@docknetwork/wallet-sdk-wasm 1.5.11 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generate-docs.js +49 -0
- package/jsdoc.conf.json +29 -6
- package/lib/index.js +8 -1
- package/lib/index.mjs +8 -1
- package/lib/rpc-server.js +10 -1
- package/lib/rpc-server.mjs +10 -1
- package/lib/services/blockchain/cached-did-resolver.js +113 -0
- package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
- package/lib/services/blockchain/index.js +11 -0
- package/lib/services/blockchain/index.mjs +11 -0
- package/lib/services/blockchain/service-rpc.js +16 -0
- package/lib/services/blockchain/service-rpc.mjs +16 -0
- package/lib/services/blockchain/service.js +144 -12
- package/lib/services/blockchain/service.mjs +144 -12
- package/lib/services/credential/bbs-revocation.js +11 -0
- package/lib/services/credential/bbs-revocation.mjs +11 -0
- package/lib/services/credential/config.js +4 -1
- package/lib/services/credential/config.mjs +4 -1
- package/lib/services/credential/index.js +14 -0
- package/lib/services/credential/index.mjs +14 -0
- package/lib/services/credential/pex-helpers.js +20 -0
- package/lib/services/credential/pex-helpers.mjs +20 -1
- package/lib/services/credential/sd-jwt.js +214 -0
- package/lib/services/credential/sd-jwt.mjs +200 -0
- package/lib/services/credential/service-rpc.js +9 -0
- package/lib/services/credential/service-rpc.mjs +9 -0
- package/lib/services/credential/service.js +325 -8
- package/lib/services/credential/service.mjs +326 -9
- package/lib/services/edv/service.js +145 -1
- package/lib/services/edv/service.mjs +145 -1
- package/lib/services/index.js +13 -0
- package/lib/services/index.mjs +13 -0
- package/lib/services/relay-service/service.js +124 -1
- package/lib/services/relay-service/service.mjs +124 -1
- package/lib/services/rpc-service-client.js +0 -3
- package/lib/services/rpc-service-client.mjs +0 -3
- package/lib/services/storage/index.js +19 -2
- package/lib/services/storage/index.mjs +24 -1
- package/lib/services/storage/service-rpc.js +7 -3
- package/lib/services/storage/service-rpc.mjs +7 -3
- package/lib/services/storage/service.js +4 -0
- package/lib/services/storage/service.mjs +4 -0
- package/lib/setup-nodejs.js +8 -1
- package/lib/setup-nodejs.mjs +8 -1
- package/lib/setup-tests.js +8 -1
- package/lib/setup-tests.mjs +8 -1
- package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
- package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
- package/lib/src/services/blockchain/service.d.ts +115 -17
- package/lib/src/services/blockchain/service.d.ts.map +1 -1
- package/lib/src/services/credential/config.d.ts.map +1 -1
- package/lib/src/services/credential/index.d.ts +3 -0
- package/lib/src/services/credential/index.d.ts.map +1 -1
- package/lib/src/services/credential/pex-helpers.d.ts +13 -1
- package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
- package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
- package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
- package/lib/src/services/credential/service.d.ts +274 -4
- package/lib/src/services/credential/service.d.ts.map +1 -1
- package/lib/src/services/edv/service.d.ts +151 -1
- package/lib/src/services/edv/service.d.ts.map +1 -1
- package/lib/src/services/relay-service/service.d.ts +129 -1
- package/lib/src/services/relay-service/service.d.ts.map +1 -1
- package/lib/src/services/rpc-service-client.d.ts +2 -2
- package/lib/src/services/rpc-service-client.d.ts.map +1 -1
- package/lib/src/services/storage/index.d.ts +1 -1
- package/lib/src/services/storage/index.d.ts.map +1 -1
- package/lib/src/services/storage/service-rpc.d.ts +9 -0
- package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
- package/lib/src/services/storage/service.d.ts +1 -0
- package/lib/src/services/storage/service.d.ts.map +1 -1
- package/lib/src/services/util-crypto/service.d.ts +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/lib/wallet/rpc-storage-interface.js +13 -3
- package/lib/wallet/rpc-storage-interface.mjs +11 -1
- package/lib/wallet/rpc-storage-wallet.js +10 -0
- package/lib/wallet/rpc-storage-wallet.mjs +10 -0
- package/package.json +13 -8
- package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
- package/src/services/blockchain/cached-did-resolver.ts +126 -0
- package/src/services/blockchain/service-rpc.js +16 -0
- package/src/services/blockchain/service.ts +146 -12
- package/src/services/credential/config.ts +7 -1
- package/src/services/credential/pex-helpers.js +20 -1
- package/src/services/credential/pex-helpers.test.js +114 -0
- package/src/services/credential/sd-jwt.test.ts +718 -0
- package/src/services/credential/sd-jwt.ts +231 -0
- package/src/services/credential/service-rpc.js +9 -0
- package/src/services/credential/service.ts +330 -9
- package/src/services/edv/service.ts +153 -1
- package/src/services/relay-service/service.ts +130 -1
- package/src/services/rpc-service-client.js +0 -3
- package/src/services/storage/index.js +15 -1
- package/src/services/storage/service-rpc.js +7 -3
- package/src/services/storage/service.ts +5 -0
|
@@ -1,4 +1,12 @@
|
|
|
1
1
|
// @ts-nocheck
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* @module credential-service
|
|
5
|
+
* @description Verifiable credential management service for the Wallet SDK.
