@docknetwork/wallet-sdk-wasm 1.5.14 → 1.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/generate-docs.js +49 -0
- package/jsdoc.conf.json +29 -6
- package/lib/index.js +9 -1
- package/lib/index.mjs +9 -1
- package/lib/modules/network-manager.js +15 -12
- package/lib/modules/network-manager.mjs +15 -12
- package/lib/rpc-server.js +11 -1
- package/lib/rpc-server.mjs +11 -1
- package/lib/services/blockchain/cached-did-resolver.js +113 -0
- package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
- package/lib/services/blockchain/index.js +11 -0
- package/lib/services/blockchain/index.mjs +11 -0
- package/lib/services/blockchain/service-rpc.js +12 -0
- package/lib/services/blockchain/service-rpc.mjs +12 -0
- package/lib/services/blockchain/service.js +161 -19
- package/lib/services/blockchain/service.mjs +162 -20
- package/lib/services/credential/bbs-revocation.js +11 -0
- package/lib/services/credential/bbs-revocation.mjs +11 -0
- package/lib/services/credential/bound-check.js +1 -1
- package/lib/services/credential/bound-check.mjs +1 -1
- package/lib/services/credential/config.js +4 -1
- package/lib/services/credential/config.mjs +4 -1
- package/lib/services/credential/delegatable-credentials.js +300 -0
- package/lib/services/credential/delegatable-credentials.mjs +263 -0
- package/lib/services/credential/index.js +53 -0
- package/lib/services/credential/index.mjs +18 -0
- package/lib/services/credential/pex-helpers.js +4 -4
- package/lib/services/credential/pex-helpers.mjs +4 -4
- package/lib/services/credential/sd-jwt.js +214 -0
- package/lib/services/credential/sd-jwt.mjs +200 -0
- package/lib/services/credential/service-rpc.js +9 -0
- package/lib/services/credential/service-rpc.mjs +9 -0
- package/lib/services/credential/service.js +324 -7
- package/lib/services/credential/service.mjs +324 -7
- package/lib/services/edv/index.js +1 -0
- package/lib/services/edv/index.mjs +1 -0
- package/lib/services/edv/service-rpc.js +23 -0
- package/lib/services/edv/service-rpc.mjs +23 -0
- package/lib/services/edv/service.js +226 -2
- package/lib/services/edv/service.mjs +223 -3
- package/lib/services/index.js +14 -0
- package/lib/services/index.mjs +14 -0
- package/lib/services/pex/config.js +4 -0
- package/lib/services/pex/config.mjs +4 -0
- package/lib/services/pex/service-rpc.js +4 -0
- package/lib/services/pex/service-rpc.mjs +4 -0
- package/lib/services/pex/service.js +7 -0
- package/lib/services/pex/service.mjs +7 -0
- package/lib/services/relay-service/service.js +124 -1
- package/lib/services/relay-service/service.mjs +124 -1
- package/lib/services/rpc-service-client.js +0 -3
- package/lib/services/rpc-service-client.mjs +0 -3
- package/lib/services/storage/index.js +19 -2
- package/lib/services/storage/index.mjs +24 -1
- package/lib/services/storage/service-rpc.js +7 -3
- package/lib/services/storage/service-rpc.mjs +7 -3
- package/lib/services/storage/service.js +4 -0
- package/lib/services/storage/service.mjs +4 -0
- package/lib/setup-nodejs.js +9 -1
- package/lib/setup-nodejs.mjs +9 -1
- package/lib/setup-tests.js +9 -1
- package/lib/setup-tests.mjs +9 -1
- package/lib/src/modules/event-manager.d.ts +0 -1
- package/lib/src/modules/event-manager.d.ts.map +1 -1
- package/lib/src/modules/network-manager.d.ts +2 -4
- package/lib/src/modules/network-manager.d.ts.map +1 -1
- package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
- package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
- package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
- package/lib/src/services/blockchain/configs.d.ts +1 -2
- package/lib/src/services/blockchain/configs.d.ts.map +1 -1
- package/lib/src/services/blockchain/service.d.ts +117 -19
- package/lib/src/services/blockchain/service.d.ts.map +1 -1
- package/lib/src/services/credential/bbs-revocation.d.ts +1 -1
