@docknetwork/wallet-sdk-wasm 1.5.14 → 1.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. package/generate-docs.js +49 -0
  2. package/jsdoc.conf.json +29 -6
  3. package/lib/index.js +9 -1
  4. package/lib/index.mjs +9 -1
  5. package/lib/modules/network-manager.js +15 -12
  6. package/lib/modules/network-manager.mjs +15 -12
  7. package/lib/rpc-server.js +11 -1
  8. package/lib/rpc-server.mjs +11 -1
  9. package/lib/services/blockchain/cached-did-resolver.js +113 -0
  10. package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
  11. package/lib/services/blockchain/index.js +11 -0
  12. package/lib/services/blockchain/index.mjs +11 -0
  13. package/lib/services/blockchain/service-rpc.js +12 -0
  14. package/lib/services/blockchain/service-rpc.mjs +12 -0
  15. package/lib/services/blockchain/service.js +161 -19
  16. package/lib/services/blockchain/service.mjs +162 -20
  17. package/lib/services/credential/bbs-revocation.js +11 -0
  18. package/lib/services/credential/bbs-revocation.mjs +11 -0
  19. package/lib/services/credential/bound-check.js +1 -1
  20. package/lib/services/credential/bound-check.mjs +1 -1
  21. package/lib/services/credential/config.js +4 -1
  22. package/lib/services/credential/config.mjs +4 -1
  23. package/lib/services/credential/delegatable-credentials.js +300 -0
  24. package/lib/services/credential/delegatable-credentials.mjs +263 -0
  25. package/lib/services/credential/index.js +53 -0
  26. package/lib/services/credential/index.mjs +18 -0
  27. package/lib/services/credential/pex-helpers.js +4 -4
  28. package/lib/services/credential/pex-helpers.mjs +4 -4
  29. package/lib/services/credential/sd-jwt.js +214 -0
  30. package/lib/services/credential/sd-jwt.mjs +200 -0
  31. package/lib/services/credential/service-rpc.js +9 -0
  32. package/lib/services/credential/service-rpc.mjs +9 -0
  33. package/lib/services/credential/service.js +324 -7
  34. package/lib/services/credential/service.mjs +324 -7
  35. package/lib/services/edv/index.js +1 -0
  36. package/lib/services/edv/index.mjs +1 -0
  37. package/lib/services/edv/service-rpc.js +23 -0
  38. package/lib/services/edv/service-rpc.mjs +23 -0
  39. package/lib/services/edv/service.js +226 -2
  40. package/lib/services/edv/service.mjs +223 -3
  41. package/lib/services/index.js +14 -0
  42. package/lib/services/index.mjs +14 -0
  43. package/lib/services/pex/config.js +4 -0
  44. package/lib/services/pex/config.mjs +4 -0
  45. package/lib/services/pex/service-rpc.js +4 -0
  46. package/lib/services/pex/service-rpc.mjs +4 -0
  47. package/lib/services/pex/service.js +7 -0
  48. package/lib/services/pex/service.mjs +7 -0
  49. package/lib/services/relay-service/service.js +124 -1
  50. package/lib/services/relay-service/service.mjs +124 -1
  51. package/lib/services/rpc-service-client.js +0 -3
  52. package/lib/services/rpc-service-client.mjs +0 -3
  53. package/lib/services/storage/index.js +19 -2
  54. package/lib/services/storage/index.mjs +24 -1
  55. package/lib/services/storage/service-rpc.js +7 -3
  56. package/lib/services/storage/service-rpc.mjs +7 -3
  57. package/lib/services/storage/service.js +4 -0
  58. package/lib/services/storage/service.mjs +4 -0
  59. package/lib/setup-nodejs.js +9 -1
  60. package/lib/setup-nodejs.mjs +9 -1
  61. package/lib/setup-tests.js +9 -1
  62. package/lib/setup-tests.mjs +9 -1
  63. package/lib/src/modules/event-manager.d.ts +0 -1
  64. package/lib/src/modules/event-manager.d.ts.map +1 -1
  65. package/lib/src/modules/network-manager.d.ts +2 -4
  66. package/lib/src/modules/network-manager.d.ts.map +1 -1
  67. package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
  68. package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
  69. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
  70. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
  71. package/lib/src/services/blockchain/configs.d.ts +1 -2
  72. package/lib/src/services/blockchain/configs.d.ts.map +1 -1
  73. package/lib/src/services/blockchain/service.d.ts +117 -19
  74. package/lib/src/services/blockchain/service.d.ts.map +1 -1
  75. package/lib/src/services/credential/bbs-revocation.d.ts +1 -1
  76. package/lib/src/services/credential/bbs-revocation.d.ts.map +1 -1
  77. package/lib/src/services/credential/bound-check.d.ts.map +1 -1
  78. package/lib/src/services/credential/config.d.ts.map +1 -1
  79. package/lib/src/services/credential/delegatable-credentials.d.ts +272 -0
  80. package/lib/src/services/credential/delegatable-credentials.d.ts.map +1 -0
  81. package/lib/src/services/credential/index.d.ts +4 -0