|
|
6
|
+
* This module provides functionality for creating, signing, verifying, and presenting
|
|
7
|
+
* verifiable credentials including support for BBS+ signatures and anonymous credentials.
|
|
8
|
+
*/
|
|
9
|
+
|
|
2
10
|
import {serviceName, validation} from './config';
|
|
3
11
|
import {
|
|
4
12
|
Accumulator,
|
|
@@ -29,11 +37,26 @@ import {
|
|
|
29
37
|
import assert from 'assert';
|
|
30
38
|
import axios from 'axios';
|
|
31
39
|
import {getIsRevoked, getWitnessDetails} from './bbs-revocation';
|
|
32
|
-
import {getPexRequiredAttributes} from './pex-helpers';
|
|
40
|
+
import {getPexRequiredAttributes, shouldSkipAttribute} from './pex-helpers';
|
|
33
41
|
import {didService} from '../dids/service';
|
|
42
|
+
import {isSDJWTCredential as checkIsSDJWT, credentialToW3C as convertCredentialToW3C, verifySDJWT, createSDJWTPresentation} from './sd-jwt';
|
|
34
43
|
|
|
44
|
+
/**
|
|
45
|
+
* PEX (Presentation Exchange) instance for credential filtering
|
|
46
|
+
* @private
|
|
47
|
+
*/
|
|
35
48
|
const pex: PEX = new PEX();
|
|
36
49
|
|
|
50
|
+
/**
|
|
51
|
+
* Checks if a credential uses BBS+ signature
|
|
52
|
+
* @param {Object} credential - The credential to check
|
|
53
|
+
* @returns {boolean} True if the credential uses BBS+ signature
|
|
54
|
+
* @example
|
|
55
|
+
* const isBBS = isBBSPlusCredential(credential);
|
|
56
|
+
* if (isBBS) {
|
|
57
|
+
* console.log('This credential uses BBS+ signatures');
|
|
58
|
+
* }
|
|
59
|
+
*/
|
|
37
60
|
export function isBBSPlusCredential(credential) {
|
|
38
61
|
return (
|
|
39
62
|
(typeof credential?.proof?.type === 'string' &&
|
|
@@ -45,6 +68,13 @@ export function isBBSPlusCredential(credential) {
|
|
|
45
68
|
);
|
|
46
69
|
}
|
|
47
70
|
|
|
71
|
+
/**
|
|
72
|
+
* Checks if a credential uses KVAC (BBDT16) signature
|
|
73
|
+
* @param {Object} credential - The credential to check
|
|
74
|
+
* @returns {boolean} True if the credential uses KVAC signature
|
|
75
|
+
* @example
|
|
76
|
+
* const isKVAC = isKvacCredential(credential);
|
|
77
|
+
*/
|
|
48
78
|
export function isKvacCredential(credential) {
|
|
49
79
|
return (
|
|
50
80
|
typeof credential?.proof?.type === 'string' &&
|
|
@@ -52,11 +82,30 @@ export function isKvacCredential(credential) {
|
|
|
52
82
|
);
|
|
53
83
|
}
|
|
54
84
|
|
|
85
|
+
/**
|
|
86
|
+
* Checks if a credential is anonymous (BBS+ or KVAC)
|
|
87
|
+
* @param {Object} credential - The credential to check
|
|
88
|
+
* @returns {boolean} True if the credential is anonymous
|
|
89
|
+
* @example
|
|
90
|
+
* if (isAnnonymousCredential(credential)) {
|
|
91
|
+
* console.log('This credential supports selective disclosure');
|
|
92
|
+
* }
|
|
93
|
+
*/
|
|
55
94
|
export function isAnnonymousCredential(credential) {
|
|
56
95
|
return isBBSPlusCredential(credential) || isKvacCredential(credential);
|
|
57
96
|
}
|
|
58
97
|
|
|
98
|
+
/**
|
|
99
|
+
* Service class for managing verifiable credentials
|
|
100
|
+
* @class
|
|
101
|
+
* @description Provides methods for creating, signing, verifying, and presenting
|
|
102
|
+
* verifiable credentials with support for various signature types
|
|
103
|
+
*/
|
|
59
104
|
class CredentialService {
|
|
105
|
+
/**
|
|
106
|
+
* Creates a new CredentialService instance
