@oma3/omatrust 0.1.0-alpha.12 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{index-B5OC9_8B.d.cts → index-CnWY9arI.d.cts} +135 -3
- package/dist/{index-C6WNgPRx.d.ts → index-DREQRFIE.d.ts} +135 -3
- package/dist/index.cjs +299 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +299 -0
- package/dist/index.js.map +1 -1
- package/dist/reputation/index.cjs +398 -14
- package/dist/reputation/index.cjs.map +1 -1
- package/dist/reputation/index.d.cts +1 -1
- package/dist/reputation/index.d.ts +1 -1
- package/dist/reputation/index.js +377 -15
- package/dist/reputation/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1418,7 +1418,9 @@ __export(reputation_exports, {
|
|
|
1418
1418
|
getOmaTrustProofEip712Types: () => getOmaTrustProofEip712Types,
|
|
1419
1419
|
getSchemaDetails: () => getSchemaDetails,
|
|
1420
1420
|
getSupportedChainIds: () => getSupportedChainIds,
|
|
1421
|
+
getVerifiedArtifactAttestations: () => getVerifiedArtifactAttestations,
|
|
1421
1422
|
hashSeed: () => hashSeed,
|
|
1423
|
+
isArtifactClaimedBy: () => isArtifactClaimedBy,
|
|
1422
1424
|
isChainSupported: () => isChainSupported,
|
|
1423
1425
|
listAttestations: () => listAttestations,
|
|
1424
1426
|
normalizeSchema: () => normalizeSchema,
|
|
@@ -1442,6 +1444,7 @@ __export(reputation_exports, {
|
|
|
1442
1444
|
verifyKeyBindingProofs: () => verifyKeyBindingProofs,
|
|
1443
1445
|
verifyLinkedIdentifierProofs: () => verifyLinkedIdentifierProofs,
|
|
1444
1446
|
verifyProof: () => verifyProof,
|
|
1447
|
+
verifyResponsibilityClaim: () => verifyResponsibilityClaim,
|
|
1445
1448
|
verifySchemaExists: () => verifySchemaExists,
|
|
1446
1449
|
verifySubjectOwnership: () => verifySubjectOwnership,
|
|
1447
1450
|
verifyTransferProof: () => verifyTransferProof,
|
|
@@ -4305,6 +4308,302 @@ function verifyKeyBindingProofs(data) {
|
|
|
4305
4308
|
};
|
|
4306
4309
|
}
|
|
4307
4310
|
|
|
4311
|
+
// src/reputation/artifact-verification.ts
|
|
4312
|
+
async function verifyResponsibilityClaim(params) {
|
|
4313
|
+
const {
|
|
4314
|
+
attestation,
|
|
4315
|
+
artifactDid,
|
|
4316
|
+
provider,
|
|
4317
|
+
easContractAddress,
|
|
4318
|
+
chain,
|
|
4319
|
+
chainId,
|
|
4320
|
+
responsibilityClaimSchemaString
|
|
4321
|
+
} = params;
|
|
4322
|
+
const reasons = [];
|
|
4323
|
+
const checks = {
|
|
4324
|
+
schemaValid: false,
|
|
4325
|
+
subjectMatches: false,
|
|
4326
|
+
notRevoked: false,
|
|
4327
|
+
currentlyEffective: false,
|
|
4328
|
+
controllerAuthorized: false,
|
|
4329
|
+
issuedDuringAuthorizationWindow: false
|
|
4330
|
+
};
|
|
4331
|
+
let decoded;
|
|
4332
|
+
try {
|
|
4333
|
+
if (attestation.raw) {
|
|
4334
|
+
decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
|
|
4335
|
+
} else if (attestation.data && typeof attestation.data === "object") {
|
|
4336
|
+
decoded = attestation.data;
|
|
4337
|
+
} else {
|
|
4338
|
+
reasons.push("No attestation data available to decode");
|
|
4339
|
+
return buildFailedResult(checks, reasons);
|
|
4340
|
+
}
|
|
4341
|
+
} catch (err) {
|
|
4342
|
+
reasons.push(
|
|
4343
|
+
`Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
|
|
4344
|
+
);
|
|
4345
|
+
return buildFailedResult(checks, reasons);
|
|
4346
|
+
}
|
|
4347
|
+
const responsibleParty = decoded.responsibleParty;
|
|
4348
|
+
const subject = decoded.subject;
|
|
4349
|
+
const responsibilityType = decoded.responsibilityType;
|
|
4350
|
+
const issuedAt = decoded.issuedAt;
|
|
4351
|
+
const effectiveAt = decoded.effectiveAt;
|
|
4352
|
+
