgs?.dkgOptions?.chain,
|
|
2695
2741
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
2696
2742
|
});
|
|
@@ -2705,7 +2751,7 @@ class Cheqd {
|
|
|
2705
2751
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
2706
2752
|
switch (condition.type) {
|
|
2707
2753
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2708
|
-
return await
|
|
2754
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2709
2755
|
key: '$.tx_responses.*.timestamp',
|
|
2710
2756
|
comparator: '<=',
|
|
2711
2757
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2727,7 +2773,7 @@ class Cheqd {
|
|
|
2727
2773
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
2728
2774
|
switch (condition.type) {
|
|
2729
2775
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
2730
|
-
return await
|
|
2776
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
2731
2777
|
key: '$.tx_responses.*.timestamp',
|
|
2732
2778
|
comparator: '<=',
|
|
2733
2779
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -2739,13 +2785,15 @@ class Cheqd {
|
|
|
2739
2785
|
topArgs.paymentConditions,
|
|
2740
2786
|
];
|
|
2741
2787
|
})();
|
|
2742
|
-
// encrypt bitstring
|
|
2743
|
-
const { encryptedString,
|
|
2788
|
+
// encrypt bitstring - case: threshold
|
|
2789
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
2790
|
+
// construct encoded list
|
|
2791
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
2744
2792
|
// define status list content
|
|
2745
2793
|
const content = {
|
|
2746
2794
|
StatusList2021: {
|
|
2747
2795
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
2748
|
-
encodedList
|
|
2796
|
+
encodedList,
|
|
2749
2797
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
2750
2798
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
2751
2799
|
publishedList.StatusList2021.validUntil,
|
|
@@ -2754,7 +2802,11 @@ class Cheqd {
|
|
|
2754
2802
|
type: publishedList.metadata.type,
|
|
2755
2803
|
encrypted: true,
|
|
2756
2804
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
2757
|
-
|
|
2805
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
2806
|
+
? symmetricEncryptionStringHash
|
|
2807
|
+
: (function () {
|
|
2808
|
+
throw new Error('[did-provider-cheqd]: suspension: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
2809
|
+
})(),
|
|
2758
2810
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
2759
2811
|
},
|
|
2760
2812
|
};
|
|
@@ -2762,9 +2814,10 @@ class Cheqd {
|
|
|
2762
2814
|
return [
|
|
2763
2815
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
2764
2816
|
{
|
|
2765
|
-
|
|
2766
|
-
|
|
2767
|
-
|
|
2817
|
+
symmetricEncryptionCiphertext,
|
|
2818
|
+
thresholdEncryptionCiphertext,
|
|
2819
|
+
stringHash: symmetricEncryptionStringHash,
|
|
2820
|
+
symmetricKey,
|
|
2768
2821
|
},
|
|
2769
2822
|
];
|
|
2770
2823
|
})()
|
|
@@ -2828,7 +2881,7 @@ class Cheqd {
|
|
|
2828
2881
|
? (await Cheqd.fetchStatusList2021(credential))
|
|
2829
2882
|
: undefined,
|
|
2830
2883
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
2831
|
-
? published?.[1]?.symmetricKey
|
|
2884
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
2832
2885
|
: undefined,
|
|
2833
2886
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
2834
2887
|
? await Cheqd.fetchStatusList2021Metadata(credential)
|
|
@@ -2860,7 +2913,7 @@ class Cheqd {
|
|
|
2860
2913
|
.filter((value, index, self) => self.indexOf(value) !== index).length > 0)
|
|
2861
2914
|
throw new Error('[did-provider-cheqd]: suspension: Credentials must have unique status list index');
|
|
2862
2915
|
// validate credentials - case: status purpose
|
|
2863
|
-
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose ===
|
|
2916
|
+
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose === cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension))
|
|
2864
2917
|
throw new Error('[did-provider-cheqd]: suspension: Invalid status purpose');
|
|
2865
2918
|
// validate credentials - case: status list id
|
|
2866
2919
|
const remote = credentials[0].credentialStatus?.id
|
|
@@ -2892,10 +2945,17 @@ class Cheqd {
|
|
|
2892
2945
|
return publishedList.metadata.encoding === 'base64url'
|
|
2893
2946
|
? publishedList.StatusList2021.encodedList
|
|
2894
2947
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
2948
|
+
// decrypt + return bitstring, if qualified for migration
|
|
2949
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
2950
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
2951
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
2952
|
+
// validate encoded list
|
|
2953
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
2954
|
+
throw new Error('[did-provider-cheqd]: suspension: Invalid encoded list');
|
|
2895
2955
|
// otherwise, decrypt and return raw bitstring
|
|
2896
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
2956
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
2897
2957
|
// decrypt
|
|
2898
|
-
return await
|
|
2958
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2899
2959
|
})()
|
|
2900
2960
|
: await (async function () {
