@docknetwork/wallet-sdk-wasm 1.5.14 → 1.7.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. package/generate-docs.js +49 -0
  2. package/jsdoc.conf.json +29 -6
  3. package/lib/index.js +9 -1
  4. package/lib/index.mjs +9 -1
  5. package/lib/modules/network-manager.js +15 -12
  6. package/lib/modules/network-manager.mjs +15 -12
  7. package/lib/rpc-server.js +11 -1
  8. package/lib/rpc-server.mjs +11 -1
  9. package/lib/services/blockchain/cached-did-resolver.js +113 -0
  10. package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
  11. package/lib/services/blockchain/index.js +11 -0
  12. package/lib/services/blockchain/index.mjs +11 -0
  13. package/lib/services/blockchain/service-rpc.js +12 -0
  14. package/lib/services/blockchain/service-rpc.mjs +12 -0
  15. package/lib/services/blockchain/service.js +161 -19
  16. package/lib/services/blockchain/service.mjs +162 -20
  17. package/lib/services/credential/bbs-revocation.js +11 -0
  18. package/lib/services/credential/bbs-revocation.mjs +11 -0
  19. package/lib/services/credential/bound-check.js +1 -1
  20. package/lib/services/credential/bound-check.mjs +1 -1
  21. package/lib/services/credential/config.js +4 -1
  22. package/lib/services/credential/config.mjs +4 -1
  23. package/lib/services/credential/delegatable-credentials.js +300 -0
  24. package/lib/services/credential/delegatable-credentials.mjs +263 -0
  25. package/lib/services/credential/index.js +53 -0
  26. package/lib/services/credential/index.mjs +18 -0
  27. package/lib/services/credential/pex-helpers.js +4 -4
  28. package/lib/services/credential/pex-helpers.mjs +4 -4
  29. package/lib/services/credential/sd-jwt.js +214 -0
  30. package/lib/services/credential/sd-jwt.mjs +200 -0
  31. package/lib/services/credential/service-rpc.js +9 -0
  32. package/lib/services/credential/service-rpc.mjs +9 -0
  33. package/lib/services/credential/service.js +324 -7
  34. package/lib/services/credential/service.mjs +324 -7
  35. package/lib/services/edv/index.js +1 -0
  36. package/lib/services/edv/index.mjs +1 -0
  37. package/lib/services/edv/service-rpc.js +23 -0
  38. package/lib/services/edv/service-rpc.mjs +23 -0
  39. package/lib/services/edv/service.js +226 -2
  40. package/lib/services/edv/service.mjs +223 -3
  41. package/lib/services/index.js +14 -0
  42. package/lib/services/index.mjs +14 -0
  43. package/lib/services/pex/config.js +4 -0
  44. package/lib/services/pex/config.mjs +4 -0
  45. package/lib/services/pex/service-rpc.js +4 -0
  46. package/lib/services/pex/service-rpc.mjs +4 -0
  47. package/lib/services/pex/service.js +7 -0
  48. package/lib/services/pex/service.mjs +7 -0
  49. package/lib/services/relay-service/service.js +124 -1
  50. package/lib/services/relay-service/service.mjs +124 -1
  51. package/lib/services/rpc-service-client.js +0 -3
  52. package/lib/services/rpc-service-client.mjs +0 -3
  53. package/lib/services/storage/index.js +19 -2
  54. package/lib/services/storage/index.mjs +24 -1
  55. package/lib/services/storage/service-rpc.js +7 -3
  56. package/lib/services/storage/service-rpc.mjs +7 -3
  57. package/lib/services/storage/service.js +4 -0
  58. package/lib/services/storage/service.mjs +4 -0
  59. package/lib/setup-nodejs.js +9 -1
  60. package/lib/setup-nodejs.mjs +9 -1
  61. package/lib/setup-tests.js +9 -1
  62. package/lib/setup-tests.mjs +9 -1
  63. package/lib/src/modules/event-manager.d.ts +0 -1
  64. package/lib/src/modules/event-manager.d.ts.map +1 -1
  65. package/lib/src/modules/network-manager.d.ts +2 -4
  66. package/lib/src/modules/network-manager.d.ts.map +1 -1
  67. package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
  68. package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
  69. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
  70. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
  71. package/lib/src/services/blockchain/configs.d.ts +1 -2
  72. package/lib/src/services/blockchain/configs.d.ts.map +1 -1
  73. package/lib/src/services/blockchain/service.d.ts +117 -19
  74. package/lib/src/services/blockchain/service.d.ts.map +1 -1
  75. package/lib/src/services/credential/bbs-revocation.d.ts +1 -1
  76. package/lib/src/services/credential/bbs-revocation.d.ts.map +1 -1
  77. package/lib/src/services/credential/bound-check.d.ts.map +1 -1
  78. package/lib/src/services/credential/config.d.ts.map +1 -1
  79. package/lib/src/services/credential/delegatable-credentials.d.ts +272 -0
  80. package/lib/src/services/credential/delegatable-credentials.d.ts.map +1 -0
  81. package/lib/src/services/credential/index.d.ts +4 -0