|
|
107
|
+
* @constructor
|
|
108
|
+
*/
|
|
60
109
|
constructor() {
|
|
61
110
|
this.name = serviceName;
|
|
62
111
|
}
|
|
@@ -69,8 +118,28 @@ class CredentialService {
|
|
|
69
118
|
CredentialService.prototype.deriveVCFromPresentation,
|
|
70
119
|
CredentialService.prototype.isBBSPlusCredential,
|
|
71
120
|
CredentialService.prototype.isKvacCredential,
|
|
121
|
+
CredentialService.prototype.isSDJWTCredential,
|
|
122
|
+
CredentialService.prototype.credentialToW3C,
|
|
123
|
+
CredentialService.prototype.createSDJWTPresentation,
|
|
72
124
|
CredentialService.prototype.acquireOIDCredential,
|
|
73
125
|
];
|
|
126
|
+
|
|
127
|
+
|
|
128
|
+
createSDJWTPresentation(params) {
|
|
129
|
+
const {attributesToReveal, credential} = params;
|
|
130
|
+
return createSDJWTPresentation({attributesToReveal, credential});
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
/**
|
|
134
|
+
* Generates a new verifiable credential template
|
|
135
|
+
* @param {Object} [params={}] - Generation parameters
|
|
136
|
+
* @param {Object} [params.subject] - The credential subject
|
|
137
|
+
* @returns {VerifiableCredential} A new verifiable credential instance
|
|
138
|
+
* @example
|
|
139
|
+
* const credential = credentialService.generateCredential({
|
|
140
|
+
* subject: { id: 'did:example:123', name: 'Alice' }
|
|
141
|
+
* });
|
|
142
|
+
*/
|
|
74
143
|
generateCredential(params = {}) {
|
|
75
144
|
validation.generateCredential(params);
|
|
76
145
|
const {subject} = params;
|
|
@@ -89,6 +158,19 @@ class CredentialService {
|
|
|
89
158
|
}
|
|
90
159
|
return vc;
|
|
91
160
|
}
|
|
161
|
+
/**
|
|
162
|
+
* Signs a verifiable credential
|
|
163
|
+
* @param {Object} params - Signing parameters
|
|
164
|
+
* @param {Object} params.vcJson - The credential JSON to sign
|
|
165
|
+
* @param {Object} params.keyDoc - The key document for signing
|
|
166
|
+
* @returns {Promise<VerifiableCredential>} The signed verifiable credential
|
|
167
|
+
* @throws {Error} If validation fails or signing fails
|
|
168
|
+
* @example
|
|
169
|
+
* const signedCredential = await credentialService.signCredential({
|
|
170
|
+
* vcJson: credentialData,
|
|
171
|
+
* keyDoc: issuerKeyDocument
|
|
172
|
+
* });
|
|
173
|
+
*/
|
|
92
174
|
async signCredential(params) {
|
|
93
175
|
validation.signCredential(params);
|
|
94
176
|
const {vcJson, keyDoc} = params;
|
|
@@ -104,13 +186,39 @@ class CredentialService {
|
|
|
104
186
|
|
|
105
187
|
return verifiableCredential;
|
|
106
188
|
}
|
|
189
|
+
/**
|
|
190
|
+
* Creates a verifiable presentation from credentials
|
|
191
|
+
* @param {Object} params - Presentation parameters
|
|
192
|
+
* @param {Array<Object>} params.credentials - Array of verifiable credentials to include
|
|
193
|
+
* @param {Object} params.keyDoc - The key document for signing the presentation
|
|
194
|
+
* @param {string} [params.challenge] - Challenge string for the presentation proof
|
|
195
|
+
* @param {string} [params.id] - Presentation identifier
|
|
196
|
+
* @param {string} [params.domain] - Domain for the presentation proof
|
|
197
|
+
* @returns {Promise<Object>} The signed verifiable presentation
|
|
198
|
+
* @throws {Error} If validation fails
|
|
199
|
+
* @example
|
|
200
