@docknetwork/wallet-sdk-wasm 1.5.14 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generate-docs.js +49 -0
- package/jsdoc.conf.json +29 -6
- package/lib/index.js +8 -1
- package/lib/index.mjs +8 -1
- package/lib/rpc-server.js +10 -1
- package/lib/rpc-server.mjs +10 -1
- package/lib/services/blockchain/cached-did-resolver.js +113 -0
- package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
- package/lib/services/blockchain/index.js +11 -0
- package/lib/services/blockchain/index.mjs +11 -0
- package/lib/services/blockchain/service-rpc.js +12 -0
- package/lib/services/blockchain/service-rpc.mjs +12 -0
- package/lib/services/blockchain/service.js +140 -11
- package/lib/services/blockchain/service.mjs +140 -11
- package/lib/services/credential/bbs-revocation.js +11 -0
- package/lib/services/credential/bbs-revocation.mjs +11 -0
- package/lib/services/credential/config.js +4 -1
- package/lib/services/credential/config.mjs +4 -1
- package/lib/services/credential/index.js +14 -0
- package/lib/services/credential/index.mjs +14 -0
- package/lib/services/credential/sd-jwt.js +214 -0
- package/lib/services/credential/sd-jwt.mjs +200 -0
- package/lib/services/credential/service-rpc.js +9 -0
- package/lib/services/credential/service-rpc.mjs +9 -0
- package/lib/services/credential/service.js +324 -7
- package/lib/services/credential/service.mjs +324 -7
- package/lib/services/edv/service.js +145 -1
- package/lib/services/edv/service.mjs +145 -1
- package/lib/services/index.js +13 -0
- package/lib/services/index.mjs +13 -0
- package/lib/services/relay-service/service.js +124 -1
- package/lib/services/relay-service/service.mjs +124 -1
- package/lib/services/rpc-service-client.js +0 -3
- package/lib/services/rpc-service-client.mjs +0 -3
- package/lib/services/storage/index.js +19 -2
- package/lib/services/storage/index.mjs +24 -1
- package/lib/services/storage/service-rpc.js +7 -3
- package/lib/services/storage/service-rpc.mjs +7 -3
- package/lib/services/storage/service.js +4 -0
- package/lib/services/storage/service.mjs +4 -0
- package/lib/setup-nodejs.js +8 -1
- package/lib/setup-nodejs.mjs +8 -1
- package/lib/setup-tests.js +8 -1
- package/lib/setup-tests.mjs +8 -1
- package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
- package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
- package/lib/src/services/blockchain/service.d.ts +114 -17
- package/lib/src/services/blockchain/service.d.ts.map +1 -1
- package/lib/src/services/credential/config.d.ts.map +1 -1
- package/lib/src/services/credential/index.d.ts +3 -0
- package/lib/src/services/credential/index.d.ts.map +1 -1
- package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
- package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
- package/lib/src/services/credential/service.d.ts +274 -4
- package/lib/src/services/credential/service.d.ts.map +1 -1
- package/lib/src/services/edv/service.d.ts +151 -1
- package/lib/src/services/edv/service.d.ts.map +1 -1
- package/lib/src/services/relay-service/service.d.ts +129 -1
- package/lib/src/services/relay-service/service.d.ts.map +1 -1
- package/lib/src/services/rpc-service-client.d.ts +2 -2
- package/lib/src/services/rpc-service-client.d.ts.map +1 -1
- package/lib/src/services/storage/index.d.ts +1 -1
- package/lib/src/services/storage/index.d.ts.map +1 -1
- package/lib/src/services/storage/service-rpc.d.ts +9 -0
- package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
- package/lib/src/services/storage/service.d.ts +1 -0
- package/lib/src/services/storage/service.d.ts.map +1 -1
- package/lib/src/services/util-crypto/service.d.ts +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/lib/wallet/rpc-storage-interface.js +13 -3
- package/lib/wallet/rpc-storage-interface.mjs +11 -1
- package/lib/wallet/rpc-storage-wallet.js +10 -0
- package/lib/wallet/rpc-storage-wallet.mjs +10 -0
- package/package.json +13 -8
- package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
- package/src/services/blockchain/cached-did-resolver.ts +126 -0
- package/src/services/blockchain/service-rpc.js +12 -0
- package/src/services/blockchain/service.ts +142 -11
- package/src/services/credential/config.ts +7 -1
- package/src/services/credential/sd-jwt.test.ts +718 -0
- package/src/services/credential/sd-jwt.ts +231 -0
- package/src/services/credential/service-rpc.js +9 -0
- package/src/services/credential/service.ts +328 -7
- package/src/services/edv/service.ts +153 -1
- package/src/services/relay-service/service.ts +130 -1
- package/src/services/rpc-service-client.js +0 -3
- package/src/services/storage/index.js +15 -1
- package/src/services/storage/service-rpc.js +7 -3
- package/src/services/storage/service.ts +5 -0
|
@@ -1,4 +1,12 @@
|
|
|
1
1
|
// @ts-nocheck
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* @module credential-service
|
|
5
|
+
* @description Verifiable credential management service for the Wallet SDK.
|
|
6
|
+
* This module provides functionality for creating, signing, verifying, and presenting
|
|
7
|
+
* verifiable credentials including support for BBS+ signatures and anonymous credentials.