  82. package/lib/src/services/credential/index.d.ts.map +1 -1
  83. package/lib/src/services/credential/pex-helpers.d.ts +2 -2
  84. package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
  85. package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
  86. package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
  87. package/lib/src/services/credential/service.d.ts +274 -4
  88. package/lib/src/services/credential/service.d.ts.map +1 -1
  89. package/lib/src/services/dids/keypair-utils.d.ts +2 -2
  90. package/lib/src/services/dids/keypair-utils.d.ts.map +1 -1
  91. package/lib/src/services/dids/service.d.ts +35 -3
  92. package/lib/src/services/dids/service.d.ts.map +1 -1
  93. package/lib/src/services/edv/service.d.ts +201 -2
  94. package/lib/src/services/edv/service.d.ts.map +1 -1
  95. package/lib/src/services/pex/config.d.ts +1 -0
  96. package/lib/src/services/pex/config.d.ts.map +1 -1
  97. package/lib/src/services/pex/service.d.ts +1 -0
  98. package/lib/src/services/pex/service.d.ts.map +1 -1
  99. package/lib/src/services/relay-service/service.d.ts +148 -8
  100. package/lib/src/services/relay-service/service.d.ts.map +1 -1
  101. package/lib/src/services/rpc-service-client.d.ts +2 -2
  102. package/lib/src/services/rpc-service-client.d.ts.map +1 -1
  103. package/lib/src/services/storage/index.d.ts +1 -1
  104. package/lib/src/services/storage/index.d.ts.map +1 -1
  105. package/lib/src/services/storage/service-rpc.d.ts +9 -0
  106. package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
  107. package/lib/src/services/storage/service.d.ts +1 -0
  108. package/lib/src/services/storage/service.d.ts.map +1 -1
  109. package/lib/src/services/util-crypto/service.d.ts +2 -2
  110. package/lib/src/services/util-crypto/service.d.ts.map +1 -1
  111. package/lib/tsconfig.tsbuildinfo +1 -1
  112. package/lib/wallet/rpc-storage-interface.js +13 -3
  113. package/lib/wallet/rpc-storage-interface.mjs +11 -1
  114. package/lib/wallet/rpc-storage-wallet.js +10 -0
  115. package/lib/wallet/rpc-storage-wallet.mjs +10 -0
  116. package/package.json +29 -16
  117. package/rollup.config.mjs +5 -3
  118. package/src/globals.d.ts +3 -0
  119. package/src/modules/network-manager.ts +15 -14
  120. package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
  121. package/src/services/blockchain/cached-did-resolver.ts +126 -0
  122. package/src/services/blockchain/configs.ts +1 -2
  123. package/src/services/blockchain/service-rpc.js +12 -0
  124. package/src/services/blockchain/service.ts +167 -20
  125. package/src/services/credential/bound-check.ts +1 -1
  126. package/src/services/credential/config.ts +7 -1
  127. package/src/services/credential/delegatable-credentials.ts +409 -0
  128. package/src/services/credential/index.ts +16 -0
  129. package/src/services/credential/pex-helpers.js +4 -4
  130. package/src/services/credential/pex-helpers.test.js +2 -2
  131. package/src/services/credential/sd-jwt.test.ts +718 -0
  132. package/src/services/credential/sd-jwt.ts +231 -0
  133. package/src/services/credential/service-rpc.js +9 -0
  134. package/src/services/credential/service.ts +328 -7
  135. package/src/services/edv/index.test.js +229 -0
  136. package/src/services/edv/service-rpc.js +23 -0
  137. package/src/services/edv/service.ts +272 -1
  138. package/src/services/pex/config.ts +4 -0
  139. package/src/services/pex/service-rpc.js +4 -0
  140. package/src/services/pex/service.ts +13 -0
  141. package/src/services/pex/tests/pex-service.test.js +210 -0
  142. package/src/services/relay-service/service.ts +130 -1
  143. package/src/services/rpc-service-client.js +0 -3
  144. package/src/services/storage/index.js +15 -1
  145. package/src/services/storage/service-rpc.js +7 -3
  146. package/src/services/storage/service.ts +5 -0
@@ -12,9 +12,10 @@ var keypairs = require('@docknetwork/universal-wallet/methods/keypairs');
12
12
  var logger = require('@docknetwork/wallet-sdk-data-store/lib/logger');
13
13
  var services_dids_service = require('../dids/service.js');
14
14
  var keypairs$1 = require('@docknetwork/credential-sdk/keypairs');
15
+ var hkdf = require('futoin-hkdf');
16
+ var crypto = require('@docknetwork/universal-wallet/crypto');
15
17
  require('assert');
16
18
  require('base64url-universal');
17
- require('@docknetwork/universal-wallet/crypto');
18
19
  require('@docknetwork/wallet-sdk-dids/lib');
19
20
  require('../dids/config.js');
20
21
  require('base64url');
@@ -28,10 +29,17 @@ require('../dids/keypair-utils.js');
28
29
  function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
29
30
 
30
31
