@oma3/omatrust 0.1.0-alpha.12 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{index-B5OC9_8B.d.cts → index-CnWY9arI.d.cts} +135 -3
- package/dist/{index-C6WNgPRx.d.ts → index-DREQRFIE.d.ts} +135 -3
- package/dist/index.cjs +299 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +299 -0
- package/dist/index.js.map +1 -1
- package/dist/reputation/index.cjs +398 -14
- package/dist/reputation/index.cjs.map +1 -1
- package/dist/reputation/index.d.cts +1 -1
- package/dist/reputation/index.d.ts +1 -1
- package/dist/reputation/index.js +377 -15
- package/dist/reputation/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { i as identity } from './index-C7odEbp6.cjs';
|
|
2
|
-
export { i as reputation } from './index-
|
|
2
|
+
export { i as reputation } from './index-CnWY9arI.cjs';
|
|
3
3
|
export { i as appRegistry } from './index-_Bkhoj8k.cjs';
|
|
4
4
|
import './types-Dn0OwaNj.cjs';
|
|
5
5
|
import './subject-ownership-B7cFlm8c.cjs';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { i as identity } from './index-Bu-xxcv9.js';
|
|
2
|
-
export { i as reputation } from './index-
|
|
2
|
+
export { i as reputation } from './index-DREQRFIE.js';
|
|
3
3
|
export { i as appRegistry } from './index-_Bkhoj8k.js';
|
|
4
4
|
import './types-Dn0OwaNj.js';
|
|
5
5
|
import './subject-ownership-B7cFlm8c.js';
|
package/dist/index.js
CHANGED
|
@@ -1393,7 +1393,9 @@ __export(reputation_exports, {
|
|
|
1393
1393
|
getOmaTrustProofEip712Types: () => getOmaTrustProofEip712Types,
|
|
1394
1394
|
getSchemaDetails: () => getSchemaDetails,
|
|
1395
1395
|
getSupportedChainIds: () => getSupportedChainIds,
|
|
1396
|
+
getVerifiedArtifactAttestations: () => getVerifiedArtifactAttestations,
|
|
1396
1397
|
hashSeed: () => hashSeed,
|
|
1398
|
+
isArtifactClaimedBy: () => isArtifactClaimedBy,
|
|
1397
1399
|
isChainSupported: () => isChainSupported,
|
|
1398
1400
|
listAttestations: () => listAttestations,
|
|
1399
1401
|
normalizeSchema: () => normalizeSchema,
|
|
@@ -1417,6 +1419,7 @@ __export(reputation_exports, {
|
|
|
1417
1419
|
verifyKeyBindingProofs: () => verifyKeyBindingProofs,
|
|
1418
1420
|
verifyLinkedIdentifierProofs: () => verifyLinkedIdentifierProofs,
|
|
1419
1421
|
verifyProof: () => verifyProof,
|
|
1422
|
+
verifyResponsibilityClaim: () => verifyResponsibilityClaim,
|
|
1420
1423
|
verifySchemaExists: () => verifySchemaExists,
|
|
1421
1424
|
verifySubjectOwnership: () => verifySubjectOwnership,
|
|
1422
1425
|
verifyTransferProof: () => verifyTransferProof,
|
|
@@ -4280,6 +4283,302 @@ function verifyKeyBindingProofs(data) {
|
|
|
4280
4283
|
};
|
|
4281
4284
|
}
|
|
4282
4285
|
|
|
4286
|
+
// src/reputation/artifact-verification.ts
|
|
4287
|
+
async function verifyResponsibilityClaim(params) {
|
|
4288
|
+
const {
|
|
4289
|
+
attestation,
|
|
4290
|
+
artifactDid,
|
|
4291
|
+
provider,
|
|
4292
|
+
easContractAddress,
|
|
4293
|
+
chain,
|
|
4294
|
+
chainId,
|
|
4295
|
+
responsibilityClaimSchemaString
|
|
4296
|
+
} = params;
|
|
4297
|
+
const reasons = [];
|
|
4298
|
+
const checks = {
|
|
4299
|
+
schemaValid: false,
|
|
4300
|
+
subjectMatches: false,
|
|
4301
|
+
notRevoked: false,
|
|
4302
|
+
currentlyEffective: false,
|
|
4303
|
+
controllerAuthorized: false,
|
|
4304
|
+
issuedDuringAuthorizationWindow: false
|
|
4305
|
+
};
|
|
4306
|
+
let decoded;
|
|
4307
|
+
try {
|
|
4308
|
+
if (attestation.raw) {
|
|
4309
|
+
decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
|
|
4310
|
+
} else if (attestation.data && typeof attestation.data === "object") {
|
|
4311
|
+
decoded = attestation.data;
|
|
4312
|
+
} else {
|
|
4313
|
+
reasons.push("No attestation data available to decode");
|
|
4314
|
+