|
|
8
|
+
*/
|
|
9
|
+
|
|
2
10
|
import {serviceName, validation} from './config';
|
|
3
11
|
import {
|
|
4
12
|
Accumulator,
|
|
@@ -31,9 +39,24 @@ import axios from 'axios';
|
|
|
31
39
|
import {getIsRevoked, getWitnessDetails} from './bbs-revocation';
|
|
32
40
|
import {getPexRequiredAttributes, shouldSkipAttribute} from './pex-helpers';
|
|
33
41
|
import {didService} from '../dids/service';
|
|
42
|
+
import {isSDJWTCredential as checkIsSDJWT, credentialToW3C as convertCredentialToW3C, verifySDJWT, createSDJWTPresentation} from './sd-jwt';
|
|
34
43
|
|
|
44
|
+
/**
|
|
45
|
+
* PEX (Presentation Exchange) instance for credential filtering
|
|
46
|
+
* @private
|
|
47
|
+
*/
|
|
35
48
|
const pex: PEX = new PEX();
|
|
36
49
|
|
|
50
|
+
/**
|
|
51
|
+
* Checks if a credential uses BBS+ signature
|
|
52
|
+
* @param {Object} credential - The credential to check
|
|
53
|
+
* @returns {boolean} True if the credential uses BBS+ signature
|
|
54
|
+
* @example
|
|
55
|
+
* const isBBS = isBBSPlusCredential(credential);
|
|
56
|
+
* if (isBBS) {
|
|
57
|
+
* console.log('This credential uses BBS+ signatures');
|
|
58
|
+
* }
|
|
59
|
+
*/
|
|
37
60
|
export function isBBSPlusCredential(credential) {
|
|
38
61
|
return (
|
|
39
62
|
(typeof credential?.proof?.type === 'string' &&
|
|
@@ -45,6 +68,13 @@ export function isBBSPlusCredential(credential) {
|
|
|
45
68
|
);
|
|
46
69
|
}
|
|
47
70
|
|
|
71
|
+
/**
|
|
72
|
+
* Checks if a credential uses KVAC (BBDT16) signature
|
|
73
|
+
* @param {Object} credential - The credential to check
|
|
74
|
+
* @returns {boolean} True if the credential uses KVAC signature
|
|
75
|
+
* @example
|
|
76
|
+
* const isKVAC = isKvacCredential(credential);
|
|
77
|
+
*/
|
|
48
78
|
export function isKvacCredential(credential) {
|
|
49
79
|
return (
|
|
50
80
|
typeof credential?.proof?.type === 'string' &&
|
|
@@ -52,11 +82,30 @@ export function isKvacCredential(credential) {
|
|
|
52
82
|
);
|
|
53
83
|
}
|
|
54
84
|
|
|
85
|
+
/**
|
|
86
|
+
* Checks if a credential is anonymous (BBS+ or KVAC)
|
|
87
|
+
* @param {Object} credential - The credential to check
|
|
88
|
+
* @returns {boolean} True if the credential is anonymous
|
|
89
|
+
* @example
|
|
90
|
+
* if (isAnnonymousCredential(credential)) {
|
|
91
|
+
* console.log('This credential supports selective disclosure');
|
|
92
|
+
* }
|
|
93
|
+
*/
|
|
55
94
|
export function isAnnonymousCredential(credential) {
|
|
56
95
|
return isBBSPlusCredential(credential) || isKvacCredential(credential);
|
|
57
96
|
}
|
|
58
97
|
|
|
98
|
+
/**
|
|
99
|
+
* Service class for managing verifiable credentials
|
|
100
|
+
* @class
|
|
101
|
+
* @description Provides methods for creating, signing, verifying, and presenting
|
|
102
|
+
* verifiable credentials with support for various signature types
|
|
103
|
+
*/
|
|
59
104
|
class CredentialService {
|
|
105
|
+
/**
|
|
106
|
+
* Creates a new CredentialService instance
|
|
107
|
+
* @constructor
|
|
108
|
+
*/
|
|
60
109
|
constructor() {
|
|
61
110
|
this.name = serviceName;
|
|
62
111
|
}
|
|
@@ -69,8 +118,28 @@ class CredentialService {
|
|
|
69
118
|
CredentialService.prototype.deriveVCFromPresentation,
|
|
70
119
|
CredentialService.prototype.isBBSPlusCredential,
|
|
71
120
|
CredentialService.prototype.isKvacCredential,
|
|
121
|
+
CredentialService.prototype.isSDJWTCredential,
|
|
122
|
+
CredentialService.prototype.credentialToW3C,
|
|
123
|
+
CredentialService.prototype.createSDJWTPresentation,
|
|
72
124
|
CredentialService.prototype.acquireOIDCredential,
|
|
73
125
|
];
|
|
126
|
+
|
|
127
|
+
|
|
128
|
+
createSDJWTPresentation(params) {
|
|
129
|
+
const {attributesToReveal, credential} = params;
|
|
130
|
+
return createSDJWTPresentation({attributesToReveal, credential});
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
/**
|
|
134
|
+
* Generates a new verifiable credential template
|
|
135
|
+
* @param {Object} [params={}] - Generation parameters
|
|
136
|
+
* @param {Object} [params.subject] - The credential subject
|
|
137
|
+
* @returns {VerifiableCredential} A new verifiable credential instance
|
|
138
|
+
* @example
|
|
139
|
+
* const credential = credentialService.generateCredential({
|
|
140
|
+
* subject: { id: 'did:example:123', name: 'Alice' }
|
|
141
|
+
* });
|
|
142
|
+
*/
|
|
74
143
|
generateCredential(params = {}) {
|
|
75
144
|
validation.generateCredential(params);
|
|
76
145
|
const {subject} = params;
|
|
@@ -89,6 +158,19 @@ class CredentialService {
|
|
|
89
158
|
}
|
|
90
159
|
return vc;
|
|
91
160
|
}
|
|
161
|
+
/**
|
|
162
|
+
* Signs a verifiable credential
|
|
163
|
+
* @param {Object} params - Signing parameters
|
|
164
|
+
* @param {Object} params.vcJson - The credential JSON to sign
|
|
165
|
+
* @param {Object} params.keyDoc - The key document for signing