  var EDVHTTPStorageInterface__default = /*#__PURE__*/_interopDefaultLegacy(EDVHTTPStorageInterface);
32
+ var hkdf__default = /*#__PURE__*/_interopDefaultLegacy(hkdf);
33
+ var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
31
34
 
32
35
  // @ts-nocheck
36
+ const HKDF_LENGTH = 32;
37
+ const HKDF_HASH = 'SHA-256';
33
38
  /**
34
- * EDVService
39
+ * Service class for managing Encrypted Data Vaults
40
+ * @class
41
+ * @description Provides methods for creating, managing, and interacting with
42
+ * encrypted data vaults for secure storage of sensitive wallet data
35
43
  */
36
44
  class EDVService {
37
45
  storageInterface;
@@ -46,10 +54,37 @@ class EDVService {
46
54
  EDVService.prototype.update,
47
55
  EDVService.prototype.insert,
48
56
  EDVService.prototype.delete,
57
+ EDVService.prototype.deriveBiometricKey,
58
+ EDVService.prototype.deriveBiometricEncryptionKey,
59
+ EDVService.prototype.encryptMasterKey,
60
+ EDVService.prototype.decryptMasterKey,
49
61
  ];
62
+ /**
63
+ * Creates a new EDVService instance
64
+ * @constructor
65
+ */
50
66
  constructor() {
51
67
  this.name = services_edv_configs.serviceName;
52
68
  }
69
+ /**
70
+ * Initializes the EDV service with encryption keys and connection parameters
71
+ * @param {InitializeEDVParams} params - Initialization parameters
72
+ * @param {Object} params.hmacKey - HMAC key for document indexing
73
+ * @param {Object} params.agreementKey - Key agreement key for encryption
74
+ * @param {Object} params.verificationKey - Verification key for authentication
75
+ * @param {string} params.edvUrl - URL of the EDV server
76
+ * @param {string} params.authKey - Authentication key for the EDV server
77
+ * @returns {Promise<void>}
78
+ * @throws {Error} If unable to create or connect to EDV
79
+ * @example
80
+ * await edvService.initialize({
81
+ * hmacKey: hmacKeyData,
82
+ * agreementKey: agreementKeyData,
83
+ * verificationKey: verificationKeyData,
84
+ * edvUrl: 'https://edv.example.com',
85
+ * authKey: 'auth-token-123'
86
+ * });
87
+ */
53
88
  async initialize({ hmacKey, agreementKey, verificationKey, edvUrl, authKey, }) {
54
89
  const hmac = await services_edv_hmac.create({
55
90
  key: hmacKey,
@@ -97,6 +132,21 @@ class EDVService {
97
132
  attribute: 'content.type',
98
133
  });
99
134
  }
135
+ /**
136
+ * Generates new cryptographic keys for EDV operations
137
+ * @returns {Promise<Object>} Generated keys
138
+ * @returns {Object} returns.verificationKey - Ed25519 verification key for authentication
139
+ * @returns {Object} returns.agreementKey - X25519 key agreement key for encryption
140
+ * @returns {Object} returns.hmacKey - HMAC key for indexing
141
+ * @example
142
+ * const keys = await edvService.generateKeys();
143
+ * // Use keys for EDV initialization
144
+ * await edvService.initialize({
145
+ * ...keys,
146
+ * edvUrl: 'https://edv.example.com',
147
+ * authKey: 'auth-token'
148
+ * });
149
+ */
100
150
  async generateKeys() {
101
151
  const keyPair = await services_dids_service.didService.generateKeyDoc({});
102
152
  const verificationKey = await ed25519VerificationKey2018.Ed25519VerificationKey2018.generate({
@@ -109,6 +159,17 @@ class EDVService {
109
159
  const hmacKey = await services_edv_hmac.exportKey(await services_edv_hmac.generateKey());
110
160
  return { verificationKey, agreementKey, hmacKey };
111
161
  }
162
+ /**
163
+ * Derives cryptographic keys from a master key
164
+ * @param {Uint8Array} masterKey - Master key for derivation
165
+ * @returns {Promise<Object>} Derived keys
166
+ * @returns {Object} returns.verificationKey - Derived Ed25519 verification key
167
+ * @returns {Object} returns.agreementKey - Derived X25519 key agreement key
168
+ * @returns {Object} returns.hmacKey - Derived HMAC key
169
+ * @example
170
+ * const masterKey = new Uint8Array(32); // Your master key
171
+ * const keys = await edvService.deriveKeys(masterKey);
172
+ */
112
173
  async deriveKeys(masterKey) {
113
174
  const { keyPair: pair } = new keypairs$1.Ed25519Keypair(masterKey, 'seed');
114
175
  const keyPair = await services_dids_service.didService.deriveKeyDoc({ pair });
@@ -118,15 +179,63 @@ class EDVService {
118
179
  const hmacKey = await services_edv_hmac.exportKey(await services_edv_hmac.deriveKey(masterKey));
119
180
  return { verificationKey, agreementKey, hmacKey };
120
181
  }
182
+ /**
183
+ * Gets the controller identifier for the current EDV
184
+ * @returns {Promise<string>} The controller DID or identifier
185
+ * @example
186
+ * const controller = await edvService.getController();
187
+ * console.log('EDV Controller:', controller);
188
+ */
121
189