  82. package/lib/src/services/credential/index.d.ts.map +1 -1
  83. package/lib/src/services/credential/pex-helpers.d.ts +2 -2
  84. package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
  85. package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
  86. package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
  87. package/lib/src/services/credential/service.d.ts +274 -4
  88. package/lib/src/services/credential/service.d.ts.map +1 -1
  89. package/lib/src/services/dids/keypair-utils.d.ts +2 -2
  90. package/lib/src/services/dids/keypair-utils.d.ts.map +1 -1
  91. package/lib/src/services/dids/service.d.ts +35 -3
  92. package/lib/src/services/dids/service.d.ts.map +1 -1
  93. package/lib/src/services/edv/service.d.ts +201 -2
  94. package/lib/src/services/edv/service.d.ts.map +1 -1
  95. package/lib/src/services/pex/config.d.ts +1 -0
  96. package/lib/src/services/pex/config.d.ts.map +1 -1
  97. package/lib/src/services/pex/service.d.ts +1 -0
  98. package/lib/src/services/pex/service.d.ts.map +1 -1
  99. package/lib/src/services/relay-service/service.d.ts +148 -8
  100. package/lib/src/services/relay-service/service.d.ts.map +1 -1
  101. package/lib/src/services/rpc-service-client.d.ts +2 -2
  102. package/lib/src/services/rpc-service-client.d.ts.map +1 -1
  103. package/lib/src/services/storage/index.d.ts +1 -1
  104. package/lib/src/services/storage/index.d.ts.map +1 -1
  105. package/lib/src/services/storage/service-rpc.d.ts +9 -0
  106. package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
  107. package/lib/src/services/storage/service.d.ts +1 -0
  108. package/lib/src/services/storage/service.d.ts.map +1 -1
  109. package/lib/src/services/util-crypto/service.d.ts +2 -2
  110. package/lib/src/services/util-crypto/service.d.ts.map +1 -1
  111. package/lib/tsconfig.tsbuildinfo +1 -1
  112. package/lib/wallet/rpc-storage-interface.js +13 -3
  113. package/lib/wallet/rpc-storage-interface.mjs +11 -1
  114. package/lib/wallet/rpc-storage-wallet.js +10 -0
  115. package/lib/wallet/rpc-storage-wallet.mjs +10 -0
  116. package/package.json +29 -16
  117. package/rollup.config.mjs +5 -3
  118. package/src/globals.d.ts +3 -0
  119. package/src/modules/network-manager.ts +15 -14
  120. package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
  121. package/src/services/blockchain/cached-did-resolver.ts +126 -0
  122. package/src/services/blockchain/configs.ts +1 -2
  123. package/src/services/blockchain/service-rpc.js +12 -0
  124. package/src/services/blockchain/service.ts +167 -20
  125. package/src/services/credential/bound-check.ts +1 -1
  126. package/src/services/credential/config.ts +7 -1
  127. package/src/services/credential/delegatable-credentials.ts +409 -0
  128. package/src/services/credential/index.ts +16 -0
  129. package/src/services/credential/pex-helpers.js +4 -4
  130. package/src/services/credential/pex-helpers.test.js +2 -2
  131. package/src/services/credential/sd-jwt.test.ts +718 -0
  132. package/src/services/credential/sd-jwt.ts +231 -0
  133. package/src/services/credential/service-rpc.js +9 -0
  134. package/src/services/credential/service.ts +328 -7
  135. package/src/services/edv/index.test.js +229 -0
  136. package/src/services/edv/service-rpc.js +23 -0
  137. package/src/services/edv/service.ts +272 -1
  138. package/src/services/pex/config.ts +4 -0
  139. package/src/services/pex/service-rpc.js +4 -0
  140. package/src/services/pex/service.ts +13 -0
  141. package/src/services/pex/tests/pex-service.test.js +210 -0
  142. package/src/services/relay-service/service.ts +130 -1
  143. package/src/services/rpc-service-client.js +0 -3
  144. package/src/services/storage/index.js +15 -1
  145. package/src/services/storage/service-rpc.js +7 -3
  146. package/src/services/storage/service.ts +5 -0
@@ -0,0 +1,300 @@
1
+ 'use strict';
2
+
3
+ Object.defineProperty(exports, '__esModule', { value: true });
4
+
5
+ var cedar = require('@cedar-policy/cedar-wasm/nodejs');
6
+ var vc = require('@docknetwork/credential-sdk/vc');
7
+ var vcDelegationEngine = require('@docknetwork/vc-delegation-engine');
8
+ var keypairs = require('@docknetwork/universal-wallet/methods/keypairs');
9
+ var services_blockchain_service = require('../blockchain/service.js');
10
+ require('@cosmjs/proto-signing');
11
+ require('@docknetwork/cheqd-blockchain-api');
12
+ require('@docknetwork/cheqd-blockchain-modules');
13
+ require('@docknetwork/credential-sdk/modules');
14
+ require('@docknetwork/credential-sdk/resolver');
15