|
|
166
|
+
* @returns {Promise<VerifiableCredential>} The signed verifiable credential
|
|
167
|
+
* @throws {Error} If validation fails or signing fails
|
|
168
|
+
* @example
|
|
169
|
+
* const signedCredential = await credentialService.signCredential({
|
|
170
|
+
* vcJson: credentialData,
|
|
171
|
+
* keyDoc: issuerKeyDocument
|
|
172
|
+
* });
|
|
173
|
+
*/
|
|
92
174
|
async signCredential(params) {
|
|
93
175
|
validation.signCredential(params);
|
|
94
176
|
const {vcJson, keyDoc} = params;
|
|
@@ -104,13 +186,39 @@ class CredentialService {
|
|
|
104
186
|
|
|
105
187
|
return verifiableCredential;
|
|
106
188
|
}
|
|
189
|
+
/**
|
|
190
|
+
* Creates a verifiable presentation from credentials
|
|
191
|
+
* @param {Object} params - Presentation parameters
|
|
192
|
+
* @param {Array<Object>} params.credentials - Array of verifiable credentials to include
|
|
193
|
+
* @param {Object} params.keyDoc - The key document for signing the presentation
|
|
194
|
+
* @param {string} [params.challenge] - Challenge string for the presentation proof
|
|
195
|
+
* @param {string} [params.id] - Presentation identifier
|
|
196
|
+
* @param {string} [params.domain] - Domain for the presentation proof
|
|
197
|
+
* @returns {Promise<Object>} The signed verifiable presentation
|
|
198
|
+
* @throws {Error} If validation fails
|
|
199
|
+
* @example
|
|
200
|
+
* const presentation = await credentialService.createPresentation({
|
|
201
|
+
* credentials: [credential1, credential2],
|
|
202
|
+
* keyDoc: holderKeyDocument,
|
|
203
|
+
* challenge: 'abc123',
|
|
204
|
+
* domain: 'example.com'
|
|
205
|
+
* });
|
|
206
|
+
*/
|
|
107
207
|
async createPresentation(params) {
|
|
108
208
|
validation.createPresentation(params);
|
|
109
209
|
const {credentials, keyDoc, challenge, id, domain} = params;
|
|
110
210
|
const vp = new VerifiablePresentation(id);
|
|
111
211
|
let shouldSkipSigning = false;
|
|
212
|
+
let jwtCredentials = [];
|
|
213
|
+
|
|
112
214
|
for (const signedVC of credentials) {
|
|
113
|
-
|
|
215
|
+
|
|
216
|
+
if (typeof signedVC === 'string') {
|
|
217
|
+
jwtCredentials.push(signedVC);
|
|
218
|
+
shouldSkipSigning = true;
|
|
219
|
+
} else {
|
|
220
|
+
vp.addCredential(signedVC);
|
|
221
|
+
}
|
|
114
222
|
shouldSkipSigning = shouldSkipSigning || isAnnonymousCredential(signedVC);
|
|
115
223
|
}
|
|
116
224
|
|
|
@@ -123,19 +231,60 @@ class CredentialService {
|
|
|
123
231
|
const suite = await getSuiteFromKeyDoc(keyPair);
|
|
124
232
|
|
|
125
233
|
if (shouldSkipSigning) {
|
|
126
|
-
|
|
234
|
+
const result = vp.toJSON();
|
|
235
|
+
result.verifiableCredential.push(...jwtCredentials);
|
|
236
|
+
return result;
|
|
127
237
|
}
|
|
128
238
|
|
|
129
239
|
return vp.sign(suite, challenge, domain, blockchainService.resolver);
|
|
130
240
|
}
|
|
131
241
|
|
|
242
|
+
/**
|
|
243
|
+
* Verifies a verifiable presentation
|
|
244
|
+
* @param {Object} params - Verification parameters
|
|
245
|
+
* @param {Object} params.presentation - The presentation to verify
|
|
246
|
+
* @param {Object} [params.options] - Verification options
|
|
247
|
+
* @returns {Promise<Object>} Verification result with verified status and any errors
|
|
248
|
+
* @example
|
|
249
|
+
* const result = await credentialService.verifyPresentation({
|
|
250
|
+
* presentation: presentationData
|
|
251
|
+
* });
|
|
252
|
+
* console.log('Verified:', result.verified);
|
|
253
|
+
*/
|
|
132
254
|
async verifyPresentation({ presentation, options }: any) {
|
|
133
255
|
return verifyPresentation(presentation, options);
|
|
134
256
|
}
|
|
135
257
|
|
|
258
|
+
/**
|
|
259
|
+
* Verifies a verifiable credential including revocation check
|
|
260
|
+
* @param {Object} params - Verification parameters
|
|
261
|
+
* @param {Object} params.credential - The credential to verify
|
|
262
|
+
* @param {Object} [params.membershipWitness] - Membership witness for revocation check
|
|
263
|
+
* @returns {Promise<Object>} Verification result
|
|
264
|
+
* @returns {boolean} returns.verified - Whether the credential is valid
|
|
265
|
+
* @returns {string} [returns.error] - Error message if verification failed
|
|
266
|
+
* @throws {Error} If validation fails
|
|
267
|
+
* @example
|
|
268
|
+
* const result = await credentialService.verifyCredential({
|
|
269
|
+
* credential: credentialData,
|
|
270
|
+
* membershipWitness: witnessData
|
|
271
|
+
* });
|
|
272
|
+
* if (!result.verified) {
|
|
273
|
+
* console.error('Verification failed:', result.error);
|
|
274
|
+
* }
|
|
275
|
+
*/
|
|
136
276
|
async verifyCredential(params) {
|
|
137
277
|
validation.verifyCredential(params);
|
|
138
|
-
|
|
278
|
+
let {credential, membershipWitness} = params;
|
|
279
|
+
|
|
280
|
+
if (credential._sd_jwt) {
|
|
281
|
+