return buildFailedResult(checks, reasons);
|
|
4315
|
+
}
|
|
4316
|
+
} catch (err) {
|
|
4317
|
+
reasons.push(
|
|
4318
|
+
`Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
|
|
4319
|
+
);
|
|
4320
|
+
return buildFailedResult(checks, reasons);
|
|
4321
|
+
}
|
|
4322
|
+
const responsibleParty = decoded.responsibleParty;
|
|
4323
|
+
const subject = decoded.subject;
|
|
4324
|
+
const responsibilityType = decoded.responsibilityType;
|
|
4325
|
+
const issuedAt = decoded.issuedAt;
|
|
4326
|
+
const effectiveAt = decoded.effectiveAt;
|
|
4327
|
+
const expiresAt = decoded.expiresAt;
|
|
4328
|
+
const subjectLabel = decoded.subjectLabel;
|
|
4329
|
+
if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
|
|
4330
|
+
if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
|
|
4331
|
+
if (!subject) reasons.push("Missing required field: subject");
|
|
4332
|
+
if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
|
|
4333
|
+
if (!issuedAt) reasons.push("Missing required field: issuedAt");
|
|
4334
|
+
return buildFailedResult(checks, reasons, {
|
|
4335
|
+
responsibleParty,
|
|
4336
|
+
subjectLabel,
|
|
4337
|
+
responsibilityType
|
|
4338
|
+
});
|
|
4339
|
+
}
|
|
4340
|
+
if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
|
|
4341
|
+
reasons.push("responsibilityType must be a non-empty array");
|
|
4342
|
+
return buildFailedResult(checks, reasons, {
|
|
4343
|
+
responsibleParty,
|
|
4344
|
+
subjectLabel,
|
|
4345
|
+
responsibilityType
|
|
4346
|
+
});
|
|
4347
|
+
}
|
|
4348
|
+
checks.schemaValid = true;
|
|
4349
|
+
if (artifactDid) {
|
|
4350
|
+
checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
|
|
4351
|
+
if (!checks.subjectMatches) {
|
|
4352
|
+
reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
|
|
4353
|
+
}
|
|
4354
|
+
} else {
|
|
4355
|
+
checks.subjectMatches = true;
|
|
4356
|
+
}
|
|
4357
|
+
checks.notRevoked = attestation.revocationTime === BigInt(0);
|
|
4358
|
+
if (!checks.notRevoked) {
|
|
4359
|
+
reasons.push("Attestation has been revoked");
|
|
4360
|
+
}
|
|
4361
|
+
const now = BigInt(Math.floor(Date.now() / 1e3));
|
|
4362
|
+
const effectiveTime = toBigInt(effectiveAt);
|
|
4363
|
+
const expirationTime = toBigInt(expiresAt);
|
|
4364
|
+
const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
|
|
4365
|
+
const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
|
|
4366
|
+
checks.currentlyEffective = isEffective && isNotExpired;
|
|
4367
|
+
if (!isEffective) {
|
|
4368
|
+
reasons.push("Attestation is not yet effective");
|
|
4369
|
+
}
|
|
4370
|
+
if (!isNotExpired) {
|
|
4371
|
+
reasons.push("Attestation has expired");
|
|
4372
|
+
}
|
|
4373
|
+
const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
|
|
4374
|
+
let authorization = null;
|
|
4375
|
+
try {
|
|
4376
|
+
const resolvedChain = chain ?? `eip155:${chainId}`;
|
|
4377
|
+
authorization = await getControllerAuthorization({
|
|
4378
|
+
subjectDid: responsibleParty,
|
|
4379
|
+
controllerDid,
|
|
4380
|
+
provider,
|
|
4381
|
+
chain: resolvedChain,
|
|
4382
|
+
easContractAddress
|
|
4383
|
+
});
|
|
4384
|
+
checks.controllerAuthorized = authorization.authorized;
|
|
4385
|
+
if (!checks.controllerAuthorized) {
|
|
4386
|
+
reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
|
|
4387
|
+
}
|
|
4388
|
+
if (authorization.authorized && authorization.anchoredFrom !== null) {
|
|
4389
|
+
const issuedAtBigInt = toBigInt(issuedAt);
|
|
4390
|
+
const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
|
|
4391
|
+
const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
|
|
4392
|
+
checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
|
|
4393
|
+
if (!afterStart) {
|
|
4394
|
+