- package/lib/src/services/credential/bbs-revocation.d.ts.map +1 -1
- package/lib/src/services/credential/bound-check.d.ts.map +1 -1
- package/lib/src/services/credential/config.d.ts.map +1 -1
- package/lib/src/services/credential/delegatable-credentials.d.ts +272 -0
- package/lib/src/services/credential/delegatable-credentials.d.ts.map +1 -0
- package/lib/src/services/credential/index.d.ts +4 -0
- package/lib/src/services/credential/index.d.ts.map +1 -1
- package/lib/src/services/credential/pex-helpers.d.ts +2 -2
- package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
- package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
- package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
- package/lib/src/services/credential/service.d.ts +274 -4
- package/lib/src/services/credential/service.d.ts.map +1 -1
- package/lib/src/services/dids/keypair-utils.d.ts +2 -2
- package/lib/src/services/dids/keypair-utils.d.ts.map +1 -1
- package/lib/src/services/dids/service.d.ts +35 -3
- package/lib/src/services/dids/service.d.ts.map +1 -1
- package/lib/src/services/edv/service.d.ts +201 -2
- package/lib/src/services/edv/service.d.ts.map +1 -1
- package/lib/src/services/pex/config.d.ts +1 -0
- package/lib/src/services/pex/config.d.ts.map +1 -1
- package/lib/src/services/pex/service.d.ts +1 -0
- package/lib/src/services/pex/service.d.ts.map +1 -1
- package/lib/src/services/relay-service/service.d.ts +148 -8
- package/lib/src/services/relay-service/service.d.ts.map +1 -1
- package/lib/src/services/rpc-service-client.d.ts +2 -2
- package/lib/src/services/rpc-service-client.d.ts.map +1 -1
- package/lib/src/services/storage/index.d.ts +1 -1
- package/lib/src/services/storage/index.d.ts.map +1 -1
- package/lib/src/services/storage/service-rpc.d.ts +9 -0
- package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
- package/lib/src/services/storage/service.d.ts +1 -0
- package/lib/src/services/storage/service.d.ts.map +1 -1
- package/lib/src/services/util-crypto/service.d.ts +2 -2
- package/lib/src/services/util-crypto/service.d.ts.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/lib/wallet/rpc-storage-interface.js +13 -3
- package/lib/wallet/rpc-storage-interface.mjs +11 -1
- package/lib/wallet/rpc-storage-wallet.js +10 -0
- package/lib/wallet/rpc-storage-wallet.mjs +10 -0
- package/package.json +29 -16
- package/rollup.config.mjs +5 -3
- package/src/globals.d.ts +3 -0
- package/src/modules/network-manager.ts +15 -14
- package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
- package/src/services/blockchain/cached-did-resolver.ts +126 -0
- package/src/services/blockchain/configs.ts +1 -2
- package/src/services/blockchain/service-rpc.js +12 -0
- package/src/services/blockchain/service.ts +167 -20
- package/src/services/credential/bound-check.ts +1 -1
- package/src/services/credential/config.ts +7 -1
- package/src/services/credential/delegatable-credentials.ts +409 -0
- package/src/services/credential/index.ts +16 -0
- package/src/services/credential/pex-helpers.js +4 -4
- package/src/services/credential/pex-helpers.test.js +2 -2
- package/src/services/credential/sd-jwt.test.ts +718 -0
- package/src/services/credential/sd-jwt.ts +231 -0
- package/src/services/credential/service-rpc.js +9 -0
- package/src/services/credential/service.ts +328 -7
- package/src/services/edv/index.test.js +229 -0
- package/src/services/edv/service-rpc.js +23 -0
- package/src/services/edv/service.ts +272 -1
- package/src/services/pex/config.ts +4 -0
- package/src/services/pex/service-rpc.js +4 -0
- package/src/services/pex/service.ts +13 -0
- package/src/services/pex/tests/pex-service.test.js +210 -0
- package/src/services/relay-service/service.ts +130 -1
- package/src/services/rpc-service-client.js +0 -3
- package/src/services/storage/index.js +15 -1
