@dwn-protocol/id-sdk 0.2.5 → 0.2.6

package/src/vc-api.ts

@@ -1,505 +0,0 @@
-/* eslint-disable @typescript-eslint/no-unused-vars */
-import type { IDAgent, IDManagedAgent } from './agent/index.js';
-import type { DwnApi } from './dwn-api.js';
-import type { DecodedVcJwt, Signer } from './credentials/credential.js';
-import type { DecodedVpJwt, JwtHeaderParams } from './credentials/presentation.js';
-import type { JwtDecodedVerifiablePresentation, PresentationSubmission } from '@sphereon/ssi-types';
-import type { EvaluationResults, PresentationResult, Validated as PexValidated } from '@sphereon/pex';
-import type { PresentationDefinitionV2 } from './credentials/presentation.js';
-import type { VcDataModel } from './credentials/credential.js';
-import type {
-  BbsSignOptions,
-  BbsDeriveProofOptions,
-  BbsCredentialCreateOptions,
-  BbsSignedCredentialBundle,
-  BbsDerivedCredential,
-  BbsVerifiableCredential,
-} from './credentials/credential-bbs.js';
-import type { BbsKeyPair } from './crypto/crypto-primitives/bbs.js';
-import { Convert } from './common/index.js';
-import { Ed25519, Bbs } from './crypto/index.js';
-import { createJwt, decodeJwt, SignOptions, VerifiableCredential } from './credentials/credential.js';
-import { BbsCredential } from './credentials/credential-bbs.js';
-import { PresentationExchange } from './credentials/presentation.js';
-import { StatusListManager, StatusPurpose } from './credentials/status-list.js';
-import { v4 as uuidv4 } from 'uuid';
-
-/**
- * The VC API is used to issue, present and verify VCs
- *
- * @beta
- */
-export class VcApi {
-  private agent: IDAgent;
-  private connectedDid: string;
-  private statusListManager?: StatusListManager;
-  private vcServiceUrl?: string;
-
-  constructor(options: {
-    agent: IDAgent,
-    connectedDid: string,
-    dwnApi?: DwnApi, // For SDK-native revocation
-    vcServiceUrl?: string, // For service-based revocation
-  }) {
-    this.agent = options.agent;
-    this.connectedDid = options.connectedDid;
-    if (options.dwnApi) {
-      this.statusListManager = new StatusListManager({
-        agent: options.agent,
-        connectedDid: options.connectedDid,
-        dwnApi: options.dwnApi
-      });
-    }
-    this.vcServiceUrl = options.vcServiceUrl;
-  }
-
-  async createCredential(
-    issuer: string,
-    subject: string,
-    data: any,
-    type?: string,
-  ): Promise<VerifiableCredential> {
-    const vc = VerifiableCredential.create({
-      issuer,
-      subject,
-      data,
-      type,
-    });
-    return vc;
-  }
-
-  async signCredential(
-    vc: VerifiableCredential,
-    signOptions: SignOptions
-  ): Promise<any> {
-    return await vc.sign(signOptions);
-  }
-
-  async createJWT(
-    payload: any,
-    signOptions: SignOptions
-  ): Promise<any> {
-    return await createJwt(payload, signOptions);
-  }
-
-  async decodeJWT(
-    jwt: string
-  ): Promise<DecodedVcJwt> {
-    return decodeJwt(jwt);
-  }
-
-  async parseJWT(
-    jwt: string
-  ): Promise<VerifiableCredential> {
-    return await VerifiableCredential.parseJwt(jwt);
-  }
-
-  async verifyJWT(
-    jwt: string
-  ): Promise<boolean> {
-    try {
-      VerifiableCredential.verify(jwt);
-      return true;
-    } catch(e) {
-      console.log('verifyJWT error', e);
-      return false;
-    }
-  }
-
-  async createPresentation(
-    vcJwts: string[],
-    presentationDefinition: PresentationDefinitionV2
-  ): Promise<PresentationResult> {
-    return PresentationExchange.createPresentationFromCredentials(vcJwts, presentationDefinition);
-  }
-
-  async satisfiesPresentation(
-    vcJwts: string[],
-    presentationDefinition: PresentationDefinitionV2
-  ): Promise<boolean> {
-    try {
-      PresentationExchange.validateDefinition(presentationDefinition);
-      PresentationExchange.satisfiesPresentationDefinition(vcJwts, presentationDefinition);
-      return true;
-    } catch (err) {
-      return false;
-    }
-  }
-
-  async decodePresentation(
-    jwt: string
-  ): Promise<DecodedVpJwt> {
-    const [encodedHeader, encodedPayload, encodedSignature] = jwt.split('.');
-    return {
-      header    : Convert.base64Url(encodedHeader).toObject() as JwtHeaderParams,
-      payload   : Convert.base64Url(encodedPayload).toObject() as JwtDecodedVerifiablePresentation,
-      signature : encodedSignature
-    };
-  }
-
-  async evaluatePresentation(
-    presentationDefinition: PresentationDefinitionV2,
-    presentationResult: any,
-  ): Promise<EvaluationResults> {
-    return PresentationExchange.evaluatePresentation(presentationDefinition,  presentationResult.presentation );
-  }
-
-  async validateSubmission(
-    presentationSubmission: PresentationSubmission,
-  ): Promise<any> {
-    return PresentationExchange.validateSubmission(presentationSubmission);
-  }
-
-  EdDsaSigner(
-    privateKey: Uint8Array
-  ): Signer {
-    return async (data: Uint8Array): Promise<Uint8Array> => {
-      const signature = await Ed25519.sign({ data, key: privateKey});
-      return signature;
-    };
-  }
-
-  /**
-   * Create a revocable credential with status list support
-   *
-   * @param options - Options for creating a revocable credential
-   * @returns Credential with status list information
-   */
-  async createRevocableCredential(options: {
-    issuer: string;
-    subject: string;
-    data: any;
-    type?: string;
-    revocable?: boolean;
-    suspendable?: boolean;
-    signOptions: SignOptions;
-  }): Promise<{
-    credential: VerifiableCredential;
-    credentialJwt: string;
-    statusListCredential?: VerifiableCredential;
-    statusListJwt?: string;
-    statusListRecordId?: string;
-    credentialStatus?: any;
-  }> {
-    if (!this.statusListManager) {
-      throw new Error('StatusListManager not available. Provide dwnApi in VcApi constructor.');
-    }
-
-    const { issuer, subject, data, type, revocable, suspendable, signOptions } = options;
-
-    // Create base credential
-    const credential = await this.createCredential(issuer, subject, data, type);
-
-    // If revocable or suspendable, create or get status list
-    if (revocable || suspendable) {
-      const statusPurpose: StatusPurpose = revocable ? 'revocation' : 'suspension';
-
-      // Create a new status list (in production, you might want to reuse existing ones)
-      const { statusListCredential, statusListJwt, record } = await this.statusListManager.createStatusList({
-        issuer: issuer,
-        statusPurpose: statusPurpose,
-        signOptions: signOptions
-      });
-
-      // Generate a random index for this credential in the status list
-      // In production, you'd want to track this index properly
-      const statusListIndex = Math.floor(Math.random() * 100000); // Simplified - should be tracked
-
-      // Add credentialStatus to the credential
-      this.statusListManager.addCredentialStatus(
-        credential,
-        statusListCredential.vcDataModel.id!,
-        statusListIndex,
-        statusPurpose
-      );
-
-      // Sign the credential with status
-      const credentialJwt = await credential.sign(signOptions);
-
-      return {
-        credential,
-        credentialJwt,
-        statusListCredential,
-        statusListJwt,
-        statusListRecordId: record.id,
-        credentialStatus: credential.vcDataModel.credentialStatus
-      };
-    } else {
-      // Regular non-revocable credential
-      const credentialJwt = await credential.sign(signOptions);
-      return {
-        credential,
-        credentialJwt
-      };
-    }
-  }
-
-  /**
-   * Revoke a credential (SDK-native or via VC Service)
-   *
-   * @param options - Options for revoking the credential
-   * @returns Revocation result
-   */
-  async revokeCredential(options: {
-    credentialId: string;
-    statusListRecordId?: string; // For SDK-native
-    statusListIndex?: number; // For SDK-native
-    useService?: boolean; // Use VC Service API instead
-    signOptions?: SignOptions; // Required for SDK-native
-  }): Promise<any> {
-    if (options.useService && this.vcServiceUrl) {
-      // Call VC Service API
-      return await this.revokeViaService(options.credentialId);
-    } else if (this.statusListManager && options.statusListRecordId && options.statusListIndex !== undefined && options.signOptions) {
-      // Use SDK-native revocation
-      return await this.statusListManager.revokeCredential({
-        credentialId: options.credentialId,
-        statusListRecordId: options.statusListRecordId,
-        statusListIndex: options.statusListIndex,
-        signOptions: options.signOptions
-      });
-    } else {
-      throw new Error('Either useService=true with vcServiceUrl, or statusListRecordId, statusListIndex, and signOptions must be provided for SDK-native revocation');
-    }
-  }
-
-  /**
-   * Suspend a credential (SDK-native or via VC Service)
-   *
-   * @param options - Options for suspending the credential
-   * @returns Suspension result
-   */
-  async suspendCredential(options: {
-    credentialId: string;
-    statusListRecordId?: string; // For SDK-native
-    statusListIndex?: number; // For SDK-native
-    useService?: boolean; // Use VC Service API instead
-    signOptions?: SignOptions; // Required for SDK-native
-  }): Promise<any> {
-    if (options.useService && this.vcServiceUrl) {
-      // Call VC Service API (suspension via service)
-      return await this.suspendViaService(options.credentialId);
-    } else if (this.statusListManager && options.statusListRecordId && options.statusListIndex !== undefined && options.signOptions) {
-      // Use SDK-native suspension
-      return await this.statusListManager.suspendCredential({
-        credentialId: options.credentialId,
-        statusListRecordId: options.statusListRecordId,
-        statusListIndex: options.statusListIndex,
-        signOptions: options.signOptions
-      });
-    } else {
-      throw new Error('Either useService=true with vcServiceUrl, or statusListRecordId, statusListIndex, and signOptions must be provided for SDK-native suspension');
-    }
-  }
-
-  /**
-   * Check credential status
-   *
-   * @param options - Options for checking status
-   * @returns Status information
-   */
-  async checkCredentialStatus(options: {
-    credentialId: string;
-    statusListCredentialId?: string;
-    statusListIndex?: number;
-    statusListRecordId?: string;
-    useService?: boolean;
-  }): Promise<{ revoked: boolean, suspended: boolean }> {
-    if (options.useService && this.vcServiceUrl) {
-      return await this.checkStatusViaService(options.credentialId);
-    } else if (options.statusListCredentialId && options.statusListIndex !== undefined && this.statusListManager) {
-      return await this.statusListManager.checkStatus({
-        statusListCredentialId: options.statusListCredentialId,
-        statusListIndex: options.statusListIndex,
-        statusListRecordId: options.statusListRecordId
-      });
-    } else {
-      throw new Error('Either useService=true with vcServiceUrl, or statusListCredentialId and statusListIndex must be provided');
-    }
-  }
-
-  /**
-   * Revoke via VC Service API
-   */
-  private async revokeViaService(credentialId: string): Promise<any> {
-    if (!this.vcServiceUrl) {
-      throw new Error('vcServiceUrl not configured');
-    }
-
-    const response = await fetch(`${this.vcServiceUrl}/v1/credentials/${credentialId}/status`, {
-      method: 'PUT',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ revoked: true })
-    });
-
-    if (!response.ok) {
-      throw new Error(`VC Service API error: ${response.status} ${response.statusText}`);
-    }
-
-    return await response.json();
-  }
-
-  /**
-   * Suspend via VC Service API
-   */
-  private async suspendViaService(credentialId: string): Promise<any> {
-    if (!this.vcServiceUrl) {
-      throw new Error('vcServiceUrl not configured');
-    }
-
-    const response = await fetch(`${this.vcServiceUrl}/v1/credentials/${credentialId}/status`, {
-      method: 'PUT',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ suspended: true })
-    });
-
-    if (!response.ok) {
-      throw new Error(`VC Service API error: ${response.status} ${response.statusText}`);
-    }
-
-    return await response.json();
-  }
-
-  /**
-   * Check status via VC Service API
-   */
-  private async checkStatusViaService(credentialId: string): Promise<{ revoked: boolean, suspended: boolean }> {
-    if (!this.vcServiceUrl) {
-      throw new Error('vcServiceUrl not configured');
-    }
-
-    const response = await fetch(`${this.vcServiceUrl}/v1/credentials/${credentialId}/status`);
-
-    if (!response.ok) {
-      throw new Error(`VC Service API error: ${response.status} ${response.statusText}`);
-    }
-
-    return await response.json();
-  }
-
-  /**
-   * Helper to get signer options from agent
-   * This is a convenience method that can be used to get signer options
-   */
-  async getSignerOptions(issuerDid: string, subjectDid: string): Promise<SignOptions> {
-    // Check if agent is IDManagedAgent (has didManager and dwnManager)
-    if (!('didManager' in this.agent) || !('dwnManager' in this.agent)) {
-      throw new Error('Agent must be an IDManagedAgent to get signer options');
-    }
-
-    const managedAgent = this.agent as IDManagedAgent;
-
-    // Get signing key ID from agent
-    const signingKeyId = await managedAgent.didManager.getDefaultSigningKey({ did: issuerDid });
-    
-    if (!signingKeyId) {
-      throw new Error(`No signing key found for DID: ${issuerDid}`);
-    }
-
-    // Get the signer from agent
-    const signer = await managedAgent.dwnManager.getSigner(issuerDid);
-
-    return {
-      kid: signingKeyId,
-      issuerDid: issuerDid,
-      subjectDid: subjectDid,
-      signer: signer.sign
-    };
-  }
-
-  // ──────────────────────────────────────────────────────
-  // BBS+ Selective Disclosure Methods
-  // ──────────────────────────────────────────────────────
-
-  /**
-   * Generates a BLS12-381 G2 key pair for BBS+ signature operations.
-   *
-   * @returns A key pair with 96-byte publicKey and 32-byte secretKey.
-   */
-  async generateBbsKeyPair(): Promise<BbsKeyPair> {
-    return Bbs.generateKeyPair();
-  }
-
-  /**
-   * Creates a Verifiable Credential data model prepared for BBS+ signing.
-   * Each attribute in `data` will become a separately-signable BBS+ message.
-   */
-  async createBbsCredential(
-    options: BbsCredentialCreateOptions
-  ): Promise<VcDataModel> {
-    return BbsCredential.create(options);
-  }
-
-  /**
-   * Signs a credential with BBS+ producing a Data Integrity proof.
-   * The credential subject attributes are signed as individual BBS+ messages,
-   * enabling per-attribute selective disclosure.
-   *
-   * @param vc - The VC data model to sign.
-   * @param signOptions - BBS+ signing options including the key pair.
-   * @returns A bundle containing the signed credential, attribute key order, and signature.
-   */
-  async signBbsCredential(
-    vc: VcDataModel,
-    signOptions: BbsSignOptions
-  ): Promise<BbsSignedCredentialBundle> {
-    return BbsCredential.sign(vc, signOptions);
-  }
-
-  /**
-   * Verifies a full BBS+ signed credential against the issuer's public key.
-   *
-   * @param credential - The BBS+ signed credential.
-   * @param issuerPublicKey - The issuer's 96-byte BLS12-381 G2 public key.
-   */
-  async verifyBbsCredential(
-    credential: BbsVerifiableCredential,
-    issuerPublicKey: Uint8Array
-  ): Promise<boolean> {
-    return BbsCredential.verify(credential, issuerPublicKey);
-  }
-
-  /**
-   * Derives a zero-knowledge selective disclosure proof from a BBS+ signed
-   * credential. The result contains only the chosen attributes and a proof
-   * that the holder possesses a valid signature over the full attribute set.
-   *
-   * @param bundle - The signed credential bundle (from signBbsCredential).
-   * @param options - Which attributes to reveal and a session nonce.
-   */
-  async deriveBbsSelectiveProof(
-    bundle: BbsSignedCredentialBundle,
-    options: BbsDeriveProofOptions
-  ): Promise<BbsDerivedCredential> {
-    return BbsCredential.deriveProof(bundle, options);
-  }
-
-  /**
-   * Verifies a BBS+ selective disclosure proof. The verifier only sees the
-   * disclosed attributes but can cryptographically confirm they originate
-   * from a valid credential signed by the issuer.
-   *
-   * @param credential - The derived credential with selective disclosure proof.
-   * @param issuerPublicKey - The issuer's 96-byte BLS12-381 G2 public key.
-   */
-  async verifyBbsSelectiveProof(
-    credential: BbsVerifiableCredential,
-    issuerPublicKey: Uint8Array
-  ): Promise<boolean> {
-    return BbsCredential.verifyProof(credential, issuerPublicKey);
-  }
-
-  /**
-   * Resolves the BBS+ public key from an issuer's DID document.
-   *
-   * @param issuerDid - The issuer's DID.
-   * @param kid - Optional key ID to match a specific verification method.
-   */
-  async resolveIssuerBbsPublicKey(
-    issuerDid: string,
-    kid?: string
-  ): Promise<Uint8Array | null> {
-    return BbsCredential.resolveIssuerPublicKey(issuerDid, kid);
-  }
-
-}