reasons.push("Attestation was issued before the authorization window started");
|
|
4395
|
+
}
|
|
4396
|
+
if (!beforeEnd) {
|
|
4397
|
+
reasons.push("Attestation was issued after the authorization window ended");
|
|
4398
|
+
}
|
|
4399
|
+
} else if (authorization.authorized && authorization.anchoredFrom === null) {
|
|
4400
|
+
checks.issuedDuringAuthorizationWindow = true;
|
|
4401
|
+
} else {
|
|
4402
|
+
checks.issuedDuringAuthorizationWindow = false;
|
|
4403
|
+
}
|
|
4404
|
+
} catch (err) {
|
|
4405
|
+
reasons.push(
|
|
4406
|
+
`Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
|
|
4407
|
+
);
|
|
4408
|
+
checks.controllerAuthorized = false;
|
|
4409
|
+
checks.issuedDuringAuthorizationWindow = false;
|
|
4410
|
+
}
|
|
4411
|
+
const valid = Object.values(checks).every(Boolean);
|
|
4412
|
+
return {
|
|
4413
|
+
valid,
|
|
4414
|
+
responsibleParty,
|
|
4415
|
+
controllerDid,
|
|
4416
|
+
responsibilityTypes: responsibilityType,
|
|
4417
|
+
subjectLabel: subjectLabel || void 0,
|
|
4418
|
+
authorization,
|
|
4419
|
+
checks,
|
|
4420
|
+
reasons
|
|
4421
|
+
};
|
|
4422
|
+
}
|
|
4423
|
+
async function getVerifiedArtifactAttestations(params) {
|
|
4424
|
+
const {
|
|
4425
|
+
artifactDid,
|
|
4426
|
+
provider,
|
|
4427
|
+
easContractAddress,
|
|
4428
|
+
chain,
|
|
4429
|
+
chainId,
|
|
4430
|
+
schemaUids,
|
|
4431
|
+
responsibilityClaimSchemaUid,
|
|
4432
|
+
responsibilityClaimSchemaString,
|
|
4433
|
+
securityAssessmentSchemaUid,
|
|
4434
|
+
certificationSchemaUid,
|
|
4435
|
+
fromBlock,
|
|
4436
|
+
limit
|
|
4437
|
+
} = params;
|
|
4438
|
+
parseArtifactDid(artifactDid);
|
|
4439
|
+
if (schemaUids.length === 0) {
|
|
4440
|
+
return {
|
|
4441
|
+
artifactDid,
|
|
4442
|
+
responsibilityClaims: [],
|
|
4443
|
+
securityAssessments: [],
|
|
4444
|
+
certifications: [],
|
|
4445
|
+
otherAttestations: []
|
|
4446
|
+
};
|
|
4447
|
+
}
|
|
4448
|
+
const results = await listAttestations({
|
|
4449
|
+
subjectDid: artifactDid,
|
|
4450
|
+
provider,
|
|
4451
|
+
easContractAddress,
|
|
4452
|
+
schemas: schemaUids,
|
|
4453
|
+
limit: limit ?? 100,
|
|
4454
|
+
fromBlock
|
|
4455
|
+
});
|
|
4456
|
+
const responsibilityClaims = [];
|
|
4457
|
+
const securityAssessments = [];
|
|
4458
|
+
const certifications = [];
|
|
4459
|
+
const otherAttestations = [];
|
|
4460
|
+
for (const att of results) {
|
|
4461
|
+
const schemaUidLower = att.schema.toLowerCase();
|
|
4462
|
+
if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
|
|
4463
|
+
const verification = await verifyResponsibilityClaim({
|
|
4464
|
+
attestation: att,
|
|
4465
|
+
artifactDid,
|
|
4466
|
+
provider,
|
|
4467
|
+
easContractAddress,
|
|
4468
|
+
chain,
|
|
4469
|
+
chainId,
|
|
4470
|
+
responsibilityClaimSchemaString
|
|
4471
|
+
});
|
|
4472
|
+
responsibilityClaims.push({ attestation: att, verification });
|
|
4473
|
+
} else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
|
|
4474
|
+
const verification = await runStandardVerification(att, provider);
|
|
4475
|
+
securityAssessments.push({ attestation: att, verification });
|
|
4476
|
+
} else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
|
|
4477
|
+
const verification = await runStandardVerification(att, provider);
|
|
4478
|
+
certifications.push({ attestation: att, verification });
|
|
4479
|
+
} else {
|
|
4480
|
+
const verification = await runStandardVerification(att, provider);
|
|
4481
|
+
otherAttestations.push({ attestation: att, verification });
|
|
4482
|
+
}
|
|
4483
|
+
}
|
|
4484
|
+
return {
|
|
4485
|
+
artifactDid,
|
|
4486
|
+
responsibilityClaims,
|
|
4487
|
+
securityAssessments,
|
|
4488
|
+
certifications,
|
|
4489
|
+
otherAttestations
|
|
4490
|
+
};
|
|
4491
|
+
}
|