|
+
* const presentation = await credentialService.createPresentation({
|
|
201
|
+
* credentials: [credential1, credential2],
|
|
202
|
+
* keyDoc: holderKeyDocument,
|
|
203
|
+
* challenge: 'abc123',
|
|
204
|
+
* domain: 'example.com'
|
|
205
|
+
* });
|
|
206
|
+
*/
|
|
107
207
|
async createPresentation(params) {
|
|
108
208
|
validation.createPresentation(params);
|
|
109
209
|
const {credentials, keyDoc, challenge, id, domain} = params;
|
|
110
210
|
const vp = new VerifiablePresentation(id);
|
|
111
211
|
let shouldSkipSigning = false;
|
|
212
|
+
let jwtCredentials = [];
|
|
213
|
+
|
|
112
214
|
for (const signedVC of credentials) {
|
|
113
|
-
|
|
215
|
+
|
|
216
|
+
if (typeof signedVC === 'string') {
|
|
217
|
+
jwtCredentials.push(signedVC);
|
|
218
|
+
shouldSkipSigning = true;
|
|
219
|
+
} else {
|
|
220
|
+
vp.addCredential(signedVC);
|
|
221
|
+
}
|
|
114
222
|
shouldSkipSigning = shouldSkipSigning || isAnnonymousCredential(signedVC);
|
|
115
223
|
}
|
|
116
224
|
|
|
@@ -123,19 +231,60 @@ class CredentialService {
|
|
|
123
231
|
const suite = await getSuiteFromKeyDoc(keyPair);
|
|
124
232
|
|
|
125
233
|
if (shouldSkipSigning) {
|
|
126
|
-
|
|
234
|
+
const result = vp.toJSON();
|
|
235
|
+
result.verifiableCredential.push(...jwtCredentials);
|
|
236
|
+
return result;
|
|
127
237
|
}
|
|
128
238
|
|
|
129
239
|
return vp.sign(suite, challenge, domain, blockchainService.resolver);
|
|
130
240
|
}
|
|
131
241
|
|
|
242
|
+
/**
|
|
243
|
+
* Verifies a verifiable presentation
|
|
244
|
+
* @param {Object} params - Verification parameters
|
|
245
|
+
* @param {Object} params.presentation - The presentation to verify
|
|
246
|
+
* @param {Object} [params.options] - Verification options
|
|
247
|
+
* @returns {Promise<Object>} Verification result with verified status and any errors
|
|
248
|
+
* @example
|
|
249
|
+
* const result = await credentialService.verifyPresentation({
|
|
250
|
+
* presentation: presentationData
|
|
251
|
+
* });
|
|
252
|
+
* console.log('Verified:', result.verified);
|
|
253
|
+
*/
|
|
132
254
|
async verifyPresentation({ presentation, options }: any) {
|
|
133
255
|
return verifyPresentation(presentation, options);
|
|
134
256
|
}
|
|
135
257
|
|
|
258
|
+
/**
|
|
259
|
+
* Verifies a verifiable credential including revocation check
|
|
260
|
+
* @param {Object} params - Verification parameters
|
|
261
|
+
* @param {Object} params.credential - The credential to verify
|
|
262
|
+
* @param {Object} [params.membershipWitness] - Membership witness for revocation check
|
|
263
|
+
* @returns {Promise<Object>} Verification result
|
|
264
|
+
* @returns {boolean} returns.verified - Whether the credential is valid
|
|
265
|
+
* @returns {string} [returns.error] - Error message if verification failed
|
|
266
|
+
* @throws {Error} If validation fails
|
|
267
|
+
* @example
|
|
268
|
+
* const result = await credentialService.verifyCredential({
|
|
269
|
+
* credential: credentialData,
|
|
270
|
+
* membershipWitness: witnessData
|
|
271
|
+
* });
|
|
272
|
+
* if (!result.verified) {
|
|
273
|
+
* console.error('Verification failed:', result.error);
|
|
274
|
+
* }
|
|
275
|
+
*/
|
|
136
276
|
async verifyCredential(params) {
|
|
137
277
|
validation.verifyCredential(params);