+ require('@docknetwork/crypto-wasm-ts/lib/index');
16
+ require('events');
17
+ require('../../core/logger.js');
18
+ require('../../modules/event-manager.js');
19
+ require('assert');
20
+ require('../util-crypto/service.js');
21
+ require('@docknetwork/credential-sdk/utils');
22
+ require('@scure/bip39');
23
+ require('@scure/bip39/wordlists/english');
24
+ require('../util-crypto/configs.js');
25
+ require('@docknetwork/credential-sdk/types');
26
+ require('../blockchain/cached-did-resolver.js');
27
+ require('../storage/index.js');
28
+ require('../storage/service.js');
29
+ require('../storage/service-rpc.js');
30
+ require('../rpc-service-client.js');
31
+ require('../../rpc-client.js');
32
+ require('json-rpc-2.0');
33
+ require('../../core/crypto.js');
34
+ require('crypto');
35
+ require('../../logger.js');
36
+ require('../../rpc-util.js');
37
+
38
+ function _interopNamespace(e) {
39
+ if (e && e.__esModule) return e;
40
+ var n = Object.create(null);
41
+ if (e) {
42
+ Object.keys(e).forEach(function (k) {
43
+ if (k !== 'default') {
44
+ var d = Object.getOwnPropertyDescriptor(e, k);
45
+ Object.defineProperty(n, k, d.get ? d : {
46
+ enumerable: true,
47
+ get: function () { return e[k]; }
48
+ });
49
+ }
50
+ });
51
+ }
52
+ n["default"] = e;
53
+ return Object.freeze(n);
54
+ }
55
+
56
+ var cedar__namespace = /*#__PURE__*/_interopNamespace(cedar);
57
+
58
+ // @ts-nocheck
59
+ /**
60
+ * Prepares a key document for signing by creating a proper keypair with signer capability
61
+ * @param keyDoc - The key document with id, controller, type, and key material
62
+ * @returns A key document with an active signer
63
+ */
64
+ function prepareKeyForSigning(keyDoc) {
65
+ const kp = keypairs.getKeypairFromDoc(keyDoc);
66
+ // Get the signer from the keypair - this returns an object with id and sign method
67
+ const signer = kp.signer();
68
+ // Set the id on the signer to match the verification method
69
+ signer.id = keyDoc.id;
70
+ return {
71
+ ...keyDoc,
72
+ keypair: kp,
73
+ signer,
74
+ };
75
+ }
76
+ /**
77
+ * W3C Credentials V1 context URL
78
+ */
79
+ const W3C_CREDENTIALS_V1 = 'https://www.w3.org/2018/credentials/v1';
80
+ /**
81
+ * Namespace used by the vc-delegation-engine for delegation properties
82
+ */
83
+ const DELEGATION_ENGINE_NS = 'https://ld.truvera.io/credentials/delegation#';
84
+ /**
85
+ * Base delegation context terms required for delegation credentials.
86
+ * These terms define the JSON-LD mappings needed for the vc-delegation-engine
87
+ * to properly process delegation chains.
88
+ *
89
+ * Use this as a base and extend with your own application-specific terms:
90
+ * @example
91
+ * const myContext = [
92
+ * W3C_CREDENTIALS_V1,
93
+ * {
94
+ * ...DELEGATION_CONTEXT_TERMS,
95
+ * // Add your custom terms here
96
+ * MyCredentialType: 'https://example.org/MyCredentialType',
97
+ * myField: 'https://example.org/myField',
98
+ * },
99
+ * ];
100
+ */
101
+ const DELEGATION_CONTEXT_TERMS = {
102
+ '@version': 1.1,
103
+ '@protected': true,
104
+ DelegationCredential: `${DELEGATION_ENGINE_NS}DelegationCredential`,
105
+ mayClaim: { '@id': vcDelegationEngine.MAY_CLAIM_IRI, '@container': '@set' },
106
+ rootCredentialId: { '@id': `${DELEGATION_ENGINE_NS}rootCredentialId`, '@type': '@id' },
107
+ previousCredentialId: { '@id': `${DELEGATION_ENGINE_NS}previousCredentialId`, '@type': '@id' },
108
+ };
109
+ /**
110
+ * Default context for verifiable presentations
111
+ */
112
+ const PRESENTATION_CONTEXT = [W3C_CREDENTIALS_V1];
113
+ /**
114
+ * Issues a delegation credential that grants authority to a delegate
115
+ * @param keyPair - The key pair to sign the credential
116
+ * @param params - Delegation parameters
117
+ * @returns Signed delegation credential
118
+ */
119
+ async function issueDelegationCredential(keyPair, credential) {
120
+ const preparedKey = prepareKeyForSigning(keyPair);
121
+ return vc.issueCredential(preparedKey, credential);
122
+ }
123
+ /**
124
+ * Issues a credential as a delegate (with delegation chain reference)
125
+ * @param keyPair - The delegate's key pair to sign the credential
126
+ * @param params - Credential parameters
127
+ * @returns Signed credential
128
+ */
129
+ async function issueDelegatedCredential(keyPair, credential) {
130
+ const preparedKey = prepareKeyForSigning(keyPair);
131
+ return vc.issueCredential(preparedKey, credential);
132
+ }
133
+ /**
134
+ * Creates and signs a verifiable presentation with delegation credentials
135
+ * @param keyPair - The key pair to sign the presentation
136