|
|
2901
2961
|
// transcode to base64url, if needed
|
|
@@ -2919,7 +2979,7 @@ class Cheqd {
|
|
|
2919
2979
|
// otherwise, decrypt and return bitstring
|
|
2920
2980
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
2921
2981
|
// decrypt
|
|
2922
|
-
const decrypted = await
|
|
2982
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
2923
2983
|
// validate against published list
|
|
2924
2984
|
if (decrypted !== publishedListTranscoded)
|
|
2925
2985
|
throw new Error('[did-provider-cheqd]: suspension: statusListFile does not match published status list 2021');
|
|
@@ -3015,8 +3075,10 @@ class Cheqd {
|
|
|
3015
3075
|
!topArgs?.dkgOptions?.network) {
|
|
3016
3076
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
3017
3077
|
}
|
|
3078
|
+
// encrypt bitstring - case: symmetric
|
|
3079
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
3018
3080
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
3019
|
-
const lit = await
|
|
3081
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
3020
3082
|
chain: topArgs?.dkgOptions?.chain,
|
|
3021
3083
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
3022
3084
|
});
|
|
@@ -3031,7 +3093,7 @@ class Cheqd {
|
|
|
3031
3093
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
3032
3094
|
switch (condition.type) {
|
|
3033
3095
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3034
|
-
return await
|
|
3096
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3035
3097
|
key: '$.tx_responses.*.timestamp',
|
|
3036
3098
|
comparator: '<=',
|
|
3037
3099
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3053,7 +3115,7 @@ class Cheqd {
|
|
|
3053
3115
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
3054
3116
|
switch (condition.type) {
|
|
3055
3117
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3056
|
-
return await
|
|
3118
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3057
3119
|
key: '$.tx_responses.*.timestamp',
|
|
3058
3120
|
comparator: '<=',
|
|
3059
3121
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3065,13 +3127,15 @@ class Cheqd {
|
|
|
3065
3127
|
topArgs.paymentConditions,
|
|
3066
3128
|
];
|
|
3067
3129
|
})();
|
|
3068
|
-
// encrypt bitstring
|
|
3069
|
-
const { encryptedString,
|
|
3130
|
+
// encrypt bitstring - case: threshold
|
|
3131
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
3132
|
+
// construct encoded list
|
|
3133
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
3070
3134
|
// define status list content
|
|
3071
3135
|
const content = {
|
|
3072
3136
|
StatusList2021: {
|
|
3073
3137
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
3074
|
-
encodedList
|
|
3138
|
+
encodedList,
|
|
3075
3139
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
3076
3140
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
3077
3141
|
publishedList.StatusList2021.validUntil,
|
|
@@ -3080,7 +3144,11 @@ class Cheqd {
|
|
|
3080
3144
|
type: publishedList.metadata.type,
|
|
3081
3145
|
encrypted: true,
|
|
3082
3146
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
3083
|
-
|
|
3147
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
3148
|
+
? symmetricEncryptionStringHash
|
|
3149
|
+
: (function () {
|
|
3150
|
+
throw new Error('[did-provider-cheqd]: suspension: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
3151
|
+
})(),
|
|
3084
3152
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
3085
3153
|
},
|
|
3086
3154
|
};
|
|
@@ -3088,9 +3156,10 @@ class Cheqd {
|
|
|
3088
3156
|
return [
|
|
3089
3157
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
3090
3158
|
{
|
|
3091
|
-
|
|
3092
|
-
|
|
3093
|
-
|
|
3159
|
+
symmetricEncryptionCiphertext,
|
|
3160
|
+
thresholdEncryptionCiphertext,
|
|
3161
|
+
stringHash: symmetricEncryptionStringHash,
|
|
3162
|
+
symmetricKey,
|
|
3094
3163
|
},
|
|
3095
3164
|
];
|
|
3096
3165
|
})()
|
|
@@ -3154,7 +3223,7 @@ class Cheqd {
|
|
|
3154
3223
|
? (await Cheqd.fetchStatusList2021(credentials[0]))
|
|
3155
3224
|
: undefined,
|
|
3156
3225
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
3157
|
-
? published?.[1]?.symmetricKey
|
|
3226
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
3158
3227
|
: undefined,
|
|
3159
3228
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
3160
3229
|
? await Cheqd.fetchStatusList2021Metadata(credentials[0])
|
|
@@ -3170,7 +3239,7 @@ class Cheqd {
|
|
|
3170
3239
|
static async unsuspendCredential(credential, options) {
|
|
3171
3240
|
try {
|
|
3172
3241
|
// validate status purpose
|
|
3173
|
-
if (credential?.credentialStatus?.statusPurpose !==
|
|
3242
|
+
if (credential?.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension)
|
|
3174
3243
|
throw new Error('[did-provider-cheqd]: unsuspension: Invalid status purpose');
|
|
3175
3244
|
// fetch status list 2021
|
|
3176
3245
|
const publishedList = (await Cheqd.fetchStatusList2021(credential));
|
|
@@ -3185,10 +3254,17 @@ class Cheqd {
|
|
|
3185
3254
|
return publishedList.metadata.encoding === 'base64url'
|
|
3186
3255
|
? publishedList.StatusList2021.encodedList