|
|
138
|
-
|
|
278
|
+
let {credential, membershipWitness} = params;
|
|
279
|
+
|
|
280
|
+
if (credential._sd_jwt) {
|
|
281
|
+
credential = credential?._sd_jwt?.encoded;
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
if (typeof credential === 'string' && checkIsSDJWT(credential)) {
|
|
285
|
+
return verifySDJWT(credential);
|
|
286
|
+
}
|
|
287
|
+
|
|
139
288
|
const result = await verifyCredential(credential, {
|
|
140
289
|
resolver: blockchainService.resolver,
|
|
141
290
|
revocationApi: {dock: blockchainService.dock},
|
|
@@ -160,6 +309,20 @@ class CredentialService {
|
|
|
160
309
|
return result;
|
|
161
310
|
}
|
|
162
311
|
|
|
312
|
+
/**
|
|
313
|
+
* Filters credentials based on a presentation definition
|
|
314
|
+
* @param {Object} params - Filter parameters
|
|
315
|
+
* @param {Array<Object>} params.credentials - Array of credentials to filter
|
|
316
|
+
* @param {Object} params.presentationDefinition - PEX presentation definition
|
|
317
|
+
* @param {string} [params.holderDid] - DID of the credential holder
|
|
318
|
+
* @returns {Object} Filtered credentials matching the presentation definition
|
|
319
|
+
* @example
|
|
320
|
+
* const filtered = credentialService.filterCredentials({
|
|
321
|
+
* credentials: allCredentials,
|
|
322
|
+
* presentationDefinition: definition,
|
|
323
|
+
* holderDid: 'did:example:holder'
|
|
324
|
+
* });
|
|
325
|
+
*/
|
|
163
326
|
filterCredentials(params) {
|
|
164
327
|
const {credentials, presentationDefinition, holderDid} = params;
|
|
165
328
|
const result = pex.selectFrom(
|
|
@@ -171,6 +334,18 @@ class CredentialService {
|
|
|
171
334
|
return result;
|
|
172
335
|
}
|
|
173
336
|
|
|
337
|
+
/**
|
|
338
|
+
* Evaluates a presentation against a presentation definition
|
|
339
|
+
* @param {Object} params - Evaluation parameters
|
|
340
|
+
* @param {Object} params.presentation - The presentation to evaluate
|
|
341
|
+
* @param {Object} params.presentationDefinition - PEX presentation definition
|
|
342
|
+
* @returns {Object} Evaluation result with validation details
|
|
343
|
+
* @example
|
|
344
|
+
* const evaluation = credentialService.evaluatePresentation({
|
|
345
|
+
* presentation: presentationData,
|
|
346
|
+
* presentationDefinition: definition
|
|
347
|
+
* });
|
|
348
|
+
*/
|
|
174
349
|
evaluatePresentation(params) {
|
|
175
350
|
const {presentation, presentationDefinition} = params;
|
|
176
351
|
const result = pex.evaluatePresentation(
|
|
@@ -181,16 +356,81 @@ class CredentialService {
|
|
|
181
356
|
return result;
|
|
182
357
|
}
|
|
183
358
|
|
|
359
|
+
/**
|
|
360
|
+
* Checks if a credential uses BBS+ signature
|
|
361
|
+
* @param {Object} params - Check parameters
|
|
362
|
+
* @param {Object} params.credential - The credential to check
|
|
363
|
+
* @returns {boolean} True if the credential uses BBS+ signature
|
|
364
|
+
*/
|
|
184
365
|
isBBSPlusCredential(params) {
|
|
185
366
|
const {credential} = params;
|
|
186
367
|
return isBBSPlusCredential(credential);
|
|
187
368
|
}
|
|
188
369
|
|
|
370
|
+
/**
|
|
371
|
+
* Checks if a credential uses KVAC signature
|
|
372
|
+
* @param {Object} params - Check parameters
|
|
373
|
+
* @param {Object} params.credential - The credential to check