+ * @param params - Presentation parameters
137
+ * @returns Signed verifiable presentation
138
+ */
139
+ async function createSignedPresentation(keyPair, params) {
140
+ const { credentials, holderDid, challenge, domain, context = PRESENTATION_CONTEXT, } = params;
141
+ const presentation = {
142
+ '@context': context,
143
+ type: ['VerifiablePresentation'],
144
+ holder: holderDid,
145
+ verifiableCredential: credentials,
146
+ };
147
+ // Create key document for signing with proper keypair
148
+ const keyDoc = {
149
+ ...keyPair,
150
+ id: keyPair.id || `${holderDid}#keys-1`,
151
+ controller: keyPair.controller || holderDid,
152
+ };
153
+ const preparedKey = prepareKeyForSigning(keyDoc);
154
+ return vc.signPresentation(presentation, preparedKey, challenge, domain);
155
+ }
156
+ /**
157
+ * Verifies a verifiable presentation with optional delegation chain validation
158
+ * Uses the credential-sdk's verifyPresentation which automatically:
159
+ * 1. Verifies the presentation signature
160
+ * 2. Verifies all credentials
161
+ * 3. Detects delegation credentials
162
+ * 4. Validates the delegation chain
163
+ * 5. Applies Cedar policies if provided
164
+ *
165
+ * @param vp - The verifiable presentation to verify
166
+ * @param options - Verification options
167
+ * @returns Verification result with delegation info if applicable
168
+ */
169
+ async function verifyDelegatablePresentation(vp, options = {}) {
170
+ const { challenge = vp.proof?.challenge || 'default-challenge', domain = vp.proof?.domain || 'default-domain', unsignedPresentation = false, failOnUnauthorizedClaims = true, policies, } = options;
171
+ const verifyOptions = {
172
+ challenge,
173
+ domain,
174
+ documentLoader: vc.documentLoader(services_blockchain_service.blockchainService.resolver),
175
+ unsignedPresentation,
176
+ failOnUnauthorizedClaims,
177
+ };
178
+ // Add Cedar authorization if policies are provided
179
+ if (policies) {
180
+ verifyOptions.cedarAuth = {
181
+ policies,
182
+ cedar: cedar__namespace,
183
+ };
184
+ }
185
+ return vc.verifyPresentation(vp, verifyOptions);
186
+ }
187
+ /**
188
+ * Creates a Cedar policy for delegation verification
189
+ * @param config - Policy configuration
190
+ * @returns Cedar policy object
191
+ */
192
+ function createCedarPolicy(config) {
193
+ const { maxDepth = 2, rootIssuer, requiredClaims = {} } = config;
194
+ let claimsConditions = '';
195
+ for (const [key, value] of Object.entries(requiredClaims)) {
196
+ if (typeof value === 'number') {
197
+ claimsConditions += ` &&\n context.authorizedClaims.${key} >= ${value}`;
198
+ }
199
+ else if (typeof value === 'string') {
200
+ claimsConditions += ` &&\n context.authorizedClaims.${key} == "${value}"`;
201
+ }
202
+ }
203
+ const policyText = `
204
+ permit(
205
+ principal in Credential::Chain::"Action:Verify",
206
+ action == Credential::Action::"Verify",
207
+ resource
208
+ ) when {
209
+ principal == context.vpSigner &&
210
+ context.tailDepth <= ${maxDepth} &&
211
+ context.rootIssuer == Credential::Actor::"${rootIssuer}"${claimsConditions}
212
+ };
213
+ `;
214
+ return { staticPolicies: policyText };
215
+ }
216
+ /**
217
+ * Creates an unsigned verifiable presentation (for testing)
218
+ * @param credentials - Array of credentials to include
219
+ * @param proof - Optional proof object
220
+ * @param context - Optional context
221
+ * @returns Verifiable presentation object
222
+ */
223
+ function createUnsignedPresentation(credentials, proof, context = PRESENTATION_CONTEXT) {
224
+ const vp = {
225
+ '@context': context,
226
+ type: ['VerifiablePresentation'],
227
+ verifiableCredential: credentials,
228
+ };
229
+ if (proof) {
230
+ vp.proof = proof;
231
+ }
232
+ return vp;
233
+ }
234
+ /**
235
+ * Service class for delegatable credentials operations
236
+ */
237
+ class DelegatableCredentialsService {
238
+ name = 'delegatable-credentials';
239
+ rpcMethods = [
240
+ DelegatableCredentialsService.prototype.issueDelegation,
241
+ DelegatableCredentialsService.prototype.issueDelegatedCredential,
242
+ DelegatableCredentialsService.prototype.createPresentation,
243
+ DelegatableCredentialsService.prototype.verifyPresentation,
244
+ DelegatableCredentialsService.prototype.createPolicy,
245
+ ];
246
+ /**
247
+ * Issues a delegation credential
248
+ */
249
+ async issueDelegation(params) {
250
+ return issueDelegationCredential(params.keyPair, params);
251
+ }
252
+ /**
253
+ * Issues a credential as a delegate
254
+ */
255
+ async issueDelegatedCredential(params) {
256
+ return issueDelegatedCredential(params.keyPair, params);