const expiresAt = decoded.expiresAt;
|
|
4353
|
+
const subjectLabel = decoded.subjectLabel;
|
|
4354
|
+
if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
|
|
4355
|
+
if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
|
|
4356
|
+
if (!subject) reasons.push("Missing required field: subject");
|
|
4357
|
+
if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
|
|
4358
|
+
if (!issuedAt) reasons.push("Missing required field: issuedAt");
|
|
4359
|
+
return buildFailedResult(checks, reasons, {
|
|
4360
|
+
responsibleParty,
|
|
4361
|
+
subjectLabel,
|
|
4362
|
+
responsibilityType
|
|
4363
|
+
});
|
|
4364
|
+
}
|
|
4365
|
+
if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
|
|
4366
|
+
reasons.push("responsibilityType must be a non-empty array");
|
|
4367
|
+
return buildFailedResult(checks, reasons, {
|
|
4368
|
+
responsibleParty,
|
|
4369
|
+
subjectLabel,
|
|
4370
|
+
responsibilityType
|
|
4371
|
+
});
|
|
4372
|
+
}
|
|
4373
|
+
checks.schemaValid = true;
|
|
4374
|
+
if (artifactDid) {
|
|
4375
|
+
checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
|
|
4376
|
+
if (!checks.subjectMatches) {
|
|
4377
|
+
reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
|
|
4378
|
+
}
|
|
4379
|
+
} else {
|
|
4380
|
+
checks.subjectMatches = true;
|
|
4381
|
+
}
|
|
4382
|
+
checks.notRevoked = attestation.revocationTime === BigInt(0);
|
|
4383
|
+
if (!checks.notRevoked) {
|
|
4384
|
+
reasons.push("Attestation has been revoked");
|
|
4385
|
+
}
|
|
4386
|
+
const now = BigInt(Math.floor(Date.now() / 1e3));
|
|
4387
|
+
const effectiveTime = toBigInt(effectiveAt);
|
|
4388
|
+
const expirationTime = toBigInt(expiresAt);
|
|
4389
|
+
const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
|
|
4390
|
+
const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
|
|
4391
|
+
checks.currentlyEffective = isEffective && isNotExpired;
|
|
4392
|
+
if (!isEffective) {
|
|
4393
|
+
reasons.push("Attestation is not yet effective");
|
|
4394
|
+
}
|
|
4395
|
+
if (!isNotExpired) {
|
|
4396
|
+
reasons.push("Attestation has expired");
|
|
4397
|
+
}
|
|
4398
|
+
const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
|
|
4399
|
+
let authorization = null;
|
|
4400
|
+
try {
|
|
4401
|
+
const resolvedChain = chain ?? `eip155:${chainId}`;
|
|
4402
|
+
authorization = await getControllerAuthorization({
|
|
4403
|
+
subjectDid: responsibleParty,
|
|
4404
|
+
controllerDid,
|
|
4405
|
+
provider,
|
|
4406
|
+
chain: resolvedChain,
|
|
4407
|
+
easContractAddress
|
|
4408
|
+
});
|
|
4409
|
+
checks.controllerAuthorized = authorization.authorized;
|
|
4410
|
+
if (!checks.controllerAuthorized) {
|
|
4411
|
+
reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
|
|
4412
|
+
}
|
|
4413
|
+
if (authorization.authorized && authorization.anchoredFrom !== null) {
|
|
4414
|
+
const issuedAtBigInt = toBigInt(issuedAt);
|
|
4415
|
+
const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
|
|
4416
|
+
const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
|
|
4417
|
+
checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
|
|
4418
|
+
if (!afterStart) {
|
|
4419
|
+
reasons.push("Attestation was issued before the authorization window started");
|
|
4420
|
+
}
|
|
4421
|
+
if (!beforeEnd) {
|
|
4422
|
+
reasons.push("Attestation was issued after the authorization window ended");
|
|
4423
|
+
}
|
|
4424
|
+
} else if (authorization.authorized && authorization.anchoredFrom === null) {
|
|
4425
|
+
checks.issuedDuringAuthorizationWindow = true;
|
|
4426
|
+
} else {
|
|
4427
|
+
checks.issuedDuringAuthorizationWindow = false;
|
|
4428
|
+
}
|
|
4429
|
+
} catch (err) {
|
|
4430
|
+
reasons.push(
|
|
4431
|
+
`Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
|
|
4432
|
+
);
|
|
4433
|
+
checks.controllerAuthorized = false;
|
|
4434
|
+
checks.issuedDuringAuthorizationWindow = false;
|
|
4435
|
+
}
|
|
4436
|
+
const valid = Object.values(checks).every(Boolean);
|
|
4437
|
+
return {
|
|
4438
|
+
valid,
|
|
4439
|
+
responsibleParty,
|
|
4440
|
+
controllerDid,
|
|
4441
|
+
responsibilityTypes: responsibilityType,
|
|
4442
|
+
subjectLabel: subjectLabel || void 0,
|
|
4443
|
+
authorization,
|
|
4444
|
+
checks,
|
|
4445
|
+
reasons
|
|
4446
|
+
};
|
|
4447
|
+
}
|
|
4448
|
+
async function getVerifiedArtifactAttestations(params) {
|
|
4449
|
+
const {
|
|
4450
|
+
artifactDid,
|
|
4451
|
+
provider,
|
|
4452
|
+
easContractAddress,
|
|
4453
|
+
chain,
|
|
4454
|
+
chainId,
|
|
4455
|
+
schemaUids,
|
|
4456
|
+
responsibilityClaimSchemaUid,
|
|
4457
|
+
responsibilityClaimSchemaString,
|
|
4458
|
+
securityAssessmentSchemaUid,
|
|
4459
|
+
certificationSchemaUid,
|
|
4460
|
+
fromBlock,
|
|
4461
|
+
limit
|
|
4462
|
+
} = params;
|
|
4463
|
+
parseArtifactDid(artifactDid);
|
|
4464
|
+
if (schemaUids.length === 0) {
|
|
4465
|
+
return {
|
|
4466
|
+
artifactDid,
|
|
4467
|
+
responsibilityClaims: [],
|
|
4468
|
+
securityAssessments: [],
|
|
4469
|
+
certifications: [],
|
|
4470
|
+
otherAttestations: []
|
|
4471
|
+
};
|
|
4472
|
+
}
|
|
4473
|
+
const results = await listAttestations({
|
|
4474
|
+
subjectDid: artifactDid,
|
|
4475
|
+
provider,
|
|
4476
|
+
easContractAddress,
|
|
4477
|
+
schemas: schemaUids,
|
|
4478
|
+
limit: limit ?? 100,
|
|
4479
|
+
fromBlock
|
|
4480
|
+
});
|
|
4481
|
+
const responsibilityClaims = [];
|
|
4482
|
+
const securityAssessments = [];
|
|
4483
|
+
const certifications = [];
|
|
4484
|
+
const otherAttestations = [];
|
|
4485
|
+
for (const att of results) {
|
|
4486
|
+
const schemaUidLower = att.schema.toLowerCase();
|
|
4487
|
+
if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
|
|
4488
|
+
const verification = await verifyResponsibilityClaim({
|
|
4489
|
+
attestation: att,
|
|
4490
|
+
artifactDid,
|
|
4491
|
+
provider,
|
|
4492
|
+
easContractAddress,
|
|
4493
|
+
chain,
|
|
4494
|
+
chainId,
|
|
4495
|
+
responsibilityClaimSchemaString
|
|
4496
|
+
});
|
|
4497
|
+
responsibilityClaims.push({ attestation: att, verification });
|
|
4498
|
+
} else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
|
|
4499
|
+
const verification = await runStandardVerification(att, provider);
|
|
4500
|
+
securityAssessments.push({ attestation: att, verification });
|
|
4501
|
+
} else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
|
|
4502
|
+
const verification = await runStandardVerification(att, provider);
|
|
4503
|
+
certifications.push({ attestation: att, verification });
|
|
4504
|
+
} else {
|
|
4505
|
+
const verification = await runStandardVerification(att, provider);
|
|
4506
|
+
otherAttestations.push({ attestation: att, verification });
|
|
4507
|
+
}
|
|
4508
|
+
}
|
|
4509
|
+
return {
|
|
4510
|
+
artifactDid,
|
|
4511
|
+
responsibilityClaims,
|
|
4512
|
+
securityAssessments,
|
|
4513
|
+
certifications,
|
|
4514
|
+
otherAttestations
|
|
4515
|
+
};
|
|
4516
|
+
}
|
|
4517
|
+
async function isArtifactClaimedBy(params) {
|
|
4518
|
+
const { artifactDid, responsibleParty, responsibilityTypes } = params;
|
|
4519
|
+
const result = await getVerifiedArtifactAttestations({
|
|
4520
|
+
artifactDid,
|
|
4521
|
+
provider: params.provider,
|
|
4522
|
+
easContractAddress: params.easContractAddress,
|
|
4523
|
+
chain: params.chain,
|
|
4524
|
+
chainId: params.chainId,
|
|
4525
|
+
schemaUids: params.schemaUids,
|
|
4526
|
+
responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
|
|
4527
|
+
responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
|
|
4528
|
+
securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
|
|
4529
|
+
certificationSchemaUid: params.certificationSchemaUid
|
|
4530
|
+
});
|
|
4531
|
+
const matchingClaims = result.responsibilityClaims.filter(
|
|
4532
|
+
(claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
|
|
4533
|
+
);
|
|
4534
|
+
const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
|
|
4535
|
+
let finalClaims = validClaims;
|
|
4536
|
+
let matchedTypes = [];
|
|
4537
|
+
if (responsibilityTypes && responsibilityTypes.length > 0) {
|
|
4538
|
+
finalClaims = validClaims.filter(
|
|
4539
|
+
(claim) => claim.verification.responsibilityTypes.some(
|
|
4540
|
+
(t) => responsibilityTypes.includes(t)
|
|
4541
|
+
)
|
|
4542
|
+
);
|
|
4543
|
+
matchedTypes = [
|
|
4544
|
+
...new Set(
|
|
4545
|
+
finalClaims.flatMap(
|
|
4546
|
+
(claim) => claim.verification.responsibilityTypes.filter(
|
|
4547
|
+
(t) => responsibilityTypes.includes(t)
|
|
4548
|
+
)
|
|
4549
|
+
)
|
|
4550
|
+
)
|
|
4551
|
+
];
|
|
4552
|
+
} else {
|
|
4553
|
+
matchedTypes = [
|
|
4554
|
+
...new Set(
|
|
4555
|
+
validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
|
|
4556
|
+
)
|
|
4557
|
+
];
|
|
4558
|
+
}
|
|
4559
|
+
const reasons = [];
|
|
4560
|
+
if (finalClaims.length === 0) {
|
|
4561
|
+
if (matchingClaims.length === 0) {
|
|
4562
|
+
reasons.push(
|
|
4563
|
+
`No responsibility claims found from ${responsibleParty} for this artifact`
|
|
4564
|
+
);
|
|
4565
|
+
} else if (validClaims.length === 0) {
|
|
4566
|
+
reasons.push(
|
|
4567
|
+
`Claims from ${responsibleParty} exist but none passed verification`
|
|
4568
|
+
);
|
|
4569
|
+
} else if (responsibilityTypes) {
|
|
4570
|
+
reasons.push(
|
|
4571
|
+
`No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
|
|
4572
|
+
);
|
|
4573
|
+
}
|
|
4574
|
+
}
|
|
4575
|
+
return {
|
|
4576
|
+
claimed: finalClaims.length > 0,
|
|
4577
|
+
claims: finalClaims,
|
|
4578
|
+
matchedResponsibilityTypes: matchedTypes,
|
|
4579
|
+
reasons
|
|
4580
|
+
};
|
|
4581
|
+
}
|
|
4582
|
+
function toBigInt(value) {
|
|
4583
|
+
if (value === void 0 || value === null) return BigInt(0);
|
|
4584
|
+
if (typeof value === "bigint") return value;
|
|
4585
|
+
return BigInt(value);
|
|
4586
|
+
}
|
|
4587
|
+
function buildFailedResult(checks, reasons, decoded) {
|
|
4588
|
+
return {
|
|
4589
|
+
valid: false,
|
|
4590
|
+
responsibleParty: decoded?.responsibleParty ?? "",
|
|
4591
|
+
controllerDid: "",
|
|
4592
|
+
responsibilityTypes: decoded?.responsibilityType ?? [],
|
|
4593
|
+
subjectLabel: decoded?.subjectLabel || void 0,
|
|
4594
|
+
authorization: null,
|
|
4595
|
+
checks,
|
|
4596
|
+
reasons
|
|
4597
|
+
};
|
|
4598
|
+
}
|
|
4599
|
+
async function runStandardVerification(attestation, provider) {
|
|
4600
|
+
try {
|
|
4601
|
+
return await verifyAttestation({ attestation, provider });
|
|
4602
|
+
} catch {
|
|
4603
|
+
return void 0;
|
|
4604
|
+
}
|
|
4605
|
+
}
|
|
4606
|
+
|
|
4308
4607
|
// src/app-registry/index.ts
|
|
4309
4608
|
var app_registry_exports = {};
|
|
4310
4609
|
__export(app_registry_exports, {
|