|
|
374
|
+
* @returns {boolean} True if the credential uses KVAC signature
|
|
375
|
+
*/
|
|
189
376
|
isKvacCredential(params) {
|
|
190
377
|
const {credential} = params;
|
|
191
378
|
return isKvacCredential(credential);
|
|
192
379
|
}
|
|
193
380
|
|
|
381
|
+
/**
|
|
382
|
+
* Checks if a credential is an SD-JWT (Selective Disclosure JWT) credential
|
|
383
|
+
* @param {Object} params - Check parameters
|
|
384
|
+
* @param {string} params.credential - The JWT string to check
|
|
385
|
+
* @returns {boolean} True if the credential is an SD-JWT credential
|
|
386
|
+
* @example
|
|
387
|
+
* const isSDJWT = credentialService.isSDJWTCredential({
|
|
388
|
+
* credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
|
|
389
|
+
* });
|
|
390
|
+
*/
|
|
391
|
+
isSDJWTCredential(params) {
|
|
392
|
+
const {credential} = params;
|
|
393
|
+
return checkIsSDJWT(credential);
|
|
394
|
+
}
|
|
395
|
+
|
|
396
|
+
/**
|
|
397
|
+
* Converts a credential to W3C Verifiable Credential format
|
|
398
|
+
* @description Handles both SD-JWT credentials (needs decoding) and regular W3C credentials (returns as-is)
|
|
399
|
+
* @param {Object} params - Conversion parameters
|
|
400
|
+
* @param {string|Object} params.credential - Either an SD-JWT string or a credential object
|
|
401
|
+
* @returns {Promise<Object>} W3C Verifiable Credential format
|
|
402
|
+
* @throws {Error} If credential cannot be converted to W3C format
|
|
403
|
+
* @example
|
|
404
|
+
* // Convert SD-JWT to W3C format
|
|
405
|
+
* const w3cCredential = await credentialService.credentialToW3C({
|
|
406
|
+
* credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
|
|
407
|
+
* });
|
|
408
|
+
*
|
|
409
|
+
* // Returns W3C credential as-is
|
|
410
|
+
* const w3cCredential = await credentialService.credentialToW3C({
|
|
411
|
+
* credential: { '@context': [...], type: [...], ... }
|
|
412
|
+
* });
|
|
413
|
+
*/
|
|
414
|
+
async credentialToW3C(params) {
|
|
415
|
+
const {credential} = params;
|
|
416
|
+
return convertCredentialToW3C(credential);
|
|
417
|
+
}
|
|
418
|
+
|
|
419
|
+
/**
|
|
420
|
+
* Acquires a credential through OpenID for Verifiable Credentials (OID4VC)
|
|
421
|
+
* @param {Object} params - Acquisition parameters
|
|
422
|
+
* @param {string} params.uri - The credential offer URI
|
|
423
|
+
* @param {string} [params.authorizationCode] - Authorization code if required
|
|
424
|
+
* @param {Object} params.holderKeyDocument - Key document for the credential holder
|
|
425
|
+
* @returns {Promise<Object>} Result containing the credential or authorization URL
|
|
426
|
+
* @returns {Object} [returns.credential] - The acquired credential
|
|
427
|
+
* @returns {string} [returns.authorizationURL] - Authorization URL if auth is required
|
|
428
|
+
* @example
|
|
429
|
+
* const result = await credentialService.acquireOIDCredential({
|
|
430
|
+
* uri: 'openid-credential-offer://...',
|
|
431
|
+
* holderKeyDocument: keyDoc
|
|
432
|
+
* });
|
|
433
|
+
*/
|
|
194
434
|
async acquireOIDCredential({
|
|
195
435
|
uri,
|
|
196
436
|
authorizationCode,
|
|
@@ -209,6 +449,8 @@ class CredentialService {
|
|
|
209
449
|
authorizationRequest: {
|
|
210
450
|
redirectUri: 'dock-wallet://credentials/callback',
|
|
211