257
+ }
258
+ /**
259
+ * Creates and signs a verifiable presentation
260
+ */
261
+ async createPresentation(params) {
262
+ return createSignedPresentation(params.keyPair, params);
263
+ }
264
+ /**
265
+ * Verifies a verifiable presentation with delegation chain
266
+ */
267
+ async verifyPresentation(params) {
268
+ return verifyDelegatablePresentation(params.presentation, {
269
+ challenge: params.challenge,
270
+ domain: params.domain,
271
+ unsignedPresentation: params.unsignedPresentation,
272
+ failOnUnauthorizedClaims: params.failOnUnauthorizedClaims,
273
+ policies: params.policies,
274
+ });
275
+ }
276
+ /**
277
+ * Creates a Cedar policy for delegation verification
278
+ */
279
+ createPolicy(params) {
280
+ return createCedarPolicy(params);
281
+ }
282
+ }
283
+ const delegatableCredentialsService = new DelegatableCredentialsService();
284
+
285
+ exports.cedar = cedar__namespace;
286
+ Object.defineProperty(exports, 'MAY_CLAIM_IRI', {
287
+ enumerable: true,
288
+ get: function () { return vcDelegationEngine.MAY_CLAIM_IRI; }
289
+ });
290
+ exports.DELEGATION_CONTEXT_TERMS = DELEGATION_CONTEXT_TERMS;
291
+ exports.DELEGATION_ENGINE_NS = DELEGATION_ENGINE_NS;
292
+ exports.PRESENTATION_CONTEXT = PRESENTATION_CONTEXT;
293
+ exports.W3C_CREDENTIALS_V1 = W3C_CREDENTIALS_V1;
294
+ exports.createCedarPolicy = createCedarPolicy;
295
+ exports.createSignedPresentation = createSignedPresentation;
296
+ exports.createUnsignedPresentation = createUnsignedPresentation;
297
+ exports.delegatableCredentialsService = delegatableCredentialsService;
298
+ exports.issueDelegatedCredential = issueDelegatedCredential;
299
+ exports.issueDelegationCredential = issueDelegationCredential;
300
+ exports.verifyDelegatablePresentation = verifyDelegatablePresentation;
@@ -0,0 +1,263 @@
1
+ import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
2
+ export { cedar };
3
+ import { issueCredential, signPresentation, documentLoader, verifyPresentation } from '@docknetwork/credential-sdk/vc';
4
+ import { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
5
+ export { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
6
+ import { getKeypairFromDoc } from '@docknetwork/universal-wallet/methods/keypairs';
7
+ import { blockchainService } from '../blockchain/service.mjs';
8
+ import '@cosmjs/proto-signing';
9
+ import '@docknetwork/cheqd-blockchain-api';
10
+ import '@docknetwork/cheqd-blockchain-modules';
11
+ import '@docknetwork/credential-sdk/modules';
12
+ import '@docknetwork/credential-sdk/resolver';
13
+ import '@docknetwork/crypto-wasm-ts/lib/index';
14
+ import 'events';
15
+ import '../../core/logger.mjs';
16
+ import '../../modules/event-manager.mjs';
17
+ import 'assert';
18
+ import '../util-crypto/service.mjs';
19
+ import '@docknetwork/credential-sdk/utils';
20
+ import '@scure/bip39';
21
+ import '@scure/bip39/wordlists/english';
22
+ import '../util-crypto/configs.mjs';
23
+ import '@docknetwork/credential-sdk/types';
24
+ import '../blockchain/cached-did-resolver.mjs';
25
+ import '../storage/index.mjs';
26
+ import '../storage/service.mjs';
27
+ import '../storage/service-rpc.mjs';
28
+ import '../rpc-service-client.mjs';
29
+ import '../../rpc-client.mjs';
30
+ import 'json-rpc-2.0';
31
+ import '../../core/crypto.mjs';
32
+ import 'crypto';
33
+ import '../../logger.mjs';
34
+ import '../../rpc-util.mjs';
35
+
36
+ // @ts-nocheck
37
+ /**
38
+ * Prepares a key document for signing by creating a proper keypair with signer capability
39
+ * @param keyDoc - The key document with id, controller, type, and key material
40
+ * @returns A key document with an active signer
41
+ */
42
+ function prepareKeyForSigning(keyDoc) {
43
+ const kp = getKeypairFromDoc(keyDoc);
44
+ // Get the signer from the keypair - this returns an object with id and sign method
45
+ const signer = kp.signer();
46
+ // Set the id on the signer to match the verification method
47
+ signer.id = keyDoc.id;
48
+ return {
49
+ ...keyDoc,
50
+ keypair: kp,
51
+ signer,
52
+ };
53
+ }
54
+ /**
55
+ * W3C Credentials V1 context URL
56
+ */
57
+ const W3C_CREDENTIALS_V1 = 'https://www.w3.org/2018/credentials/v1';
58
+ /**
59
+ * Namespace used by the vc-delegation-engine for delegation properties
60
+ */
61
+ const DELEGATION_ENGINE_NS = 'https://ld.truvera.io/credentials/delegation#';
62
+ /**
63
+ * Base delegation context terms required for delegation credentials.
64
+ * These terms define the JSON-LD mappings needed for the vc-delegation-engine
65
+ * to properly process delegation chains.