credential = credential?._sd_jwt?.encoded;
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
if (typeof credential === 'string' && checkIsSDJWT(credential)) {
|
|
285
|
+
return verifySDJWT(credential);
|
|
286
|
+
}
|
|
287
|
+
|
|
139
288
|
const result = await verifyCredential(credential, {
|
|
140
289
|
resolver: blockchainService.resolver,
|
|
141
290
|
revocationApi: {dock: blockchainService.dock},
|
|
@@ -160,6 +309,20 @@ class CredentialService {
|
|
|
160
309
|
return result;
|
|
161
310
|
}
|
|
162
311
|
|
|
312
|
+
/**
|
|
313
|
+
* Filters credentials based on a presentation definition
|
|
314
|
+
* @param {Object} params - Filter parameters
|
|
315
|
+
* @param {Array<Object>} params.credentials - Array of credentials to filter
|
|
316
|
+
* @param {Object} params.presentationDefinition - PEX presentation definition
|
|
317
|
+
* @param {string} [params.holderDid] - DID of the credential holder
|
|
318
|
+
* @returns {Object} Filtered credentials matching the presentation definition
|
|
319
|
+
* @example
|
|
320
|
+
* const filtered = credentialService.filterCredentials({
|
|
321
|
+
* credentials: allCredentials,
|
|
322
|
+
* presentationDefinition: definition,
|
|
323
|
+
* holderDid: 'did:example:holder'
|
|
324
|
+
* });
|
|
325
|
+
*/
|
|
163
326
|
filterCredentials(params) {
|
|
164
327
|
const {credentials, presentationDefinition, holderDid} = params;
|
|
165
328
|
const result = pex.selectFrom(
|
|
@@ -171,6 +334,18 @@ class CredentialService {
|
|
|
171
334
|
return result;
|
|
172
335
|
}
|
|
173
336
|
|
|
337
|
+
/**
|
|
338
|
+
* Evaluates a presentation against a presentation definition
|
|
339
|
+
* @param {Object} params - Evaluation parameters
|
|
340
|
+
* @param {Object} params.presentation - The presentation to evaluate
|
|
341
|
+
* @param {Object} params.presentationDefinition - PEX presentation definition
|
|
342
|
+
* @returns {Object} Evaluation result with validation details
|
|
343
|
+
* @example
|
|
344
|
+
* const evaluation = credentialService.evaluatePresentation({
|
|
345
|
+
* presentation: presentationData,
|
|
346
|
+
* presentationDefinition: definition
|
|
347
|
+
* });
|
|
348
|
+
*/
|
|
174
349
|
evaluatePresentation(params) {
|
|
175
350
|
const {presentation, presentationDefinition} = params;
|
|
176
351
|
const result = pex.evaluatePresentation(
|
|
@@ -181,16 +356,81 @@ class CredentialService {
|
|
|
181
356
|
return result;
|
|
182
357
|
}
|
|
183
358
|
|
|
359
|
+
/**
|
|
360
|
+
* Checks if a credential uses BBS+ signature
|
|
361
|
+
* @param {Object} params - Check parameters
|
|
362
|
+
* @param {Object} params.credential - The credential to check
|
|
363
|
+
* @returns {boolean} True if the credential uses BBS+ signature
|
|
364
|
+
*/
|
|
184
365
|
isBBSPlusCredential(params) {
|
|
185
366
|
const {credential} = params;
|
|
186
367
|
return isBBSPlusCredential(credential);
|
|
187
368
|
}
|
|
188
369
|
|
|
370
|
+
/**
|
|
371
|
+
* Checks if a credential uses KVAC signature
|
|
372
|
+
* @param {Object} params - Check parameters
|
|
373
|
+
* @param {Object} params.credential - The credential to check
|
|
374
|
+
* @returns {boolean} True if the credential uses KVAC signature
|
|
375
|
+
*/
|
|
189
376
|
isKvacCredential(params) {
|
|
190
377
|
const {credential} = params;
|
|
191
378
|
return isKvacCredential(credential);
|
|
192
379
|
}
|
|
193
380
|
|
|
381
|
+
/**
|
|
382
|
+
* Checks if a credential is an SD-JWT (Selective Disclosure JWT) credential
|
|
383
|
+
* @param {Object} params - Check parameters
|
|
384
|
+
* @param {string} params.credential - The JWT string to check
|
|
385
|
+
* @returns {boolean} True if the credential is an SD-JWT credential
|
|
386
|
+
* @example
|
|
387
|
+
* const isSDJWT = credentialService.isSDJWTCredential({
|
|
388
|
+
* credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
|
|
389
|
+
* });
|
|
390
|
+
*/
|
|
391
|
+
isSDJWTCredential(params) {
|
|
392
|
+
const {credential} = params;
|
|
393
|
+
return checkIsSDJWT(credential);
|
|
394
|
+
}
|
|
395
|
+
|
|
396
|
+
/**
|
|
397
|
+
* Converts a credential to W3C Verifiable Credential format
|
|
398
|
+
* @description Handles both SD-JWT credentials (needs decoding) and regular W3C credentials (returns as-is)
|
|
399
|
+
* @param {Object} params - Conversion parameters
|
|
400
|
+
* @param {string|Object} params.credential - Either an SD-JWT string or a credential object
|
|
401
|
+
* @returns {Promise<Object>} W3C Verifiable Credential format
|
|
402
|
+
* @throws {Error} If credential cannot be converted to W3C format
|
|
403
|
+
* @example
|
|
404
|
+
* // Convert SD-JWT to W3C format
|
|
405
|
+
* const w3cCredential = await credentialService.credentialToW3C({
|
|
406
|
+
* credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
|
|
407
|
+
* });
|
|
408
|
+
*
|
|
409
|
+