- package/src/services/storage/service-rpc.js +7 -3
- package/src/services/storage/service.ts +5 -0
|
@@ -0,0 +1,409 @@
|
|
|
1
|
+
// @ts-nocheck
|
|
2
|
+
import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
|
|
3
|
+
import {
|
|
4
|
+
verifyPresentation,
|
|
5
|
+
issueCredential,
|
|
6
|
+
signPresentation,
|
|
7
|
+
documentLoader,
|
|
8
|
+
getSuiteFromKeyDoc,
|
|
9
|
+
} from '@docknetwork/credential-sdk/vc';
|
|
10
|
+
import { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
|
|
11
|
+
import { getKeypairFromDoc } from '@docknetwork/universal-wallet/methods/keypairs';
|
|
12
|
+
import { blockchainService } from '../blockchain/service';
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* Prepares a key document for signing by creating a proper keypair with signer capability
|
|
16
|
+
* @param keyDoc - The key document with id, controller, type, and key material
|
|
17
|
+
* @returns A key document with an active signer
|
|
18
|
+
*/
|
|
19
|
+
function prepareKeyForSigning(keyDoc: KeyPair): any {
|
|
20
|
+
const kp = getKeypairFromDoc(keyDoc);
|
|
21
|
+
// Get the signer from the keypair - this returns an object with id and sign method
|
|
22
|
+
const signer = kp.signer();
|
|
23
|
+
// Set the id on the signer to match the verification method
|
|
24
|
+
signer.id = keyDoc.id;
|
|
25
|
+
return {
|
|
26
|
+
...keyDoc,
|
|
27
|
+
keypair: kp,
|
|
28
|
+
signer,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export interface VerificationResult {
|
|
33
|
+
verified: boolean;
|
|
34
|
+
credentialResults?: any[];
|
|
35
|
+
delegationResult?: {
|
|
36
|
+
decision: string;
|
|
37
|
+
summaries?: any[];
|
|
38
|
+
authorizations?: any[];
|
|
39
|
+
failures?: any[];
|
|
40
|
+
};
|
|
41
|
+
error?: any;
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
export interface CedarPolicies {
|
|
45
|
+
staticPolicies: string;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
export interface VerifiablePresentation {
|
|
49
|
+
'@context': any[];
|
|
50
|
+
type: string[];
|
|
51
|
+
proof?: any;
|
|
52
|
+
verifiableCredential?: any[];
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
export interface DelegationCredential {
|
|
56
|
+
'@context': any[];
|
|
57
|
+
id: string;
|
|
58
|
+
type: string[];
|
|
59
|
+
issuer: string;
|
|
60
|
+
issuanceDate: string;
|
|
61
|
+
previousCredentialId: string | null;
|
|
62
|
+
rootCredentialId: string;
|
|
63
|
+
credentialSubject: {
|
|
64
|
+
id: string;
|
|
65
|
+
[key: string]: any;
|
|
66
|
+
};
|
|
67
|
+
proof?: any;
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
export interface VerifyDelegationOptions {
|
|
71
|
+
challenge?: string;
|
|
72
|
+
domain?: string;
|
|
73
|
+
unsignedPresentation?: boolean;
|
|
74
|
+
failOnUnauthorizedClaims?: boolean;
|
|
75
|
+
policies?: CedarPolicies;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
export interface KeyPair {
|
|
79
|
+
type: string;
|
|
80
|
+
id?: string;
|
|
81
|
+
controller?: string;
|
|
82
|
+
publicKeyJwk?: any;
|
|
83
|
+
privateKeyJwk?: any;
|
|
84
|
+
publicKeyBase58?: string;
|
|
85
|
+
privateKeyBase58?: string;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
/**
|
|
89
|
+
* W3C Credentials V1 context URL
|
|
90
|
+
*/
|
|
91
|
+
export const W3C_CREDENTIALS_V1 = 'https://www.w3.org/2018/credentials/v1';
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* Re-export MAY_CLAIM_IRI for use in credentials
|
|
95
|
+
*/
|
|
96
|
+
export { MAY_CLAIM_IRI };
|
|
97
|
+
|
|
98
|
+
/**
|
|
99
|
+
* Namespace used by the vc-delegation-engine for delegation properties
|
|
100
|
+
*/
|
|
101
|
+
export const DELEGATION_ENGINE_NS = 'https://ld.truvera.io/credentials/delegation#';
|
|
102
|
+
|
|
103
|
+
/**
|
|
104
|
+
* Base delegation context terms required for delegation credentials.