66
+ *
67
+ * Use this as a base and extend with your own application-specific terms:
68
+ * @example
69
+ * const myContext = [
70
+ * W3C_CREDENTIALS_V1,
71
+ * {
72
+ * ...DELEGATION_CONTEXT_TERMS,
73
+ * // Add your custom terms here
74
+ * MyCredentialType: 'https://example.org/MyCredentialType',
75
+ * myField: 'https://example.org/myField',
76
+ * },
77
+ * ];
78
+ */
79
+ const DELEGATION_CONTEXT_TERMS = {
80
+ '@version': 1.1,
81
+ '@protected': true,
82
+ DelegationCredential: `${DELEGATION_ENGINE_NS}DelegationCredential`,
83
+ mayClaim: { '@id': MAY_CLAIM_IRI, '@container': '@set' },
84
+ rootCredentialId: { '@id': `${DELEGATION_ENGINE_NS}rootCredentialId`, '@type': '@id' },
85
+ previousCredentialId: { '@id': `${DELEGATION_ENGINE_NS}previousCredentialId`, '@type': '@id' },
86
+ };
87
+ /**
88
+ * Default context for verifiable presentations
89
+ */
90
+ const PRESENTATION_CONTEXT = [W3C_CREDENTIALS_V1];
91
+ /**
92
+ * Issues a delegation credential that grants authority to a delegate
93
+ * @param keyPair - The key pair to sign the credential
94
+ * @param params - Delegation parameters
95
+ * @returns Signed delegation credential
96
+ */
97
+ async function issueDelegationCredential(keyPair, credential) {
98
+ const preparedKey = prepareKeyForSigning(keyPair);
99
+ return issueCredential(preparedKey, credential);
100
+ }
101
+ /**
102
+ * Issues a credential as a delegate (with delegation chain reference)
103
+ * @param keyPair - The delegate's key pair to sign the credential
104
+ * @param params - Credential parameters
105
+ * @returns Signed credential
106
+ */
107
+ async function issueDelegatedCredential(keyPair, credential) {
108
+ const preparedKey = prepareKeyForSigning(keyPair);
109
+ return issueCredential(preparedKey, credential);
110
+ }
111
+ /**
112
+ * Creates and signs a verifiable presentation with delegation credentials
113
+ * @param keyPair - The key pair to sign the presentation
114
+ * @param params - Presentation parameters
115
+ * @returns Signed verifiable presentation
116
+ */
117
+ async function createSignedPresentation(keyPair, params) {
118
+ const { credentials, holderDid, challenge, domain, context = PRESENTATION_CONTEXT, } = params;
119
+ const presentation = {
120
+ '@context': context,
121
+ type: ['VerifiablePresentation'],
122
+ holder: holderDid,
123
+ verifiableCredential: credentials,
124
+ };
125
+ // Create key document for signing with proper keypair
126
+ const keyDoc = {
127
+ ...keyPair,
128
+ id: keyPair.id || `${holderDid}#keys-1`,
129
+ controller: keyPair.controller || holderDid,
130
+ };
131
+ const preparedKey = prepareKeyForSigning(keyDoc);
132
+ return signPresentation(presentation, preparedKey, challenge, domain);
133
+ }
134
+ /**
135
+ * Verifies a verifiable presentation with optional delegation chain validation
136
+ * Uses the credential-sdk's verifyPresentation which automatically:
137
+ * 1. Verifies the presentation signature
138
+ * 2. Verifies all credentials
139
+ * 3. Detects delegation credentials
140
+ * 4. Validates the delegation chain
141
+ * 5. Applies Cedar policies if provided
142
+ *
143
+ * @param vp - The verifiable presentation to verify
144
+ * @param options - Verification options
145
+ * @returns Verification result with delegation info if applicable
146
+ */
147
+ async function verifyDelegatablePresentation(vp, options = {}) {
148
+ const { challenge = vp.proof?.challenge || 'default-challenge', domain = vp.proof?.domain || 'default-domain', unsignedPresentation = false, failOnUnauthorizedClaims = true, policies, } = options;
149
+ const verifyOptions = {
150
+ challenge,
151
+ domain,
152
+ documentLoader: documentLoader(blockchainService.resolver),
153
+ unsignedPresentation,
154
+ failOnUnauthorizedClaims,
155
+ };
156
+ // Add Cedar authorization if policies are provided
157
+ if (policies) {
158
+ verifyOptions.cedarAuth = {
159
+ policies,
160
+ cedar,
161
+ };
162
+ }
163
+ return verifyPresentation(vp, verifyOptions);
164
+ }
165
+ /**
166
+ * Creates a Cedar policy for delegation verification
167
+ * @param config - Policy configuration
168
+ * @returns Cedar policy object
169
+ */
170
+ function createCedarPolicy(config) {
171
+ const { maxDepth = 2, rootIssuer, requiredClaims = {} } = config;
172
+ let claimsConditions = '';
173
+ for (const [key, value] of Object.entries(requiredClaims)) {
174
+ if (typeof value === 'number') {
175
+ claimsConditions += ` &&\n context.authorizedClaims.${key} >= ${value}`;
176
+ }
177
+ else if (typeof value === 'string') {
178