|
|
3187
3256
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
3257
|
+
// decrypt + return bitstring, if qualified for migration
|
|
3258
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
3259
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
3260
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
3261
|
+
// validate encoded list
|
|
3262
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
3263
|
+
throw new Error('[did-provider-cheqd]: unsuspension: Invalid encoded list');
|
|
3188
3264
|
// otherwise, decrypt and return raw bitstring
|
|
3189
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
3265
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
3190
3266
|
// decrypt
|
|
3191
|
-
return await
|
|
3267
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3192
3268
|
})()
|
|
3193
3269
|
: await (async function () {
|
|
3194
3270
|
// transcode to base64url, if needed
|
|
@@ -3212,7 +3288,7 @@ class Cheqd {
|
|
|
3212
3288
|
// otherwise, decrypt and return bitstring
|
|
3213
3289
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
3214
3290
|
// decrypt
|
|
3215
|
-
const decrypted = await
|
|
3291
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3216
3292
|
// validate against published list
|
|
3217
3293
|
if (decrypted !== publishedListTranscoded)
|
|
3218
3294
|
throw new Error('[did-provider-cheqd]: unsuspension: statusListFile does not match published status list 2021');
|
|
@@ -3293,8 +3369,10 @@ class Cheqd {
|
|
|
3293
3369
|
!topArgs?.dkgOptions?.network) {
|
|
3294
3370
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
3295
3371
|
}
|
|
3372
|
+
// encrypt bitstring - case: symmetric
|
|
3373
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
3296
3374
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
3297
|
-
const lit = await
|
|
3375
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
3298
3376
|
chain: topArgs?.dkgOptions?.chain,
|
|
3299
3377
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
3300
3378
|
});
|
|
@@ -3309,7 +3387,7 @@ class Cheqd {
|
|
|
3309
3387
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
3310
3388
|
switch (condition.type) {
|
|
3311
3389
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3312
|
-
return await
|
|
3390
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3313
3391
|
key: '$.tx_responses.*.timestamp',
|
|
3314
3392
|
comparator: '<=',
|
|
3315
3393
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3331,7 +3409,7 @@ class Cheqd {
|
|
|
3331
3409
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
3332
3410
|
switch (condition.type) {
|
|
3333
3411
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3334
|
-
return await
|
|
3412
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3335
3413
|
key: '$.tx_responses.*.timestamp',
|
|
3336
3414
|
comparator: '<=',
|
|
3337
3415
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3343,13 +3421,15 @@ class Cheqd {
|
|
|
3343
3421
|
topArgs.paymentConditions,
|
|
3344
3422
|
];
|
|
3345
3423
|
})();
|
|
3346
|
-
// encrypt bitstring
|
|
3347
|
-
const { encryptedString,
|
|
3424
|
+
// encrypt bitstring - case: threshold
|
|
3425
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
3426
|
+
// construct encoded list
|
|
3427
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
3348
3428
|
// define status list content
|
|
3349
3429
|
const content = {
|
|
3350
3430
|
StatusList2021: {
|
|
3351
3431
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
3352
|
-
encodedList
|
|
3432
|
+
encodedList,
|
|
3353
3433
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
3354
3434
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
3355
3435
|
publishedList.StatusList2021.validUntil,
|
|
@@ -3358,7 +3438,11 @@ class Cheqd {
|
|
|
3358
3438
|
type: publishedList.metadata.type,
|
|
3359
3439
|
encrypted: true,
|
|
3360
3440
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
3361
|
-
|
|
3441
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
3442
|
+
? symmetricEncryptionStringHash
|
|
3443
|
+
: (function () {
|
|
3444
|
+
throw new Error('[did-provider-cheqd]: unsuspension: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
3445
|
+
})(),
|
|
3362
3446
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
3363
3447
|
},
|
|
3364
3448
|
};
|
|
@@ -3366,9 +3450,10 @@ class Cheqd {
|
|
|
3366
3450
|
return [
|
|
3367
3451
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
3368
3452
|
{
|
|
3369
|
-
|
|
3370
|
-
|
|
3371
|
-
|
|
3453
|
+
symmetricEncryptionCiphertext,
|
|
3454
|
+
thresholdEncryptionCiphertext,
|
|
3455
|
+
stringHash: symmetricEncryptionStringHash,
|
|
3456
|
+
symmetricKey,
|
|
3372
3457
|
},
|
|
3373
3458
|
];
|
|
3374
3459
|
})()
|
|
@@ -3432,7 +3517,7 @@ class Cheqd {
|
|
|
3432
3517
|
? (await Cheqd.fetchStatusList2021(credential))
|
|
3433
3518
|
: undefined,
|
|
3434
3519
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
3435
|
-
? published?.[1]?.symmetricKey
|
|
3520
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
3436
3521
|