* // Returns W3C credential as-is
|
|
410
|
+
* const w3cCredential = await credentialService.credentialToW3C({
|
|
411
|
+
* credential: { '@context': [...], type: [...], ... }
|
|
412
|
+
* });
|
|
413
|
+
*/
|
|
414
|
+
async credentialToW3C(params) {
|
|
415
|
+
const {credential} = params;
|
|
416
|
+
return convertCredentialToW3C(credential);
|
|
417
|
+
}
|
|
418
|
+
|
|
419
|
+
/**
|
|
420
|
+
* Acquires a credential through OpenID for Verifiable Credentials (OID4VC)
|
|
421
|
+
* @param {Object} params - Acquisition parameters
|
|
422
|
+
* @param {string} params.uri - The credential offer URI
|
|
423
|
+
* @param {string} [params.authorizationCode] - Authorization code if required
|
|
424
|
+
* @param {Object} params.holderKeyDocument - Key document for the credential holder
|
|
425
|
+
* @returns {Promise<Object>} Result containing the credential or authorization URL
|
|
426
|
+
* @returns {Object} [returns.credential] - The acquired credential
|
|
427
|
+
* @returns {string} [returns.authorizationURL] - Authorization URL if auth is required
|
|
428
|
+
* @example
|
|
429
|
+
* const result = await credentialService.acquireOIDCredential({
|
|
430
|
+
* uri: 'openid-credential-offer://...',
|
|
431
|
+
* holderKeyDocument: keyDoc
|
|
432
|
+
* });
|
|
433
|
+
*/
|
|
194
434
|
async acquireOIDCredential({
|
|
195
435
|
uri,
|
|
196
436
|
authorizationCode,
|
|
@@ -209,6 +449,8 @@ class CredentialService {
|
|
|
209
449
|
authorizationRequest: {
|
|
210
450
|
redirectUri: 'dock-wallet://credentials/callback',
|
|
211
451
|
clientId: 'dock.wallet',
|
|
452
|
+
// Hack: we need the scope property to avoid 'CredentialOffer format is wrong.' error
|
|
453
|
+
scope: []
|
|
212
454
|
},
|
|
213
455
|
});
|
|
214
456
|
|
|
@@ -264,6 +506,22 @@ class CredentialService {
|
|
|
264
506
|
}
|
|
265
507
|
}
|
|
266
508
|
|
|
509
|
+
/**
|
|
510
|
+
* Creates a BBS+ presentation with selective disclosure
|
|
511
|
+
* @param {Object} params - Presentation parameters
|
|
512
|
+
* @param {Array<Object>} params.credentials - Array of credentials with attributes to reveal
|
|
513
|
+
* @param {Object} params.credentials[].credential - The BBS+ credential
|
|
514
|
+
* @param {Array<string>} [params.credentials[].attributesToReveal] - Attributes to reveal
|
|
515
|
+
* @returns {Promise<Object>} The BBS+ presentation
|
|
516
|
+
* @throws {Error} If validation fails
|
|
517
|
+
* @example
|
|
518
|
+
* const presentation = await credentialService.createBBSPresentation({
|
|
519
|
+
* credentials: [{
|
|
520
|
+
* credential: bbsCredential,
|
|
521
|
+
* attributesToReveal: ['name', 'age']
|
|
522
|
+
* }]
|
|
523
|
+
* });
|
|
524
|
+
*/
|
|
267
525
|
async createBBSPresentation(params) {
|
|
268
526
|
validation.createBBSPresentation(params);
|
|
269
527
|
const {credentials} = params;
|
|
@@ -280,6 +538,13 @@ class CredentialService {
|
|
|
280
538
|
return bbsPlusPresentation.createPresentation();
|
|
281
539
|
}
|
|
282
540
|
|
|
541
|
+
/**
|
|
542
|
+
* Gets the accumulator ID from a credential's status
|
|
543
|
+
* @param {Object} params - Parameters
|
|
544
|
+
* @param {Object} params.credential - The credential to get accumulator ID from
|
|
545
|
+
* @returns {string|null} The accumulator ID or null if not present
|
|
546
|
+
* @throws {Error} If credential is not provided
|
|
547
|
+
*/
|
|
283
548
|
getAccumulatorId({credential}) {
|
|
284
549
|
assert(!!credential, `credential is required`);
|
|
285
550
|
if (!credential?.credentialStatus) {
|
|
@@ -289,6 +554,13 @@ class CredentialService {
|
|
|
289
554
|
return credential?.credentialStatus.id;
|
|
290
555
|
}
|
|
291
556
|
|
|
557
|
+
/**
|
|
558
|
+
* Gets accumulator data from the blockchain for a credential
|
|
559
|
+
* @param {Object} params - Parameters
|
|
560
|
+
* @param {Object} params.credential - The credential to get accumulator data for
|
|
561
|
+
* @returns {Promise<Object|null>} The accumulator data or null if not found
|
|
562
|
+
* @throws {Error} If credential is not provided
|
|
563
|
+
*/
|
|
292
564
|
async getAccumulatorData({credential}) {
|
|
293
565
|
assert(!!credential, `credential is required`);
|
|
294
566
|
const accumulatorId = await this.getAccumulatorId({credential});
|
|
@@ -304,10 +576,15 @@ class CredentialService {
|
|
|
304
576
|
}
|
|
305
577
|
|
|
306
578
|
/**
|
|
307
|
-
*
|
|
308
|
-
* The witness is generated by the issuer when the credential is created
|
|
309
|
-
*
|
|
310
|
-
*
|
|
579
|
+
* Updates the membership witness with the latest accumulator state
|
|
580
|
+
* @description The witness is generated by the issuer when the credential is created
|
|
581
|
+
* and is stored in the wallet when the credential is imported. This method updates
|
|
582
|
+
* it with the latest accumulator changes from the blockchain.