  async getController() {
122
190
  return this.controller;
123
191
  }
192
+ /**
193
+ * Finds documents in the EDV based on query parameters
194
+ * @param {Object} params - Query parameters
195
+ * @param {Object} [params.equals] - Equality-based query conditions
196
+ * @param {boolean} [params.has] - Existence-based query conditions
197
+ * @param {number} [params.limit] - Maximum number of results
198
+ * @returns {Promise<Array>} Array of matching documents
199
+ * @example
200
+ * const documents = await edvService.find({
201
+ * equals: { 'content.type': 'VerifiableCredential' },
202
+ * limit: 10
203
+ * });
204
+ */
124
205
  find(params) {
125
206
  return this.storageInterface.find(params);
126
207
  }
208
+ /**
209
+ * Updates a document in the EDV
210
+ * @param {Object} params - Update parameters
211
+ * @param {string} params.id - Document ID to update
212
+ * @param {Object} params.content - New document content
213
+ * @returns {Promise<Object>} Updated document
214
+ * @example
215
+ * const updated = await edvService.update({
216
+ * id: 'doc-123',
217
+ * content: { ...existingContent, updated: true }
218
+ * });
219
+ */
127
220
  update(params) {
128
221
  return this.storageInterface.update(params);
129
222
  }
223
+ /**
224
+ * Inserts a new document into the EDV
225
+ * @param {Object} params - Insert parameters
226
+ * @param {string} params.id - Document ID
227
+ * @param {Object} params.content - Document content to store
228
+ * @returns {Promise<Object>} The inserted document
229
+ * @throws {Error} If insertion fails
230
+ * @example
231
+ * const document = await edvService.insert({
232
+ * id: 'doc-456',
233
+ * content: {
234
+ * type: 'VerifiableCredential',
235
+ * data: credentialData
236
+ * }
237
+ * });
238
+ */
130
239
  insert(params) {
131
240
  this.insertQueue = this.insertQueue.then(() => {
132
241
  return this.storageInterface.insert(params).catch(error => {
@@ -136,11 +245,126 @@ class EDVService {
136
245
  });
137
246
  return this.insertQueue;
138
247
  }
248
+ /**
249
+ * Deletes a document from the EDV
250
+ * @param {Object} params - Deletion parameters
251
+ * @param {string} params.id - Document ID to delete
252
+ * @returns {Promise<boolean>} True if deletion successful
253
+ * @example
254
+ * const deleted = await edvService.delete({
255
+ * id: 'doc-123'
256
+ * });
257
+ */
139
258
  delete(params) {
140
259
  return this.storageInterface.delete(params);
141
260
  }
261
+ /**
262
+ * Derives a key from biometric data using HKDF
263
+ * @param {Buffer} biometricData - Biometric data from provider
264
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
265
+ * @returns {Buffer} Derived key
266
+ * @example
267
+ * const key = edvService.deriveBiometricKey(biometricData, 'user@example.com');
268
+ */
269
+ deriveBiometricKey(biometricData, identifier) {
270
+ const salt = identifier;
271
+ return hkdf__default["default"](biometricData, HKDF_LENGTH, { salt, hash: HKDF_HASH });
272
+ }
273
+ /**
274
+ * Generates a key for encrypting/decrypting the master key
275
+ * @param {Buffer} biometricData - Biometric data from provider
276
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
277
+ * @returns {Promise<Object>} Encryption key and IV for AES encryption
278
+ * @returns {Buffer} returns.key - Encryption key
279
+ * @returns {Buffer} returns.iv - Initialization vector
280
+ * @example
281
+ * const { key, iv } = await edvService.deriveBiometricEncryptionKey(biometricData, 'user@example.com');
282
+ */
283
+ async deriveBiometricEncryptionKey(biometricData, identifier) {
284
+ const key = this.deriveBiometricKey(biometricData, identifier);
285
+ const randomBytes = crypto__default["default"].getRandomValues(new Uint8Array(16));
286
+ const iv = Buffer.from(randomBytes);
287
+ return {
288
+ key,
289
+ iv
290
+ };
291
+ }
292
+ /**
293
+ * Encrypts the master key using a key derived from biometric data
294
+ * @param {Uint8Array} masterKey - The CloudWalletVault master key to encrypt
295
+ * @param {Buffer} encryptionKey - Key derived from biometric data
296
+ * @param {Buffer} iv - Initialization vector
297
+ * @returns {Promise<Uint8Array>} Encrypted master key
298
+ * @example
299
+ * const encrypted = await edvService.encryptMasterKey(masterKey, encryptionKey, iv);
300
+ */
301
+ async encryptMasterKey(masterKey, encryptionKey, iv) {
302
+ const keyData = new Uint8Array(encryptionKey);
303
+ const ivData = new Uint8Array(iv);
304
+ const key = await crypto__default["default"].subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['encrypt']);
305