: undefined,
|
|
3437
3522
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
3438
3523
|
? await Cheqd.fetchStatusList2021Metadata(credential)
|
|
@@ -3464,7 +3549,7 @@ class Cheqd {
|
|
|
3464
3549
|
.filter((value, index, self) => self.indexOf(value) !== index).length > 0)
|
|
3465
3550
|
throw new Error('[did-provider-cheqd]: unsuspension: Credentials must have unique status list index');
|
|
3466
3551
|
// validate credentials - case: status purpose
|
|
3467
|
-
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose ===
|
|
3552
|
+
if (!credentials.every((credential) => credential.credentialStatus?.statusPurpose === cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension))
|
|
3468
3553
|
throw new Error('[did-provider-cheqd]: unsuspension: Invalid status purpose');
|
|
3469
3554
|
// validate credentials - case: status list id
|
|
3470
3555
|
const remote = credentials[0].credentialStatus?.id
|
|
@@ -3496,10 +3581,17 @@ class Cheqd {
|
|
|
3496
3581
|
return publishedList.metadata.encoding === 'base64url'
|
|
3497
3582
|
? publishedList.StatusList2021.encodedList
|
|
3498
3583
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
3584
|
+
// decrypt + return bitstring, if qualified for migration
|
|
3585
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
3586
|
+
return await v2_js_1.LitProtocolV2.decryptDirect(await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021
|
|
3587
|
+
.encodedList, 'hex')), (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
3588
|
+
// validate encoded list
|
|
3589
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
3590
|
+
throw new Error('[did-provider-cheqd]: unsuspension: Invalid encoded list');
|
|
3499
3591
|
// otherwise, decrypt and return raw bitstring
|
|
3500
|
-
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
3592
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)((0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[0], 'hex'));
|
|
3501
3593
|
// decrypt
|
|
3502
|
-
return await
|
|
3594
|
+
return (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3503
3595
|
})()
|
|
3504
3596
|
: await (async function () {
|
|
3505
3597
|
// transcode to base64url, if needed
|
|
@@ -3523,7 +3615,7 @@ class Cheqd {
|
|
|
3523
3615
|
// otherwise, decrypt and return bitstring
|
|
3524
3616
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
3525
3617
|
// decrypt
|
|
3526
|
-
const decrypted = await
|
|
3618
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3527
3619
|
// validate against published list
|
|
3528
3620
|
if (decrypted !== publishedListTranscoded)
|
|
3529
3621
|
throw new Error('[did-provider-cheqd]: unsuspension: statusListFile does not match published status list 2021');
|
|
@@ -3619,8 +3711,10 @@ class Cheqd {
|
|
|
3619
3711
|
!topArgs?.dkgOptions?.network) {
|
|
3620
3712
|
throw new Error('[did-provider-cheqd]: dkgOptions is required');
|
|
3621
3713
|
}
|
|
3714
|
+
// encrypt bitstring - case: symmetric
|
|
3715
|
+
const { encryptedString: symmetricEncryptionCiphertext, stringHash: symmetricEncryptionStringHash, symmetricKey, } = await v3_js_1.LitProtocol.encryptDirect((0, uint8arrays_1.fromString)(bitstring, 'base64url'));
|
|
3622
3716
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
3623
|
-
const lit = await
|
|
3717
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
3624
3718
|
chain: topArgs?.dkgOptions?.chain,
|
|
3625
3719
|
litNetwork: topArgs?.dkgOptions?.network,
|
|
3626
3720
|
});
|
|
@@ -3635,7 +3729,7 @@ class Cheqd {
|
|
|
3635
3729
|
await Promise.all(paymentConditions.map(async (condition) => {
|
|
3636
3730
|
switch (condition.type) {
|
|
3637
3731
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3638
|
-
return await
|
|
3732
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3639
3733
|
key: '$.tx_responses.*.timestamp',
|
|
3640
3734
|
comparator: '<=',
|
|
3641
3735
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3657,7 +3751,7 @@ class Cheqd {
|
|
|
3657
3751
|
await Promise.all(topArgs.paymentConditions.map(async (condition) => {
|
|
3658
3752
|
switch (condition.type) {
|
|
3659
3753
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3660
|
-
return await
|
|
3754
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3661
3755
|
key: '$.tx_responses.*.timestamp',
|
|
3662
3756
|
comparator: '<=',
|
|
3663
3757
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3669,13 +3763,15 @@ class Cheqd {
|
|
|
3669
3763
|
topArgs.paymentConditions,
|
|
3670
3764
|
];
|
|
3671
3765
|
})();
|
|
3672
|
-
// encrypt bitstring
|
|
3673
|
-
const { encryptedString,
|
|
3766
|
+
// encrypt bitstring - case: threshold
|
|
3767
|
+
const { encryptedString: thresholdEncryptionCiphertext, stringHash: thresholdEncryptionStringHash, } = await lit.encrypt((0, uint8arrays_1.fromString)(bitstring, 'base64url'), unifiedAccessControlConditionsTuple[0]);
|
|
3768
|
+
// construct encoded list
|
|
3769
|
+
const encodedList = `${await (0, helpers_js_1.blobToHexString)(symmetricEncryptionCiphertext)}-${(0, uint8arrays_1.toString)(thresholdEncryptionCiphertext, 'hex')}`;