|
|
583
|
+
* @param {Object} params - Update parameters
|
|
584
|
+
* @param {Object} params.credential - The credential with revocation status
|
|
585
|
+
* @param {Object} params.membershipWitnessJSON - Current membership witness in JSON format
|
|
586
|
+
* @returns {Promise<Object>} Updated membership witness in JSON format
|
|
587
|
+
* @throws {Error} If updates cannot be fetched or applied
|
|
311
588
|
*/
|
|
312
589
|
async updateMembershipWitness({credential, membershipWitnessJSON}) {
|
|
313
590
|
const revocationId = credential.credentialStatus.revocationId;
|
|
@@ -359,6 +636,25 @@ class CredentialService {
|
|
|
359
636
|
return witness.toJSON();
|
|
360
637
|
}
|
|
361
638
|
|
|
639
|
+
/**
|
|
640
|
+
* Derives verifiable credentials from a presentation with selective disclosure
|
|
641
|
+
* @param {Object} params - Derivation parameters
|
|
642
|
+
* @param {Array<Object>} params.credentials - Array of credential objects
|
|
643
|
+
* @param {Object} params.credentials[].credential - The credential
|
|
644
|
+
* @param {Array<string>} params.credentials[].attributesToReveal - Attributes to reveal
|
|
645
|
+
* @param {Object} [params.credentials[].witness] - Membership witness for revocation
|
|
646
|
+
* @param {Object} [params.options={}] - Additional options for derivation
|
|
647
|
+
* @param {Object} [params.proofRequest] - Proof request with constraints
|
|
648
|
+
* @returns {Promise<Array>} Array of derived credentials
|
|
649
|
+
* @throws {Error} If validation fails
|
|
650
|
+
* @example
|
|
651
|
+
* const derivedCredentials = await credentialService.deriveVCFromPresentation({
|
|
652
|
+
* credentials: [{
|
|
653
|
+
* credential: bbsCredential,
|
|
654
|
+
* attributesToReveal: ['name', 'dateOfBirth']
|
|
655
|
+
* }]
|
|
656
|
+
* });
|
|
657
|
+
*/
|
|
362
658
|
async deriveVCFromPresentation(params) {
|
|
363
659
|
validation.deriveVCFromPresentation(params);
|
|
364
660
|
const {credentials, options = {}, proofRequest} = params;
|
|
@@ -443,9 +739,34 @@ class CredentialService {
|
|
|
443
739
|
return credentialsFromPresentation;
|
|
444
740
|
}
|
|
445
741
|
|
|
742
|
+
/**
|
|
743
|
+
* Test method for range proofs
|
|
744
|
+
* @private
|
|
745
|
+
* @returns {Promise<void>}
|
|
746
|
+
*/
|
|
446
747
|
async testRangeProof() {
|
|
447
748
|
console.log('test');
|
|
448
749
|
}
|
|
449
750
|
}
|
|
450
751
|
|
|
752
|
+
/**
|
|
753
|
+
* Singleton instance of the credential service
|
|
754
|
+
* @type {CredentialService}
|
|
755
|
+
* @example
|
|
756
|
+
* import { credentialService } from '@docknetwork/wallet-sdk-wasm/services/credential';
|
|
757
|
+
*
|
|
758
|
+
* // Create and sign a credential
|
|
759
|
+
* const credential = credentialService.generateCredential({
|
|
760
|
+
* subject: { id: 'did:example:123' }
|
|
761
|
+
* });
|
|
762
|
+
* const signed = await credentialService.signCredential({
|
|
763
|
+
* vcJson: credential,
|
|
764
|
+
* keyDoc: issuerKey
|
|
765
|
+
* });
|
|
766
|
+
*
|
|
767
|
+
* // Verify a credential
|
|
768
|
+
* const result = await credentialService.verifyCredential({
|
|
769
|
+
* credential: signedCredential
|
|
770
|
+
* });
|
|
771
|
+
*/
|
|
451
772
|
export const credentialService = new CredentialService();
|
|
@@ -1,4 +1,12 @@
|
|
|
1
1
|
// @ts-nocheck
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* @module edv-service
|
|
5
|
+
* @description Encrypted Data Vault (EDV) service for the Wallet SDK.
|
|
6
|
+
* This module provides secure, encrypted storage functionality using EDV protocol,
|
|
7
|
+
* enabling privacy-preserving data storage with client-side encryption.