|
4492
|
+
async function isArtifactClaimedBy(params) {
|
|
4493
|
+
const { artifactDid, responsibleParty, responsibilityTypes } = params;
|
|
4494
|
+
const result = await getVerifiedArtifactAttestations({
|
|
4495
|
+
artifactDid,
|
|
4496
|
+
provider: params.provider,
|
|
4497
|
+
easContractAddress: params.easContractAddress,
|
|
4498
|
+
chain: params.chain,
|
|
4499
|
+
chainId: params.chainId,
|
|
4500
|
+
schemaUids: params.schemaUids,
|
|
4501
|
+
responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
|
|
4502
|
+
responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
|
|
4503
|
+
securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
|
|
4504
|
+
certificationSchemaUid: params.certificationSchemaUid
|
|
4505
|
+
});
|
|
4506
|
+
const matchingClaims = result.responsibilityClaims.filter(
|
|
4507
|
+
(claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
|
|
4508
|
+
);
|
|
4509
|
+
const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
|
|
4510
|
+
let finalClaims = validClaims;
|
|
4511
|
+
let matchedTypes = [];
|
|
4512
|
+
if (responsibilityTypes && responsibilityTypes.length > 0) {
|
|
4513
|
+
finalClaims = validClaims.filter(
|
|
4514
|
+
(claim) => claim.verification.responsibilityTypes.some(
|
|
4515
|
+
(t) => responsibilityTypes.includes(t)
|
|
4516
|
+
)
|
|
4517
|
+
);
|
|
4518
|
+
matchedTypes = [
|
|
4519
|
+
...new Set(
|
|
4520
|
+
finalClaims.flatMap(
|
|
4521
|
+
(claim) => claim.verification.responsibilityTypes.filter(
|
|
4522
|
+
(t) => responsibilityTypes.includes(t)
|
|
4523
|
+
)
|
|
4524
|
+
)
|
|
4525
|
+
)
|
|
4526
|
+
];
|
|
4527
|
+
} else {
|
|
4528
|
+
matchedTypes = [
|
|
4529
|
+
...new Set(
|
|
4530
|
+
validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
|
|
4531
|
+
)
|
|
4532
|
+
];
|
|
4533
|
+
}
|
|
4534
|
+
const reasons = [];
|
|
4535
|
+
if (finalClaims.length === 0) {
|
|
4536
|
+
if (matchingClaims.length === 0) {
|
|
4537
|
+
reasons.push(
|
|
4538
|
+
`No responsibility claims found from ${responsibleParty} for this artifact`
|
|
4539
|
+
);
|
|
4540
|
+
} else if (validClaims.length === 0) {
|
|
4541
|
+
reasons.push(
|
|
4542
|
+
`Claims from ${responsibleParty} exist but none passed verification`
|
|
4543
|
+
);
|
|
4544
|
+
} else if (responsibilityTypes) {
|
|
4545
|
+
reasons.push(
|
|
4546
|
+
`No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
|
|
4547
|
+
);
|
|
4548
|
+
}
|
|
4549
|
+
}
|
|
4550
|
+
return {
|
|
4551
|
+
claimed: finalClaims.length > 0,
|
|
4552
|
+
claims: finalClaims,
|
|
4553
|
+
matchedResponsibilityTypes: matchedTypes,
|
|
4554
|
+
reasons
|
|
4555
|
+
};
|
|
4556
|
+
}
|
|
4557
|
+
function toBigInt(value) {
|
|
4558
|
+
if (value === void 0 || value === null) return BigInt(0);
|
|
4559
|
+
if (typeof value === "bigint") return value;
|
|
4560
|
+
return BigInt(value);
|
|
4561
|
+
}
|
|
4562
|
+
function buildFailedResult(checks, reasons, decoded) {
|
|
4563
|
+
return {
|
|
4564
|
+
valid: false,
|
|
4565
|
+
responsibleParty: decoded?.responsibleParty ?? "",
|
|
4566
|
+
controllerDid: "",
|
|
4567
|
+
responsibilityTypes: decoded?.responsibilityType ?? [],
|
|
4568
|
+
subjectLabel: decoded?.subjectLabel || void 0,
|
|
4569
|
+
authorization: null,
|
|
4570
|
+
checks,
|
|
4571
|
+
reasons
|
|
4572
|
+
};
|
|
4573
|
+
}
|
|
4574
|
+
async function runStandardVerification(attestation, provider) {
|
|
4575
|
+
try {
|
|
4576
|
+
return await verifyAttestation({ attestation, provider });
|
|
4577
|
+
} catch {
|
|
4578
|
+
return void 0;
|
|
4579
|
+
}
|
|
4580
|
+
}
|
|
4581
|
+
|
|
4283
4582
|
// src/app-registry/index.ts
|
|
4284
4583
|
var app_registry_exports = {};
|
|
4285
4584
|
__export(app_registry_exports, {
|