+ const encryptedBuffer = await crypto__default["default"].subtle.encrypt({ name: 'AES-GCM', iv: ivData }, key, masterKey);
306
+ return new Uint8Array(encryptedBuffer);
307
+ }
308
+ /**
309
+ * Decrypts the master key using biometric-derived key
310
+ * @param {Uint8Array} encryptedKey - The encrypted master key
311
+ * @param {Buffer} decryptionKey - Key derived from biometric data
312
+ * @param {Buffer} iv - Initialization vector
313
+ * @returns {Promise<Uint8Array>} The decrypted master key
314
+ * @throws {Error} If decryption fails
315
+ * @example
316
+ * const masterKey = await edvService.decryptMasterKey(encryptedKey, decryptionKey, iv);
317
+ */
318
+ async decryptMasterKey(encryptedKey, decryptionKey, iv) {
319
+ try {
320
+ const keyData = new Uint8Array(decryptionKey);
321
+ const ivData = new Uint8Array(iv);
322
+ const key = await crypto__default["default"].subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['decrypt']);
323
+ const decryptedBuffer = await crypto__default["default"].subtle.decrypt({ name: 'AES-GCM', iv: ivData }, key, encryptedKey);
324
+ return new Uint8Array(decryptedBuffer);
325
+ }
326
+ catch (error) {
327
+ throw new Error('Decryption failed: Invalid key or corrupted data');
328
+ }
329
+ }
142
330
  }
331
+ /**
332
+ * Singleton instance of the EDV service
333
+ * @type {EDVService}
334
+ * @example
335
+ * import { edvService } from '@docknetwork/wallet-sdk-wasm/services/edv';
336
+ *
337
+ * // Generate keys and initialize
338
+ * const keys = await edvService.generateKeys();
339
+ * await edvService.initialize({
340
+ * ...keys,
341
+ * edvUrl: 'https://edv.example.com',
342
+ * authKey: 'auth-token'
343
+ * });
344
+ *
345
+ * // Store encrypted data
346
+ * await edvService.insert({
347
+ * id: 'credential-1',
348
+ * content: {
349
+ * type: 'VerifiableCredential',
350
+ * data: credentialData
351
+ * }
352
+ * });
353
+ *
354
+ * // Query encrypted data
355
+ * const credentials = await edvService.find({
356
+ * equals: { 'content.type': 'VerifiableCredential' }
357
+ * });
358
+ *
359
+ * // Update encrypted data
360
+ * await edvService.update({
361
+ * id: 'credential-1',
362
+ * content: updatedData
363
+ * });
364
+ */
143
365
  const edvService = new EDVService();
144
366
 
145
367
  exports.EDVService = EDVService;
368
+ exports.HKDF_HASH = HKDF_HASH;
369
+ exports.HKDF_LENGTH = HKDF_LENGTH;
146
370
  exports.edvService = edvService;
@@ -8,9 +8,10 @@ import { getKeypairFromDoc } from '@docknetwork/universal-wallet/methods/keypair
8
8
  import { logger } from '@docknetwork/wallet-sdk-data-store/lib/logger';
9
9
  import { didService } from '../dids/service.mjs';
10
10
  import { Ed25519Keypair } from '@docknetwork/credential-sdk/keypairs';
11
+ import hkdf from 'futoin-hkdf';
12
+ import crypto from '@docknetwork/universal-wallet/crypto';
11
13
  import 'assert';
12
14
  import 'base64url-universal';
13
- import '@docknetwork/universal-wallet/crypto';
14
15
  import '@docknetwork/wallet-sdk-dids/lib';
15
16
  import '../dids/config.mjs';
16
17
  import 'base64url';
@@ -22,8 +23,13 @@ import '@digitalbazaar/x25519-key-agreement-key-2019';
22
23
  import '../dids/keypair-utils.mjs';
23
24
 
24
25
  // @ts-nocheck
26
+ const HKDF_LENGTH = 32;
27
+ const HKDF_HASH = 'SHA-256';
25
28
  /**
26
- * EDVService
29
+ * Service class for managing Encrypted Data Vaults
30
+ * @class
31
+ * @description Provides methods for creating, managing, and interacting with
32
+ * encrypted data vaults for secure storage of sensitive wallet data
27
33
  */
28
34
  class EDVService {
29
35
  storageInterface;
@@ -38,10 +44,37 @@ class EDVService {
38
44
  EDVService.prototype.update,
39
45
  EDVService.prototype.insert,
40
46
  EDVService.prototype.delete,
47
+ EDVService.prototype.deriveBiometricKey,
48
+ EDVService.prototype.deriveBiometricEncryptionKey,
49
+ EDVService.prototype.encryptMasterKey,
50
+ EDVService.prototype.decryptMasterKey,
41
51
  ];
52
+ /**
53
+ * Creates a new EDVService instance
54
+ * @constructor
55
+ */
42
56
  constructor() {
43
57
  this.name = serviceName;
44
58
  }
59
+ /**
60
+ * Initializes the EDV service with encryption keys and connection parameters
61
+ * @param {InitializeEDVParams} params - Initialization parameters
62
+ * @param {Object} params.hmacKey - HMAC key for document indexing
63
+ * @param {Object} params.agreementKey - Key agreement key for encryption
64
+ * @param {Object} params.verificationKey - Verification key for authentication
65
+ * @param {string} params.edvUrl - URL of the EDV server
66
+ * @param {string} params.authKey - Authentication key for the EDV server
67
+ * @returns {Promise<void>}