|
|
3674
3770
|
// define status list content
|
|
3675
3771
|
const content = {
|
|
3676
3772
|
StatusList2021: {
|
|
3677
3773
|
statusPurpose: publishedList.StatusList2021.statusPurpose,
|
|
3678
|
-
encodedList
|
|
3774
|
+
encodedList,
|
|
3679
3775
|
validFrom: publishedList.StatusList2021.validFrom,
|
|
3680
3776
|
validUntil: options?.publishOptions?.statusListValidUntil ||
|
|
3681
3777
|
publishedList.StatusList2021.validUntil,
|
|
@@ -3684,7 +3780,11 @@ class Cheqd {
|
|
|
3684
3780
|
type: publishedList.metadata.type,
|
|
3685
3781
|
encrypted: true,
|
|
3686
3782
|
encoding: options?.publishOptions?.statusListEncoding || publishedList.metadata.encoding,
|
|
3687
|
-
|
|
3783
|
+
statusListHash: symmetricEncryptionStringHash === thresholdEncryptionStringHash
|
|
3784
|
+
? symmetricEncryptionStringHash
|
|
3785
|
+
: (function () {
|
|
3786
|
+
throw new Error('[did-provider-cheqd]: unsuspension: symmetricEncryptionStringHash and thresholdEncryptionStringHash do not match');
|
|
3787
|
+
})(),
|
|
3688
3788
|
paymentConditions: unifiedAccessControlConditionsTuple[1],
|
|
3689
3789
|
},
|
|
3690
3790
|
};
|
|
@@ -3692,9 +3792,10 @@ class Cheqd {
|
|
|
3692
3792
|
return [
|
|
3693
3793
|
await Cheqd.publishStatusList2021((0, uint8arrays_1.fromString)(JSON.stringify(content), 'utf-8'), statusListMetadata, options?.publishOptions),
|
|
3694
3794
|
{
|
|
3695
|
-
|
|
3696
|
-
|
|
3697
|
-
|
|
3795
|
+
symmetricEncryptionCiphertext,
|
|
3796
|
+
thresholdEncryptionCiphertext,
|
|
3797
|
+
stringHash: symmetricEncryptionStringHash,
|
|
3798
|
+
symmetricKey,
|
|
3698
3799
|
},
|
|
3699
3800
|
];
|
|
3700
3801
|
})()
|
|
@@ -3758,7 +3859,7 @@ class Cheqd {
|
|
|
3758
3859
|
? (await Cheqd.fetchStatusList2021(credentials[0]))
|
|
3759
3860
|
: undefined,
|
|
3760
3861
|
symmetricKey: topArgs?.returnSymmetricKey
|
|
3761
|
-
? published?.[1]?.symmetricKey
|
|
3862
|
+
? (0, uint8arrays_1.toString)(published?.[1]?.symmetricKey, 'hex')
|
|
3762
3863
|
: undefined,
|
|
3763
3864
|
resourceMetadata: topArgs?.returnStatusListMetadata
|
|
3764
3865
|
? await Cheqd.fetchStatusList2021Metadata(credentials[0])
|
|
@@ -3773,11 +3874,14 @@ class Cheqd {
|
|
|
3773
3874
|
}
|
|
3774
3875
|
static async checkRevoked(credential, options = { fetchList: true }) {
|
|
3775
3876
|
// validate status purpose
|
|
3776
|
-
if (credential.credentialStatus?.statusPurpose !==
|
|
3877
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation) {
|
|
3777
3878
|
throw new Error(`[did-provider-cheqd]: check: revocation: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
3778
3879
|
}
|
|
3779
3880
|
// fetch status list 2021
|
|
3780
3881
|
const publishedList = (await Cheqd.fetchStatusList2021(credential));
|
|
3882
|
+
// route to non-migrated action, if applicable
|
|
3883
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
3884
|
+
return await this.checkRevokedNonMigrated(credential, publishedList, options);
|
|
3781
3885
|
// fetch status list 2021 inscribed in credential
|
|
3782
3886
|
const statusList2021 = options?.topArgs?.fetchList
|
|
3783
3887
|
? await (async function () {
|
|
@@ -3786,10 +3890,13 @@ class Cheqd {
|
|
|
3786
3890
|
return publishedList.metadata.encoding === 'base64url'
|
|
3787
3891
|
? publishedList.StatusList2021.encodedList
|
|
3788
3892
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
3893
|
+
// validate encoded list
|
|
3894
|
+
if (!(0, helpers_js_1.isEncodedList)(publishedList.StatusList2021.encodedList))
|
|
3895
|
+
throw new Error('[did-provider-cheqd]: check: revocation: Invalid encoded list');
|
|
3789
3896
|
// otherwise, decrypt and return raw bitstring
|
|
3790
|
-
const
|
|
3897
|
+
const thresholdEncryptionCiphertext = (0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[1];
|
|
3791
3898
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
3792
|
-
const lit = await
|
|
3899
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
3793
3900
|
chain: options?.topArgs?.dkgOptions?.chain,
|
|
3794
3901
|
litNetwork: options?.topArgs?.dkgOptions?.network,
|
|
3795
3902
|
});
|
|
@@ -3797,7 +3904,7 @@ class Cheqd {
|
|
|
3797
3904
|
const unifiedAccessControlConditions = await Promise.all(publishedList.metadata.paymentConditions.map(async (condition) => {
|
|
3798
3905
|
switch (condition.type) {
|
|
3799
3906
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3800
|
-
return await
|
|
3907
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3801
3908
|
key: '$.tx_responses.*.timestamp',
|
|
3802
3909
|
comparator: '<=',
|
|
3803
3910
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3807,7 +3914,7 @@ class Cheqd {
|
|
|
3807
3914
|
}
|
|
3808
3915
|
}));
|
|
3809
3916
|
// decrypt
|
|
3810
|
-
return await lit.decrypt(
|
|
3917
|
+
return await lit.decrypt(thresholdEncryptionCiphertext, publishedList.metadata.statusListHash, unifiedAccessControlConditions);
|
|
3811
3918
|
})()
|
|
3812
3919
|
: await (async function () {
|
|
3813
3920
|
// transcode to base64url, if needed