+ claimsConditions += ` &&\n context.authorizedClaims.${key} == "${value}"`;
179
+ }
180
+ }
181
+ const policyText = `
182
+ permit(
183
+ principal in Credential::Chain::"Action:Verify",
184
+ action == Credential::Action::"Verify",
185
+ resource
186
+ ) when {
187
+ principal == context.vpSigner &&
188
+ context.tailDepth <= ${maxDepth} &&
189
+ context.rootIssuer == Credential::Actor::"${rootIssuer}"${claimsConditions}
190
+ };
191
+ `;
192
+ return { staticPolicies: policyText };
193
+ }
194
+ /**
195
+ * Creates an unsigned verifiable presentation (for testing)
196
+ * @param credentials - Array of credentials to include
197
+ * @param proof - Optional proof object
198
+ * @param context - Optional context
199
+ * @returns Verifiable presentation object
200
+ */
201
+ function createUnsignedPresentation(credentials, proof, context = PRESENTATION_CONTEXT) {
202
+ const vp = {
203
+ '@context': context,
204
+ type: ['VerifiablePresentation'],
205
+ verifiableCredential: credentials,
206
+ };
207
+ if (proof) {
208
+ vp.proof = proof;
209
+ }
210
+ return vp;
211
+ }
212
+ /**
213
+ * Service class for delegatable credentials operations
214
+ */
215
+ class DelegatableCredentialsService {
216
+ name = 'delegatable-credentials';
217
+ rpcMethods = [
218
+ DelegatableCredentialsService.prototype.issueDelegation,
219
+ DelegatableCredentialsService.prototype.issueDelegatedCredential,
220
+ DelegatableCredentialsService.prototype.createPresentation,
221
+ DelegatableCredentialsService.prototype.verifyPresentation,
222
+ DelegatableCredentialsService.prototype.createPolicy,
223
+ ];
224
+ /**
225
+ * Issues a delegation credential
226
+ */
227
+ async issueDelegation(params) {
228
+ return issueDelegationCredential(params.keyPair, params);
229
+ }
230
+ /**
231
+ * Issues a credential as a delegate
232
+ */
233
+ async issueDelegatedCredential(params) {
234
+ return issueDelegatedCredential(params.keyPair, params);
235
+ }
236
+ /**
237
+ * Creates and signs a verifiable presentation
238
+ */
239
+ async createPresentation(params) {
240
+ return createSignedPresentation(params.keyPair, params);
241
+ }
242
+ /**
243
+ * Verifies a verifiable presentation with delegation chain
244
+ */
245
+ async verifyPresentation(params) {
246
+ return verifyDelegatablePresentation(params.presentation, {
247
+ challenge: params.challenge,
248
+ domain: params.domain,
249
+ unsignedPresentation: params.unsignedPresentation,
250
+ failOnUnauthorizedClaims: params.failOnUnauthorizedClaims,
251
+ policies: params.policies,
252
+ });
253
+ }
254
+ /**
255
+ * Creates a Cedar policy for delegation verification
256
+ */
257
+ createPolicy(params) {
258
+ return createCedarPolicy(params);
259
+ }
260
+ }
261
+ const delegatableCredentialsService = new DelegatableCredentialsService();
262
+
263
+ export { DELEGATION_CONTEXT_TERMS, DELEGATION_ENGINE_NS, PRESENTATION_CONTEXT, W3C_CREDENTIALS_V1, createCedarPolicy, createSignedPresentation, createUnsignedPresentation, delegatableCredentialsService, issueDelegatedCredential, issueDelegationCredential, verifyDelegatablePresentation };
@@ -3,6 +3,9 @@
3
3
  Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
5
  var services_credential_service = require('./service.js');
6
+ var services_credential_delegatableCredentials = require('./delegatable-credentials.js');
7
+ var cedar = require('@cedar-policy/cedar-wasm/nodejs');
8
+ var vcDelegationEngine = require('@docknetwork/vc-delegation-engine');
6
9
  require('./config.js');
7
10
  require('assert');
8
11
  require('@docknetwork/crypto-wasm-ts');
@@ -27,6 +30,17 @@ require('@scure/bip39');
27
30
  require('@scure/bip39/wordlists/english');
28
31
  require('../util-crypto/configs.js');
29
32
  require('@docknetwork/credential-sdk/types');
33
+ require('../blockchain/cached-did-resolver.js');
34
+ require('../storage/index.js');
35
+ require('../storage/service.js');
36
+ require('../storage/service-rpc.js');
37
+ require('../rpc-service-client.js');
38
+ require('../../rpc-client.js');
39
+ require('json-rpc-2.0');
40
+ require('../../core/crypto.js');
41
+ require('crypto');
42
+ require('../../logger.js');
43
+ require('../../rpc-util.js');
30
44
  require('./bound-check.js');
31
45
  require('@docknetwork/crypto-wasm-ts/lib/legosnark');
32
46
  require('base64url');
@@ -45,9 +59,48 @@ require('@digitalbazaar/x25519-key-agreement-key-2019');
45
59
  require('@digitalbazaar/ed25519-verification-key-2018');
46
60
  require('@digitalbazaar/ed25519-verification-key-2020');
47
61
  require('../dids/keypair-utils.js');
62
+ require('./sd-jwt.js');
63