|
|
105
|
+
* These terms define the JSON-LD mappings needed for the vc-delegation-engine
|
|
106
|
+
* to properly process delegation chains.
|
|
107
|
+
*
|
|
108
|
+
* Use this as a base and extend with your own application-specific terms:
|
|
109
|
+
* @example
|
|
110
|
+
* const myContext = [
|
|
111
|
+
* W3C_CREDENTIALS_V1,
|
|
112
|
+
* {
|
|
113
|
+
* ...DELEGATION_CONTEXT_TERMS,
|
|
114
|
+
* // Add your custom terms here
|
|
115
|
+
* MyCredentialType: 'https://example.org/MyCredentialType',
|
|
116
|
+
* myField: 'https://example.org/myField',
|
|
117
|
+
* },
|
|
118
|
+
* ];
|
|
119
|
+
*/
|
|
120
|
+
export const DELEGATION_CONTEXT_TERMS = {
|
|
121
|
+
'@version': 1.1,
|
|
122
|
+
'@protected': true,
|
|
123
|
+
DelegationCredential: `${DELEGATION_ENGINE_NS}DelegationCredential`,
|
|
124
|
+
mayClaim: { '@id': MAY_CLAIM_IRI, '@container': '@set' },
|
|
125
|
+
rootCredentialId: { '@id': `${DELEGATION_ENGINE_NS}rootCredentialId`, '@type': '@id' },
|
|
126
|
+
previousCredentialId: { '@id': `${DELEGATION_ENGINE_NS}previousCredentialId`, '@type': '@id' },
|
|
127
|
+
};
|
|
128
|
+
|
|
129
|
+
/**
|
|
130
|
+
* Default context for verifiable presentations
|
|
131
|
+
*/
|
|
132
|
+
export const PRESENTATION_CONTEXT = [W3C_CREDENTIALS_V1];
|
|
133
|
+
|
|
134
|
+
/**
|
|
135
|
+
* Issues a delegation credential that grants authority to a delegate
|
|
136
|
+
* @param keyPair - The key pair to sign the credential
|
|
137
|
+
* @param params - Delegation parameters
|
|
138
|
+
* @returns Signed delegation credential
|
|
139
|
+
*/
|
|
140
|
+
export async function issueDelegationCredential(
|
|
141
|
+
keyPair: KeyPair,
|
|
142
|
+
credential: any
|
|
143
|
+
): Promise<DelegationCredential> {
|
|
144
|
+
const preparedKey = prepareKeyForSigning(keyPair);
|
|
145
|
+
return issueCredential(preparedKey, credential);
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
/**
|
|
149
|
+
* Issues a credential as a delegate (with delegation chain reference)
|
|
150
|
+
* @param keyPair - The delegate's key pair to sign the credential
|
|
151
|
+
* @param params - Credential parameters
|
|
152
|
+
* @returns Signed credential
|
|
153
|
+
*/
|
|
154
|
+
export async function issueDelegatedCredential(
|
|
155
|
+
keyPair: KeyPair,
|
|
156
|
+
credential: any
|
|
157
|
+
): Promise<any> {
|
|
158
|
+
const preparedKey = prepareKeyForSigning(keyPair);
|
|
159
|
+
return issueCredential(preparedKey, credential);
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
/**
|
|
163
|
+
* Creates and signs a verifiable presentation with delegation credentials
|
|
164
|
+
* @param keyPair - The key pair to sign the presentation
|
|
165
|
+
* @param params - Presentation parameters
|
|
166
|
+