|
|
@@ -3831,7 +3938,7 @@ class Cheqd {
|
|
|
3831
3938
|
// otherwise, decrypt and return bitstring
|
|
3832
3939
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
3833
3940
|
// decrypt
|
|
3834
|
-
const decrypted = await
|
|
3941
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3835
3942
|
// validate against published list
|
|
3836
3943
|
if (decrypted !== publishedListTranscoded)
|
|
3837
3944
|
throw new Error('[did-provider-cheqd]: check: revocation: statusListFile does not match published status list 2021');
|
|
@@ -3857,11 +3964,14 @@ class Cheqd {
|
|
|
3857
3964
|
}
|
|
3858
3965
|
static async checkSuspended(credential, options = { fetchList: true }) {
|
|
3859
3966
|
// validate status purpose
|
|
3860
|
-
if (credential.credentialStatus?.statusPurpose !==
|
|
3967
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension) {
|
|
3861
3968
|
throw new Error(`[did-provider-cheqd]: check: suspension: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
3862
3969
|
}
|
|
3863
3970
|
// fetch status list 2021
|
|
3864
3971
|
const publishedList = (await Cheqd.fetchStatusList2021(credential));
|
|
3972
|
+
// route to non-migrated action, if applicable
|
|
3973
|
+
if (publishedList.metadata.encryptedSymmetricKey)
|
|
3974
|
+
return await this.checkSuspendedNonMigrated(credential, publishedList, options);
|
|
3865
3975
|
// fetch status list 2021 inscribed in credential
|
|
3866
3976
|
const statusList2021 = options?.topArgs?.fetchList
|
|
3867
3977
|
? await (async function () {
|
|
@@ -3871,9 +3981,9 @@ class Cheqd {
|
|
|
3871
3981
|
? publishedList.StatusList2021.encodedList
|
|
3872
3982
|
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
3873
3983
|
// otherwise, decrypt and return bitstring
|
|
3874
|
-
const
|
|
3984
|
+
const thresholdEncryptionCiphertext = (0, helpers_js_1.getEncodedList)(publishedList.StatusList2021.encodedList, false)[1];
|
|
3875
3985
|
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
3876
|
-
const lit = await
|
|
3986
|
+
const lit = await v3_js_1.LitProtocol.create({
|
|
3877
3987
|
chain: options?.topArgs?.dkgOptions?.chain,
|
|
3878
3988
|
litNetwork: options?.topArgs?.dkgOptions?.network,
|
|
3879
3989
|
});
|
|
@@ -3881,7 +3991,179 @@ class Cheqd {
|
|
|
3881
3991
|
const unifiedAccessControlConditions = await Promise.all(publishedList.metadata.paymentConditions.map(async (condition) => {
|
|
3882
3992
|
switch (condition.type) {
|
|
3883
3993
|
case exports.AccessControlConditionTypes.timelockPayment:
|
|
3884
|
-
return await
|
|
3994
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3995
|
+
key: '$.tx_responses.*.timestamp',
|
|
3996
|
+
comparator: '<=',
|
|
3997
|
+
value: `${condition.intervalInSeconds}`,
|
|
3998
|
+
}, condition.feePaymentAmount, condition.feePaymentAddress, condition?.blockHeight, options?.topArgs?.dkgOptions?.chain);
|
|
3999
|
+
default:
|
|
4000
|
+
throw new Error(`[did-provider-cheqd]: unsupported access control condition type ${condition.type}`);
|
|
4001
|
+
}
|
|
4002
|
+
}));
|
|
4003
|
+
// decrypt
|
|
4004
|
+
return await lit.decrypt(thresholdEncryptionCiphertext, publishedList.metadata.statusListHash, unifiedAccessControlConditions);
|
|
4005
|
+
})()
|
|
4006
|
+
: await (async function () {
|
|
4007
|
+
// transcode to base64url, if needed
|
|
4008
|
+
const publishedListTranscoded = publishedList.metadata.encoding === 'base64url'
|
|
4009
|
+
? publishedList.StatusList2021.encodedList
|
|
4010
|
+
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
4011
|
+
// if status list 2021 is not fetched, read from file
|
|
4012
|
+
if (options?.statusListFile) {
|
|
4013
|
+
// if not encrypted, return bitstring
|
|
4014
|
+
if (!publishedList.metadata.encrypted) {
|
|
4015
|
+
// construct encoded status list
|
|
4016
|
+
const encoded = new vc_status_list_1.StatusList({
|
|
4017
|
+
buffer: await Cheqd.getFile(options.statusListFile),
|
|
4018
|
+
}).encode();
|
|
4019
|
+
// validate against published list
|
|
4020
|
+
if (encoded !== publishedListTranscoded)
|
|
4021
|
+
throw new Error('[did-provider-cheqd]: check: suspension: statusListFile does not match published status list 2021');
|
|
4022
|
+
// return encoded
|
|
4023
|
+
return encoded;
|
|
4024
|
+
}
|
|
4025
|
+
// otherwise, decrypt and return bitstring
|
|
4026
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
4027
|
+
// decrypt
|
|
4028
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
4029
|
+
// validate against published list
|
|
4030
|
+
if (decrypted !== publishedListTranscoded)
|
|
4031
|
+
throw new Error('[did-provider-cheqd]: check: suspension: statusListFile does not match published status list 2021');
|
|
4032
|
+
// return decrypted
|
|
4033
|
+
return decrypted;
|
|
4034
|
+
}
|
|
4035
|
+
if (!options?.statusListInlineBitstring)
|
|
4036
|
+
throw new Error('[did-provider-cheqd]: check: suspension: statusListInlineBitstring is required, if statusListFile is not provided');
|
|
4037
|
+
// validate against published list
|
|
4038
|
+