|
|
8
|
+
*/
|
|
9
|
+
|
|
2
10
|
import {InitializeEDVParams, serviceName} from './configs';
|
|
3
11
|
import EDVHTTPStorageInterface from '@docknetwork/universal-wallet/storage/edv-http-storage';
|
|
4
12
|
import HMAC from './hmac';
|
|
@@ -11,7 +19,10 @@ import {didService} from '@docknetwork/wallet-sdk-wasm/src/services/dids/service
|
|
|
11
19
|
import {Ed25519Keypair} from '@docknetwork/credential-sdk/keypairs';
|
|
12
20
|
|
|
13
21
|
/**
|
|
14
|
-
*
|
|
22
|
+
* Service class for managing Encrypted Data Vaults
|
|
23
|
+
* @class
|
|
24
|
+
* @description Provides methods for creating, managing, and interacting with
|
|
25
|
+
* encrypted data vaults for secure storage of sensitive wallet data
|
|
15
26
|
*/
|
|
16
27
|
export class EDVService {
|
|
17
28
|
storageInterface: EDVHTTPStorageInterface;
|
|
@@ -30,10 +41,33 @@ export class EDVService {
|
|
|
30
41
|
EDVService.prototype.delete,
|
|
31
42
|
];
|
|
32
43
|
|
|
44
|
+
/**
|
|
45
|
+
* Creates a new EDVService instance
|
|
46
|
+
* @constructor
|
|
47
|
+
*/
|
|
33
48
|
constructor() {
|
|
34
49
|
this.name = serviceName;
|
|
35
50
|
}
|
|
36
51
|
|
|
52
|
+
/**
|
|
53
|
+
* Initializes the EDV service with encryption keys and connection parameters
|
|
54
|
+
* @param {InitializeEDVParams} params - Initialization parameters
|
|
55
|
+
* @param {Object} params.hmacKey - HMAC key for document indexing
|
|
56
|
+
* @param {Object} params.agreementKey - Key agreement key for encryption
|
|
57
|
+
* @param {Object} params.verificationKey - Verification key for authentication
|
|
58
|
+
* @param {string} params.edvUrl - URL of the EDV server
|
|
59
|
+
* @param {string} params.authKey - Authentication key for the EDV server
|
|
60
|
+
* @returns {Promise<void>}
|
|
61
|
+
* @throws {Error} If unable to create or connect to EDV
|
|
62
|
+
* @example
|
|
63
|
+
* await edvService.initialize({
|
|
64
|
+
* hmacKey: hmacKeyData,
|
|
65
|
+
* agreementKey: agreementKeyData,
|
|
66
|
+
* verificationKey: verificationKeyData,
|
|
67
|
+
* edvUrl: 'https://edv.example.com',
|
|
68
|
+
* authKey: 'auth-token-123'
|
|
69
|
+
* });
|
|
70
|
+
*/
|
|
37
71
|
async initialize({
|
|
38
72
|
hmacKey,
|
|
39
73
|
agreementKey,
|
|
@@ -95,6 +129,21 @@ export class EDVService {
|
|
|
95
129
|
});
|
|
96
130
|
}
|
|
97
131
|
|
|
132
|
+
/**
|
|
133
|
+
* Generates new cryptographic keys for EDV operations
|
|
134
|
+
* @returns {Promise<Object>} Generated keys
|
|
135
|
+
* @returns {Object} returns.verificationKey - Ed25519 verification key for authentication
|
|
136
|
+
* @returns {Object} returns.agreementKey - X25519 key agreement key for encryption
|
|
137
|
+
* @returns {Object} returns.hmacKey - HMAC key for indexing
|
|
138
|
+
* @example
|
|
139
|
+
* const keys = await edvService.generateKeys();
|
|
140
|
+
* // Use keys for EDV initialization
|
|
141
|
+
* await edvService.initialize({
|
|
142
|
+
* ...keys,
|
|
143
|
+
* edvUrl: 'https://edv.example.com',
|
|
144
|
+
* authKey: 'auth-token'
|
|
145
|
+
* });
|
|
146
|
+
*/
|
|
98
147
|
async generateKeys() {
|
|
99
148
|
const keyPair = await didService.generateKeyDoc({});
|
|
100
149
|
|
|
@@ -111,6 +160,17 @@ export class EDVService {
|
|
|
111
160
|
return {verificationKey, agreementKey, hmacKey};
|
|
112
161
|
}
|
|
113
162
|
|
|
163
|
+
/**
|
|
164
|
+
* Derives cryptographic keys from a master key
|
|
165
|
+
* @param {Uint8Array} masterKey - Master key for derivation
|
|
166
|
+
* @returns {Promise<Object>} Derived keys
|
|
167
|
+
* @returns {Object} returns.verificationKey - Derived Ed25519 verification key
|
|
168
|
+
* @returns {Object} returns.agreementKey - Derived X25519 key agreement key
|
|
169
|
+
* @returns {Object} returns.hmacKey - Derived HMAC key
|
|
170
|
+
* @example
|
|
171
|
+
* const masterKey = new Uint8Array(32); // Your master key
|
|
172
|
+
* const keys = await edvService.deriveKeys(masterKey);
|
|
173
|
+
*/
|
|
114
174
|
async deriveKeys(masterKey: Uint8Array) {
|
|
115
175
|
const {keyPair: pair} = new Ed25519Keypair(masterKey, 'seed');
|
|
116
176
|
|
|
@@ -126,18 +186,66 @@ export class EDVService {
|
|
|
126
186
|
return { verificationKey, agreementKey, hmacKey };
|
|
127
187
|
}
|
|
128
188
|
|
|
189
|
+
/**
|
|
190
|
+
* Gets the controller identifier for the current EDV
|
|
191
|
+
* @returns {Promise<string>} The controller DID or identifier