* @returns Signed verifiable presentation
|
|
167
|
+
*/
|
|
168
|
+
export async function createSignedPresentation(
|
|
169
|
+
keyPair: KeyPair,
|
|
170
|
+
params: {
|
|
171
|
+
credentials: any[];
|
|
172
|
+
holderDid: string;
|
|
173
|
+
challenge: string;
|
|
174
|
+
domain: string;
|
|
175
|
+
context?: any[];
|
|
176
|
+
}
|
|
177
|
+
): Promise<VerifiablePresentation> {
|
|
178
|
+
const {
|
|
179
|
+
credentials,
|
|
180
|
+
holderDid,
|
|
181
|
+
challenge,
|
|
182
|
+
domain,
|
|
183
|
+
context = PRESENTATION_CONTEXT,
|
|
184
|
+
} = params;
|
|
185
|
+
|
|
186
|
+
const presentation = {
|
|
187
|
+
'@context': context,
|
|
188
|
+
type: ['VerifiablePresentation'],
|
|
189
|
+
holder: holderDid,
|
|
190
|
+
verifiableCredential: credentials,
|
|
191
|
+
};
|
|
192
|
+
|
|
193
|
+
// Create key document for signing with proper keypair
|
|
194
|
+
const keyDoc = {
|
|
195
|
+
...keyPair,
|
|
196
|
+
id: keyPair.id || `${holderDid}#keys-1`,
|
|
197
|
+
controller: keyPair.controller || holderDid,
|
|
198
|
+
};
|
|
199
|
+
|
|
200
|
+
const preparedKey = prepareKeyForSigning(keyDoc);
|
|
201
|
+
return signPresentation(presentation, preparedKey, challenge, domain);
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
/**
|
|
205
|
+
* Verifies a verifiable presentation with optional delegation chain validation
|
|
206
|
+
* Uses the credential-sdk's verifyPresentation which automatically:
|
|
207
|
+
* 1. Verifies the presentation signature
|
|
208
|
+
* 2. Verifies all credentials
|
|
209
|
+
* 3. Detects delegation credentials
|
|
210
|
+
* 4. Validates the delegation chain
|
|
211
|
+
* 5. Applies Cedar policies if provided
|
|
212
|
+
*
|
|
213
|
+
* @param vp - The verifiable presentation to verify
|
|
214
|
+
* @param options - Verification options
|
|
215
|
+
* @returns Verification result with delegation info if applicable
|
|
216
|
+
*/
|
|
217
|
+
export async function verifyDelegatablePresentation(
|
|
218
|
+
vp: VerifiablePresentation,
|
|
219
|
+
options: VerifyDelegationOptions = {}
|
|
220
|
+
): Promise<VerificationResult> {
|
|
221
|
+
const {
|
|
222
|
+
challenge = vp.proof?.challenge || 'default-challenge',
|
|
223
|
+
domain = vp.proof?.domain || 'default-domain',
|
|
224
|
+
unsignedPresentation = false,
|
|
225
|
+
failOnUnauthorizedClaims = true,
|
|
226
|
+
policies,
|
|
227
|
+
} = options;
|
|
228
|
+
|
|
229
|
+
const verifyOptions: any = {
|
|
230
|
+
challenge,
|
|
231
|
+
domain,
|
|
232
|
+
documentLoader: documentLoader(blockchainService.resolver),
|
|
233
|
+
unsignedPresentation,
|
|
234
|
+
failOnUnauthorizedClaims,
|
|
235
|
+
};
|
|
236
|
+
|
|
237
|
+
// Add Cedar authorization if policies are provided
|
|
238
|
+
if (policies) {
|
|
239
|
+