if (options?.statusListInlineBitstring !== publishedListTranscoded)
|
|
4039
|
+
throw new Error('[did-provider-cheqd]: check: suspension: statusListInlineBitstring does not match published status list 2021');
|
|
4040
|
+
// otherwise, read from inline bitstring
|
|
4041
|
+
return options?.statusListInlineBitstring;
|
|
4042
|
+
})();
|
|
4043
|
+
// parse status list 2021
|
|
4044
|
+
const statusList = await vc_status_list_1.StatusList.decode({ encodedList: statusList2021 });
|
|
4045
|
+
// get status by index
|
|
4046
|
+
return !!statusList.getStatus(Number(credential.credentialStatus.statusListIndex));
|
|
4047
|
+
}
|
|
4048
|
+
static async checkRevokedNonMigrated(credential, associatedStatusList, options = { fetchList: true }) {
|
|
4049
|
+
// validate status purpose
|
|
4050
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation) {
|
|
4051
|
+
throw new Error(`[did-provider-cheqd]: check: revocation: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
4052
|
+
}
|
|
4053
|
+
// fetch status list 2021
|
|
4054
|
+
const publishedList = associatedStatusList ||
|
|
4055
|
+
(await Cheqd.fetchStatusList2021(credential));
|
|
4056
|
+
// validate migrated
|
|
4057
|
+
if (!publishedList.metadata.encryptedSymmetricKey)
|
|
4058
|
+
throw new Error('[did-provider-cheqd]: check: revocation: Invalid migrated status list');
|
|
4059
|
+
// fetch status list 2021 inscribed in credential
|
|
4060
|
+
const statusList2021 = options?.topArgs?.fetchList
|
|
4061
|
+
? await (async function () {
|
|
4062
|
+
// if not encrypted, return bitstring
|
|
4063
|
+
if (!publishedList.metadata.encrypted)
|
|
4064
|
+
return publishedList.metadata.encoding === 'base64url'
|
|
4065
|
+
? publishedList.StatusList2021.encodedList
|
|
4066
|
+
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
4067
|
+
// otherwise, decrypt and return raw bitstring
|
|
4068
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
4069
|
+
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
4070
|
+
const lit = await v2_js_1.LitProtocolV2.create({
|
|
4071
|
+
chain: options?.topArgs?.dkgOptions?.chain,
|
|
4072
|
+
litNetwork: v2_js_1.LitNetworksV2.serrano,
|
|
4073
|
+
});
|
|
4074
|
+
// construct access control conditions
|
|
4075
|
+
const unifiedAccessControlConditions = await Promise.all(publishedList.metadata.paymentConditions.map(async (condition) => {
|
|
4076
|
+
switch (condition.type) {
|
|
4077
|
+
case exports.AccessControlConditionTypes.timelockPayment:
|
|
4078
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
4079
|
+
key: '$.tx_responses.*.timestamp',
|
|
4080
|
+
comparator: '<=',
|
|
4081
|
+
value: `${condition.intervalInSeconds}`,
|
|
4082
|
+
}, condition.feePaymentAmount, condition.feePaymentAddress, condition?.blockHeight, options?.topArgs?.dkgOptions?.chain);
|
|
4083
|
+
default:
|
|
4084
|
+
throw new Error(`[did-provider-cheqd]: unsupported access control condition type ${condition.type}`);
|
|
4085
|
+
}
|
|
4086
|
+
}));
|
|
4087
|
+
// decrypt
|
|
4088
|
+
return await lit.decrypt(scopedRawBlob, publishedList.metadata.encryptedSymmetricKey, unifiedAccessControlConditions);
|
|
4089
|
+
})()
|
|
4090
|
+
: await (async function () {
|
|
4091
|
+
// transcode to base64url, if needed
|
|
4092
|
+
const publishedListTranscoded = publishedList.metadata.encoding === 'base64url'
|
|
4093
|
+
? publishedList.StatusList2021.encodedList
|
|
4094
|
+
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
4095
|
+
// if status list 2021 is not fetched, read from file
|
|
4096
|
+
if (options?.statusListFile) {
|
|
4097
|
+
// if not encrypted, return bitstring
|
|
4098
|
+
if (!publishedList.metadata.encrypted) {
|
|
4099
|
+
// construct encoded status list
|
|
4100
|
+
const encoded = new vc_status_list_1.StatusList({
|
|
4101
|
+
buffer: await Cheqd.getFile(options.statusListFile),
|
|
4102
|
+
}).encode();
|
|
4103
|
+
// validate against published list
|
|
4104
|
+
if (encoded !== publishedListTranscoded)
|
|
4105
|
+
throw new Error('[did-provider-cheqd]: check: revocation: statusListFile does not match published status list 2021');
|
|
4106
|
+
// return encoded
|
|
4107
|
+
return encoded;
|
|
4108
|
+
}
|
|
4109
|
+
// otherwise, decrypt and return bitstring
|
|
4110
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
4111
|
+
// decrypt
|
|
4112
|
+
const decrypted = await v2_js_1.LitProtocolV2.decryptDirect(scopedRawBlob, (0, uint8arrays_1.fromString)(options?.topArgs?.symmetricKey, 'hex'));
|
|
4113
|
+
// validate against published list
|
|
4114
|
+
if (decrypted !== publishedListTranscoded)
|
|
4115
|
+
throw new Error('[did-provider-cheqd]: check: revocation: statusListFile does not match published status list 2021');
|
|
4116
|
+
// return decrypted
|
|
4117
|
+
return decrypted;
|
|
4118
|
+
}
|
|
4119
|
+
if (!options?.statusListInlineBitstring)
|
|
4120
|
+
throw new Error('[did-provider-cheqd]: check: revocation: statusListInlineBitstring is required, if statusListFile is not provided');
|
|
4121
|
+
// validate against published list
