@mocanetwork/privado-js-sdk 1.0.0

package/src/credentials/status/reverse-sparse-merkle-tree.ts

@@ -0,0 +1,366 @@
+import { buildDIDType, BytesHelper, DID, Id } from '@mocanetwork/moca-iden3';
+
+import { Hash, Proof, NodeAux, ZERO_HASH, testBit } from '@iden3/js-merkletree';
+import { IStateStorage } from '../../storage';
+import { CredentialStatusResolver, CredentialStatusResolveOptions } from './resolver';
+import { CredentialStatus, RevocationStatus, State } from '../../verifiable';
+import { CredentialStatusType } from '../../verifiable/constants';
+import { isEthereumIdentity, isGenesisState } from '../../utils';
+import { IssuerResolver } from './sparse-merkle-tree';
+import { isIdentityDoesNotExistError } from '../../storage/blockchain/errors';
+
+/**
+ * ProofNode is a partial Reverse Hash Service result
+ * it contains the current node hash and its children
+ *
+ * @public
+ * @class ProofNode
+ */
+export class ProofNode {
+  /**
+   *
+   * Creates an instance of ProofNode.
+   * @param {Hash} [hash=ZERO_HASH] - current node hash
+   * @param {Hash[]} [children=[]] -  children of the node
+   */
+  constructor(public hash: Hash = ZERO_HASH, public children: Hash[] = []) {}
+
+  /**
+   * Determination of Node type
+   * Can be: Leaf, Middle or State node
+   *
+   * @returns NodeType
+   */
+  nodeType(): NodeType {
+    if (this.children.length === 2) {
+      return NodeType.Middle;
+    }
+
+    if (this.children.length === 3 && this.children[2].hex() === Hash.fromBigInt(BigInt(1)).hex()) {
+      return NodeType.Leaf;
+    }
+
+    if (this.children.length === 3) {
+      return NodeType.State;
+    }
+
+    return NodeType.Unknown;
+  }
+  /**
+   * JSON Representation of ProofNode with a hex values
+   *
+   * @returns {*} - ProofNode with hexes
+   */
+  toJSON() {
+    return {
+      hash: this.hash.hex(),
+      children: this.children.map((h) => h.hex())
+    };
+  }
+  /**
+   * Creates ProofNode Hashes from hex values
+   *
+   * @static
+   * @param {ProofNodeHex} hexNode
+   * @returns ProofNode
+   */
+  static fromHex(hexNode: ProofNodeHex): ProofNode {
+    return new ProofNode(
+      Hash.fromHex(hexNode.hash),
+      hexNode.children.map((ch) => Hash.fromHex(ch))
+    );
+  }
+}
+
+interface ProofNodeHex {
+  hash: string;
+  children: string[];
+}
+
+interface NodeHexResponse {
+  node: ProofNodeHex;
+  status: string;
+}
+
+enum NodeType {
+  Unknown = 0,
+  Middle = 1,
+  Leaf = 2,
+  State = 3
+}
+
+/**
+ * RHSResolver is a class that allows to interact with the RHS service to get revocation status.
+ *
+ * @public
+ * @class RHSResolver
+ */
+export class RHSResolver implements CredentialStatusResolver {
+  constructor(private readonly _state: IStateStorage) {}
+
+  /**
+   * resolve is a method to resolve a credential status from the blockchain.
+   *
+   * @public
+   * @param {CredentialStatus} credentialStatus -  credential status to resolve
+   * @param {CredentialStatusResolveOptions} credentialStatusResolveOptions -  options for resolver
+   * @returns `{Promise<RevocationStatus>}`
+   */
+  async resolve(
+    credentialStatus: CredentialStatus,
+    credentialStatusResolveOptions?: CredentialStatusResolveOptions
+  ): Promise<RevocationStatus> {
+    if (!credentialStatusResolveOptions?.issuerDID) {
+      throw new Error('IssuerDID is not set in options');
+    }
+
+    try {
+      return await this.getStatus(
+        credentialStatus,
+        credentialStatusResolveOptions.issuerDID,
+        credentialStatusResolveOptions.issuerData,
+        credentialStatusResolveOptions.issuerGenesisState
+      );
+    } catch (e: unknown) {
+      if (credentialStatus?.statusIssuer?.type === CredentialStatusType.SparseMerkleTreeProof) {
+        try {
+          return await new IssuerResolver().resolve(credentialStatus.statusIssuer);
+        } catch (e) {
+          throw new Error(
+            `can't fetch revocation status from backup endpoint: ${(e as Error)?.message}`
+          );
+        }
+      }
+      throw new Error(`can't fetch revocation status: ${(e as Error)?.message}`);
+    }
+  }
+
+  /**
+   * Gets revocation status from rhs service.
