@interop/did-method-webvh 3.0.0

package/dist/witness.js

@@ -0,0 +1,216 @@
+import { concatBuffers } from './utils/buffer.js';
+import { canonicalizeStrict } from './utils/canonicalize.js';
+import { createHash } from './utils/crypto.js';
+import { multibaseDecode } from './utils/multiformats.js';
+import { fetchWitnessProofs, parseDidKeyDid, parseDidKeyVerificationMethod, resolveVM } from './utils.js';
+function createWitnessProofSigner(signer) {
+    return async (document, proofTemplate) => {
+        if (!proofTemplate) {
+            throw new Error('Witness proof template is required');
+        }
+        const signed = await signer.sign({
+            document,
+            proof: proofTemplate,
+        });
+        return {
+            proof: {
+                verificationMethod: proofTemplate.verificationMethod,
+                proofValue: signed.proofValue,
+            },
+        };
+    };
+}
+/**
+ * Creates a single witness DataIntegrityProof for one `versionId`.
+ *
+ * @param signer Proof signer callback.
+ * @param versionId Target DID log version id.
+ * @param verificationMethod Witness verification method DID URL.
+ * @param created Optional proof creation time in ISO format.
+ * @returns A complete DataIntegrityProof for did-witness processing.
+ */
+export async function createWitnessProof(signer, versionId, verificationMethod, created = new Date().toISOString()) {
+    const proofTemplate = {
+        type: 'DataIntegrityProof',
+        cryptosuite: 'eddsa-jcs-2022',
+        verificationMethod,
+        created,
+        proofPurpose: 'assertionMethod',
+    };
+    const signedData = await signer({ versionId }, proofTemplate);
+    const mergedProof = {
+        ...proofTemplate,
+        ...signedData.proof,
+    };
+    // Strip undefined fields to keep the proof JSON-compatible.
+    const sanitizedProof = JSON.parse(JSON.stringify(mergedProof));
+    if (!sanitizedProof.verificationMethod) {
+        throw new Error('Witness proof is missing verificationMethod');
+    }
+    if (!sanitizedProof.proofValue) {
+        throw new Error('Witness proof is missing proofValue');
+    }
+    return {
+        id: sanitizedProof.id,
+        type: sanitizedProof.type ?? proofTemplate.type,
+        cryptosuite: sanitizedProof.cryptosuite ?? proofTemplate.cryptosuite,
+        verificationMethod: sanitizedProof.verificationMethod,
+        created: sanitizedProof.created ?? proofTemplate.created,
+        proofValue: sanitizedProof.proofValue,
+        proofPurpose: sanitizedProof.proofPurpose ?? proofTemplate.proofPurpose,
+    };
+}
+/**
+ * Signs one did-witness proof entry for a single target `versionId`.
+ *
+ * The signer map is keyed by witness DID (`did:key:...`).
+ *
+ * @param options Witness signing options for one target version.
+ * @returns A witness proof file entry for the target version.
+ */
+export async function signWitnessProofEntry(options) {
+    if (!options.versionId) {
+        throw new Error('versionId is required');
+    }
+    const witnessCount = options.witnesses.length;
+    if (witnessCount === 0) {
+        throw new Error('Witness list cannot be empty');
+    }
+    const proofs = await Promise.all(options.witnesses.map(async (witness) => {
+        const { did } = parseDidKeyDid(witness.id);
+        const signer = options.witnessSignersByDid[did];
+        if (!signer) {
+            throw new Error(`Missing witness signer for ${did}`);
+        }
+        const verificationMethod = signer.getVerificationMethodId();
+        const parsedVerificationMethod = parseDidKeyVerificationMethod(verificationMethod);
+        if (parsedVerificationMethod.did !== did) {
+            throw new Error(`Witness signer verificationMethod DID does not match witness id: ${did}`);
+        }
+        return createWitnessProof(createWitnessProofSigner(signer), options.versionId, verificationMethod, options.created);
+    }));
+    return {
+        versionId: options.versionId,
+        proof: proofs,
+    };
+}
+/**
+ * Signs did-witness proof entries for multiple target `versionId`s.
+ *
+ * @param versionIds Target DID log version ids.
+ * @param witnesses Witness DID entries used to sign.
+ * @param witnessSignersByDid Signer map keyed by witness did:key DID.
+ * @param created Optional proof creation time in ISO format.
+ * @returns A witness proof file entry per version id.
+ */
+export async function signWitnessProofEntries(versionIds, witnesses, witnessSignersByDid, created) {
+    return Promise.all(versionIds.map((versionId) => signWitnessProofEntry({
+        versionId,
+        witnesses,
+        witnessSignersByDid,
+        created,
+    })));
+}
+export function validateWitnessParameter(witness) {
+    if (!witness.witnesses || !Array.isArray(witness.witnesses) || witness.witnesses.length === 0) {
+        throw new Error('Witness list cannot be empty');
+    }
+    if (!witness.threshold ||
+        parseInt(witness.threshold.toString(), 10) < 1 ||
+        parseInt(witness.threshold.toString(), 10) > witness.witnesses.length) {
+        throw new Error('Witness threshold must be between 1 and the number of witnesses');
+    }
+    const ids = new Set();
+    for (const w of witness.witnesses) {
+        const parsedDid = (() => {
+            try {
+                return parseDidKeyDid(w.id);
+            }
+            catch {
+                throw new Error('Witness DIDs must be did:key format');
+            }
+        })();
+        if (ids.has(parsedDid.did)) {
+            throw new Error(`Duplicate witness id: ${w.id}`);
+        }
+        ids.add(parsedDid.did);
+    }
+}
+export function countWitnessApprovals(proofs, witnesses) {
+    const processed = new Set();
+    const witnessesByDid = new Map(witnesses.map((witness) => {
+        const parsedDid = parseDidKeyDid(witness.id);
+        return [parsedDid.did, witness];
+    }));
+    for (const proof of proofs) {
+        const parsedVerificationMethod = parseDidKeyVerificationMethod(proof.verificationMethod);
+        const witness = witnessesByDid.get(parsedVerificationMethod.did);
+        if (witness) {
+            if (proof.cryptosuite !== 'eddsa-jcs-2022') {
+                throw new Error('Invalid witness proof cryptosuite');
+            }
+            processed.add(witness.id);
+        }
+    }
+    return processed.size;
+}
+export async function countVerifiedWitnessApprovals(logEntry, witnessProofs, currentWitness, verifier) {
+    if (!verifier) {
+        throw new Error('Verifier implementation is required');
+    }
+    let approvals = 0;
+    const processedWitnesses = new Set();
+    const witnessesByDid = new Map((currentWitness.witnesses ?? []).map((witness) => {
+        const parsedDid = parseDidKeyDid(witness.id);
+        return [parsedDid.did, witness];
+    }));
+    for (const proofSet of witnessProofs) {
+        for (const proof of proofSet.proof) {
+            try {
+                if (proof.type !== 'DataIntegrityProof') {
+                    throw new Error('Invalid witness proof type');
+                }
+                if (proof.proofPurpose !== 'assertionMethod') {
+                    throw new Error('Invalid witness proof purpose');
+                }
+                if (proof.cryptosuite !== 'eddsa-jcs-2022') {
+                    throw new Error('Invalid witness proof cryptosuite');
+                }
+                const parsedVerificationMethod = parseDidKeyVerificationMethod(proof.verificationMethod);
+                const witness = witnessesByDid.get(parsedVerificationMethod.did);
+                if (!witness || processedWitnesses.has(witness.id)) {
+                    continue;
+                }
+                const vm = await resolveVM(proof.verificationMethod);
+                if (!vm?.publicKeyMultibase) {
+                    throw new Error(`Verification Method ${proof.verificationMethod} not found`);
+                }
+                const publicKey = multibaseDecode(vm.publicKeyMultibase).bytes;
+                if (publicKey.length !== 34) {
+                    throw new Error(`Invalid public key length ${publicKey.length} (should be 34 bytes)`);
+                }
+                const { proofValue, ...proofWithoutValue } = proof;
+                // Create hashes
+                const canonicalizedData = canonicalizeStrict({ versionId: logEntry.versionId });
+                const canonicalizedProof = canonicalizeStrict(proofWithoutValue);
+                const dataHash = await createHash(canonicalizedData);
+                const proofHash = await createHash(canonicalizedProof);
+                const input = concatBuffers(proofHash, dataHash);
+                const signature = multibaseDecode(proofValue).bytes;
+                const verified = await verifier.verify(signature, input, publicKey.slice(2));
+                if (!verified) {
+                    throw new Error('Invalid witness proof signature');
+                }
+                approvals++;
+                processedWitnesses.add(witness.id);
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                console.warn(`Ignoring invalid witness proof for version ${proofSet.versionId} ` +
+                    `(verificationMethod: ${proof.verificationMethod}): ${message}`);
+            }
+        }
+    }
+    return approvals;
+}
+export { fetchWitnessProofs };