|
|
4122
|
+
if (options?.statusListInlineBitstring !== publishedListTranscoded)
|
|
4123
|
+
throw new Error('[did-provider-cheqd]: check: revocation: statusListInlineBitstring does not match published status list 2021');
|
|
4124
|
+
// otherwise, read from inline bitstring
|
|
4125
|
+
return options?.statusListInlineBitstring;
|
|
4126
|
+
})();
|
|
4127
|
+
// transcode, if needed
|
|
4128
|
+
const transcodedStatusList2021 = publishedList.metadata.encoding === 'base64url'
|
|
4129
|
+
? statusList2021
|
|
4130
|
+
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(statusList2021, publishedList.metadata.encoding), 'base64url');
|
|
4131
|
+
// parse status list 2021
|
|
4132
|
+
const statusList = await vc_status_list_1.StatusList.decode({ encodedList: transcodedStatusList2021 });
|
|
4133
|
+
// get status by index
|
|
4134
|
+
return !!statusList.getStatus(Number(credential.credentialStatus.statusListIndex));
|
|
4135
|
+
}
|
|
4136
|
+
static async checkSuspendedNonMigrated(credential, associatedStatusList, options = { fetchList: true }) {
|
|
4137
|
+
// validate status purpose
|
|
4138
|
+
if (credential.credentialStatus?.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension) {
|
|
4139
|
+
throw new Error(`[did-provider-cheqd]: check: suspension: Unsupported status purpose: ${credential.credentialStatus?.statusPurpose}`);
|
|
4140
|
+
}
|
|
4141
|
+
// fetch status list 2021
|
|
4142
|
+
const publishedList = associatedStatusList ||
|
|
4143
|
+
(await Cheqd.fetchStatusList2021(credential));
|
|
4144
|
+
// validate migrated
|
|
4145
|
+
if (!publishedList.metadata.encryptedSymmetricKey)
|
|
4146
|
+
throw new Error('[did-provider-cheqd]: check: suspension: Invalid migrated status list');
|
|
4147
|
+
// fetch status list 2021 inscribed in credential
|
|
4148
|
+
const statusList2021 = options?.topArgs?.fetchList
|
|
4149
|
+
? await (async function () {
|
|
4150
|
+
// if not encrypted, return bitstring
|
|
4151
|
+
if (!publishedList.metadata.encrypted)
|
|
4152
|
+
return publishedList.metadata.encoding === 'base64url'
|
|
4153
|
+
? publishedList.StatusList2021.encodedList
|
|
4154
|
+
: (0, uint8arrays_1.toString)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, publishedList.metadata.encoding), 'base64url');
|
|
4155
|
+
// otherwise, decrypt and return raw bitstring
|
|
4156
|
+
const scopedRawBlob = await (0, helpers_js_1.toBlob)((0, uint8arrays_1.fromString)(publishedList.StatusList2021.encodedList, 'hex'));
|
|
4157
|
+
// instantiate dkg-threshold client, in which case lit-protocol is used
|
|
4158
|
+
const lit = await v2_js_1.LitProtocolV2.create({
|
|
4159
|
+
chain: options?.topArgs?.dkgOptions?.chain,
|
|
4160
|
+
litNetwork: v2_js_1.LitNetworksV2.serrano,
|
|
4161
|
+
});
|
|
4162
|
+
// construct access control conditions
|
|
4163
|
+
const unifiedAccessControlConditions = await Promise.all(publishedList.metadata.paymentConditions.map(async (condition) => {
|
|
4164
|
+
switch (condition.type) {
|
|
4165
|
+
case exports.AccessControlConditionTypes.timelockPayment:
|
|
4166
|
+
return await v3_js_1.LitProtocol.generateCosmosAccessControlConditionInverseTimelock({
|
|
3885
4167
|
key: '$.tx_responses.*.timestamp',
|
|
3886
4168
|
comparator: '<=',
|
|
3887
4169
|
value: `${condition.intervalInSeconds}`,
|
|
@@ -3915,7 +4197,7 @@ class Cheqd {
|
|
|
3915
4197
|
// otherwise, decrypt and return bitstring
|
|
3916
4198
|
const scopedRawBlob = await (0, helpers_js_1.toBlob)(await Cheqd.getFile(options.statusListFile));
|
|
3917
4199
|
// decrypt
|
|
3918
|
-
const decrypted = await
|
|
4200
|
+
const decrypted = (0, uint8arrays_1.toString)(await v3_js_1.LitProtocol.decryptDirect(scopedRawBlob, await (0, helpers_js_1.safeDeserialise)(options?.topArgs?.symmetricKey, uint8arrays_1.fromString, ['hex'], 'Invalid symmetric key')), 'base64url');
|
|
3919
4201
|
// validate against published list
|
|
3920
4202
|
if (decrypted !== publishedListTranscoded)
|
|
3921
4203
|
throw new Error('[did-provider-cheqd]: check: suspension: statusListFile does not match published status list 2021');
|
|
@@ -3962,8 +4244,8 @@ class Cheqd {
|
|
|
3962
4244
|
if (credential.credentialStatus.type !== 'StatusList2021Entry')
|
|
3963
4245
|
throw new Error('[did-provider-cheqd]: fetch status list: Credential status type is not valid');
|
|
3964
4246
|
// validate credential status list status purpose
|
|
3965
|
-
if (credential.credentialStatus.statusPurpose !==
|
|
3966
|
-
credential.credentialStatus.statusPurpose !==
|
|
4247
|
+
if (credential.credentialStatus.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.revocation &&
|
|
4248
|
+
credential.credentialStatus.statusPurpose !== cheqd_did_provider_js_1.DefaultStatusList2021StatusPurposeTypes.suspension)
|
|
3967
4249
|
throw new Error('[did-provider-cheqd]: fetch status list: Credential status purpose is not valid');
|
|
3968
4250
|
// fetch status list 2021
|
|
3969
4251
|
const content = (await (await fetch(credential.credentialStatus.id.split('#')[0])).json());
|