451
|
clientId: 'dock.wallet',
|
|
452
|
+
// Hack: we need the scope property to avoid 'CredentialOffer format is wrong.' error
|
|
453
|
+
scope: []
|
|
212
454
|
},
|
|
213
455
|
});
|
|
214
456
|
|
|
@@ -264,6 +506,22 @@ class CredentialService {
|
|
|
264
506
|
}
|
|
265
507
|
}
|
|
266
508
|
|
|
509
|
+
/**
|
|
510
|
+
* Creates a BBS+ presentation with selective disclosure
|
|
511
|
+
* @param {Object} params - Presentation parameters
|
|
512
|
+
* @param {Array<Object>} params.credentials - Array of credentials with attributes to reveal
|
|
513
|
+
* @param {Object} params.credentials[].credential - The BBS+ credential
|
|
514
|
+
* @param {Array<string>} [params.credentials[].attributesToReveal] - Attributes to reveal
|
|
515
|
+
* @returns {Promise<Object>} The BBS+ presentation
|
|
516
|
+
* @throws {Error} If validation fails
|
|
517
|
+
* @example
|
|
518
|
+
* const presentation = await credentialService.createBBSPresentation({
|
|
519
|
+
* credentials: [{
|
|
520
|
+
* credential: bbsCredential,
|
|
521
|
+
* attributesToReveal: ['name', 'age']
|
|
522
|
+
* }]
|
|
523
|
+
* });
|
|
524
|
+
*/
|
|
267
525
|
async createBBSPresentation(params) {
|
|
268
526
|
validation.createBBSPresentation(params);
|
|
269
527
|
const {credentials} = params;
|
|
@@ -280,6 +538,13 @@ class CredentialService {
|
|
|
280
538
|
return bbsPlusPresentation.createPresentation();
|
|
281
539
|
}
|
|
282
540
|
|
|
541
|
+
/**
|
|
542
|
+
* Gets the accumulator ID from a credential's status
|
|
543
|
+
* @param {Object} params - Parameters
|
|
544
|
+
* @param {Object} params.credential - The credential to get accumulator ID from
|
|
545
|
+
* @returns {string|null} The accumulator ID or null if not present
|
|
546
|
+
* @throws {Error} If credential is not provided
|
|
547
|
+
*/
|
|
283
548
|
getAccumulatorId({credential}) {
|
|
284
549
|
assert(!!credential, `credential is required`);
|
|
285
550
|
if (!credential?.credentialStatus) {
|
|
@@ -289,6 +554,13 @@ class CredentialService {
|
|
|
289
554
|
return credential?.credentialStatus.id;
|
|
290
555
|
}
|
|
291
556
|
|
|
557
|
+
/**
|
|
558
|
+
* Gets accumulator data from the blockchain for a credential
|
|
559
|
+
* @param {Object} params - Parameters
|
|
560
|
+
* @param {Object} params.credential - The credential to get accumulator data for
|
|
561
|
+
* @returns {Promise<Object|null>} The accumulator data or null if not found
|
|
562
|
+
* @throws {Error} If credential is not provided
|
|
563
|
+
*/
|
|
292
564
|
async getAccumulatorData({credential}) {
|
|
293
565
|
assert(!!credential, `credential is required`);
|
|
294
566
|
const accumulatorId = await this.getAccumulatorId({credential});
|
|
@@ -304,10 +576,15 @@ class CredentialService {
|
|
|
304
576
|
}
|
|
305
577
|
|
|
306
578
|
/**
|
|
307
|
-
*
|
|
308
|
-
* The witness is generated by the issuer when the credential is created
|
|
309
|
-
*
|
|
310
|
-
*
|
|
579
|
+
* Updates the membership witness with the latest accumulator state
|
|
580
|
+
* @description The witness is generated by the issuer when the credential is created
|
|
581
|
+
* and is stored in the wallet when the credential is imported. This method updates
|
|
582
|
+
* it with the latest accumulator changes from the blockchain.