package/package.json

@@ -0,0 +1,70 @@
+{
+  "name": "@interop/did-method-webvh",
+  "type": "module",
+  "version": "3.0.0",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/interop-alliance/did-method-webvh.git"
+  },
+  "module": "dist/index.js",
+  "browser": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist/**/*",
+    "CHANGELOG.md"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "packageManager": "pnpm@11.3.0",
+  "scripts": {
+    "dev": "tsx watch examples/express-resolver.ts",
+    "lint": "biome check .",
+    "lint:fix": "biome check --write .",
+    "format": "biome format .",
+    "format:fix": "biome format --write .",
+    "test": "rm -rf ./test/logs && NODE_ENV=test vitest run",
+    "test:watch": "rm -rf ./test/logs && NODE_ENV=test vitest",
+    "test:bail": "rm -rf ./test/logs && NODE_ENV=test vitest --bail=1",
+    "test:coverage": "rm -rf ./test/logs && NODE_ENV=test vitest run --coverage",
+    "test:log": "mkdir -p ./test/logs && rm -rf ./test/logs/* && LOG_RESOLVES=true NODE_ENV=test vitest run > ./test/logs/test-run.txt 2>&1",
+    "cli": "tsx src/cli.ts",
+    "build": "npm run build:clean && tsc",
+    "build:clean": "rm -rf dist",
+    "check": "tsc --noEmit --project tsconfig.dev.json",
+    "prepublishOnly": "npm run build",
+    "example:signer": "tsx examples/signer.ts"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "^2.3.6",
+    "@types/node": "^22.10.0",
+    "@vitest/coverage-v8": "^4.1.8",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0",
+    "vitest": "^4.0.0"
+  },
+  "dependencies": {
+    "@noble/hashes": "^2.2.0",
+    "@stablelib/ed25519": "^2.1.0",
+    "json-canonicalize": "^2.0.0"
+  },
+  "bin": {
+    "didwebvh": "./dist/cli.js"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "react-native": "./dist/index.js",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./types": {
+      "types": "./dist/types.d.ts",
+      "default": "./dist/types.js"
+    }
+  }
+}