+   * @param {CredentialStatus} credentialStatus
+   * @param {DID} issuerDID
+   * @param {IssuerData} issuerData
+   * @returns Promise<RevocationStatus>
+   */
+  private async getStatus(
+    credentialStatus: CredentialStatus,
+    issuerDID: DID,
+    issuerData?: {
+      state: {
+        rootOfRoots: string;
+        claimsTreeRoot: string;
+        revocationTreeRoot: string;
+        value: string;
+      };
+    },
+    genesisState?: State
+  ): Promise<RevocationStatus> {
+    const issuerId = DID.idFromDID(issuerDID);
+
+    let latestState: bigint;
+    try {
+      const latestStateInfo = await this._state.getLatestStateById(issuerId.bigInt());
+      if (!latestStateInfo.state) {
+        throw new Error('state contract returned empty state');
+      }
+      latestState = latestStateInfo.state;
+    } catch (e) {
+      if (!isIdentityDoesNotExistError(e)) {
+        throw e;
+      }
+      const stateHex = this.extractState(credentialStatus.id);
+      if (!stateHex) {
+        return this.getRevocationStatusFromIssuerData(issuerDID, issuerData, genesisState);
+      }
+      const currentStateBigInt = Hash.fromHex(stateHex).bigInt();
+
+      const isEthIdentity = isEthereumIdentity(issuerDID);
+
+      if (!isEthIdentity && !isGenesisState(issuerDID, currentStateBigInt)) {
+        throw new Error(
+          `latest state not found and state parameter ${stateHex} is not genesis state`
+        );
+      }
+
+      if (isEthIdentity) {
+        throw new Error(`State must be published for Ethereum based identity`);
+      }
+
+      latestState = currentStateBigInt;
+    }
+
+    const rhsHost = credentialStatus.id.split('/node')[0];
+    const hashedRevNonce = Hash.fromBigInt(BigInt(credentialStatus.revocationNonce ?? 0));
+    const hashedIssuerRoot = Hash.fromBigInt(latestState);
+    return await this.getRevocationStatusFromRHS(hashedRevNonce, hashedIssuerRoot, rhsHost);
+  }
+
+  /**
+   * Extract revocation status from issuer data.
+   * @param {DID} issuerDID
+   * @param {IssuerData} issuerData
+   */
+  private getRevocationStatusFromIssuerData(
+    issuerDID: DID,
+    issuerData?: {
+      state: {
+        rootOfRoots: string;
+        claimsTreeRoot: string;
+        revocationTreeRoot: string;
+        value: string;
+      };
+    },
+    genesisState?: State
+  ): RevocationStatus {
+    if (!!genesisState && isGenesisState(issuerDID, genesisState.value.bigInt())) {
+      return {
+        mtp: new Proof(),
+        issuer: {
+          state: genesisState.value.hex(),
+          revocationTreeRoot: genesisState.revocationTreeRoot.hex(),
+          rootOfRoots: genesisState.rootOfRoots.hex(),
+          claimsTreeRoot: genesisState.claimsTreeRoot.hex()
+        }
+      };
+    }
+
+    // legacy
+    if (!!issuerData && isGenesisState(issuerDID, issuerData.state.value)) {
+      return {
+        mtp: new Proof(),
+        issuer: {
+          state: issuerData.state.value,
+          revocationTreeRoot: issuerData.state.revocationTreeRoot,
+          rootOfRoots: issuerData.state.rootOfRoots,
+          claimsTreeRoot: issuerData.state.claimsTreeRoot
+        }
+      };
+    }
+    throw new Error(`issuer data / genesis state param is empty`);
+  }
+
+  /**
+   * Gets partial revocation status info from rhs service.
+   *
+   * @param {Hash} data - hash to fetch
+   * @param {Hash} issuerRoot - issuer root which is a part of url
+   * @param {string} rhsUrl - base URL for reverse hash service
+   * @returns Promise<RevocationStatus>
+   */
+  private async getRevocationStatusFromRHS(
+    data: Hash,
+    issuerRoot: Hash,
+    rhsUrl: string
+  ): Promise<RevocationStatus> {
+    if (!rhsUrl) throw new Error('HTTP reverse hash service URL is not specified');
+
+    const resp = await fetch(`${rhsUrl}/node/${issuerRoot.hex()}`);
+    const treeRoots = ((await resp.json()) as NodeHexResponse)?.node;
+    if (treeRoots.children.length !== 3) {
+      throw new Error('state should has tree children');
+    }
+
+    const s = issuerRoot.hex();
+    const [cTR, rTR, roTR] = treeRoots.children;
+
+    const rtrHashed = Hash.fromHex(rTR);
+    const nonRevProof = await this.rhsGenerateProof(rtrHashed, data, `${rhsUrl}/node`);
+
+    return {
+      mtp: nonRevProof,
+      issuer: {
+        state: s,
+        claimsTreeRoot: cTR,
+        revocationTreeRoot: rTR,
+        rootOfRoots: roTR
+      }
+    };
+  }
+
+  async rhsGenerateProof(treeRoot: Hash, key: Hash, rhsUrl: string): Promise<Proof> {
+    let existence = false;
+    const siblings: Hash[] = [];
+    let nodeAux: NodeAux;
+
+    const mkProof = () => new Proof({ siblings, existence, nodeAux });
+
+    let nextKey = treeRoot;
+    for (let depth = 0; depth < key.bytes.length * 8; depth++) {
+      if (nextKey.bytes.every((i) => i === 0)) {
+        return mkProof();
+      }
+      const data = await fetch(`${rhsUrl}/${nextKey.hex()}`);
+      const resp = ((await data.json()) as NodeHexResponse)?.node;
+
+      const n = ProofNode.fromHex(resp);
+      switch (n.nodeType()) {
+        case NodeType.Leaf:
+          if (key.bytes.every((b, index) => b === n.children[0].bytes[index])) {
+            existence = true;
+            return mkProof();
+          }
+          // We found a leaf whose entry didn't match hIndex
+          nodeAux = {
+            key: n.children[0],
+            value: n.children[1]
+          };
+          return mkProof();
+        case NodeType.Middle:
+          if (testBit(key.bytes, depth)) {
+            nextKey = n.children[1];
+            siblings.push(n.children[0]);
+          } else {
+            nextKey = n.children[0];
+            siblings.push(n.children[1]);
+          }
+          break;
+        default:
+          throw new Error(`found unexpected node type in tree ${n.hash.hex()}`);
+      }
+    }
+
+    throw new Error('tree depth is too high');
+  }
+
+  /**
+   * Get state param from rhs url
+   * @param {string} id
+   * @returns string | null
+   */
+  private extractState(id: string): string | null {
+    const u = new URL(id);
+    return u.searchParams.get('state');
+  }
+}
+
+/**
+ * @deprecated The method should not be used. Use isGenesisState instead.
+ * Checks if issuer did is created from given state is genesis
+ *
+ * @param {string} issuer - did (string)
+ * @param {string} state  - hex state
+ * @returns boolean
+ */
+export function isIssuerGenesis(issuer: string, state: string): boolean {
+  const did = DID.parse(issuer);
+  const id = DID.idFromDID(did);
+  const { method, blockchain, networkId } = DID.decodePartsFromId(id);
+  const arr = BytesHelper.hexToBytes(state);
+  const stateBigInt = BytesHelper.bytesToInt(arr);
+  const type = buildDIDType(method, blockchain, networkId);
+  return isGenesisStateId(DID.idFromDID(did).bigInt(), stateBigInt, type);
+}
+
+/**
+ * @deprecated The method should not be used. Use isGenesisState instead.
+ * Checks if id is created from given state and type is genesis
+ *
+ * @param {bigint} id
+ * @param {bigint} state
+ * @param {Uint8Array} type
+ * @returns boolean - returns if id is genesis
+ */
+export function isGenesisStateId(id: bigint, state: bigint, type: Uint8Array): boolean {
+  const idFromState = Id.idGenesisFromIdenState(type, state);
+  return id.toString() === idFromState.bigInt().toString();
+}

package/src/credentials/status/sparse-merkle-tree.ts

@@ -0,0 +1,50 @@
+import { CredentialStatus, RevocationStatus, Issuer } from '../../verifiable';
+import { CredentialStatusResolver } from './resolver';
+import { Proof, ProofJSON } from '@iden3/js-merkletree';
+
+/**
+ * IssuerResolver is a class that allows to interact with the issuer's http endpoint to get revocation status.
+ *
+ * @public
+ * @class IssuerResolver
+ */
+
+export class IssuerResolver implements CredentialStatusResolver {
+  /**
+   * resolve is a method to resolve a credential status directly from the issuer.
+   *
+   * @public
+   * @param {CredentialStatus} credentialStatus -  credential status to resolve
+   * @param {CredentialStatusResolveOptions} credentialStatusResolveOptions -  options for resolver
+   * @returns `{Promise<RevocationStatus>}`
+   */
+  async resolve(credentialStatus: CredentialStatus): Promise<RevocationStatus> {
+    const revStatusResp = await fetch(credentialStatus.id);
+    const revStatus = await revStatusResp.json();
+    return toRevocationStatus(revStatus);
+  }
+}
+
+/**
+ * RevocationStatusResponse is a response of fetching credential status with type SparseMerkleTreeProof
+ *
+ * @export
+ * @interface RevocationStatusResponse
+ */
+export interface RevocationStatusResponse {
+  issuer: Issuer;
+  mtp: ProofJSON;
+}
+
+/**
+ * toRevocationStatus is a result of fetching credential status with type SparseMerkleTreeProof converts to RevocationStatus
+ *
+ * @param {RevocationStatusResponse} { issuer, mtp }
+ * @returns {RevocationStatus} RevocationStatus
+ */
+export const toRevocationStatus = ({ issuer, mtp }: RevocationStatusResponse): RevocationStatus => {
+  return {
+    mtp: Proof.fromJSON(mtp),
+    issuer
+  };
+};

package/src/credentials/utils.ts

@@ -0,0 +1,36 @@
+import { DID } from '@mocanetwork/moca-iden3';
+import { W3CCredential } from '../verifiable';
+import { PublicKey } from '@iden3/js-crypto';
+import { KmsKeyId, KmsKeyType, keyPath } from '../kms';
+
+/**
+ * Retrieves the user DID from a given credential.
+ * If the credential does not have a credentialSubject.id property, the issuer DID is returned.
+ * If the credentialSubject.id is not a string, an error is thrown.
+ * @param issuerDID The DID of the issuer.
+ * @param credential The credential object.
+ * @returns The user DID parsed from the credential.
+ * @throws Error if the credentialSubject.id is not a string.
+ */
+export const getUserDIDFromCredential = (issuerDID: DID, credential: W3CCredential) => {
+  if (!credential.credentialSubject.id) {
+    return issuerDID;
+  }
+
+  if (typeof credential.credentialSubject.id !== 'string') {
+    throw new Error('credential subject `id` is not a string');
+  }
+  return DID.parse(credential.credentialSubject.id);
+};
+
+export const getKMSIdByAuthCredential = (credential: W3CCredential): KmsKeyId => {
+  if (!credential.type.includes('AuthBJJCredential')) {
+    throw new Error("can't sign with not AuthBJJCredential credential");
+  }
+  const x = credential.credentialSubject['x'] as string;
+  const y = credential.credentialSubject['y'] as string;
+
+  const pb: PublicKey = new PublicKey([BigInt(x), BigInt(y)]);
+  const kp = keyPath(KmsKeyType.BabyJubJub, pb.hex());
+  return { type: KmsKeyType.BabyJubJub, id: kp };
+};

package/src/iden3comm/constants.ts

@@ -0,0 +1,119 @@
+import { AcceptProfile } from './types';
+
+const IDEN3_PROTOCOL = 'https://iden3-communication.io/';
+const DIDCOMM_PROTOCOL = 'https://didcomm.org/';
+/**
+ * Constants for Iden3 protocol
+ */
+export const PROTOCOL_MESSAGE_TYPE = Object.freeze({
+  // AuthorizationV2RequestMessageType defines auth request type of the communication protocol
+  AUTHORIZATION_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}authorization/1.0/request` as const,
+  // AuthorizationResponseMessageType defines auth response type of the communication protocol
+  AUTHORIZATION_RESPONSE_MESSAGE_TYPE: `${IDEN3_PROTOCOL}authorization/1.0/response` as const,
+  // CredentialIssuanceRequestMessageType accepts request for credential creation
+  CREDENTIAL_ISSUANCE_REQUEST_MESSAGE_TYPE:
+    `${IDEN3_PROTOCOL}credentials/1.0/issuance-request` as const,
+  // CredentialFetchRequestMessageType is type for request of credential generation
+  CREDENTIAL_FETCH_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/1.0/fetch-request` as const,
+  // CredentialOfferMessageType is type of message with credential offering
+  CREDENTIAL_OFFER_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/1.0/offer` as const,
+  // CredentialIssuanceResponseMessageType is type for message with a credential issuance
+  CREDENTIAL_ISSUANCE_RESPONSE_MESSAGE_TYPE:
+    `${IDEN3_PROTOCOL}credentials/1.0/issuance-response` as const,
+  // CredentialRefreshMessageType is type for message with a credential issuance
+  CREDENTIAL_REFRESH_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/1.0/refresh` as const,
+  // DeviceRegistrationRequestMessageType defines device registration request type of the communication protocol
+  DEVICE_REGISTRATION_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}devices/1.0/registration` as const,
+  // MessageFetMessageFetchRequestMessageType defines message fetch request type of the communication protocol.
+  MESSAGE_FETCH_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}messages/1.0/fetch` as const,
+  // ProofGenerationRequestMessageType is type for request of proof generation
+  PROOF_GENERATION_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}proofs/1.0/request` as const,
+  // ProofGenerationResponseMessageType is type for response of proof generation
+  PROOF_GENERATION_RESPONSE_MESSAGE_TYPE: `${IDEN3_PROTOCOL}proofs/1.0/response` as const,
+  // RevocationStatusRequestMessageType is type for request of revocation status
+  REVOCATION_STATUS_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}revocation/1.0/request-status` as const,
+  // RevocationStatusResponseMessageType is type for response with a revocation status
+  REVOCATION_STATUS_RESPONSE_MESSAGE_TYPE: `${IDEN3_PROTOCOL}revocation/1.0/status` as const,
+  // ContractInvokeRequestMessageType is type for request of contract invoke request
+  CONTRACT_INVOKE_REQUEST_MESSAGE_TYPE:
+    `${IDEN3_PROTOCOL}proofs/1.0/contract-invoke-request` as const,
+  // ContractInvokeResponseMessageType is type for response of contract invoke request
+  CONTRACT_INVOKE_RESPONSE_MESSAGE_TYPE:
+    `${IDEN3_PROTOCOL}proofs/1.0/contract-invoke-response` as const,
+  // CredentialOnchainOfferMessageType is type of message with credential onchain offering
+  CREDENTIAL_ONCHAIN_OFFER_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/1.0/onchain-offer` as const,
+  // ProposalRequestMessageType is type for proposal-request message
+  PROPOSAL_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/0.1/proposal-request` as const,
+  // ProposalMessageType is type for proposal message
+  PROPOSAL_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/0.1/proposal` as const,
+  // PaymentRequestMessageType is type for payment-request message
+  PAYMENT_REQUEST_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/0.1/payment-request` as const,
+  // PaymentMessageType is type for payment message
+  PAYMENT_MESSAGE_TYPE: `${IDEN3_PROTOCOL}credentials/0.1/payment` as const,
+  // DiscoveryProtocolQueriesMessageType is type for didcomm discovery protocol queries
+  DISCOVERY_PROTOCOL_QUERIES_MESSAGE_TYPE:
+    `${DIDCOMM_PROTOCOL}discover-features/2.0/queries` as const,
+  // DiscoveryProtocolDiscloseMessageType is type for didcomm discovery protocol disclose
+  DISCOVERY_PROTOCOL_DISCLOSE_MESSAGE_TYPE:
+    `${DIDCOMM_PROTOCOL}discover-features/2.0/disclose` as const,
+  // ProblemReportMessageType is type for didcomm problem report
+  PROBLEM_REPORT_MESSAGE_TYPE: `${DIDCOMM_PROTOCOL}report-problem/2.0/problem-report` as const
+});
+
+/**
+ * Media types for iden3 comm communication protocol
+ *
+ * @enum {number}
+ */
+export enum MediaType {
+  ZKPMessage = 'application/iden3-zkp-json',
+  PlainMessage = 'application/iden3comm-plain-json',
+  SignedMessage = 'application/iden3comm-signed-json'
+}
+
+export const SUPPORTED_PUBLIC_KEY_TYPES = {
+  ES256K: [
+    'EcdsaSecp256k1VerificationKey2019',
+    /**
+     * Equivalent to EcdsaSecp256k1VerificationKey2019 when key is an ethereumAddress
+     */
+    'EcdsaSecp256k1RecoveryMethod2020',
+    'JsonWebKey2020'
+  ],
+  'ES256K-R': [
+    'EcdsaSecp256k1VerificationKey2019',
+    /**
+     * Equivalent to EcdsaSecp256k1VerificationKey2019 when key is an ethereumAddress
+     */
+    'EcdsaSecp256k1RecoveryMethod2020',
+    'JsonWebKey2020'
+  ]
+};
+
+export enum ProtocolVersion {
+  V1 = 'iden3comm/v1'
+}
+
+export enum AcceptAuthCircuits {
+  AuthV2 = 'authV2',
+  AuthV3 = 'authV3'
+}
+
+export enum AcceptJwzAlgorithms {
+  Groth16 = 'groth16'
+}
+
+export enum AcceptJwsAlgorithms {
+  ES256K = 'ES256K',
+  ES256KR = 'ES256K-R'
+}
+
+export const defaultAcceptProfile: AcceptProfile = {
+  protocolVersion: ProtocolVersion.V1,
+  env: MediaType.ZKPMessage,
+  circuits: [AcceptAuthCircuits.AuthV2],
+  alg: [AcceptJwzAlgorithms.Groth16]
+};
+
+export const DEFAULT_PROOF_VERIFY_DELAY = 1 * 60 * 60 * 1000; // 1 hour
+export const DEFAULT_AUTH_VERIFY_DELAY = 5 * 60 * 1000; // 5 minutes

package/src/iden3comm/errors.ts

@@ -0,0 +1,14 @@
+// Envelope Errors
+export const ErrNotProtocolMessage = 'the envelope is not a protocol message';
+export const ErrNotEnvelopeStub = "the envelope doesn't contain field protected";
+export const ErrNotHeaderStub = "the envelope doesn't contain field typ";
+
+// Token Errors
+export const ErrUnknownCircuitID = "unknown circuit ID. can't verify msg sender";
+export const ErrSenderNotUsedTokenCreation = 'sender of message is not used for jwz token creation';
+
+// ZKP-Packer Errors
+export const ErrPackedWithUnsupportedCircuit = 'message was packed with unsupported circuit';
+export const ErrProofIsInvalid = 'message proof is invalid';
+export const ErrStateVerificationFailed = 'message state verification failed';
+export const ErrNoProvingMethodAlg = 'unknown proving method algorithm';