+ require('@sd-jwt/sd-jwt-vc');
64
+ require('@sd-jwt/crypto-nodejs');
65
+
66
+ function _interopNamespace(e) {
67
+ if (e && e.__esModule) return e;
68
+ var n = Object.create(null);
69
+ if (e) {
70
+ Object.keys(e).forEach(function (k) {
71
+ if (k !== 'default') {
72
+ var d = Object.getOwnPropertyDescriptor(e, k);
73
+ Object.defineProperty(n, k, d.get ? d : {
74
+ enumerable: true,
75
+ get: function () { return e[k]; }
76
+ });
77
+ }
78
+ });
79
+ }
80
+ n["default"] = e;
81
+ return Object.freeze(n);
82
+ }
83
+
84
+ var cedar__namespace = /*#__PURE__*/_interopNamespace(cedar);
48
85
 
49
86
  // @ts-nocheck
50
87
  // TODO: rename it to credentialService, will need to update dock-app
51
88
  const credentialServiceRPC = services_credential_service.credentialService;
52
89
 
90
+ exports.DELEGATION_CONTEXT_TERMS = services_credential_delegatableCredentials.DELEGATION_CONTEXT_TERMS;
91
+ exports.DELEGATION_ENGINE_NS = services_credential_delegatableCredentials.DELEGATION_ENGINE_NS;
92
+ exports.PRESENTATION_CONTEXT = services_credential_delegatableCredentials.PRESENTATION_CONTEXT;
93
+ exports.W3C_CREDENTIALS_V1 = services_credential_delegatableCredentials.W3C_CREDENTIALS_V1;
94
+ exports.createCedarPolicy = services_credential_delegatableCredentials.createCedarPolicy;
95
+ exports.createSignedPresentation = services_credential_delegatableCredentials.createSignedPresentation;
96
+ exports.createUnsignedPresentation = services_credential_delegatableCredentials.createUnsignedPresentation;
97
+ exports.delegatableCredentialsService = services_credential_delegatableCredentials.delegatableCredentialsService;
98
+ exports.issueDelegatedCredential = services_credential_delegatableCredentials.issueDelegatedCredential;
99
+ exports.issueDelegationCredential = services_credential_delegatableCredentials.issueDelegationCredential;
100
+ exports.verifyDelegatablePresentation = services_credential_delegatableCredentials.verifyDelegatablePresentation;
101
+ exports.cedar = cedar__namespace;
102
+ Object.defineProperty(exports, 'MAY_CLAIM_IRI', {
103
+ enumerable: true,
104
+ get: function () { return vcDelegationEngine.MAY_CLAIM_IRI; }
105
+ });
53
106
  exports.credentialServiceRPC = credentialServiceRPC;
@@ -1,4 +1,8 @@
1
1
  import { credentialService } from './service.mjs';
2
+ export { DELEGATION_CONTEXT_TERMS, DELEGATION_ENGINE_NS, PRESENTATION_CONTEXT, W3C_CREDENTIALS_V1, createCedarPolicy, createSignedPresentation, createUnsignedPresentation, delegatableCredentialsService, issueDelegatedCredential, issueDelegationCredential, verifyDelegatablePresentation } from './delegatable-credentials.mjs';
3
+ import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
4
+ export { cedar };
5
+ export { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
2
6
  import './config.mjs';
3
7
  import 'assert';
4
8
  import '@docknetwork/crypto-wasm-ts';
@@ -23,6 +27,17 @@ import '@scure/bip39';
23
27
  import '@scure/bip39/wordlists/english';
24
28
  import '../util-crypto/configs.mjs';
25
29
  import '@docknetwork/credential-sdk/types';
30
+ import '../blockchain/cached-did-resolver.mjs';
31
+ import '../storage/index.mjs';
32
+ import '../storage/service.mjs';
33
+ import '../storage/service-rpc.mjs';
34
+ import '../rpc-service-client.mjs';
35
+ import '../../rpc-client.mjs';
36
+ import 'json-rpc-2.0';
37
+ import '../../core/crypto.mjs';
38
+ import 'crypto';
39
+ import '../../logger.mjs';
40
+ import '../../rpc-util.mjs';
26
41
  import './bound-check.mjs';
27
42
  import '@docknetwork/crypto-wasm-ts/lib/legosnark';
28
43
  import 'base64url';
@@ -41,6 +56,9 @@ import '@digitalbazaar/x25519-key-agreement-key-2019';
41
56
  import '@digitalbazaar/ed25519-verification-key-2018';
42
57
  import '@digitalbazaar/ed25519-verification-key-2020';
43
58
  import '../dids/keypair-utils.mjs';
59
+ import './sd-jwt.mjs';
60
+ import '@sd-jwt/sd-jwt-vc';
61
+ import '@sd-jwt/crypto-nodejs';
44
62
 
45
63
  // @ts-nocheck
46
64
  // TODO: rename it to credentialService, will need to update dock-app
@@ -9,10 +9,10 @@ const EPSILON_INT = 1;
9
9
 
10
10
  const MAX_DATE_PLACEHOLDER = 884541351600000;
11
11
  const MIN_DATE_PLACEHOLDER = -17592186044415;
12
- const MAX_INTEGER = 100 ** 9;
13
- const MIN_INTEGER = -4294967295;
14
- const MAX_NUMBER = 100 ** 5;
15
- const MIN_NUMBER = -4294967294;
12
+ const MAX_INTEGER = Number.MAX_SAFE_INTEGER;
13
+ const MIN_INTEGER = Number.MIN_SAFE_INTEGER;
14
+ const MAX_NUMBER = Number.MAX_SAFE_INTEGER;
15
+ const MIN_NUMBER = Number.MIN_SAFE_INTEGER;
16
16
 
17
17
  /*
18
18
  PEX Filter rules: