@docknetwork/wallet-sdk-wasm 1.7.0 → 1.7.7-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/lib/index.js +1 -0
  2. package/lib/index.mjs +1 -0
  3. package/lib/modules/network-manager.js +15 -12
  4. package/lib/modules/network-manager.mjs +15 -12
  5. package/lib/rpc-server.js +1 -0
  6. package/lib/rpc-server.mjs +1 -0
  7. package/lib/services/blockchain/service.js +22 -9
  8. package/lib/services/blockchain/service.mjs +23 -10
  9. package/lib/services/credential/bound-check.js +1 -1
  10. package/lib/services/credential/bound-check.mjs +1 -1
  11. package/lib/services/credential/delegatable-credentials.js +300 -0
  12. package/lib/services/credential/delegatable-credentials.mjs +263 -0
  13. package/lib/services/credential/index.js +39 -0
  14. package/lib/services/credential/index.mjs +4 -0
  15. package/lib/services/credential/pex-helpers.js +4 -4
  16. package/lib/services/credential/pex-helpers.mjs +4 -4
  17. package/lib/services/edv/index.js +1 -0
  18. package/lib/services/edv/index.mjs +1 -0
  19. package/lib/services/edv/service-rpc.js +23 -0
  20. package/lib/services/edv/service-rpc.mjs +23 -0
  21. package/lib/services/edv/service.js +81 -1
  22. package/lib/services/edv/service.mjs +78 -2
  23. package/lib/services/index.js +1 -0
  24. package/lib/services/index.mjs +1 -0
  25. package/lib/services/pex/config.js +4 -0
  26. package/lib/services/pex/config.mjs +4 -0
  27. package/lib/services/pex/service-rpc.js +4 -0
  28. package/lib/services/pex/service-rpc.mjs +4 -0
  29. package/lib/services/pex/service.js +7 -0
  30. package/lib/services/pex/service.mjs +7 -0
  31. package/lib/setup-nodejs.js +1 -0
  32. package/lib/setup-nodejs.mjs +1 -0
  33. package/lib/setup-tests.js +1 -0
  34. package/lib/setup-tests.mjs +1 -0
  35. package/lib/src/modules/event-manager.d.ts +0 -1
  36. package/lib/src/modules/event-manager.d.ts.map +1 -1
  37. package/lib/src/modules/network-manager.d.ts +2 -4
  38. package/lib/src/modules/network-manager.d.ts.map +1 -1
  39. package/lib/src/services/blockchain/configs.d.ts +1 -2
  40. package/lib/src/services/blockchain/configs.d.ts.map +1 -1
  41. package/lib/src/services/blockchain/service.d.ts +4 -3
  42. package/lib/src/services/blockchain/service.d.ts.map +1 -1
  43. package/lib/src/services/credential/bbs-revocation.d.ts +1 -1
  44. package/lib/src/services/credential/bbs-revocation.d.ts.map +1 -1
  45. package/lib/src/services/credential/bound-check.d.ts.map +1 -1
  46. package/lib/src/services/credential/delegatable-credentials.d.ts +272 -0
  47. package/lib/src/services/credential/delegatable-credentials.d.ts.map +1 -0
  48. package/lib/src/services/credential/index.d.ts +1 -0
  49. package/lib/src/services/credential/index.d.ts.map +1 -1
  50. package/lib/src/services/credential/pex-helpers.d.ts +2 -2
  51. package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
  52. package/lib/src/services/dids/keypair-utils.d.ts +2 -2
  53. package/lib/src/services/dids/keypair-utils.d.ts.map +1 -1
  54. package/lib/src/services/dids/service.d.ts +35 -3
  55. package/lib/src/services/dids/service.d.ts.map +1 -1
  56. package/lib/src/services/edv/service.d.ts +50 -1
  57. package/lib/src/services/edv/service.d.ts.map +1 -1
  58. package/lib/src/services/pex/config.d.ts +1 -0
  59. package/lib/src/services/pex/config.d.ts.map +1 -1
  60. package/lib/src/services/pex/service.d.ts +1 -0
  61. package/lib/src/services/pex/service.d.ts.map +1 -1
  62. package/lib/src/services/relay-service/service.d.ts +19 -7
  63. package/lib/src/services/relay-service/service.d.ts.map +1 -1
  64. package/lib/src/services/storage/service.d.ts.map +1 -1
  65. package/lib/src/services/util-crypto/service.d.ts +2 -2
  66. package/lib/src/services/util-crypto/service.d.ts.map +1 -1
  67. package/lib/tsconfig.tsbuildinfo +1 -1
  68. package/package.json +36 -16
  69. package/rollup.config.mjs +5 -3
  70. package/src/globals.d.ts +3 -0
  71. package/src/modules/network-manager.ts +15 -14
  72. package/src/services/blockchain/configs.ts +1 -2
  73. package/src/services/blockchain/service.ts +26 -10
  74. package/src/services/credential/bound-check.ts +1 -1
  75. package/src/services/credential/delegatable-credentials.ts +409 -0
  76. package/src/services/credential/index.ts +16 -0
  77. package/src/services/credential/pex-helpers.js +4 -4
  78. package/src/services/credential/pex-helpers.test.js +2 -2
  79. package/src/services/edv/index.test.js +229 -0
  80. package/src/services/edv/service-rpc.js +23 -0
  81. package/src/services/edv/service.ts +119 -0
  82. package/src/services/pex/config.ts +4 -0
  83. package/src/services/pex/service-rpc.js +4 -0
  84. package/src/services/pex/service.ts +13 -0
  85. package/src/services/pex/tests/pex-service.test.js +210 -0
package/lib/index.js CHANGED
@@ -80,6 +80,7 @@ require('./services/edv/hmac.js');
80
80
  require('base64url-universal');
81
81
  require('@docknetwork/universal-wallet/crypto');
82
82
  require('@docknetwork/wallet-sdk-data-store/lib/logger');
83
+ require('futoin-hkdf');
83
84
  require('winston-transport');
84
85
 
85
86
  rpcClient.initRpcClient(jsonRPCRequest => {
package/lib/index.mjs CHANGED
@@ -78,6 +78,7 @@ import './services/edv/hmac.mjs';
78
78
  import 'base64url-universal';
79
79
  import '@docknetwork/universal-wallet/crypto';
80
80
  import '@docknetwork/wallet-sdk-data-store/lib/logger';
81
+ import 'futoin-hkdf';
81
82
  import 'winston-transport';
82
83
 
83
84
  initRpcClient(jsonRPCRequest => {
@@ -9,27 +9,30 @@ function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'defau
9
9
  var assert__default = /*#__PURE__*/_interopDefaultLegacy(assert);
10
10
 
11
11
  // @ts-nocheck
12
- const SUBSTRATE_NETWORKS = {
12
+ const BLOCKCHAIN_NETWORKS = {
13
13
  mainnet: {
14
14
  name: 'Cheqd Mainnet',
15
- substrateUrl: null,
16
- addressPrefix: 22,
17
- cheqdApiUrl: 'https://mainnet.cheqd.docknode.io',
15
+ cheqdApiUrl: [
16
+ 'https://mainnet.cheqd.docknode.io',
17
+ 'https://rpc.cheqd.net',
18
+ ],
18
19
  },
19
20
  testnet: {
20
21
  name: 'Cheqd Testnet',
21
- substrateUrl: null,
22
- addressPrefix: 21,
23
- cheqdApiUrl: 'https://testnet.cheqd.docknode.io',
22
+ cheqdApiUrl: [
23
+ 'https://testnet.cheqd.docknode.io',
24
+ 'https://api.cheqd.network',
25
+ ],
24
26
  },
25
27
  local: {
26
28
  name: 'Local Node',
27
- substrateUrl: 'ws://127.0.0.1:9944',
28
- addressPrefix: 21,
29
+ cheqdApiUrl: [
30
+ 'http://localhost:8080',
31
+ ],
29
32
  },
30
33
  };
31
34
  function getNetworkInfo(networkId) {
32
- const networkInfo = SUBSTRATE_NETWORKS[networkId];
35
+ const networkInfo = BLOCKCHAIN_NETWORKS[networkId];
33
36
  assert__default["default"](!!networkInfo, `Network ${networkId} not found`);
34
37
  return networkInfo;
35
38
  }
@@ -50,7 +53,7 @@ class NetworkManager {
50
53
  * @param {string} networkId
51
54
  */
52
55
  setNetworkId(networkId) {
53
- assert__default["default"](!!SUBSTRATE_NETWORKS[networkId], `invalid networkId ${networkId}`);
56
+ assert__default["default"](!!BLOCKCHAIN_NETWORKS[networkId], `invalid networkId ${networkId}`);
54
57
  this.networkId = networkId;
55
58
  }
56
59
  /**
@@ -73,5 +76,5 @@ class NetworkManager {
73
76
  }
74
77
  }
75
78
 
79
+ exports.BLOCKCHAIN_NETWORKS = BLOCKCHAIN_NETWORKS;
76
80
  exports.NetworkManager = NetworkManager;
77
- exports.SUBSTRATE_NETWORKS = SUBSTRATE_NETWORKS;
@@ -1,27 +1,30 @@
1
1
  import assert from 'assert';
2
2
 
3
3
  // @ts-nocheck
4
- const SUBSTRATE_NETWORKS = {
4
+ const BLOCKCHAIN_NETWORKS = {
5
5
  mainnet: {
6
6
  name: 'Cheqd Mainnet',
7
- substrateUrl: null,
8
- addressPrefix: 22,
9
- cheqdApiUrl: 'https://mainnet.cheqd.docknode.io',
7
+ cheqdApiUrl: [
8
+ 'https://mainnet.cheqd.docknode.io',
9
+ 'https://rpc.cheqd.net',
10
+ ],
10
11
  },
11
12
  testnet: {
12
13
  name: 'Cheqd Testnet',
13
- substrateUrl: null,
14
- addressPrefix: 21,
15
- cheqdApiUrl: 'https://testnet.cheqd.docknode.io',
14
+ cheqdApiUrl: [
15
+ 'https://testnet.cheqd.docknode.io',
16
+ 'https://api.cheqd.network',
17
+ ],
16
18
  },
17
19
  local: {
18
20
  name: 'Local Node',
19
- substrateUrl: 'ws://127.0.0.1:9944',
20
- addressPrefix: 21,
21
+ cheqdApiUrl: [
22
+ 'http://localhost:8080',
23
+ ],
21
24
  },
22
25
  };
23
26
  function getNetworkInfo(networkId) {
24
- const networkInfo = SUBSTRATE_NETWORKS[networkId];
27
+ const networkInfo = BLOCKCHAIN_NETWORKS[networkId];
25
28
  assert(!!networkInfo, `Network ${networkId} not found`);
26
29
  return networkInfo;
27
30
  }
@@ -42,7 +45,7 @@ class NetworkManager {
42
45
  * @param {string} networkId
43
46
  */
44
47
  setNetworkId(networkId) {
45
- assert(!!SUBSTRATE_NETWORKS[networkId], `invalid networkId ${networkId}`);
48
+ assert(!!BLOCKCHAIN_NETWORKS[networkId], `invalid networkId ${networkId}`);
46
49
  this.networkId = networkId;
47
50
  }
48
51
  /**
@@ -65,4 +68,4 @@ class NetworkManager {
65
68
  }
66
69
  }
67
70
 
68
- export { NetworkManager, SUBSTRATE_NETWORKS };
71
+ export { BLOCKCHAIN_NETWORKS, NetworkManager };
package/lib/rpc-server.js CHANGED
@@ -78,6 +78,7 @@ require('./services/edv/hmac.js');
78
78
  require('base64url-universal');
79
79
  require('@docknetwork/universal-wallet/crypto');
80
80
  require('@docknetwork/wallet-sdk-data-store/lib/logger');
81
+ require('futoin-hkdf');
81
82
 
82
83
  const rpcServer = new jsonRpc2_0.JSONRPCServer();
83
84
 
@@ -76,6 +76,7 @@ import './services/edv/hmac.mjs';
76
76
  import 'base64url-universal';
77
77
  import '@docknetwork/universal-wallet/crypto';
78
78
  import '@docknetwork/wallet-sdk-data-store/lib/logger';
79
+ import 'futoin-hkdf';
79
80
 
80
81
  const rpcServer = new JSONRPCServer();
81
82
 
@@ -57,7 +57,10 @@ class BlockchainService {
57
57
  cheqdApi;
58
58
  cheqdApiUrl;
59
59
  isBlockchainReady = false;
60
- resolver;
60
+ _resolver;
61
+ get resolver() {
62
+ return this._resolver;
63
+ }
61
64
  /**
62
65
  * Event names emitted by the blockchain service
63
66
  * @static
@@ -88,7 +91,8 @@ class BlockchainService {
88
91
  this.cheqdModules = new cheqdBlockchainModules.CheqdCoreModules(this.cheqdApi);
89
92
  this.modules = new modules.MultiApiCoreModules([this.cheqdModules]);
90
93
  this.emitter = new events.EventEmitter();
91
- this.resolver = this.createDIDResolver();
94
+ // Blockchain is not ready yet, but we can use fallback resolvers
95
+ this._resolver = this.createDIDResolver();
92
96
  }
93
97
  /**
94
98
  * Gets the types and modules needed for DID or accumulator operations
@@ -148,12 +152,19 @@ class BlockchainService {
148
152
  * @private
149
153
  * @returns {CachedDIDResolver} Cached DID resolver instance
150
154
  */
151
- createDIDResolver() {
152
- const router = new AnyDIDResolver([
153
- new resolver.DIDKeyResolver(),
154
- new resolver.CoreResolver(this.modules),
155
+ createDIDResolver(isBlockchainReady) {
156
+ let resolvers = [
155
157
  new resolver.UniversalResolver(universalResolverUrl),
156
- ]);
158
+ new resolver.DIDKeyResolver(),
159
+ ];
160
+ // Add blockchain resolvers if the blockchain is ready
161
+ if (isBlockchainReady) {
162
+ resolvers = [
163
+ new resolver.CoreResolver(this.modules),
164
+ ...resolvers
165
+ ];
166
+ }
167
+ const router = new AnyDIDResolver(resolvers);
157
168
  return new services_blockchain_cachedDidResolver.CachedDIDResolver(router);
158
169
  }
159
170
  /**
@@ -193,15 +204,17 @@ class BlockchainService {
193
204
  try {
194
205
  await this.cheqdApi.init({
195
206
  wallet,
196
- url: checkdApiUrl,
207
+ urls: Array.isArray(checkdApiUrl) ? checkdApiUrl : [checkdApiUrl],
197
208
  network: cheqdNetworkId,
198
209
  });
199
210
  core_logger.Logger.info(`Cheqd initialized at: ${checkdApiUrl}`);
200
211
  }
201
212
  catch (err) {
213
+ debugger;
202
214
  core_logger.Logger.error(`Failed to initialize cheqd at: ${checkdApiUrl}`, err);
203
215
  }
204
- this.resolver = this.createDIDResolver();
216
+ // Re-create the resolver with the new blockchain connection
217
+ this._resolver = this.createDIDResolver(true);
205
218
  if (process.env.NODE_ENV !== 'test' ||
206
219
  process.env.API_MOCK_DISABLED === 'true') {
207
220
  await index.initializeWasm();
@@ -2,7 +2,7 @@ import { DirectSecp256k1HdWallet } from '@cosmjs/proto-signing';
2
2
  import { CheqdAPI } from '@docknetwork/cheqd-blockchain-api';
3
3
  import { CheqdCoreModules } from '@docknetwork/cheqd-blockchain-modules';
4
4
  import { MultiApiCoreModules } from '@docknetwork/credential-sdk/modules';
5
- import { DIDKeyResolver, CoreResolver, UniversalResolver, ResolverRouter, WILDCARD } from '@docknetwork/credential-sdk/resolver';
5
+ import { UniversalResolver, DIDKeyResolver, CoreResolver, ResolverRouter, WILDCARD } from '@docknetwork/credential-sdk/resolver';
6
6
  import { initializeWasm } from '@docknetwork/crypto-wasm-ts/lib/index';
7
7
  import { EventEmitter } from 'events';
8
8
  import { Logger } from '../../core/logger.mjs';
@@ -53,7 +53,10 @@ class BlockchainService {
53
53
  cheqdApi;
54
54
  cheqdApiUrl;
55
55
  isBlockchainReady = false;
56
- resolver;
56
+ _resolver;
57
+ get resolver() {
58
+ return this._resolver;
59
+ }
57
60
  /**
58
61
  * Event names emitted by the blockchain service
59
62
  * @static
@@ -84,7 +87,8 @@ class BlockchainService {
84
87
  this.cheqdModules = new CheqdCoreModules(this.cheqdApi);
85
88
  this.modules = new MultiApiCoreModules([this.cheqdModules]);
86
89
  this.emitter = new EventEmitter();
87
- this.resolver = this.createDIDResolver();
90
+ // Blockchain is not ready yet, but we can use fallback resolvers
91
+ this._resolver = this.createDIDResolver();
88
92
  }
89
93
  /**
90
94
  * Gets the types and modules needed for DID or accumulator operations
@@ -144,12 +148,19 @@ class BlockchainService {
144
148
  * @private
145
149
  * @returns {CachedDIDResolver} Cached DID resolver instance
146
150
  */
147
- createDIDResolver() {
148
- const router = new AnyDIDResolver([
149
- new DIDKeyResolver(),
150
- new CoreResolver(this.modules),
151
+ createDIDResolver(isBlockchainReady) {
152
+ let resolvers = [
151
153
  new UniversalResolver(universalResolverUrl),
152
- ]);
154
+ new DIDKeyResolver(),
155
+ ];
156
+ // Add blockchain resolvers if the blockchain is ready
157
+ if (isBlockchainReady) {
158
+ resolvers = [
159
+ new CoreResolver(this.modules),
160
+ ...resolvers
161
+ ];
162
+ }
163
+ const router = new AnyDIDResolver(resolvers);
153
164
  return new CachedDIDResolver(router);
154
165
  }
155
166
  /**
@@ -189,15 +200,17 @@ class BlockchainService {
189
200
  try {
190
201
  await this.cheqdApi.init({
191
202
  wallet,
192
- url: checkdApiUrl,
203
+ urls: Array.isArray(checkdApiUrl) ? checkdApiUrl : [checkdApiUrl],
193
204
  network: cheqdNetworkId,
194
205
  });
195
206
  Logger.info(`Cheqd initialized at: ${checkdApiUrl}`);
196
207
  }
197
208
  catch (err) {
209
+ debugger;
198
210
  Logger.error(`Failed to initialize cheqd at: ${checkdApiUrl}`, err);
199
211
  }
200
- this.resolver = this.createDIDResolver();
212
+ // Re-create the resolver with the new blockchain connection
213
+ this._resolver = this.createDIDResolver(true);
201
214
  if (process.env.NODE_ENV !== 'test' ||
202
215
  process.env.API_MOCK_DISABLED === 'true') {
203
216
  await initializeWasm();
@@ -48,7 +48,7 @@ async function fetchBlobFromUrl(url) {
48
48
  }
49
49
  function blobFromBase64(base64String) {
50
50
  const cleanedBase64 = base64String.replace(/^data:application\/octet-stream;base64,/, '');
51
- return base64url__default["default"].toBuffer(cleanedBase64);
51
+ return new Uint8Array(base64url__default["default"].toBuffer(cleanedBase64));
52
52
  }
53
53
  async function isBase64OrDataUrl(str) {
54
54
  return ((await services_utilCrypto_service.utilCryptoService.isBase64(str)) ||
@@ -40,7 +40,7 @@ async function fetchBlobFromUrl(url) {
40
40
  }
41
41
  function blobFromBase64(base64String) {
42
42
  const cleanedBase64 = base64String.replace(/^data:application\/octet-stream;base64,/, '');
43
- return base64url.toBuffer(cleanedBase64);
43
+ return new Uint8Array(base64url.toBuffer(cleanedBase64));
44
44
  }
45
45
  async function isBase64OrDataUrl(str) {
46
46
  return ((await utilCryptoService.isBase64(str)) ||
@@ -0,0 +1,300 @@
1
+ 'use strict';
2
+
3
+ Object.defineProperty(exports, '__esModule', { value: true });
4
+
5
+ var cedar = require('@cedar-policy/cedar-wasm/nodejs');
6
+ var vc = require('@docknetwork/credential-sdk/vc');
7
+ var vcDelegationEngine = require('@docknetwork/vc-delegation-engine');
8
+ var keypairs = require('@docknetwork/universal-wallet/methods/keypairs');
9
+ var services_blockchain_service = require('../blockchain/service.js');
10
+ require('@cosmjs/proto-signing');
11
+ require('@docknetwork/cheqd-blockchain-api');
12
+ require('@docknetwork/cheqd-blockchain-modules');
13
+ require('@docknetwork/credential-sdk/modules');
14
+ require('@docknetwork/credential-sdk/resolver');
15
+ require('@docknetwork/crypto-wasm-ts/lib/index');
16
+ require('events');
17
+ require('../../core/logger.js');
18
+ require('../../modules/event-manager.js');
19
+ require('assert');
20
+ require('../util-crypto/service.js');
21
+ require('@docknetwork/credential-sdk/utils');
22
+ require('@scure/bip39');
23
+ require('@scure/bip39/wordlists/english');
24
+ require('../util-crypto/configs.js');
25
+ require('@docknetwork/credential-sdk/types');
26
+ require('../blockchain/cached-did-resolver.js');
27
+ require('../storage/index.js');
28
+ require('../storage/service.js');
29
+ require('../storage/service-rpc.js');
30
+ require('../rpc-service-client.js');
31
+ require('../../rpc-client.js');
32
+ require('json-rpc-2.0');
33
+ require('../../core/crypto.js');
34
+ require('crypto');
35
+ require('../../logger.js');
36
+ require('../../rpc-util.js');
37
+
38
+ function _interopNamespace(e) {
39
+ if (e && e.__esModule) return e;
40
+ var n = Object.create(null);
41
+ if (e) {
42
+ Object.keys(e).forEach(function (k) {
43
+ if (k !== 'default') {
44
+ var d = Object.getOwnPropertyDescriptor(e, k);
45
+ Object.defineProperty(n, k, d.get ? d : {
46
+ enumerable: true,
47
+ get: function () { return e[k]; }
48
+ });
49
+ }
50
+ });
51
+ }
52
+ n["default"] = e;
53
+ return Object.freeze(n);
54
+ }
55
+
56
+ var cedar__namespace = /*#__PURE__*/_interopNamespace(cedar);
57
+
58
+ // @ts-nocheck
59
+ /**
60
+ * Prepares a key document for signing by creating a proper keypair with signer capability
61
+ * @param keyDoc - The key document with id, controller, type, and key material
62
+ * @returns A key document with an active signer
63
+ */
64
+ function prepareKeyForSigning(keyDoc) {
65
+ const kp = keypairs.getKeypairFromDoc(keyDoc);
66
+ // Get the signer from the keypair - this returns an object with id and sign method
67
+ const signer = kp.signer();
68
+ // Set the id on the signer to match the verification method
69
+ signer.id = keyDoc.id;
70
+ return {
71
+ ...keyDoc,
72
+ keypair: kp,
73
+ signer,
74
+ };
75
+ }
76
+ /**
77
+ * W3C Credentials V1 context URL
78
+ */
79
+ const W3C_CREDENTIALS_V1 = 'https://www.w3.org/2018/credentials/v1';
80
+ /**
81
+ * Namespace used by the vc-delegation-engine for delegation properties
82
+ */
83
+ const DELEGATION_ENGINE_NS = 'https://ld.truvera.io/credentials/delegation#';
84
+ /**
85
+ * Base delegation context terms required for delegation credentials.
86
+ * These terms define the JSON-LD mappings needed for the vc-delegation-engine
87
+ * to properly process delegation chains.
88
+ *
89
+ * Use this as a base and extend with your own application-specific terms:
90
+ * @example
91
+ * const myContext = [
92
+ * W3C_CREDENTIALS_V1,
93
+ * {
94
+ * ...DELEGATION_CONTEXT_TERMS,
95
+ * // Add your custom terms here
96
+ * MyCredentialType: 'https://example.org/MyCredentialType',
97
+ * myField: 'https://example.org/myField',
98
+ * },
99
+ * ];
100
+ */
101
+ const DELEGATION_CONTEXT_TERMS = {
102
+ '@version': 1.1,
103
+ '@protected': true,
104
+ DelegationCredential: `${DELEGATION_ENGINE_NS}DelegationCredential`,
105
+ mayClaim: { '@id': vcDelegationEngine.MAY_CLAIM_IRI, '@container': '@set' },
106
+ rootCredentialId: { '@id': `${DELEGATION_ENGINE_NS}rootCredentialId`, '@type': '@id' },
107
+ previousCredentialId: { '@id': `${DELEGATION_ENGINE_NS}previousCredentialId`, '@type': '@id' },
108
+ };
109
+ /**
110
+ * Default context for verifiable presentations
111
+ */
112
+ const PRESENTATION_CONTEXT = [W3C_CREDENTIALS_V1];
113
+ /**
114
+ * Issues a delegation credential that grants authority to a delegate
115
+ * @param keyPair - The key pair to sign the credential
116
+ * @param params - Delegation parameters
117
+ * @returns Signed delegation credential
118
+ */
119
+ async function issueDelegationCredential(keyPair, credential) {
120
+ const preparedKey = prepareKeyForSigning(keyPair);
121
+ return vc.issueCredential(preparedKey, credential);
122
+ }
123
+ /**
124
+ * Issues a credential as a delegate (with delegation chain reference)
125
+ * @param keyPair - The delegate's key pair to sign the credential
126
+ * @param params - Credential parameters
127
+ * @returns Signed credential
128
+ */
129
+ async function issueDelegatedCredential(keyPair, credential) {
130
+ const preparedKey = prepareKeyForSigning(keyPair);
131
+ return vc.issueCredential(preparedKey, credential);
132
+ }
133
+ /**
134
+ * Creates and signs a verifiable presentation with delegation credentials
135
+ * @param keyPair - The key pair to sign the presentation
136
+ * @param params - Presentation parameters
137
+ * @returns Signed verifiable presentation
138
+ */
139
+ async function createSignedPresentation(keyPair, params) {
140
+ const { credentials, holderDid, challenge, domain, context = PRESENTATION_CONTEXT, } = params;
141
+ const presentation = {
142
+ '@context': context,
143
+ type: ['VerifiablePresentation'],
144
+ holder: holderDid,
145
+ verifiableCredential: credentials,
146
+ };
147
+ // Create key document for signing with proper keypair
148
+ const keyDoc = {
149
+ ...keyPair,
150
+ id: keyPair.id || `${holderDid}#keys-1`,
151
+ controller: keyPair.controller || holderDid,
152
+ };
153
+ const preparedKey = prepareKeyForSigning(keyDoc);
154
+ return vc.signPresentation(presentation, preparedKey, challenge, domain);
155
+ }
156
+ /**
157
+ * Verifies a verifiable presentation with optional delegation chain validation
158
+ * Uses the credential-sdk's verifyPresentation which automatically:
159
+ * 1. Verifies the presentation signature
160
+ * 2. Verifies all credentials
161
+ * 3. Detects delegation credentials
162
+ * 4. Validates the delegation chain
163
+ * 5. Applies Cedar policies if provided
164
+ *
165
+ * @param vp - The verifiable presentation to verify
166
+ * @param options - Verification options
167
+ * @returns Verification result with delegation info if applicable
168
+ */
169
+ async function verifyDelegatablePresentation(vp, options = {}) {
170
+ const { challenge = vp.proof?.challenge || 'default-challenge', domain = vp.proof?.domain || 'default-domain', unsignedPresentation = false, failOnUnauthorizedClaims = true, policies, } = options;
171
+ const verifyOptions = {
172
+ challenge,
173
+ domain,
174
+ documentLoader: vc.documentLoader(services_blockchain_service.blockchainService.resolver),
175
+ unsignedPresentation,
176
+ failOnUnauthorizedClaims,
177
+ };
178
+ // Add Cedar authorization if policies are provided
179
+ if (policies) {
180
+ verifyOptions.cedarAuth = {
181
+ policies,
182
+ cedar: cedar__namespace,
183
+ };
184
+ }
185
+ return vc.verifyPresentation(vp, verifyOptions);
186
+ }
187
+ /**
188
+ * Creates a Cedar policy for delegation verification
189
+ * @param config - Policy configuration
190
+ * @returns Cedar policy object
191
+ */
192
+ function createCedarPolicy(config) {
193
+ const { maxDepth = 2, rootIssuer, requiredClaims = {} } = config;
194
+ let claimsConditions = '';
195
+ for (const [key, value] of Object.entries(requiredClaims)) {
196
+ if (typeof value === 'number') {
197
+ claimsConditions += ` &&\n context.authorizedClaims.${key} >= ${value}`;
198
+ }
199
+ else if (typeof value === 'string') {
200
+ claimsConditions += ` &&\n context.authorizedClaims.${key} == "${value}"`;
201
+ }
202
+ }
203
+ const policyText = `
204
+ permit(
205
+ principal in Credential::Chain::"Action:Verify",
206
+ action == Credential::Action::"Verify",
207
+ resource
208
+ ) when {
209
+ principal == context.vpSigner &&
210
+ context.tailDepth <= ${maxDepth} &&
211
+ context.rootIssuer == Credential::Actor::"${rootIssuer}"${claimsConditions}
212
+ };
213
+ `;
214
+ return { staticPolicies: policyText };
215
+ }
216
+ /**
217
+ * Creates an unsigned verifiable presentation (for testing)
218
+ * @param credentials - Array of credentials to include
219
+ * @param proof - Optional proof object
220
+ * @param context - Optional context
221
+ * @returns Verifiable presentation object
222
+ */
223
+ function createUnsignedPresentation(credentials, proof, context = PRESENTATION_CONTEXT) {
224
+ const vp = {
225
+ '@context': context,
226
+ type: ['VerifiablePresentation'],
227
+ verifiableCredential: credentials,
228
+ };
229
+ if (proof) {
230
+ vp.proof = proof;
231
+ }
232
+ return vp;
233
+ }
234
+ /**
235
+ * Service class for delegatable credentials operations
236
+ */
237
+ class DelegatableCredentialsService {
238
+ name = 'delegatable-credentials';
239
+ rpcMethods = [
240
+ DelegatableCredentialsService.prototype.issueDelegation,
241
+ DelegatableCredentialsService.prototype.issueDelegatedCredential,
242
+ DelegatableCredentialsService.prototype.createPresentation,
243
+ DelegatableCredentialsService.prototype.verifyPresentation,
244
+ DelegatableCredentialsService.prototype.createPolicy,
245
+ ];
246
+ /**
247
+ * Issues a delegation credential
248
+ */
249
+ async issueDelegation(params) {
250
+ return issueDelegationCredential(params.keyPair, params);
251
+ }
252
+ /**
253
+ * Issues a credential as a delegate
254
+ */
255
+ async issueDelegatedCredential(params) {
256
+ return issueDelegatedCredential(params.keyPair, params);
257
+ }
258
+ /**
259
+ * Creates and signs a verifiable presentation
260
+ */
261
+ async createPresentation(params) {
262
+ return createSignedPresentation(params.keyPair, params);
263
+ }
264
+ /**
265
+ * Verifies a verifiable presentation with delegation chain
266
+ */
267
+ async verifyPresentation(params) {
268
+ return verifyDelegatablePresentation(params.presentation, {
269
+ challenge: params.challenge,
270
+ domain: params.domain,
271
+ unsignedPresentation: params.unsignedPresentation,
272
+ failOnUnauthorizedClaims: params.failOnUnauthorizedClaims,
273
+ policies: params.policies,
274
+ });
275
+ }
276
+ /**
277
+ * Creates a Cedar policy for delegation verification
278
+ */
279
+ createPolicy(params) {
280
+ return createCedarPolicy(params);
281
+ }
282
+ }
283
+ const delegatableCredentialsService = new DelegatableCredentialsService();
284
+
285
+ exports.cedar = cedar__namespace;
286
+ Object.defineProperty(exports, 'MAY_CLAIM_IRI', {
287
+ enumerable: true,
288
+ get: function () { return vcDelegationEngine.MAY_CLAIM_IRI; }
289
+ });
290
+ exports.DELEGATION_CONTEXT_TERMS = DELEGATION_CONTEXT_TERMS;
291
+ exports.DELEGATION_ENGINE_NS = DELEGATION_ENGINE_NS;
292
+ exports.PRESENTATION_CONTEXT = PRESENTATION_CONTEXT;
293
+ exports.W3C_CREDENTIALS_V1 = W3C_CREDENTIALS_V1;
294
+ exports.createCedarPolicy = createCedarPolicy;
295
+ exports.createSignedPresentation = createSignedPresentation;
296
+ exports.createUnsignedPresentation = createUnsignedPresentation;
297
+ exports.delegatableCredentialsService = delegatableCredentialsService;
298
+ exports.issueDelegatedCredential = issueDelegatedCredential;
299
+ exports.issueDelegationCredential = issueDelegationCredential;
300
+ exports.verifyDelegatablePresentation = verifyDelegatablePresentation;