verifyOptions.cedarAuth = {
|
|
240
|
+
policies,
|
|
241
|
+
cedar,
|
|
242
|
+
};
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
return verifyPresentation(vp, verifyOptions);
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
/**
|
|
249
|
+
* Creates a Cedar policy for delegation verification
|
|
250
|
+
* @param config - Policy configuration
|
|
251
|
+
* @returns Cedar policy object
|
|
252
|
+
*/
|
|
253
|
+
export function createCedarPolicy(config: {
|
|
254
|
+
maxDepth?: number;
|
|
255
|
+
rootIssuer: string;
|
|
256
|
+
requiredClaims?: Record<string, any>;
|
|
257
|
+
}): CedarPolicies {
|
|
258
|
+
const { maxDepth = 2, rootIssuer, requiredClaims = {} } = config;
|
|
259
|
+
|
|
260
|
+
let claimsConditions = '';
|
|
261
|
+
for (const [key, value] of Object.entries(requiredClaims)) {
|
|
262
|
+
if (typeof value === 'number') {
|
|
263
|
+
claimsConditions += ` &&\n context.authorizedClaims.${key} >= ${value}`;
|
|
264
|
+
} else if (typeof value === 'string') {
|
|
265
|
+
claimsConditions += ` &&\n context.authorizedClaims.${key} == "${value}"`;
|
|
266
|
+
}
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
const policyText = `
|
|
270
|
+
permit(
|
|
271
|
+
principal in Credential::Chain::"Action:Verify",
|
|
272
|
+
action == Credential::Action::"Verify",
|
|
273
|
+
resource
|
|
274
|
+
) when {
|
|
275
|
+
principal == context.vpSigner &&
|
|
276
|
+
context.tailDepth <= ${maxDepth} &&
|
|
277
|
+
context.rootIssuer == Credential::Actor::"${rootIssuer}"${claimsConditions}
|
|
278
|
+
};
|
|
279
|
+
`;
|
|
280
|
+
|
|
281
|
+
return { staticPolicies: policyText };
|
|
282
|
+
}
|
|
283
|
+
|
|
284
|
+
/**
|
|
285
|
+
* Creates an unsigned verifiable presentation (for testing)
|
|
286
|
+
* @param credentials - Array of credentials to include
|
|
287
|
+
* @param proof - Optional proof object
|
|
288
|
+
* @param context - Optional context
|
|
289
|
+
* @returns Verifiable presentation object
|
|
290
|
+
*/
|
|
291
|
+
export function createUnsignedPresentation(
|
|
292
|
+
credentials: any[],
|
|
293
|
+
proof?: any,
|
|
294
|
+
context: any[] = PRESENTATION_CONTEXT
|
|
295
|
+
): VerifiablePresentation {
|
|
296
|
+
const vp: VerifiablePresentation = {
|
|
297
|
+
'@context': context,
|
|
298
|
+
type: ['VerifiablePresentation'],
|
|
299
|
+
verifiableCredential: credentials,
|
|
300
|
+
};
|
|
301
|
+
|
|
302
|
+
if (proof) {
|
|
303
|
+
vp.proof = proof;
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
return vp;
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
/**
|
|
310
|
+
* Re-export cedar for use in tests and external code
|
|
311
|
+
*/
|
|
312
|
+
export { cedar };
|
|
313
|
+
|
|
314
|
+
/**
|
|
315
|
+
* Service class for delegatable credentials operations