68
+ * @throws {Error} If unable to create or connect to EDV
69
+ * @example
70
+ * await edvService.initialize({
71
+ * hmacKey: hmacKeyData,
72
+ * agreementKey: agreementKeyData,
73
+ * verificationKey: verificationKeyData,
74
+ * edvUrl: 'https://edv.example.com',
75
+ * authKey: 'auth-token-123'
76
+ * });
77
+ */
45
78
  async initialize({ hmacKey, agreementKey, verificationKey, edvUrl, authKey, }) {
46
79
  const hmac = await HMAC.create({
47
80
  key: hmacKey,
@@ -89,6 +122,21 @@ class EDVService {
89
122
  attribute: 'content.type',
90
123
  });
91
124
  }
125
+ /**
126
+ * Generates new cryptographic keys for EDV operations
127
+ * @returns {Promise<Object>} Generated keys
128
+ * @returns {Object} returns.verificationKey - Ed25519 verification key for authentication
129
+ * @returns {Object} returns.agreementKey - X25519 key agreement key for encryption
130
+ * @returns {Object} returns.hmacKey - HMAC key for indexing
131
+ * @example
132
+ * const keys = await edvService.generateKeys();
133
+ * // Use keys for EDV initialization
134
+ * await edvService.initialize({
135
+ * ...keys,
136
+ * edvUrl: 'https://edv.example.com',
137
+ * authKey: 'auth-token'
138
+ * });
139
+ */
92
140
  async generateKeys() {
93
141
  const keyPair = await didService.generateKeyDoc({});
94
142
  const verificationKey = await Ed25519VerificationKey2018.generate({
@@ -101,6 +149,17 @@ class EDVService {
101
149
  const hmacKey = await HMAC.exportKey(await HMAC.generateKey());
102
150
  return { verificationKey, agreementKey, hmacKey };
103
151
  }
152
+ /**
153
+ * Derives cryptographic keys from a master key
154
+ * @param {Uint8Array} masterKey - Master key for derivation
155
+ * @returns {Promise<Object>} Derived keys
156
+ * @returns {Object} returns.verificationKey - Derived Ed25519 verification key
157
+ * @returns {Object} returns.agreementKey - Derived X25519 key agreement key
158
+ * @returns {Object} returns.hmacKey - Derived HMAC key
159
+ * @example
160
+ * const masterKey = new Uint8Array(32); // Your master key
161
+ * const keys = await edvService.deriveKeys(masterKey);
162
+ */
104
163
  async deriveKeys(masterKey) {
105
164
  const { keyPair: pair } = new Ed25519Keypair(masterKey, 'seed');
106
165
  const keyPair = await didService.deriveKeyDoc({ pair });
@@ -110,15 +169,63 @@ class EDVService {
110
169
  const hmacKey = await HMAC.exportKey(await HMAC.deriveKey(masterKey));
111
170
  return { verificationKey, agreementKey, hmacKey };
112
171
  }
172
+ /**
173
+ * Gets the controller identifier for the current EDV
174
+ * @returns {Promise<string>} The controller DID or identifier
175
+ * @example
176
+ * const controller = await edvService.getController();
177
+ * console.log('EDV Controller:', controller);
178
+ */
113
179
  async getController() {
114
180
  return this.controller;
115
181
  }
182
+ /**
183
+ * Finds documents in the EDV based on query parameters
184
+ * @param {Object} params - Query parameters
185
+ * @param {Object} [params.equals] - Equality-based query conditions
186
+ * @param {boolean} [params.has] - Existence-based query conditions
187
+ * @param {number} [params.limit] - Maximum number of results
188
+ * @returns {Promise<Array>} Array of matching documents
189
+ * @example
190
+ * const documents = await edvService.find({
191
+ * equals: { 'content.type': 'VerifiableCredential' },
192
+ * limit: 10
193
+ * });
194
+ */
116
195
  find(params) {
117
196
  return this.storageInterface.find(params);
118
197
  }
198
+ /**
199
+ * Updates a document in the EDV
200
+ * @param {Object} params - Update parameters
201
+ * @param {string} params.id - Document ID to update
202
+ * @param {Object} params.content - New document content
203
+ * @returns {Promise<Object>} Updated document
204
+ * @example
205
+ * const updated = await edvService.update({
206
+ * id: 'doc-123',
207
+ * content: { ...existingContent, updated: true }
208
+ * });
209
+ */
119
210
  update(params) {
120
211
  return this.storageInterface.update(params);
121
212
  }
213
+ /**
214
+ * Inserts a new document into the EDV
215
+ * @param {Object} params - Insert parameters
216
+ * @param {string} params.id - Document ID
217
+ * @param {Object} params.content - Document content to store
218
+ * @returns {Promise<Object>} The inserted document
219
+ * @throws {Error} If insertion fails
220
+ * @example
221
+ * const document = await edvService.insert({
222
+ * id: 'doc-456',
223
+ * content: {
224
+ * type: 'VerifiableCredential',
225
+ * data: credentialData
226
+ * }
227
+ * });
228
+ */
122
229
  insert(params) {
123
230
  this.insertQueue = this.insertQueue.then(() => {
124
231
  return this.storageInterface.insert(params).catch(error => {
@@ -128,10 +235,123 @@ class EDVService {
128
235
  });
129
236
  return this.insertQueue;
130
237
  }
238
+ /**
239
+ * Deletes a document from the EDV
240
+ * @param {Object} params - Deletion parameters
241
+ * @param {string} params.id - Document ID to delete
242
+ * @returns {Promise<boolean>} True if deletion successful
243
+ * @example
244
+ * const deleted = await edvService.delete({
245
+ * id: 'doc-123'
246
+ * });
247
+ */
131
248
  delete(params) {
132
249
  return this.storageInterface.delete(params);
133
250
  }
251
+ /**
252
+ * Derives a key from biometric data using HKDF
253
+ * @param {Buffer} biometricData - Biometric data from provider
254
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
255
+ * @returns {Buffer} Derived key
256
+ * @example
257
+ * const key = edvService.deriveBiometricKey(biometricData, 'user@example.com');
258
+ */
259
+ deriveBiometricKey(biometricData, identifier) {
260
+ const salt = identifier;
261
+ return hkdf(biometricData, HKDF_LENGTH, { salt, hash: HKDF_HASH });
262
+ }
263
+ /**
264
+ * Generates a key for encrypting/decrypting the master key
265
+ * @param {Buffer} biometricData - Biometric data from provider
266
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
267
+ * @returns {Promise<Object>} Encryption key and IV for AES encryption
268
+ * @returns {Buffer} returns.key - Encryption key
269
+ * @returns {Buffer} returns.iv - Initialization vector
270
+ * @example
271
+ * const { key, iv } = await edvService.deriveBiometricEncryptionKey(biometricData, 'user@example.com');
272
+ */
273
+ async deriveBiometricEncryptionKey(biometricData, identifier) {
274
+ const key = this.deriveBiometricKey(biometricData, identifier);
275
+ const randomBytes = crypto.getRandomValues(new Uint8Array(16));
276
+ const iv = Buffer.from(randomBytes);
277
+ return {
278
+ key,
279
+ iv
280
+ };
281
+ }
282
+ /**
283
+ * Encrypts the master key using a key derived from biometric data
284
+ * @param {Uint8Array} masterKey - The CloudWalletVault master key to encrypt
285
+ * @param {Buffer} encryptionKey - Key derived from biometric data
286
+ * @param {Buffer} iv - Initialization vector
287
+ * @returns {Promise<Uint8Array>} Encrypted master key
288
+ * @example
289
+ * const encrypted = await edvService.encryptMasterKey(masterKey, encryptionKey, iv);
290
+ */
291
+ async encryptMasterKey(masterKey, encryptionKey, iv) {
292
+ const keyData = new Uint8Array(encryptionKey);
293
+ const ivData = new Uint8Array(iv);
294
+ const key = await crypto.subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['encrypt']);
295
+ const encryptedBuffer = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: ivData }, key, masterKey);
296
+ return new Uint8Array(encryptedBuffer);
297
+ }
298
+ /**
299
+ * Decrypts the master key using biometric-derived key
300
+ * @param {Uint8Array} encryptedKey - The encrypted master key
301
+ * @param {Buffer} decryptionKey - Key derived from biometric data
302
+ * @param {Buffer} iv - Initialization vector
303
+ * @returns {Promise<Uint8Array>} The decrypted master key
304
+ * @throws {Error} If decryption fails
305
+ * @example
306
+ * const masterKey = await edvService.decryptMasterKey(encryptedKey, decryptionKey, iv);
307
+ */
308
+ async decryptMasterKey(encryptedKey, decryptionKey, iv) {
309
+ try {
310
+ const keyData = new Uint8Array(decryptionKey);
311
+ const ivData = new Uint8Array(iv);
312
+ const key = await crypto.subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['decrypt']);
313
+ const decryptedBuffer = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: ivData }, key, encryptedKey);
314
+ return new Uint8Array(decryptedBuffer);
315
+ }
316
+ catch (error) {
317
+ throw new Error('Decryption failed: Invalid key or corrupted data');
318
+ }
319
+ }
134
320
  }
321
+ /**
322
+ * Singleton instance of the EDV service
323
+ * @type {EDVService}
324
+ * @example
325
+ * import { edvService } from '@docknetwork/wallet-sdk-wasm/services/edv';
326
+ *
327
+ * // Generate keys and initialize
328
+ * const keys = await edvService.generateKeys();
329
+ * await edvService.initialize({
330
+ * ...keys,
331
+ * edvUrl: 'https://edv.example.com',
332
+ * authKey: 'auth-token'
333
+ * });
334
+ *
335
+ * // Store encrypted data
336
+ * await edvService.insert({
337
+ * id: 'credential-1',
338
+ * content: {
339
+ * type: 'VerifiableCredential',
340
+ * data: credentialData
341
+ * }
342
+ * });
343
+ *
344
+ * // Query encrypted data
345
+ * const credentials = await edvService.find({