|
|
192
|
+
* @example
|
|
193
|
+
* const controller = await edvService.getController();
|
|
194
|
+
* console.log('EDV Controller:', controller);
|
|
195
|
+
*/
|
|
129
196
|
async getController() {
|
|
130
197
|
return this.controller;
|
|
131
198
|
}
|
|
132
199
|
|
|
200
|
+
/**
|
|
201
|
+
* Finds documents in the EDV based on query parameters
|
|
202
|
+
* @param {Object} params - Query parameters
|
|
203
|
+
* @param {Object} [params.equals] - Equality-based query conditions
|
|
204
|
+
* @param {boolean} [params.has] - Existence-based query conditions
|
|
205
|
+
* @param {number} [params.limit] - Maximum number of results
|
|
206
|
+
* @returns {Promise<Array>} Array of matching documents
|
|
207
|
+
* @example
|
|
208
|
+
* const documents = await edvService.find({
|
|
209
|
+
* equals: { 'content.type': 'VerifiableCredential' },
|
|
210
|
+
* limit: 10
|
|
211
|
+
* });
|
|
212
|
+
*/
|
|
133
213
|
find(params: any) {
|
|
134
214
|
return this.storageInterface.find(params);
|
|
135
215
|
}
|
|
136
216
|
|
|
217
|
+
/**
|
|
218
|
+
* Updates a document in the EDV
|
|
219
|
+
* @param {Object} params - Update parameters
|
|
220
|
+
* @param {string} params.id - Document ID to update
|
|
221
|
+
* @param {Object} params.content - New document content
|
|
222
|
+
* @returns {Promise<Object>} Updated document
|
|
223
|
+
* @example
|
|
224
|
+
* const updated = await edvService.update({
|
|
225
|
+
* id: 'doc-123',
|
|
226
|
+
* content: { ...existingContent, updated: true }
|
|
227
|
+
* });
|
|
228
|
+
*/
|
|
137
229
|
update(params: any) {
|
|
138
230
|
return this.storageInterface.update(params);
|
|
139
231
|
}
|
|
140
232
|
|
|
233
|
+
/**
|
|
234
|
+
* Inserts a new document into the EDV
|
|
235
|
+
* @param {Object} params - Insert parameters
|
|
236
|
+
* @param {string} params.id - Document ID
|
|
237
|
+
* @param {Object} params.content - Document content to store
|
|
238
|
+
* @returns {Promise<Object>} The inserted document
|
|
239
|
+
* @throws {Error} If insertion fails
|
|
240
|
+
* @example
|
|
241
|
+
* const document = await edvService.insert({
|
|
242
|
+
* id: 'doc-456',
|
|
243
|
+
* content: {
|
|
244
|
+
* type: 'VerifiableCredential',
|
|
245
|
+
* data: credentialData
|
|
246
|
+
* }
|
|
247
|
+
* });
|
|
248
|
+
*/
|
|
141
249
|
insert(params: any) {
|
|
142
250
|
this.insertQueue = this.insertQueue.then(() => {
|
|
143
251
|
return this.storageInterface.insert(params).catch(error => {
|
|
@@ -148,9 +256,53 @@ export class EDVService {
|
|
|
148
256
|
return this.insertQueue;
|
|
149
257
|
}
|
|
150
258
|
|
|
259
|
+
/**
|
|
260
|
+
* Deletes a document from the EDV
|
|
261
|
+
* @param {Object} params - Deletion parameters
|
|
262
|
+
* @param {string} params.id - Document ID to delete
|
|
263
|
+
* @returns {Promise<boolean>} True if deletion successful
|
|
264
|
+
* @example
|
|
265
|
+
* const deleted = await edvService.delete({
|
|
266
|
+
* id: 'doc-123'
|
|
267
|
+
* });
|
|
268
|
+
*/
|
|
151
269
|
delete(params: any) {
|
|
152
270
|
return this.storageInterface.delete(params);
|
|
153
271
|
}
|
|
154
272
|
}
|
|
155
273
|
|
|
274
|
+
/**
|
|
275
|
+
* Singleton instance of the EDV service
|
|
276
|
+
* @type {EDVService}
|
|
277
|
+
* @example
|
|
278
|
+
* import { edvService } from '@docknetwork/wallet-sdk-wasm/services/edv';
|
|
279
|
+
*
|
|
280
|
+
* // Generate keys and initialize
|
|
281
|
+
* const keys = await edvService.generateKeys();
|
|
282
|
+
* await edvService.initialize({
|
|
283
|
+
* ...keys,
|
|
284
|
+
* edvUrl: 'https://edv.example.com',
|
|
285
|
+
* authKey: 'auth-token'
|
|
286
|
+
* });
|
|
287
|
+
*
|
|
288
|
+
* // Store encrypted data
|
|
289
|
+
* await edvService.insert({
|
|
290
|
+
* id: 'credential-1',
|
|
291
|
+
* content: {
|
|
292
|
+
* type: 'VerifiableCredential',
|
|
293
|
+
* data: credentialData
|
|
294
|
+
* }
|
|
295
|
+
* });
|
|
296
|
+
*
|
|
297
|
+
* // Query encrypted data
|
|
298
|
+
* const credentials = await edvService.find({
|
|
299
|
+
* equals: { 'content.type': 'VerifiableCredential' }
|
|
300
|
+
* });
|
|
301
|
+
*
|
|
302
|
+
* // Update encrypted data
|
|
303
|
+
* await edvService.update({
|
|
304
|
+
* id: 'credential-1',
|
|
305
|
+
* content: updatedData
|
|
306
|
+
* });
|
|
307
|
+
*/
|
|
156
308
|
export const edvService: EDVService = new EDVService();
|