|
|
316
|
+
*/
|
|
317
|
+
class DelegatableCredentialsService {
|
|
318
|
+
name = 'delegatable-credentials';
|
|
319
|
+
|
|
320
|
+
rpcMethods = [
|
|
321
|
+
DelegatableCredentialsService.prototype.issueDelegation,
|
|
322
|
+
DelegatableCredentialsService.prototype.issueDelegatedCredential,
|
|
323
|
+
DelegatableCredentialsService.prototype.createPresentation,
|
|
324
|
+
DelegatableCredentialsService.prototype.verifyPresentation,
|
|
325
|
+
DelegatableCredentialsService.prototype.createPolicy,
|
|
326
|
+
];
|
|
327
|
+
|
|
328
|
+
/**
|
|
329
|
+
* Issues a delegation credential
|
|
330
|
+
*/
|
|
331
|
+
async issueDelegation(params: {
|
|
332
|
+
keyPair: KeyPair;
|
|
333
|
+
id: string;
|
|
334
|
+
issuerDid: string;
|
|
335
|
+
delegateDid: string;
|
|
336
|
+
mayClaim: string[];
|
|
337
|
+
context: any[];
|
|
338
|
+
types: string[];
|
|
339
|
+
additionalSubjectProperties?: Record<string, any>;
|
|
340
|
+
previousCredentialId?: string | null;
|
|
341
|
+
rootCredentialId?: string;
|
|
342
|
+
}): Promise<DelegationCredential> {
|
|
343
|
+
return issueDelegationCredential(params.keyPair, params);
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
/**
|
|
347
|
+
* Issues a credential as a delegate
|
|
348
|
+
*/
|
|
349
|
+
async issueDelegatedCredential(params: {
|
|
350
|
+
keyPair: KeyPair;
|
|
351
|
+
id: string;
|
|
352
|
+
issuerDid: string;
|
|
353
|
+
subjectDid: string;
|
|
354
|
+
claims: Record<string, any>;
|
|
355
|
+
rootCredentialId: string;
|
|
356
|
+
previousCredentialId: string;
|
|
357
|
+
context: any[];
|
|
358
|
+
types: string[];
|
|
359
|
+
}): Promise<any> {
|
|
360
|
+
return issueDelegatedCredential(params.keyPair, params);
|
|
361
|
+
}
|
|
362
|
+
|
|
363
|
+
/**
|
|
364
|
+
* Creates and signs a verifiable presentation
|
|
365
|
+
*/
|
|
366
|
+
async createPresentation(params: {
|
|
367
|
+
keyPair: KeyPair;
|
|
368
|
+
credentials: any[];
|
|
369
|
+
holderDid: string;
|
|
370
|
+
challenge: string;
|
|
371
|
+
domain: string;
|
|
372
|
+
context?: any[];
|
|
373
|
+
}): Promise<VerifiablePresentation> {
|
|
374
|
+
return createSignedPresentation(params.keyPair, params);
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
/**
|
|
378
|
+
* Verifies a verifiable presentation with delegation chain
|
|
379
|
+
*/
|
|
380
|
+
async verifyPresentation(params: {
|
|
381
|
+
presentation: VerifiablePresentation;
|
|
382
|
+
challenge?: string;
|
|
383
|
+
domain?: string;
|
|
384
|
+
unsignedPresentation?: boolean;
|
|
385
|
+
failOnUnauthorizedClaims?: boolean;
|
|
386
|
+
policies?: CedarPolicies;
|
|
387
|
+
}): Promise<VerificationResult> {
|
|
388
|
+
return verifyDelegatablePresentation(params.presentation, {
|
|
389
|
+