346
+ * equals: { 'content.type': 'VerifiableCredential' }
347
+ * });
348
+ *
349
+ * // Update encrypted data
350
+ * await edvService.update({
351
+ * id: 'credential-1',
352
+ * content: updatedData
353
+ * });
354
+ */
135
355
  const edvService = new EDVService();
136
356
 
137
- export { EDVService, edvService };
357
+ export { EDVService, HKDF_HASH, HKDF_LENGTH, edvService };
@@ -20,6 +20,16 @@ require('../core/logger.js');
20
20
  require('../modules/event-manager.js');
21
21
  require('assert');
22
22
  require('@docknetwork/credential-sdk/types');
23
+ require('./blockchain/cached-did-resolver.js');
24
+ require('./storage/index.js');
25
+ require('./storage/service-rpc.js');
26
+ require('./rpc-service-client.js');
27
+ require('../rpc-client.js');
28
+ require('json-rpc-2.0');
29
+ require('../core/crypto.js');
30
+ require('crypto');
31
+ require('../logger.js');
32
+ require('../rpc-util.js');
23
33
  require('../wallet/memory-storage-wallet.js');
24
34
  require('@docknetwork/universal-wallet/storage-wallet');
25
35
  require('../wallet/memory-storage-interface.js');
@@ -55,6 +65,9 @@ require('@docknetwork/crypto-wasm-ts/lib/legosnark');
55
65
  require('./credential/pex-helpers.js');
56
66
  require('@astronautlabs/jsonpath');
57
67
  require('./credential/bbs-revocation.js');
68
+ require('./credential/sd-jwt.js');
69
+ require('@sd-jwt/sd-jwt-vc');
70
+ require('@sd-jwt/crypto-nodejs');
58
71
  require('./relay-service/configs.js');
59
72
  require('@docknetwork/wallet-sdk-relay-service/lib');
60
73
  require('./pex/config.js');
@@ -64,6 +77,7 @@ require('./edv/hmac.js');
64
77
  require('base64url-universal');
65
78
  require('@docknetwork/universal-wallet/crypto');
66
79
  require('@docknetwork/wallet-sdk-data-store/lib/logger');
80
+ require('futoin-hkdf');
67
81
 
68
82
  var services = [
69
83
  services_blockchain_service.blockchainService,
@@ -18,6 +18,16 @@ import '../core/logger.mjs';
18
18
  import '../modules/event-manager.mjs';
19
19
  import 'assert';
20
20
  import '@docknetwork/credential-sdk/types';
21
+ import './blockchain/cached-did-resolver.mjs';
22
+ import './storage/index.mjs';
23
+ import './storage/service-rpc.mjs';
24
+ import './rpc-service-client.mjs';
25
+ import '../rpc-client.mjs';
26
+ import 'json-rpc-2.0';
27
+ import '../core/crypto.mjs';
28
+ import 'crypto';
29
+ import '../logger.mjs';
30
+ import '../rpc-util.mjs';
21
31
  import '../wallet/memory-storage-wallet.mjs';
22
32
  import '@docknetwork/universal-wallet/storage-wallet';
23
33
  import '../wallet/memory-storage-interface.mjs';
@@ -53,6 +63,9 @@ import '@docknetwork/crypto-wasm-ts/lib/legosnark';
53
63
  import './credential/pex-helpers.mjs';
54
64
  import '@astronautlabs/jsonpath';
55
65
  import './credential/bbs-revocation.mjs';
66
+ import './credential/sd-jwt.mjs';
67
+ import '@sd-jwt/sd-jwt-vc';
68
+ import '@sd-jwt/crypto-nodejs';
56
69
  import './relay-service/configs.mjs';
57
70
  import '@docknetwork/wallet-sdk-relay-service/lib';
58
71
  import './pex/config.mjs';
@@ -62,6 +75,7 @@ import './edv/hmac.mjs';
62
75
  import 'base64url-universal';
63
76
  import '@docknetwork/universal-wallet/crypto';
64
77
  import '@docknetwork/wallet-sdk-data-store/lib/logger';
78
+ import 'futoin-hkdf';
65
79
 
66
80
  var services = [
67
81
  blockchainService,
@@ -15,6 +15,10 @@ const validation = {
15
15
  assert__default["default"](params.credentials, 'credentials is required');
16
16
  assert__default["default"](params.presentationDefinition, 'presentationDefinition is required');
17
17
  },
18
+ evaluateCredentials: (params) => {
19
+ assert__default["default"](params.credentials, 'credentials is required');
20
+ assert__default["default"](params.presentationDefinition, 'presentationDefinition is required');
21
+ },
18
22
  evaluatePresentation: (params) => {
19
23
  assert__default["default"](params.presentation, 'presentation is required');
20
24
  assert__default["default"](params.presentationDefinition, 'presentationDefinition is required');
@@ -7,6 +7,10 @@ const validation = {
7
7
  assert(params.credentials, 'credentials is required');
8
8
  assert(params.presentationDefinition, 'presentationDefinition is required');
9
9
  },
10
+ evaluateCredentials: (params) => {
11
+ assert(params.credentials, 'credentials is required');
12
+ assert(params.presentationDefinition, 'presentationDefinition is required');
13
+ },
10
14
  evaluatePresentation: (params) => {
11
15
  assert(params.presentation, 'presentation is required');
12
16
  assert(params.presentationDefinition, 'presentationDefinition is required');