|
|
583
|
+
* @param {Object} params - Update parameters
|
|
584
|
+
* @param {Object} params.credential - The credential with revocation status
|
|
585
|
+
* @param {Object} params.membershipWitnessJSON - Current membership witness in JSON format
|
|
586
|
+
* @returns {Promise<Object>} Updated membership witness in JSON format
|
|
587
|
+
* @throws {Error} If updates cannot be fetched or applied
|
|
311
588
|
*/
|
|
312
589
|
async updateMembershipWitness({credential, membershipWitnessJSON}) {
|
|
313
590
|
const revocationId = credential.credentialStatus.revocationId;
|
|
@@ -359,6 +636,25 @@ class CredentialService {
|
|
|
359
636
|
return witness.toJSON();
|
|
360
637
|
}
|
|
361
638
|
|
|
639
|
+
/**
|
|
640
|
+
* Derives verifiable credentials from a presentation with selective disclosure
|
|
641
|
+
* @param {Object} params - Derivation parameters
|
|
642
|
+
* @param {Array<Object>} params.credentials - Array of credential objects
|
|
643
|
+
* @param {Object} params.credentials[].credential - The credential
|
|
644
|
+
* @param {Array<string>} params.credentials[].attributesToReveal - Attributes to reveal
|
|
645
|
+
* @param {Object} [params.credentials[].witness] - Membership witness for revocation
|
|
646
|
+
* @param {Object} [params.options={}] - Additional options for derivation
|
|
647
|
+
* @param {Object} [params.proofRequest] - Proof request with constraints
|
|
648
|
+
* @returns {Promise<Array>} Array of derived credentials
|
|
649
|
+
* @throws {Error} If validation fails
|
|
650
|
+
* @example
|
|
651
|
+
* const derivedCredentials = await credentialService.deriveVCFromPresentation({
|
|
652
|
+
* credentials: [{
|
|
653
|
+
* credential: bbsCredential,
|
|
654
|
+
* attributesToReveal: ['name', 'dateOfBirth']
|
|
655
|
+
* }]
|
|
656
|
+
* });
|
|
657
|
+
*/
|
|
362
658
|
async deriveVCFromPresentation(params) {
|
|
363
659
|
validation.deriveVCFromPresentation(params);
|
|
364
660
|
const {credentials, options = {}, proofRequest} = params;
|
|
@@ -397,7 +693,7 @@ class CredentialService {
|
|
|
397
693
|
? descriptorBounds[idx].map(bound => bound.attributeName)
|
|
398
694
|
: [];
|
|
399
695
|
const filteredAttributes = attributesToReveal.filter(
|
|
400
|
-
attribute => !attributesToSkip.includes(attribute),
|
|
696
|
+
attribute => !attributesToSkip.includes(attribute) && !shouldSkipAttribute(attribute),
|
|
401
697
|
);
|
|
402
698
|
const _pexRequiredAttributes = pexRequiredAttributes[idx] || [];
|
|
403
699
|
|
|
@@ -443,9 +739,34 @@ class CredentialService {
|
|
|
443
739
|
return credentialsFromPresentation;
|
|
444
740
|
}
|
|
445
741
|
|
|
742
|
+
/**
|
|
743
|
+
* Test method for range proofs
|
|
744
|
+
* @private
|
|
745
|
+
* @returns {Promise<void>}
|
|
746
|
+
*/
|
|
446
747
|
async testRangeProof() {
|
|
447
748
|
console.log('test');
|
|
448
749
|
}
|
|
449
750
|
}
|
|
450
751
|
|
|
752
|
+
/**
|
|
753
|
+
* Singleton instance of the credential service
|
|
754
|
+
* @type {CredentialService}
|
|
755
|
+
* @example
|
|
756
|
+
* import { credentialService } from '@docknetwork/wallet-sdk-wasm/services/credential';
|
|
757
|
+
*
|
|
758
|
+
* // Create and sign a credential
|
|
759
|
+
* const credential = credentialService.generateCredential({
|
|
760
|
+
* subject: { id: 'did:example:123' }
|
|
761
|
+
* });
|
|
762
|
+
* const signed = await credentialService.signCredential({
|
|
763
|
+
* vcJson: credential,
|
|
764
|
+
* keyDoc: issuerKey
|
|
765
|
+
* });
|
|
766
|
+
*
|
|
767
|
+
* // Verify a credential
|
|
768
|
+
* const result = await credentialService.verifyCredential({
|
|
769
|
+
* credential: signedCredential
|
|
770
|
+
* });
|
|
771
|
+
*/
|
|
451
772
|
export const credentialService = new CredentialService();
|