challenge: params.challenge,
|
|
390
|
+
domain: params.domain,
|
|
391
|
+
unsignedPresentation: params.unsignedPresentation,
|
|
392
|
+
failOnUnauthorizedClaims: params.failOnUnauthorizedClaims,
|
|
393
|
+
policies: params.policies,
|
|
394
|
+
});
|
|
395
|
+
}
|
|
396
|
+
|
|
397
|
+
/**
|
|
398
|
+
* Creates a Cedar policy for delegation verification
|
|
399
|
+
*/
|
|
400
|
+
createPolicy(params: {
|
|
401
|
+
maxDepth?: number;
|
|
402
|
+
rootIssuer: string;
|
|
403
|
+
requiredClaims?: Record<string, any>;
|
|
404
|
+
}): CedarPolicies {
|
|
405
|
+
return createCedarPolicy(params);
|
|
406
|
+
}
|
|
407
|
+
}
|
|
408
|
+
|
|
409
|
+
export const delegatableCredentialsService = new DelegatableCredentialsService();
|
|
@@ -3,3 +3,19 @@ import {credentialService} from './service';
|
|
|
3
3
|
|
|
4
4
|
// TODO: rename it to credentialService, will need to update dock-app
|
|
5
5
|
export const credentialServiceRPC = credentialService;
|
|
6
|
+
|
|
7
|
+
export {
|
|
8
|
+
delegatableCredentialsService,
|
|
9
|
+
verifyDelegatablePresentation,
|
|
10
|
+
issueDelegationCredential,
|
|
11
|
+
issueDelegatedCredential,
|
|
12
|
+
createSignedPresentation,
|
|
13
|
+
createUnsignedPresentation,
|
|
14
|
+
createCedarPolicy,
|
|
15
|
+
cedar,
|
|
16
|
+
MAY_CLAIM_IRI,
|
|
17
|
+
W3C_CREDENTIALS_V1,
|
|
18
|
+
DELEGATION_ENGINE_NS,
|
|
19
|
+
DELEGATION_CONTEXT_TERMS,
|
|
20
|
+
PRESENTATION_CONTEXT,
|
|
21
|
+
} from './delegatable-credentials';
|
|
@@ -5,10 +5,10 @@ export const EPSILON_INT = 1;
|
|
|
5
5
|
|
|
6
6
|
export const MAX_DATE_PLACEHOLDER = 884541351600000;
|
|
7
7
|
export const MIN_DATE_PLACEHOLDER = -17592186044415;
|
|
8
|
-
export const MAX_INTEGER =
|
|
9
|
-
export const MIN_INTEGER =
|
|
10
|
-
export const MAX_NUMBER =
|
|
11
|
-
export const MIN_NUMBER =
|
|
8
|
+
export const MAX_INTEGER = Number.MAX_SAFE_INTEGER;
|
|
9
|
+
export const MIN_INTEGER = Number.MIN_SAFE_INTEGER;
|
|
10
|
+
export const MAX_NUMBER = Number.MAX_SAFE_INTEGER;
|
|
11
|
+
export const MIN_NUMBER = Number.MIN_SAFE_INTEGER;
|
|
12
12
|
|
|
13
13
|
/*
|
|
14
14
|
PEX Filter rules:
|
|
@@ -302,7 +302,7 @@ describe('pex helpers', () => {
|
|
|
302
302
|
{
|
|
303
303
|
attributeName: 'credentialSubject.age',
|
|
304
304
|
min: 0,
|
|
305
|
-
max:
|
|
305
|
+
max: Number.MAX_SAFE_INTEGER,
|
|
306
306
|
proofRequestMax: undefined,
|
|
307
307
|
proofRequestMin: 0,
|
|
308
308
|
format: undefined,
|
|
@@ -357,7 +357,7 @@ describe('pex helpers', () => {
|
|
|
357
357
|
{
|
|
358
358
|
attributeName: 'credentialSubject.age',
|
|
359
359
|
min: 0,
|
|
360
|
-
max:
|
|
360
|
+
max: Number.MAX_SAFE_INTEGER,
|
|
361
361
|
proofRequestMax: undefined,
|
|
362
362
|
proofRequestMin: 0,
|
|
363
363
|
format: undefined,
|